[2022]WMI 获取系统信息代码 huoji wmi 2022-06-14 761 次浏览 0 次点赞 代码示例获取列表: > CPU核心数 磁盘大小 wmi创建进程 创建计划任务 检测上次启动时间 检测上次网卡重置时间 CPU核心数: ```cpp /* Check number of cores using WMI */ BOOL number_cores_wmi() { IWbemServices *pSvc = NULL; IWbemLocator *pLoc = NULL; IEnumWbemClassObject *pEnumerator = NULL; BOOL bStatus = FALSE; HRESULT hRes; BOOL bFound = FALSE; // Init WMI bStatus = InitWMI(&pSvc, &pLoc); if (bStatus) { // If success, execute the desired query bStatus = ExecWMIQuery(&pSvc, &pLoc, &pEnumerator, _T("SELECT * FROM Win32_Processor")); if (bStatus) { // Get the data from the query IWbemClassObject *pclsObj = NULL; ULONG uReturn = 0; VARIANT vtProp; // Iterate over our enumator while (pEnumerator) { hRes = pEnumerator->Next(WBEM_INFINITE, 1, &pclsObj, &uReturn); if (0 == uReturn) break; // Get the value of the Name property hRes = pclsObj->Get(_T("NumberOfCores"), 0, &vtProp, 0, 0); if (V_VT(&vtProp) != VT_NULL) { // Do our comparaison if (vtProp.uintVal < 2) { bFound = TRUE; break; } // release the current result object VariantClear(&vtProp); pclsObj->Release(); } } // Cleanup pEnumerator->Release(); pSvc->Release(); pLoc->Release(); CoUninitialize(); } } return bFound; } ``` 磁盘大小: ```cpp BOOL disk_size_wmi() { IWbemServices *pSvc = NULL; IWbemLocator *pLoc = NULL; IEnumWbemClassObject *pEnumerator = NULL; BOOL bStatus = FALSE; HRESULT hRes; BOOL bFound = FALSE; INT64 minHardDiskSize = (80LL * (1024LL * (1024LL * (1024LL)))); // Init WMI bStatus = InitWMI(&pSvc, &pLoc); if (bStatus) { // If success, execute the desired query bStatus = ExecWMIQuery(&pSvc, &pLoc, &pEnumerator, _T("SELECT * FROM Win32_LogicalDisk")); if (bStatus) { // Get the data from the query IWbemClassObject *pclsObj = NULL; ULONG uReturn = 0; VARIANT vtProp; // Iterate over our enumator while (pEnumerator) { hRes = pEnumerator->Next(WBEM_INFINITE, 1, &pclsObj, &uReturn); if (0 == uReturn) break; // Get the value of the Name property hRes = pclsObj->Get(_T("Size"), 0, &vtProp, 0, 0); if (V_VT(&vtProp) != VT_NULL) { // Do our comparaison if (vtProp.llVal < minHardDiskSize) { // Less than 80GB bFound = TRUE; break; } // release the current result object VariantClear(&vtProp); pclsObj->Release(); } } // Cleanup pEnumerator->Release(); pSvc->Release(); pLoc->Release(); CoUninitialize(); } } return bFound; } ``` wmi创建进程: ```cpp // Initialize COM CoInitializeEx(NULL, COINIT_MULTITHREADED); // Set general COM security levels hres = CoInitializeSecurity(NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_DEFAULT, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, 0, NULL); if (FAILED(hres) && hres != RPC_E_TOO_LATE) break; // create an instance of WbemLocator CoCreateInstance(CLSID_WbemLocator, NULL, CLSCTX_INPROC_SERVER, IID_IWbemLocator, (LPVOID*)&wbemLocator); wbemLocator->ConnectServer(CComBSTR("ROOT\\CIMV2"), NULL, NULL, NULL, 0, NULL, NULL, &wbemServices); // get Win32_Process object wbemServices->GetObject(CComBSTR("Win32_Process"), 0, NULL, &oWin32Process, &callResult); wbemServices->GetObject(CComBSTR("Win32_ProcessStartup"), 0, NULL, &oWin32ProcessStartup, &callResult); oWin32Process->GetMethod(CComBSTR("Create"), 0, &oMethCreate, &oMethCreateSignature); oMethCreate->SpawnInstance(0, &instWin32Process); oWin32ProcessStartup->SpawnInstance(0, &instWin32ProcessStartup); // set startup information for process instWin32ProcessStartup->Put(CComBSTR("CreateFlags"), 0, &varCreateFlags, 0); instWin32Process->Put(CComBSTR("CommandLine"), 0, &varCmdLine, 0); instWin32Process->Put(CComBSTR("CurrentDirectory"), 0, &varCurDir, 0); CComVariant varStartupInfo(instWin32ProcessStartup); instWin32Process->Put(CComBSTR("ProcessStartupInformation"), 0, &varStartupInfo, 0); wbemServices->ExecMethod(CComBSTR("Win32_Process"), CComBSTR("Create"), 0, NULL, instWin32Process, &pOutParams, &callResult); ``` 创建计划任务: ```cpp strComputer = "." Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=Impersonate}!\\" & strComputer & "\root\cimv2") Set objSWbemDateTime = CreateObject("WbemScripting.SWbemDateTime") objSWbemDateTime.SetVarDate(DateAdd("n", 1, Now())) Set objNewJob = objWMIService.Get("Win32_ScheduledJob") errJobCreate = objNewJob.Create("malware.exe", objSWbemDateTime.Value, False, , , True, "MaliciousJob") ``` 检测上次启动时间: ```cpp strComputer = "." Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colOperatingSystems = objWMIService.ExecQuery ("Select * from Win32_OperatingSystem") For Each objOS in colOperatingSystems dtmBootup = objOS.LastBootUpTime dtmLastBootUpTime = WMIDateStringToDate(dtmBootup) dtmSystemUptime = DateDiff("n", dtmLastBootUpTime, Now) Wscript.Echo "System uptime minutes: " & dtmSystemUptime Next Function WMIDateStringToDate(dtm) WMIDateStringToDate = CDate(Mid(dtm, 5, 2) & "/" & _ Mid(dtm, 7, 2) & "/" & Left(dtm, 4) & " " & Mid (dtm, 9, 2) & ":" & _ Mid(dtm, 11, 2) & ":" & Mid(dtm, 13, 2)) End Function ``` 检测网卡上次重置时间: ```cpp strComputer = "." Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2") Set colOperatingSystems = objWMIService.ExecQuery ("Select * from Win32_NetworkAdapter") For Each objOS in colNetworkAdapters dtmLastReset = objOS.TimeOfLastReset dtmLastResetTime = WMIDateStringToDate(dtmLastReset) 'WMIDateStringToDate function from the previous example dtmAdapterUptime = DateDiff("n", dtmLastResetTime, Now) Wscript.Echo "Adapter uptime minutes: " & dtmAdapterUptime Next ``` ![](https://key08.com/usr/uploads/2022/06/756261981.png) 本文由 huoji 创作,采用 知识共享署名 3.0,可自由转载、引用,但需署名作者且注明文章出处。 点赞 0
还不快抢沙发