2505ahk,wmi学习

检索每个服务的状态和启动类型

wbemServices := ComObjGet("winmgmts:\\.")
//.代表本地计算机.
wbemObjectSet := wbemServices.InstancesOf("Win32_Service")For wbemObject In wbemObjectSetMsgBox, % "Display Name: " wbemObject.DisplayName "`n". " State: " wbemObject.State "`n". " Start Mode: " wbemObject.StartMode
return

检索每个进程启动的命令行和占用的内存

wbemServices := ComObjGet("winmgmts:\\.\root\cimv2")    ; 连接目标电脑的 WMI 服务，[c]\root\cimv2[/c]为命名空间
wbemObjectSet := wbemServices.InstancesOf("Win32_Process")    ; 获取Win32_Service类的实例集合For wbemObject In wbemObjectSet    ; 从实例集中枚举单个实例（尽管这里也可以用 while，不过建议用 for）MsgBox, % "Process: " wbemObject.Name "`n"
. "CommandLine: " wbemObject.CommandLine "`n"            .
. "Working Set Size: " wbemObject.WorkingSetSizereturn

检索托管资源实例

strComputer := "."
strNamespace := "\root\cimv2"
strClass := "Win32_Service"
//wmi类.objSWbemServices := ComObjGet("winmgmts:\\" strComputer strNamespace)
colSWbemObjectSet := objSWbemServices.ExecQuery("SELECT * FROM " strClass)For objSWbemObject In colSWbemObjectSet
{MsgBox, % "Display Name: " objSWbemObject.DisplayNameMsgBox, % "State:        " objSWbemObject.StateMsgBox, % "Start Mode:   " objSWbemObject.StartMode
}

可写模板

strComputer := "."
strNamespace := "\root\cimv2"
strClass := "Win32_OSRecoveryConfiguration"objSWbemServices := ComObjGet("winmgmts:\\" strComputer strNamespace)
colSWbemObjectSet := objSWbemServices.ExecQuery("SELECT * FROM " strClass)For objSWbemObject In colSWbemObjectSet
{objSWbemObject.DebugInfoType := 1objSWbemObject.DebugFilePath := "c:\tmp\memory.dmp"objSWbemObject.OverWriteExistingDebugFile := FalseobjSWbemObject.Put_
//提交更改
}

调用资源方法

strComputer := "."
strNamespace := "\root\cimv2"
strClass := "Win32_Service"
strKey := "Name"
strKeyValue := "Alerter"objSWbemServices := ComObjGet("winmgmts:\\" strComputer strNamespace)
colSWbemObjectSet := objSWbemServices.ExecQuery("SELECT * FROM " strClass " WHERE " strKey "='" strKeyValue "'")For objSWbemObject in colSWbemObjectSet
{objSWbemObject.StopService()
}

订阅事件

strComputer = "."    
strNamespace := "\root\cimv2"
strClass := "Win32_VolumeChangeEvent"
objWMIService = ComObjGet("winmgmts:" "{impersonationLevel=impersonate}!\\" strComputer strNamespace)    
colMonitoredEvents = objWMIService.ExecNotificationQuery("Select * from " strClass)   Loop    
{objLatestEvent = colMonitoredEvents.NextEvent        MsgBox, % objLatestEvent.DriveNameMsgBox, % objLatestEvent.EventTypeMsgBox, % objLatestEvent.Time_Created    
}

检索日志

wbemServices := ComObjGet("winmgmts:\\.")
wbemObjectSet := 
wbemServices.InstancesOf("Win32_NTLogEvent")For wbemObject In wbemObjectSet
{MsgBox, % "Log File: " wbemObject.LogFile "`n". "Record Number: " wbemObject.RecordNumber "`n". "Type: " wbemObject.Type "`n". "Time Generated: " wbemObject.TimeGenerated "`n". "Source: " wbemObject.SourceName "`n". "Category: " wbemObject.Category "`n". "Category String: " wbemObject.CategoryString "`n". "Event: " wbemObject.EventCode "`n". "User: " wbemObject.User "`n". "Computer: " wbemObject.ComputerName "`n". "Message: " wbemObject.Message "`n"
}