Introduction to WMI Code Creator

I considered myself a lot when I decide to write this post about “WMI Code Creator” because there is nothing much to write about it. The long, long post should be composed just in one sentence as “Hey guys, look at this tool. It’s great”. :). So why it’s great? If you ever tried to write code for reading CPU clock speed or something relevant to hardware information in Windows, you would know about the Windows Management Instrumentation. From the definition at Microsoft website, “Windows Management Instrumentation (WMI) is the Microsoft implementation of Web-Based Enterprise Management (WBEM), which is an industry initiative to develop a standard technology for accessing management information in an enterprise environment. WMI uses the Common Information Model (CIM) industry standard to represent systems, applications, networks, devices, and other managed components. CIM is developed and maintained by the Distributed Management Task Force (DMTF).”. OK, a complex definition contains another complex definitions which I… can’t understand.

Let keep it simple, WMI is an infrastructure for management data, operations or events in Windows-base operating systems. It contains a set of extensions which provide an operating system interface (or a standard model) where the other 3rd components can implement so that they build up themselves an interface for their applications to provide information or send notification. For example, let’s take a look of Avira Antivirus application. This antivirus software has also provided information about himself over WMI, for example Configuration, License_Info, Guard, Event_Log, etc… And if we want to get those information, we can just query them over WMI. Maybe you would ask yourself how do I know what Avira Antivirus provides? I asked myself same question before, too. I really don’t know how the others could know a lot about WMI or where they could read required information from or which information is published by a service/driver. I need something like a “WMI explorer” and “WMI Code Creator” is the kind of tool.

1. Introduction to WMI Code Creator

1.1 Query data

When you start WMI Code Creator, at the combo box “Namespace”, you’ll get a list of running “services”(or “server”) and their defined classes. If you figure WMI like a REST web service, you’ll understand immediately how they work. The namespace is an endpoint URL and the classes are resources. Query WMI resources is just like sending a GET a REST web service. Back to example of Avira Antivirus, when you browse to its namespace “root\CIMV2\Applications\Avira_AntiVir”, the predefined classes will be automatically loaded into the next combo box

Avira Antivirus Namespace

If I set “License_Info” as selected model, I’ll get all properties of this class in list box below. For example if I would like to see when my license expires, I can choose License_Expiration. The code for reading value of this property will be generated on “Generated Code” textbox on the right

WMI Generated Code

After code was generated, click on “Execute Code” to read License_Expiration. In my case it is on 30.06.2014.

WMI Execute Code

The default code language is Visual Basic Script, but you can also generate code in C# or Visual Basic by setting “Code Language” option to the language you want

WMI Code Language

If you are using Windows 7 or Windows 8, after a fresh installation of operating system, as usual you’ll receive messages such as “Your computer is not protected and you should find an antivirus program online”. And after you install an antivirus, the notify center also notifies you that the antivirus software may be out of date, you should update them. So how does this progress work? How could Windows know if there is any antivirus running and if they are out of date. It’s all thanks to WMI interface where Windows can communicate and query data from Antivirus Software to check it out. In case of Avira Antivirus, the key value maybe at Updater class with Update_Date property.

With help of WMI Code Creator, we can also query information from remote computer by setting target under menu “Target Computer”. However there is a small bug at this function. I just click on Target Computer –> Remote Computer –> On the “Remote Computer Information” I would like to cancel. Well, I don’t have any button to cancel (user-friendly?). So I press Alt+F4 to force closing –> I go to menu TargetComputer –> Set Local Computer –> And set it again to Remote Computer –> Bum, an unhandled exception comes and program crashes. :). OK, a little fun with testing. Even with this small bug, the software is still awesome. Just give correct information of remote computer, you’ll get information you need over network. The username and password required for authentication/authorization will be asked on generated code.

1.2 Execute method

As I figured above, WMI is just like a REST web service , he can handle our “GET” action. Can we also POST an action? Yes, of course, we can POST an action to WMI by executing methods with correct parameters. Let’s take an example, I will try to terminate a running process by posting a Terminate action to WMI. I start Notepad at my local computer

Notepad at local computer

Then write down the process id of Notepad (which is 3240). Start WMI Code Creator, go to Tab “Execute a Method” –> Namespace “root\CIMV2” –> Classes “Win32_Process” –> Methods “Terminate”

WMI Terminate a process

Click on “Execute Code” and Astalavista! Notepad process is now terminated, our POST action was handled.

1.3 Monitor

We all know that WMI is not a REST web service, but just figure it like a RES web service so that we can easily imagine how it works or how it should work. Nowadays some modern services have a wonderful feature is the “Push service”, for example Google Cloud Messaging. The server and client will build up a channel and if there is any change at server, server will push a notification to client. The client don’t have to query the server all of time for changes. WMI has also that feature. Let’s take a silly example, the IT administrator would like to be notified when the HighestState of CPU ThrottleState is over 70. So in WMI Code Creator, go to Tab “Receive an event” –> Namespace “root\WMI” –> Event Class “ProcessorThrottleStateEvent” –> HighestState –> Enter a threshold value. When this threshold value is reached, a notification will be “echoed” to monitor. It’s also buggy here for generating code but just skip it now. 🙂

WMI Receive an event

WMI Code Creator is a powerful tool. It helps us to discover the resources of WMI, easy to use and helpful not only for developers but also for IT administrator. Just download it and enjoy yourself.

2. Some typical code listings of WMI

In this section, I’ll list some of typical properties (and classes) that I need. You know, even if I have WMI Code Creator, I also need to know where I can query the required data. I can’t go into each namespace and search for what I want. It’s time consuming.

2.1 Signature information about drivers

The Win32_PnPSignedDriver WMI class provides digital signature information about drivers. For example, the “Manufacturer” of the drivers

ManagementObjectSearcher searcher = new ManagementObjectSearcher("root\\CIMV2", "SELECT * FROM Win32_PnPSignedDriver"); 

foreach (ManagementObject queryObj in searcher.Get())
{
	Console.WriteLine("-----------------------------------");
	Console.WriteLine("Win32_PnPSignedDriver instance");
	Console.WriteLine("-----------------------------------");
	Console.WriteLine("Manufacturer: {0}", queryObj["Manufacturer"]);
}

2.2 Actual local storage device

The Win32_LogicalDisk WMI class represents a data source that resolves to an actual local storage device on a computer system running Windows. For example, the “Free Space” of disk

ManagementObjectSearcher searcher = new ManagementObjectSearcher("root\\CIMV2", "SELECT * FROM Win32_LogicalDisk"); 

foreach (ManagementObject queryObj in searcher.Get())
{
	Console.WriteLine("-----------------------------------");
	Console.WriteLine("Win32_LogicalDisk instance");
	Console.WriteLine("-----------------------------------");
	Console.WriteLine("FreeSpace: {0}", queryObj["FreeSpace"]);
}

2.3 Plug and Play device

The Win32_PnPEntity WMI class represents the properties of a Plug and Play device. Plug and Play entities are shown as entries in the Device Manager located in Control Panel.

ManagementObjectSearcher searcher = new ManagementObjectSearcher("root\\CIMV2", "SELECT * FROM Win32_PnPEntity"); 

foreach (ManagementObject queryObj in searcher.Get())
{
	Console.WriteLine("-----------------------------------");
	Console.WriteLine("Win32_PnPEntity instance");
	Console.WriteLine("-----------------------------------");
	Console.WriteLine("Name: {0}", queryObj["Name"]);
}

2.4 Network adapter

The Win32_NetworkAdapterConfiguration WMI class represents the attributes and behaviors of a network adapter. This class includes extra properties and methods that support the management of the TCP/IP and Internetwork Packet Exchange (IPX) protocols that are independent from the network adapter. For example, the “IPAddress” of network adapter

ManagementObjectSearcher searcher = new ManagementObjectSearcher("root\\CIMV2", "SELECT * FROM Win32_NetworkAdapterConfiguration"); 

foreach (ManagementObject queryObj in searcher.Get())
{
	Console.WriteLine("-----------------------------------");
	Console.WriteLine("Win32_NetworkAdapterConfiguration instance");
	Console.WriteLine("-----------------------------------");

	if(queryObj["IPAddress"] == null)
		Console.WriteLine("IPAddress: {0}", queryObj["IPAddress"]);
	else
	{
		String[] arrIPAddress = (String[])(queryObj["IPAddress"]);
		foreach (String arrValue in arrIPAddress)
		{
			Console.WriteLine("IPAddress: {0}", arrValue);
		}
	}
}

2.5 Virtual memory file swapping

he Win32_PageFileUsage WMI class represents the file used for handling virtual memory file swapping on a Win32 system. Information contained within objects instantiated from this class specify the run-time state of the page file. For example the “CurrentUsage” of virtual memory file

ManagementObjectSearcher searcher = new ManagementObjectSearcher("root\\CIMV2", "SELECT * FROM Win32_PageFileUsage"); 

foreach (ManagementObject queryObj in searcher.Get())
{
	Console.WriteLine("-----------------------------------");
	Console.WriteLine("Win32_PageFileUsage instance");
	Console.WriteLine("-----------------------------------");
	Console.WriteLine("CurrentUsage: {0}", queryObj["CurrentUsage"]);
}

2.6 Process

The Win32_Process WMI class represents a process on an operating system. For example the “ReadOperationCount” of a process

ManagementObjectSearcher searcher = new ManagementObjectSearcher("root\\CIMV2", "SELECT * FROM Win32_Process"); 

foreach (ManagementObject queryObj in searcher.Get())
{
	Console.WriteLine("-----------------------------------");
	Console.WriteLine("Win32_Process instance");
	Console.WriteLine("-----------------------------------");
	Console.WriteLine("ReadOperationCount: {0}", queryObj["ReadOperationCount"]);
}

2.7 BitLocker Drive Encryption

The Win32_EncryptableVolume WMI provider class represents an area of storage on a hard disk that can be protected by using BitLocker Drive Encryption. Only NTFS volumes can be encrypted. It can be a volume that contains an operating system, or it can be a data volume on the local disk. It cannot be a network drive. For example, the “EncryptionMethod” was applied on drive

ManagementObjectSearcher searcher = new ManagementObjectSearcher("root\\CIMV2\\Security\\MicrosoftVolumeEncryption", "SELECT * FROM Win32_EncryptableVolume"); 

foreach (ManagementObject queryObj in searcher.Get())
{
	Console.WriteLine("-----------------------------------");
	Console.WriteLine("Win32_EncryptableVolume instance");
	Console.WriteLine("-----------------------------------");
	Console.WriteLine("EncryptionMethod: {0}", queryObj["EncryptionMethod"]);
}

2.8 Printer

The Win32_Printer WMI class represents a device connected to a computer running on a Microsoft Windows operating system that can produce a printed image or text on paper or other medium. For example, the “Name” of installed printer

ManagementObjectSearcher searcher = new ManagementObjectSearcher("root\\CIMV2", "SELECT * FROM Win32_Printer"); 

foreach (ManagementObject queryObj in searcher.Get())
{
	Console.WriteLine("-----------------------------------");
	Console.WriteLine("Win32_Printer instance");
	Console.WriteLine("-----------------------------------");
	Console.WriteLine("Name: {0}", queryObj["Name"]);
}

UPDATE 22.11.2013
Make a mirror for download link in case that WMI Code Create at Microsoft site down
Mirror 1: http://www.mediafire.com/download/78szsnzc4ulno3o/WMICodeCreator.zip
Mirror 2: https://app.box.com/s/uv1arsxg0zppluuq7om2
Mirror 3: https://mega.co.nz/#!G8xRUJjb!dQTq7DRLOUqocJw0_FKpSk7NCJJuzKY_qGefRYwsqnU

Leave a Reply

Your email address will not be published. Required fields are marked *