Win32 Assembly calls WMI (core COM component of Windows Management System)

Two days ago, in order to write a Traffic Monitoring Program, the Internet is too much... I got to know WMI. Hey hey, I studied it. Okay !! Why is it difficult to call other interfaces?

The result is as follows:

 

 

; % %
Win32 Assembly calls WMI (COM component) to get the name and processorid ).
; ___ By G-spider 2010-9-19
; Web: http://blog.csdn.net/G_Spider
; QQ: 287014897
;----------------------------------------------------------
; Ml/C/coff my. ASM
; Link/subsystem: Console My. OBJ
; % %

. 386
. Model flat, stdcall
Option Casemap: None

Include windows. inc
Include kernel32.inc
Include user32.inc
Include masm32.inc
Include ole32.inc
Include oleaut32.inc


Includelib kernel32.lib
Includelib user32.lib
Includelib masm32.lib
Includelib ole32.lib
Includelib oleaut32.lib

. Data
;-------------------------
; // For testing
Buf dB 'good', 0
Sztitlesave dB 'Good luck ', 0
; FMT dB '% d', 0
Reline dB 0dh, 0ah, 'processorid: ', 0
;---------------------------

Clsid_wbemlocator guid <04590f811h, 01d3ah, 011d0h, <089 H, 01fh, 000 h, 0aah, 000 h, 04bh, 02eh, 024 h>
; // 4590f811-1d3a-11d0-891f-00aa004b2e24
Iid_iwbemlocator guid <0dc12a687h, 0737fh, 011cfh, <088 H, 04dh, 000 h, 0aah, 000 h, 04bh, 02eh, 024 h>
; // Dc12a687-737f-11cf-884d-00aa004b2e24

Stresource word 'R', 'O', 'O', 't', '/', 'C', 'I', 'M', 'V ', '2', 0
Stlanguage word 'w', 'Q', 'l', 0
Stquery word's ', 'E', 'l', 'E', 'E', 'C', 't',' * ',', 'F ', 'R', 'O', 'M', '', 'w', 'I', 'n', '3', '2 ','_', 'P', 'R', 'O', 'C', 'E', 'E', 's', 'O', 'R', 0

; // Modify to access different fields

Stname word 'n', 'A', 'M', 'E', 0
Stprocessorid word 'P', 'R', 'O', 'C', 'E', 's', 'O', 'R ', 'I', 'D ', 0

. Data?
Locator dd?
Services dd?
Results dd?
;--------------------------
Resource dd?
_ Language dd?
Query dd?

;--------------------------
Result dd?
Returnedcount dd?
_ Name dd?
Speed dd?
DeviceID dd?
Processorid dd?

Stoutname dB 100 DUP (?)
Stnmsize equ $-stoutname

Stoutprocessorid dB 80 DUP (?)
Stidsize equ $-stoutprocessorid
. Code
;---------------------------------------------------------------------------

Start:
Invoke sysallocstring, offset stresource
MoV resource, eax
Invoke sysallocstring, offset stlanguage
MoV _ language, eax
Invoke sysallocstring, offset stquery
MoV query, eax


; // Initialize com
Invoke coinitialize, 0
Invoke coinitializesecurity, null,-1, null, null, 0, 3, null, 0, null

Invoke cocreateinstance, offset clsid_wbemlocator, 0, clsctx_inproc_server, offset iid_iwbemlocator, offset Locator

;. If eax = s_ OK; // The test is successful.
; Invoke MessageBox, null, offset Buf, ADDR sztitlesave, 0
;. Endif

; // Locator-> lpvtbl-> connectserver (locator, resource, null, 0, null, null, & Services );
Push offset services
Push 0
Push 0
Push 0
Push 0
Push 0
Push 0
MoV ECx, Resource
Push ECx
MoV eax, Locator
Push eax
;-------------------------------------------------
MoV eax, dword ptr [eax]
Call dword ptr [eax + 12]

;. If eax = 0; // The test is successful.
; Invoke MessageBox, null, offset Buf, ADDR sztitlesave, 0
;. Endif

; // Services-> lpvtbl-> execquery (services, language, query, wbem_flag_bidirectional, null, & results );

Push offset results
Push 0
Push 0
MoV ECx, query
Push ECx
MoV edX, _ Language
Push edX
MoV eax, services
Push eax
;--------------------------------------------------
MoV eax, [eax]
Call dword ptr [eax + 80]
;. If eax = 0; // The test is successful.
; Invoke MessageBox, null, offset Buf, ADDR sztitlesave, 0
;. Endif

. If results! = 0
MoV dword ptr result, 0
MoV dword ptr returnedcount, 0
; // Results-> lpvtbl-> next (results, wbem_infinite, 1, & result, & returnedcount)
Push offset returnedcount
Push offset result
Push 1
Push-1
MoV eax, results
Push eax
;--------------------------------------------------
MoV eax, [eax]
Call dword ptr [eax + 16]
;. If eax = 0; // success
; Invoke MessageBox, null, offset Buf, ADDR sztitlesave, 0
;. Endif

. If eax = 0
; // Result-> lpvtbl-> get (result, l "name", 0, & name, 0, 0 );
Push 0
Push 0
Push offset _ name
Push 0
Push offset stname
MoV eax, result
Push eax
;----------------------------------------------------
MoV eax, dword ptr [eax]
Call dword ptr [eax + 16]
;. If eax = 0; // The test is successful.
; Invoke MessageBox, null, offset Buf, ADDR sztitlesave, 0
;. Endif
MoV ESI, offset _ name
; MoV eax, [esi]
; Invoke wsprintf, offset Buf, offset FMT, eax; // vt_bstr = 8 should be returned, correct !!

MoV eax, [ESI + 8]; /// it's critical !! Understanding of variant struct
 
Invoke widechartomultibyte, cp_acp, wc_compositecheck, eax,-1, offset stoutname, stnmsize,; // set
Invoke stdout, offset stoutname

Invoke stdout, offset reline; // start another line
; // Result-> lpvtbl-> get (result, l "processorid", 0, & processorid, 0, 0 );
Push 0
Push 0
Push offset processorid
Push 0
Push offset stprocessorid
MoV eax, result
Push eax
;----------------------------------------------------
MoV eax, dword ptr [eax]
Call dword ptr [eax + 16]

MoV ESI, offset processorid
MoV eax, [ESI + 8]
 
Invoke widechartomultibyte, cp_acp, wc_compositecheck, eax,-1, offset stoutprocessorid, stidsize, 0, 0; // set
Invoke stdout, offset stoutprocessorid

; // Result-> lpvtbl-> release (result );

MoV eax, dword ptr result
Push eax
;----------------------------------------------------
MoV ECx, dword ptr result
MoV edX, dword ptr [ECx]
MoV eax, dword ptr [edX + 8]
Call eax
. Endif
. Endif

; //// Release WMI com Interfaces
; // Results-> lpvtbl-> release (results );
; // Services-> lpvtbl-> release (services );
; // Locator-> lpvtbl-> release (Locator );
MoV eax, dword ptr results
Push eax
;---------------------------
MoV eax, dword ptr [eax]
Call dword ptr [eax + 8]

MoV eax, dword ptr services
Push eax
;--------------------------
MoV eax, dword ptr [eax]
Call dword ptr [eax + 8]

MoV eax, dword ptr Locator
Push eax
;--------------------------
MoV eax, dword ptr [eax]
Call dword ptr [eax + 8]

; // Unwind everything else we 've allocated
; // Couninitialize ();
Invoke couninitialize

; // Sysfreestring (query );
; // Sysfreestring (language );
; // Sysfreestring (Resource );
Invoke sysfreestring, query
Invoke sysfreestring, _ Language
Invoke sysfreestring, Resource

Invoke exitprocess, eax

End start
;--------------------------------------
; Annotation of the variant struct
; Struct tagvariant
;{
; Union
;{
; Struct _ tagvariant
;{
; Vartype VT;
; Word wreserved1;
; Word wreserved2;
; Word wreserved3;
; Union
;{
; Longlong llval;
; Long lval;
; Byte bval;
; Short ival;
; Float fltval;
; Double dblval;
; Variant_bool boolval;
; _ Variant_bool bool;
; Scode;
; CY cyval;
; Date;
; BSTR bstrval; <------------- (used in this program)
; Iunknown * punkval;
; Idispatch * pdispval;
; Safearray * parray;
; Byte * pbval;
; Short * pival;
; Long * plval;
; Longlong * pllval;
; Float * pfltval;
; Double * pdblval;
; Variant_bool * pboolval;
; _ Variant_bool * pbool;
; Scode * pscode;
; CY * pcyval;
; Date * pdate;
; BSTR * pbstrval;
; Iunknown ** ppunkval;
; Idispatch ** ppdispval;
; Safearray ** pparray;
; Variant * pvarval;
; Pvoid byref;
; Char cval;
; Ushort uival;
; Ulong ulval;
; Ulonglong ullval;
; Int intval; <--------------
; Uint uintval;
; Decimal * pdecval;
; Char * pcval;
; Ushort * puival;
; Ulong * pulval;
; Ulonglong * pullval;
; Int * pintval;
; Uint * puintval;
; Struct _ tagbrecord
;{
; Pvoid pvrecord;
; Irecordinfo * precinfo;
;} _ Variant_name_4;
;} _ Variant_name_3;
;} _ Variant_name_2;
; Decimal decval;
;} _ Variant_name_1;
;};
;--------------------------------------------