I'm writing a WMI Provider and I've managed to retrieve all info on the Computer System and Hardware Classes but cannot get data I want from the Performance Counter Classes. (Win32 Classes)
Looking through the MSDN documentation and using examples they provide, I've come up with a shell script that should return all properties of the Win32_PerfFormattedData abstract base class.
Script:
$osClass = New-Object System.Management.ManagementClass Win32_PerfFormattedData
$osClass.Options.UseAmendedQualifiers = $true
# Get the Properties in the class
$properties = $osClass.Properties
"This class has {0} properties as follows:" -f $properties.count
# display the Property name, description, type, qualifiers and instance values
foreach ($property in $properties) {
"Property Name: {0}" -f $property.Name
"Description: {0}" -f $($property.Qualifiers["Description"].Value)
"Type: {0}" -f $property.Type
"-------"
}
(referenced from here)
The problem is that I'm only retrieving the properties from it's base class Win32_Perf
EDIT
After doing more research, I found this on MSDN:
The WMI formatted class name for a counter object is of the form "Win32_PerfFormattedData_service_name_object_name"
I am trying to get the service_name's that are in the Win32_PerfFormattedData and the object_name's within those services.
I'm unsure whether getting the properties is how I want to go about this now but I cannot find any documentation to get the services. Are they the same thing? And, if not, how can I get the info I require? (service_name's & object_name's)
I've also tried this in some C# code and get the same result:
ManagementClass processClass = new ManagementClass();
processClass.Path = new ManagementPath("Win32_PerfFormattedData");
PropertyDataCollection properties = processClass.Properties;
Console.WriteLine("\nProperties:");
foreach (PropertyData property in properties)
{
Console.WriteLine(property.Name);
}
And I tried retrieving the methods to check if that is what I wanted but nothing is returned:
Console.WriteLine("Methods: ");
foreach (MethodData method in methods)
{
Console.WriteLine(method.Name);
}
EDIT 2
Is there another way to retrieve this data? I've looked all through the MSDN documentation on the WMI and I think to get the information I want, I have to access that class (Win32_PerfFormattedData). Sorts of values I want to retrieve:
CPU
RAM
Drives (SSD/HDD)
Processes
OS
GPU
I've retrieved a few classes that will give basic information about some of these but will not provide up to date data on, for example, the temperature of each logical processor. I've managed to get 1 service from the class Win32_PerfFormattedData_PerfOS_Processor which provides the load % of each logical processor but that class must holds other services which I need.
Win32_PerfFormattedData_* classes are located under the "root\cimv2" namespace. To enumerate these classes (and get the service names) you run the following WQL query against that namespace:
SELECT * FROM meta_class WHERE __Class LIKE "Win32_PerfFormattedData%"
Actually you can omit the namespace (at least with ManagementObjectSearcher) in which case the search occurs everywhere. Here is how to search through WMI with C#:
void SearchWmi()
{
ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT * FROM meta_class WHERE __Class LIKE \"Win32_PerfFormattedData%\"");
foreach (ManagementClass wmiClass in searcher.Get())
{
Console.WriteLine(wmiClass["__CLASS"].ToString());
}
}
You need to add referece to System.Management as well as the corresponding using directive.
You could find performance data about the:
CPU: Win32_PerfFormattedData_Processor
RAM: Win32_PerfFormattedData_Memory
OS: Win32_PerfFormattedData_System
Drives: Win32_PerfFormattedData_PerfDisk_*
Processes: Win32_PerfFormattedData_PerfProc_*
I have no idea about the GPU. Most likely it is driver dependent.
There are numerous WMI explorer tools out there with a UI and all the good stuff. Have you tried some? I use the "WMI Explorer 2.0"
You can download it from here
Related
I am enumerating installed applications using WMI, and this block is taking a relatively long time to complete no matter how I structure it. It takes 13 seconds in my environment every time. Is there a better (faster) way to check if a program is installed? (I'm using iTunes as an example program to check for)
private static string Timestamp
{
get { return DateTime.Now.ToString("HH:mm:ss.ffff"); }
}
private static void LoadInstalledPrograms()
{
List<string> installedPrograms = new List<string>();
Console.WriteLine("0 - {0}", Timestamp);
ManagementObjectSearcher mos = new ManagementObjectSearcher("SELECT * FROM Win32_Product");
Console.WriteLine("1 - {0}", Timestamp);
ManagementObjectCollection managementObjectCollection = mos.Get();
Console.WriteLine("2 - {0}", Timestamp);
foreach (ManagementObject mo in managementObjectCollection)
{
installedPrograms.Add(mo["Name"].ToString());
}
Console.WriteLine("3 - {0}", Timestamp);
Console.WriteLine("Length - {0}", installedPrograms.Count);
}
SELECT * FROM Win32_Product
0 - 08:08:51.3762
1 - 08:08:51.3942
2 - 08:08:51.4012
3 - 08:09:04.8326
Length - 300
SELECT * FROM Win32_Product WHERE name = 'iTunes'
0 - 08:14:17.6529
1 - 08:14:17.6709
2 - 08:14:17.6779
3 - 08:14:31.0332
Length - 1
SELECT * FROM Win32_Product WHERE name LIKE 'iTunes'
0 - 08:16:38.2719
1 - 08:16:38.2899
2 - 08:16:38.2999
3 - 08:16:51.5113
Length - 1
SELECT name FROM Win32_Product WHERE name LIKE 'iTunes'
0 - 08:19:53.9144
1 - 08:19:53.9324
2 - 08:19:53.9394
3 - 08:20:07.2794
Length - 1
If you query "Win32_product" the msi-installer checks and validates every product.
The KB article http://support.microsoft.com/kb/974524 shows:
Win32_product Class is not query optimized. Queries such as “select * from Win32_Product where (name like 'Sniffer%')” require WMI to use the MSI provider to enumerate all of the installed products and then parse the full list sequentially to handle the “where” clause. This process also initiates a consistency check of packages installed, verifying and repairing the install. With an account with only user privileges, as the user account may not have access to quite a few locations, may cause delay in application launch and an event 11708 stating an installation failure.
Win32reg_AddRemovePrograms is a much lighter and effective way to do this, which avoids the calls to do a resiliency check, especially in a locked down environment. So when using Win32reg_AddRemovePrograms we will not be calling on msiprov.dll and will not be initiating a resiliency check.
So be careful with "Win32_product".
Update: nice article https://sdmsoftware.com/group-policy-blog/wmi/why-win32_product-is-bad-news/
WMI is taking it's time as you already noticed. Iterating through the registry might do the trick for you.
You might have a look at Get installed applications in a system here on stackoverflow, where both methods are mentioned.
As Bernhard points out, WMI use of Win32_Product initiates an integrity check of the package estate, and will hence be quite slow to use - and in special cases it can trigger an MSI self-repair (I have never seen this happen on my machines).
Instead of WMI, you can use the MSI automation interface directly to enumerate the applications installed via Windows Installer packages (MSI files) on the machine. This is very quick and doesn't touch WMI at all.
See this example: how to find out which products are installed - newer product are already installed MSI windows (full blown, but basic and easy to understand VBScript example - do check it out). There are many properties you can retrieve for each product, please consult the MSDN documentation for the MSI automation interface. The linked sample VBScript code and the MSDN documentation taken together should help you get going quickly I hope.
P.S: I know this is an old question, but this issue keeps coming up (specifically the slowness of WMI) - just for future reference.
As mentioned here Registry is not reliable and WMI is slow. Thus for me the best option was using Windows Installer API. Add msi.dll to your references and then adapt the following code to your needs:
public static string GetVersionOfInstalledApplication(string queryName)
{
string name;
string version;
Type type = Type.GetTypeFromProgID("WindowsInstaller.Installer");
Installer installer = Activator.CreateInstance(type) as Installer;
StringList products = installer.Products;
foreach (string productGuid in products)
{
string currName = installer.ProductInfo[productGuid, "ProductName"];
string currVersion = installer.ProductInfo[productGuid, "VersionString"];
if (currName == queryName)
{
name = currName;
version = currVersion;
return version;
}
}
return null;
}
You Should use SELECT Name FROM Win32_Product in WMI Query, it works for me
SELECT * make Load all Data Members, so using it are taking much time
Powershell 5.1 has "get-package" instead.
get-package *chrome*
Name Version Source ProviderName
---- ------- ------ ------------
Google Chrome 109.0.5414.75 msi
since some time now I try to figure out how to correctly setup this new UWF (Unified Write Filter). Unfortunately it seems there is only documentation for Win 8.1 industry (here), not for Win 10. I hope there were no relevant changes since.
I also asked this on the WindowsDevCenter but got no response so far.
Here is my problem:
With the WMI providers I got UWF enabled by now (UWF_Filter.Enable()), but I cannot protect any volume.
Also the volume list looks very strange: There are 4 entrys, everyone is with CurrentSession=True.
The first is for an volume with no drive letter, only a volume id.
The second is for C:
and then there are 2 identical for D: .
Should'nt there normally be 2 entrys per volume, one where CurrentSession is true and one where its false, meaning its the setting applied after reboot?
If I try to execute Protect on the ManagementObject with DriveLetter=C: I get an Access denied exception, I assume because its the object for the current session.
Also if I try uwfmgr.exe Volume Protect C: on the console it simply hangs: no reaction, no error, only a forever blinking cursor. EDIT: it turned out this was a problem caused by another installed software. See also below.
Do I have to enable or disable or do anything else before I can protect volumes?
Thanks in advance,
Sebastian
My system:
Windows 10 IOT Enterprise 2016 LTSB x64
1 SSD 250GB with Boot, C: and D:
Edit:
Here I asked a follow up question with some other details and a workaround. If I use uwfmgr.exe volume protect c: for example, it works and UWF_Volume now suddenly has (the correct) 2 entries for C:, one for the current and one for the next session.
However I want to avoid this, because IMHO it should be solveable by WMI only.
Edit 2: #sommmen
The partition layout is as following: One disk with 4 partitions.
Boot, 500MB
C:/ , 45GB
unknown, 500MB (Boot-Backup I think)
D:/ , ~200GB
PS:
Please could anyone create the tags uwf and uwfmgr? Would be nice :-)
Missing UWF_Volume instances often appeared after reboot in my tests. But if not, you can create them directly using ManagementClass.CreateInstance().
The problem here is that the official docs are not exactly correct. The description of the UWF_Volume.VolumeName property is:
The unique identifier of the volume on the current system. The
VolumeName is the same as the DeviceID property of the Win32_Volume
class for the volume.
from: https://learn.microsoft.com/en-us/windows-hardware/customize/enterprise/uwf-volume#properties
In fact, the DeviceID needs a slight modification, before using it as value for UWF_Volume.VolumeName:
DeviceID.Substring(4).TrimEnd('\\')
So, after removing prefix \\?\ and removing any trailing slashes you can create instances with CurrentSession=false for the specified device.
This also works in Windows 10 Pro without any uwfmgr.exe. Though, officially not recommended/supported.
Also, I was not able to delete instances, yet. So be sure to add only correct values.
Full Example:
// example value
var DeviceId_From_Win32_Volume = #"\\?\Volume{c2eac053-27e3-4f94-b28c-c2c53d5f4fe1}\";
// example value
var myDriveLetter = "C:";
var myDeviceId = DeviceId_From_Win32_Volume.Substring(4).TrimEnd('\\');
var wmiNamespace = "root\\standardcimv2\\embedded";
var className = "UWF_Volume";
var mgmtScope = new ManagementScope {Path = {NamespacePath = wmiNamespace}};
var mgmtPath = new ManagementPath(className);
var mgmtClass = new ManagementClass(mgmtScope, mgmtPath, null);
// prepare the new object
var newObj = mgmtClass.CreateInstance();
newObj.SetPropertyValue("DriveLetter", myDriveLetter);
newObj.SetPropertyValue("VolumeName", myDeviceId);
newObj.SetPropertyValue("CurrentSession", false);
newObj.SetPropertyValue("CommitPending", false);
newObj.SetPropertyValue("BindByDriveLetter", false);
// create the WMI instance
newObj.Put(new PutOptions {Type = PutType.CreateOnly});
I experience the similar issue in that I could not query the UWF_Volume with CurrentSession=False. However, there's one thing I did that seems to "generate" the UWF_Volume management object with CurrentSession=False. I ran "uwfmgr volume protect c:". Unfortunately, in your case running this causes it to hang.
Could you try running uwfmgr in cmd in admin? Also, if you run "uwfmgr get-config", would you be able to get the current setting of the write filter?
Another thing from your description: you said there are two identical volumes for D:, but if you looks closely at the properties, one would be CurrentSession=True, and the other one is CurrentSession=False. According to the documentation, if you want to make change, you must select the management object (UWF_Volume) with CurrentSession=False.
https://learn.microsoft.com/en-us/windows-hardware/customize/enterprise/uwf-volume
(scroll down to powershell script code sample section)
First of all a volume may have several partitions. They will show up as having the same drive label.
e.g.
C:/ //?/{some guid here}
C:/ //?/{some other guid here}
Now this is common for the %systemDrive% because this has the boot partition.
You can use the commands
mountvol
and
Diskpart
List volume
To figure out the right guid for your need (or you can protect both the boot partition and the system partition). Also using wmi you can look at Win32_volume under namespace cimv2 to get some more insight.
The command line util UWFmgr seems to create an UWF_VOLUME wmi instance once you run the protect command. The docs also hint that you need to create an object yourself.
function Set-ProtectVolume($driveLetter, [bool] $enabled) {
# Each volume has two entries in UWF_Volume, one for the current session and one for the next session after a restart
# You can only change the protection status of a drive for the next session
$nextConfig = Get-WMIObject -class UWF_Volume #CommonParams |
where {
$_.DriveLetter -eq "$driveLetter" -and $_.CurrentSession -eq $false
};
# If a volume entry is found for the drive letter, enable or disable protection based on the $enabled parameter
if ($nextConfig) {
Write-Host "Setting drive protection on $driveLetter to $enabled"
if ($Enabled -eq $true) {
$nextConfig.Protect() | Out-Null;
} else {
$nextConfig.Unprotect() | Out-Null;
}
}
=======> (!) im talking about this comment
# If the drive letter does not match a volume, create a new UWF_volume instance
else {
Write-Host "Error: Could not find $driveLetter. Protection is not enabled."
}
}
The docs however do not provide a method of doing this. For now it seems we need to use the command line util till someone has an example using the WMI provider.
To answer my own question: So far I have only a workaround but no real solution.
It is to check if there is an entry with CurrentSession=False and if not invoke the command directly:
ManagementObjectSearcher ms = new ManagementObjectSearcher(_Scope, new ObjectQuery("select * from UWF_Volume where VolumeName = \"" + volId + "\" AND CurrentSession=\"False\""));
ManagementObjectCollection c = ms.Get();
UInt32 res = 1;
foreach (ManagementObject mo in c)
{
// entry found: do it with WMI
res = (UInt32)mo.InvokeMethod(newState ? "Protect" : "Unprotect", new object[] { });
}
if (c.Count == 1 && res == 0)
// message: success
if (c.Count == 0)
{
// no entry found: invoke cmd
ProcessStartInfo info = new ProcessStartInfo("uwfmgr.exe", "volume " + (newState ? "Protect" : "Unprotect") + #" \\?\" + volId);
Process process = new Process();
info.Verb = "runas"; //needs admin
process.StartInfo = info;
process.Start();
process.WaitForExit();
}
This has the side effect that for a split second a command line window will pop up, but nevertheless it works well.
I searched a lot but did not find any working codes getting SPD tables information via C#. Out there there are lots of softwares which get this info but HOW?
as shown in the image, for RAM devices, you can see Manufacture's name which can not be retrieve at all by WMI etc
If there is a DLL for using in C# will be perfect also
After some Research found this:
https://github.com/sapozhnikovay/SMBIOS
but it can not read table 17 to get memory device information.
Once I was researching about this, you need to get this information through SMBUS (not SMBIOS). But you need to create a driver (WDM in C/C++) to access this information.
Make sure you have added System.Management as a reference.
Here is a string that will return almost any information you want from the component :
private string getComponent(string hwClass, string syntax)
{
ManagementObjectSearcher mos = new ManagementObjectSearcher("root\\CIMV2", "SELECT * FROM " + hwClass);
foreach (ManagementObject mj in mos.Get())
{
return Convert.ToString(mj[syntax]);
}
return null;
}
Using the string would look like this, say on a button click :
label1.Text = getComponent("Win32_PhysicalMemory", "SerialNumber");
I tested it and it returned a serial number, you can also look at the list of things you can put in like manufacturer, name, capacity etc.
I got all of this information from this YouTube video.
You can find all of the devices and their properties here (CPU, GPU, etc.)
In Windows Control Panel, you can find a list of network interfaces/connections which displays the following:
In the .NET framework these are represented in the NetworkInterface class (and found via NetworkInterface.GetAllNetworkInterfaces).
For reference, say I'm reading properties from the Ethernet interface - the NetworkInterface.Name property returns "Ethernet", the NetworkInterface.Description property returns "Realtek PCIe FE Family Controller".
However, nothing in the class seems to be able to get me the name of the network it's connected to (in this case "BELL024"). How would I go about getting that string? I have to know what network the interface is associated with, not just a list of the networks that exist.
It turns out information about each network is stored as a 'network profile' by Windows, storing it's name and other info like whether it's public or not. The name can be changed by users in the control panel, but in my situation that's not a problem.
The Windows API Code Pack from Microsoft contains the APIs necessary to get the collection of network profiles. As it contains a lot of bloat that I don't need, the bare minimum code to wrap the Windows API can be found here.
A collection of the network profiles can then be found like so:
//Get the networks that are currently connected to
var networks = NetworkListManager.GetNetworks(NetworkConnectivityLevels.Connected);
Each object in the collection represents a network profile and contains a collection of NetworkConnection objects. Each NetworkConnection object appears to be info about an interface's connection to the base network.
foreach(Network network in networks)
{
//Name property corresponds to the name I originally asked about
Console.WriteLine("[" + network.Name + "]");
Console.WriteLine("\t[NetworkConnections]");
foreach(NetworkConnection conn in network.Connections)
{
//Print network interface's GUID
Console.WriteLine("\t\t" + conn.AdapterId.ToString());
}
}
The NetworkConnection.AdapterId property is the same network interface GUID that the NetworkInterface.Id property knows.
So, you can determine what network an interface is connected to, by checking if one of the network's connections have the same ID as the interface. Note that they're represented differently, so you'll have to do a bit more work:
Both my Wi-Fi and Ethernet interfaces are connected to the BELL024 network in the above example.
On Windows 8 and Windows 2012 and higher you can query WMI class MSFT_NetConnectionProfile from root/StandardCimv2 namespace.
It shouldn't be too hard to convert this to C#.
Get-WmiObject -Namespace root/StandardCimv2 -Class MSFT_NetConnectionProfile | Format-Table InterfaceAlias, Name
You can use WMI to query for your network name. You can use this code as a sample:
ManagementScope oMs = new ManagementScope();
ObjectQuery oQuery =
new ObjectQuery("Select * From Win32_NetworkAdapter");
ManagementObjectSearcher oSearcher = new ManagementObjectSearcher(oMs, oQuery);
ManagementObjectCollection oReturnCollection = oSearcher.Get();
foreach (ManagementObject oReturn in oReturnCollection)
{
if (oReturn.Properties["NetConnectionID"].Value != null)
{
Console.WriteLine("Name : " + oReturn.Properties["NetConnectionID"].Value);
}
}
If I right-click and choose Properties on a service (like, say, Plug and Play) in the Services dialog, I get several pieces of information, including "Path to executable". For Plug and Play (in Vista) this is:
C:\Windows\system32\svchost.exe -k DcomLaunch
Is there some way I can get this same piece of information using .NET code if I know the service name (and/or the display name)?
(I can't use GetExecutingAssembly() because I'm not running the service from my project.)
Another option, without the interop, would be a WMI lookup (or registry - bit hacky!).
Here's a quick example, based on this code:
private static string GetServiceImagePathWMI(string serviceDisplayName)
{
string query = string.Format("SELECT PathName FROM Win32_Service WHERE DisplayName = '{0}'", serviceDisplayName);
using (ManagementObjectSearcher search = new ManagementObjectSearcher(query))
{
foreach(ManagementObject service in search.Get())
{
return service["PathName"].ToString();
}
}
return string.Empty;
}
This information is in the QUERY_SERVICE_CONFIG structure. You will need to use P/Invoke to get it out.
The basic process is:
Call OpenSCManager to get a handle to the services managed.
Call OpenService to get a handle to the service.
Call QueryServiceConfig to get the QUERY_SERVICE_CONFIG structure.
There's always the WMI class Win32_Service as described here, specifically the PathName.
This works:
ManagementClass mc = new ManagementClass("Win32_Service");
foreach(ManagementObject mo in mc.GetInstances())
{
if(mo.GetPropertyValue("Name").ToString() == "<Short name of your service>")
{
return mo.GetPropertyValue("PathName").ToString().Trim('"');
}
}
If you have any issue related to Reference then add a reference of System.Management in your project.