Finding all WMI class names within a WMI namespace with .NET C#

September 12, 2017 Leave a comment

In this post we saw an example of using WMI objects such as ConnectionOptions, ObjectQuery and ManagementObjectSearcher to enumerate all local drives on a computer. Recall the SQL-like query we used:

ObjectQuery objectQuery = new ObjectQuery("SELECT Size, Name FROM Win32_LogicalDisk where DriveType=3");

We’ll now see a technique to list all WMI classes within a WMI namespace. First we get hold of the WMI namespaces:

Read more of this post

Advertisement

Filed under .NET, Diagnostics Tagged with , ,

Finding all WMI class properties with .NET C#

January 8, 2017 1 Comment

In this post we saw how to enumerate all WMI – Windows Management Intrumentation – namespaces and classes. Then in this post we saw an example of querying the system to retrieve all local drives:

Read more of this post

Filed under .NET, Diagnostics Tagged with , ,

Finding all WMI class names within a WMI namespace with .NET C#

December 2, 2016 Leave a comment

In this post we saw an example of using WMI objects such as ConnectionOptions, ObjectQuery and ManagementObjectSearcher to enumerate all local drives on a computer. Recall the SQL-like query we used:

ObjectQuery objectQuery = new ObjectQuery("SELECT Size, Name FROM Win32_LogicalDisk where DriveType=3");

We’ll now see a technique to list all WMI classes within a WMI namespace. First we get hold of the WMI namespaces:

Read more of this post

Filed under .NET, Diagnostics Tagged with , ,

Getting notified by a Windows process change in C# .NET

December 1, 2016 Leave a comment

In this post we saw an example of using the ManagementEventWatcher object and and EventQuery query. The SQL-like query was used to subscribe to a WMI – Windows Management Instrumentation – level event, namely a change in the status of a Windows service. I won’t repeat the explanation here again concerning the techniques used. So if this is new to you then consult that post, the code is very similar.

In this post we’ll see how to get notified by the creation of a new Windows process. This can be as simple as starting up Notepad. A Windows process is represented by the Win32_Process WMI class which will be used in the query. We’ll take a slightly different approach and use the WqlEventQuery object which derives from EventQuery.

Consider the following code:

Read more of this post

Filed under .NET, Diagnostics Tagged with , ,

Finding all Windows Services using WMI in C# .NET

November 30, 2016 Leave a comment

In this post we saw how to retrieve all logical drives using Windows Management Instrumentation – WMI -, and here how to find all network adapters.

Say you’d like to get a list of all Windows Services and their properties running on the local – “root” – machine, i.e. read the services listed here:

Services window

The following code will find all non-null properties of all Windows services found:

Read more of this post

Filed under .NET, Diagnostics Tagged with , ,

4 ways to enumerate processes on Windows with C# .NET

September 7, 2016 Leave a comment

The Process object in the System.Diagnostics namespace refers to an operating-system process. This object is the entry point into enumerating the processes currently running on the OS.

This is how you can find the currently active process:

Process current = Process.GetCurrentProcess();
Console.WriteLine(current);

…which will yield the name of the process running this short test code.

Read more of this post

Filed under .NET, Diagnostics Tagged with , ,

4 ways to enumerate processes on Windows with C# .NET

February 3, 2016 Leave a comment

The Process object in the System.Diagnostics namespace refers to an operating-system process. This object is the entry point into enumerating the processes currently running on the OS.

This is how you can find the currently active process:

Process current = Process.GetCurrentProcess();
Console.WriteLine(current);

…which will yield the name of the process running this short test code.

Read more of this post

Filed under .NET, Diagnostics Tagged with , ,

Getting notified by a Windows process change in C# .NET

December 3, 2014 Leave a comment

In this post we saw an example of using the ManagementEventWatcher object and and EventQuery query. The SQL-like query was used to subscribe to a WMI – Windows Management Instrumentation – level event, namely a change in the status of a Windows service. I won’t repeat the explanation here again concerning the techniques used. So if this is new to you then consult that post, the code is very similar.

In this post we’ll see how to get notified by the creation of a new Windows process. This can be as simple as starting up Notepad. A Windows process is represented by the Win32_Process WMI class which will be used in the query. We’ll take a slightly different approach and use the WqlEventQuery object which derives from EventQuery.

Consider the following code:

private static void RunManagementEventWatcherForWindowsProcess()
{
	WqlEventQuery processQuery = new WqlEventQuery("__InstanceCreationEvent", new TimeSpan(0, 0, 2), "targetinstance isa 'Win32_Process'");
	ManagementEventWatcher processWatcher = new ManagementEventWatcher(processQuery);
	processWatcher.Options.Timeout = new TimeSpan(0, 1, 0);
	Console.WriteLine("Open an application to trigger the event watcher.");
	ManagementBaseObject nextEvent = processWatcher.WaitForNextEvent();
	ManagementBaseObject targetInstance = ((ManagementBaseObject)nextEvent["targetinstance"]);
	PropertyDataCollection props = targetInstance.Properties;
	foreach (PropertyData prop in props)
	{
		Console.WriteLine("Property name: {0}, property value: {1}", prop.Name, prop.Value);
	}
	processWatcher.Stop();
}

In the Windows service example we used the following query:

SELECT * FROM __InstanceModificationEvent within 2 WHERE targetinstance isa ‘Win32_Service’

The WqlEventQuery constructor builds up a very similar statement. The TimeSpan refers to “within 2”, i.e. we want to be notified 2 seconds after the creation event. “targetinstance isa ‘Win32_Process'” corresponds to “WHERE targetinstance isa ‘Win32_Service'” of EventQuery.

Run this code and open an application. I got the following output for Notepad++:

NotepadPlusPlus process created

…and this for IE:

IE process created

You can view all posts related to Diagnostics here.

Filed under .NET, Diagnostics Tagged with , ,

Getting notified by a Windows Service status change in C# .NET

December 2, 2014 3 Comments

The ManagementEventWatcher object in the System.Management namespace makes it possible to subscribe to events within the WMI – Windows Management Instrumentation – context. A change in the status of a Windows service is such an event and it’s possible to get notified when that happens.

We saw examples of WMI queries on this blog before – check the link below – and the ManagementEventWatcher object also requires an SQL-like query string. Consider the following function:

private static void RunManagementEventWatcherForWindowsServices()
{
	EventQuery eventQuery = new EventQuery();
	eventQuery.QueryString = "SELECT * FROM __InstanceModificationEvent within 2 WHERE targetinstance isa 'Win32_Service'";	
	ManagementEventWatcher demoWatcher = new ManagementEventWatcher(eventQuery);
	demoWatcher.Options.Timeout = new TimeSpan(1, 0, 0);
	Console.WriteLine("Perform the appropriate change in a Windows service according to your query");
	ManagementBaseObject nextEvent = demoWatcher.WaitForNextEvent();			
	ManagementBaseObject targetInstance = ((ManagementBaseObject)nextEvent["targetinstance"]);
	PropertyDataCollection props = targetInstance.Properties;
	foreach (PropertyData prop in props)
	{
		Console.WriteLine("Property name: {0}, property value: {1}", prop.Name, prop.Value);
	}

	demoWatcher.Stop();
}

We declare the query within an EventQuery object. Windows services are of type “Win32_Service” hence the “where targetinstance isa ‘Win32_Service'” clause. “within 2” means that we want to be notified 2 seconds after the status change has been detected. A change event is represented by the __InstanceModificationEvent class. There are many similar WMI system classes. A creation event corresponds to the __InstanceCreationEvent class. So the query is simply saying that we want to know of any status change in any Windows service 2 seconds after the change.

The timeout option means that the ManagementEventWatcher object will wait for the specified amount of time for the event to occur. After this a timeout exception will be thrown so you’ll need to handle that.

In order to read the properties of the Windows service we need to go a level down to “targetinstance” and read the properties of that ManagementBaseObject. Otherwise the “nextEvent” object properties are not too informative.

Run this code, open the Windows services window and stop or pause any Windows service. I stopped the Tomcat7 service running on my PC and got the following Console output:

Stopping any service caught by event watcher

You can of course refine your query using the property names of the target instance. You can always check the property names on MSDN. E.g. if you open the above link to the Win32_Service object then you’ll see that it has a “state” and a “name” property. So in case you’ll want to know that a service name “Tomcat7” was stopped then you can have the following query:

eventQuery.QueryString = "SELECT * FROM __InstanceModificationEvent within 2 WHERE targetinstance isa 'Win32_Service' and targetinstance.state = 'Stopped' and targetinstance.name = 'Tomcat7'";

In this case starting Tomcat7 won’t trigger the watcher. Neither will stopping any other Windows service. The event watcher will only react if a service names “Tomcat7” was stopped, i.e. the “Status” property of the target instance was set to “Stopped”.

You can view all posts related to Diagnostics here.

Filed under .NET, Diagnostics Tagged with , , ,

Finding all Windows Services using WMI in C# .NET

November 28, 2014 Leave a comment

In this post we saw how to retrieve all logical drives using Windows Management Instrumentation – WMI -, and here how to find all network adapters.

Say you’d like to get a list of all Windows Services and their properties running on the local – “root” – machine, i.e. read the services listed here:

Services window

The following code will find all non-null properties of all Windows services found:

private static void ListAllWindowsServices()
{
	ManagementObjectSearcher windowsServicesSearcher = new ManagementObjectSearcher("root\\cimv2", "select * from Win32_Service");
	ManagementObjectCollection objectCollection = windowsServicesSearcher.Get();

	Console.WriteLine("There are {0} Windows services: ", objectCollection.Count);

	foreach (ManagementObject windowsService in objectCollection)
	{
		PropertyDataCollection serviceProperties = windowsService.Properties;
		foreach (PropertyData serviceProperty in serviceProperties)
		{
			if (serviceProperty.Value != null)
			{
				Console.WriteLine("Windows service property name: {0}", serviceProperty.Name);
				Console.WriteLine("Windows service property value: {0}", serviceProperty.Value);
			}
		}
		Console.WriteLine("---------------------------------------");
	}
}

At the time of writing this post I had 196 services running on my PC. Here’s an example of the output for the Adobe Flash Player Update service:

Adobe Flash Player service properties

Once you know the property names of the WMI class then you can extend the SQL query. E.g. here’s how to find all non-running services:

ManagementObjectSearcher windowsServicesSearcher = new ManagementObjectSearcher("root\\cimv2", "select * from Win32_Service where Started = FALSE");

You can view all posts related to Diagnostics here.

Filed under .NET, Diagnostics Tagged with , ,

Older posts

Elliot Balynn's Blog

A directory of wonderful thoughts

Software Engineering

Web development

Disparate Opinions

Various tidbits

chsakell's Blog

WEB APPLICATION DEVELOPMENT TUTORIALS WITH OPEN-SOURCE PROJECTS

Once Upon a Camayoc

Bite-size insight on Cyber Security for the not too technical.

%d bloggers like this: