2505ahk,wmi学习

检索每个服务的状态和启动类型

wbemServices := ComObjGet("winmgmts:\\.")
//.代表本地计算机.
wbemObjectSet := wbemServices.InstancesOf("Win32_Service")

For wbemObject In wbemObjectSet
    MsgBox, % "Display Name: " wbemObject.DisplayName "`n"
       . " State: " wbemObject.State "`n"
       . " Start Mode: " wbemObject.StartMode
return

检索每个进程启动的命令行和占用的内存

wbemServices := ComObjGet("winmgmts:\\.\root\cimv2")    ; 连接目标电脑的 WMI 服务，[c]\root\cimv2[/c]为命名空间
wbemObjectSet := wbemServices.InstancesOf("Win32_Process")    ; 获取Win32_Service类的实例集合

For wbemObject In wbemObjectSet    ; 从实例集中枚举单个实例（尽管这里也可以用 while，不过建议用 for）
    MsgBox, % "Process: " wbemObject.Name "`n"
. "CommandLine: " wbemObject.CommandLine "`n"            .
. "Working Set Size: " wbemObject.WorkingSetSize

return

检索托管资源实例

strComputer := "."
strNamespace := "\root\cimv2"
strClass := "Win32_Service"
//wmi类.

objSWbemServices := ComObjGet("winmgmts:\\" strComputer strNamespace)
colSWbemObjectSet := objSWbemServices.ExecQuery("SELECT * FROM " strClass)

For objSWbemObject In colSWbemObjectSet
{
    MsgBox, % "Display Name: " objSWbemObject.DisplayName
    MsgBox, % "State:        " objSWbemObject.State
    MsgBox, % "Start Mode:   " objSWbemObject.StartMode
}

可写模板

strComputer := "."
strNamespace := "\root\cimv2"
strClass := "Win32_OSRecoveryConfiguration"

objSWbemServices := ComObjGet("winmgmts:\\" strComputer strNamespace)
colSWbemObjectSet := objSWbemServices.ExecQuery("SELECT * FROM " strClass)

For objSWbemObject In colSWbemObjectSet
{
    objSWbemObject.DebugInfoType := 1
    objSWbemObject.DebugFilePath := "c:\tmp\memory.dmp"
    objSWbemObject.OverWriteExistingDebugFile := False
    objSWbemObject.Put_
//提交更改
}

调用资源方法

strComputer := "."
strNamespace := "\root\cimv2"
strClass := "Win32_Service"
strKey := "Name"
strKeyValue := "Alerter"

objSWbemServices := ComObjGet("winmgmts:\\" strComputer strNamespace)
colSWbemObjectSet := objSWbemServices.ExecQuery("SELECT * FROM " strClass " WHERE " strKey "='" strKeyValue "'")

For objSWbemObject in colSWbemObjectSet
{
     objSWbemObject.StopService()
}

订阅事件

strComputer = "."    
strNamespace := "\root\cimv2"
strClass := "Win32_VolumeChangeEvent"
objWMIService = ComObjGet("winmgmts:" "{impersonationLevel=impersonate}!\\" strComputer strNamespace)    
colMonitoredEvents = objWMIService.ExecNotificationQuery("Select * from " strClass)   

Loop    
{
    objLatestEvent = colMonitoredEvents.NextEvent        
    MsgBox, % objLatestEvent.DriveName
    MsgBox, % objLatestEvent.EventType
    MsgBox, % objLatestEvent.Time_Created    
}

检索日志

wbemServices := ComObjGet("winmgmts:\\.")
wbemObjectSet := 
wbemServices.InstancesOf("Win32_NTLogEvent")

For wbemObject In wbemObjectSet
{
    MsgBox, % "Log File: " wbemObject.LogFile "`n"
              . "Record Number: " wbemObject.RecordNumber "`n"
              . "Type: " wbemObject.Type "`n"
              . "Time Generated: " wbemObject.TimeGenerated "`n"
              . "Source: " wbemObject.SourceName "`n"
              . "Category: " wbemObject.Category "`n"
              . "Category String: " wbemObject.CategoryString "`n"
              . "Event: " wbemObject.EventCode "`n"
              . "User: " wbemObject.User "`n"
              . "Computer: " wbemObject.ComputerName "`n"
              . "Message: " wbemObject.Message "`n"
}