C # remote machine operation Through WMI

A few days ago, I still had no idea about WMI, and I didn't even know its abbreviation... However, projects use this knowledge, so we will share what we have learned over the past few days.

 

The following is the original description of WMI by MSDN:

 

Windows Management Instrumentation (WMI) is the infrastructure for management data

And operations on Windows-based operating systems. You can write WMI scripts or

Applications to automate administrative tasks on remote computers but WMI also supplies

Management data to other parts of the operating system and products.

WMI is a basic tool used to manage data and operations in Windows. You can write some WMI scripts or programs to automatically execute some tasks on a remote machine. At the same time, WMI also provides some data management functions. (This is not nonsense. It's the same as not speaking)

 

Let me take a look at my understanding: WMI is actually a tool for Windows management. Its management scope is not limited to the local machine, it can be managed as long as it is a Windows host that can be connected and the WMI service is enabled. The management scope is a little wide, including querying the hard disk and registry information of the machine, controlling the machine to execute some programs, and sharing some files or folders of the machine... (In fact, from an evil point of view, WMI is a very dangerous technology ...)

 

If you want to manipulate a remote machine, you must first connect to the remote machine. The key code is as follows:

 

ConnectionOptions ops = new ConnectionOptions (); // create a connection option ops. username = "Administrator"; // Username of the remote machine, which is assumed to be Administratorops. password = "123456"; // Password for the corresponding user name ops. enablePrivileges = true; string address = "127.0.0.1"; // remote machine IP address ManagementScope scope = new ManagementScope (@ "\" + address + @ "\ root \ cimv2 ", ops); // create a connection scope to the remote machine. connect (); // Connect

 

Okay. If the username, password, and IP address are correct, you can connect them. Careful children's shoes may ask, is "\ root \ cimv2" connected above a magic horse? Okay, this is a namespace. You need to specify which command space to connect to during connection. In fact, this is a bit similar to the Command Space in programming languages. Assume that the F1 function is in the Command Space N1 and F2 is in N2. If you connect to N2, so you can use F2 in N2, but not F1 in N1, because the connection is in N2 space and not in N1 space. Why is it necessary to connect to the "<address> \ root \ cimv2" space? This is because the common management functions of Windows are basically in this space (StdRegProv, an operation class for the Registry, is available in this space, and is also available under "<address> \ root \ DEFAULT, however, some versions of Windows only exist in the DEFAULT space, so we recommend that you connect to the DEFAULT space when operating the registry ).

 

After the connection, you can do something. How can we control remote computers? WMI provides a series of classes with corresponding methods. By calling these methods, you can complete your own ideas. Here is an example:

 

If (scope. isConnected) {// determine whether the connection is successful. ObjectGetOptions obj = new ObjectGetOptions (null, System. timeSpan. maxValue, true); // The object receiving option ManagementClass registry = new ManagementClass (scope, new ManagementPath ("StdRegProv"), obj ); // generate the remote StdRegProv object ManagementBaseObject inParams = registry. getMethodParameters ("GetStringValue"); // obtain the input parameter inParams ["hDefKey"] = 0x80000002 for the GetStringValue () method of StdRegProv; // represents HKEY_LOCAL_MACHINE inParams ["sSubKeyName"] = "SOFTWARE \ 7-Zip"; // registry key inParams ["sValueName"] = "Path "; // registry value name ManagementBaseObject outParams = registry. invokeMethod ("GetStringValue", inParams, null); // call the GetStringValue () method if (uint) outParams based on the parameters in inParams. properties ["ReturnValue"]. value = 0) {// If 0 is returned, the method is successfully executed. writeLine (string) outParams. properties ["sValue"]. value);} else {Console. writeLine ("GetStringValue () failed. ");}}

 

The above code first creates a StdRegProv Class Object remotely, obtains information such as the name of its GetStringValue () method parameter, and then assigns a value to it, call the GetStringValue () method for the assigned parameter. The return value of the method is identified by "ReturnValue" in the return parameter, in addition, the return values of parameters similar to the C # ref keyword are identified by the defined name. Does it look like it's really around? In fact, let's take a look at the StdRegProv class's GetStringValue () method declaration to understand everything:

 

Uint32 GetStringValue ([in] uint32 hDefKey = 2147483650, [in] string sSubKeyName, [in] string sValueName, [out] string sValue );

 

Are you sure you know? Parameters marked by [in] Must be input and passed to the method. Parameters marked by [out] Must be output. Their names correspond to the input and output parameters in the code above.

 

Now, Let's explain the function of the code above: Read the Path value from the Registry "HKEY_LOCAL_MACHINE \ SOFTWARE \ 7-Zip" key, and then display it. If 7-Zip is installed, the execution will succeed. If no key exists in the Registry, the execution will naturally fail. The function of this code can be used to determine whether 7-Zip is installed on a remote machine.

 

What is the hDefKey parameter? The following descriptions are available on MSDN:

 

HKEY_CLASSES_ROOT (2147483648 (0x80000000) HKEY_CURRENT_USER (2147483649 (0x80000001) HKEY_LOCAL_MACHINE (2147483650 (0x80000002) HKEY_USERS (2147483651 (0x80000003 )) HKEY_CURRENT_CONFIG (2147483653 (0x80000005) HKEY_DYN_DATA (2147483654 (0x80000006 ))

 

This is the origin of the unsigned 32-digit numbers corresponding to each root of the registry, which is defined in Winreg. h.

 

The title of this essay is to operate remote machines, but it seems that I have been explaining how to operate the registry of Remote Windows machines for a long time, and I am only explaining how to read it, is this a little farther away from the title? Yes, but I don't want to write about how to operate the hard disk, how to share it, and how to remotely create a process. Because there are too many features, if you want to write them completely, what is that? (PS: actually, it is impossible for me to write everything into ^_^ ). This article only explains the principle and uses the initial implementation of C #, which plays an interesting role. Because the implementation of other functions is similar, the WMI object is created remotely and then executed, for example, you can use the Create () method of the Win32_Process class to Create a process on a remote machine and use the Win32_Share class to share the process... So, what functions are needed? Go to MSDN. It knows a lot better than me (at least I copied a point here on MSDN, where I copied the vertex written ^_^ ).