Today, I would like to introduce a friend to you. It is Microsoft Windows Management Instrumentation (WMI). The Chinese name is windows management specification. Since Windows 2000, WMI (Windows Management specification) has been built into the operating system, and has become an important part of windows system management. So it’s easy to see it, because we should at least be a Windows 2000 user. Now I’m going to go into every detail of it so that you never know it and love it.
What can WMI do?
WMI can not only obtain the desired computer data, but also be used for remote control. Remote control computer is a favorite thing. Many remote monitoring and control software usually run the server-side background program on the remote computer and a client-side control program on the local computer to realize the remote control of the computer through the collaboration of the two programs. The disadvantages of this method are very obvious. When the server program is closed, this remote monitoring can not be realized because there is no internal line. The remote monitoring and control of the WMI implementation does not need to install anything else on the server side. The system will open the WMI service by default. Specifically, the capabilities of WMI are as follows:
1. Obtain hardware and software information of local and remote computers.
2. Monitor the running status of software and services of local and remote computers.
3. Control the operation of software and services of local and remote computers.
4. Advanced applications.
How do I access WMI?
When we know some of WMI’s abilities, we’ve already wanted to know how to get to know him and make use of him. There are many ways to make use of WMI. To put it simply, there are three ways:
1. Common query and operation can be realized through various tools provided by Microsoft. It mainly includes the wmic under the command prompt and the WMI tool provided by Microsoft. You can download it on the Microsoft website for free. Of course, I can also provide it to you for free.
2. More flexible operation can be realized by writing script. To be really flexible and practical, it is necessary to be familiar with WSH scripts. Of course, if you are not familiar with them, I will explain them in detail later.
3. Access and operate it by writing our own program. Any language will do. If using. Net class program to be simpler, if using VC to be more complex, at least I think so.
Another way to visit it is to go to one of its nests. Everything in the directory of C: Windows / system32 / WBEM is closely related to it. There are logs and various tools. You can find many answers in it. However, these things are generally not suitable for us novices to play, feeling a bit scary.
Our mission today?
Today we have five tasks:
Task 1: use wmic to list all processes on the remote computer.
Task 2: use wmic to close the local process.
Task 3: save the process information of remote host in a web page through wmic
Task 4: use script to monitor the other party’s process in real time
Task 5: make use of scripts to open and share with each other
To view and monitor the process, we have to kill the process, and finally open a share for each other. Our friend has done all the bad things. Understand our mission, and we’re on our way. This time, we will mainly use wmic and script to achieve our task, so we will mainly be divided into two parts to explain. In the actual combat of the five tasks, we will understand it more deeply. It doesn’t matter if there is no foundation. I will try my best to explain all the so-called foundations, so that you can easily communicate with this friend.
The first part: using wmic to understand WMI
Wmic is the abbreviation of Windows Management Instrumentation commandline. Wmic extends WMI and provides support for system management from command line interface and batch command script. Provides a powerful and friendly command line interface for the WMI namespace. With wmic, WMI is very approachable.
Executing the wmic command starts the wmic command line environment. When executing the wmic command for the first time, windows must first install wmic, and then display the command line prompt of wmic. At the wmic command line prompt, commands are executed interactively. If you don’t know how to interact with it, please click a “/?” and read all the instructions carefully, and you will know. Wmic can also run in a non interactive mode. Non interactive mode is useful if you want to perform a single step task or run a series of wmic commands in a batch command. To use non interactive mode, just start wmic on the same command line and enter the command to execute.
1. Task 1: use wmic to list all processes on the remote computer
This is a very simple task to implement. It is as simple as using a DOS command. Because we need to step by step, we have arranged such a warm-up task. Type the following command at the command prompt, and we’ll see.
WMIC /node:192.168.1.2 /user:net process
1) Node and user in the above command are global switches. If you don’t want to enter the password again, you can also use the password switch, and then write the password (wmic)/ node:192.168.1.2 / user:net / password:password process）。 Please note that the user name and password here must be administrator level, others are invalid. Wmic provides a large number of global switches, aliases, verbs, commands and rich command lines to help enhance the user interface. Global switches are options for configuring the entire wmic session.
2) Process is an alias, executing a Win32_ For WQL query of process class, as for what is the class of WMI, if you are interested, you can find information and learn more about it. If you are lazy, wait for me to give you a lecture. Aliases are an intermediate layer of simplified syntax for users and the WMI namespace. When you specify an alias, the verb (verb) indicates the action to be performed.
3) If you like, you can add a verb after it, such as “list full” (e.g. wmic/ node:192.168.1.2 / user:net / password:password So you can see it more clearly.
Tip: the machine with wmic installed can be connected to any machine with WMI installed. The connected machine does not need to install wmic.
2. Task 2: use wmic to close the local process
Executing the following command will close the running QQ. I am relatively timid, so I dare not turn off other people’s QQ, can only take my QQ test, if your IQ is enough, if you have more courage, you will close others soon.
process where name=”qq.exe” call terminate
1) This time, we use interactive method to execute the task. I won’t say much about the specific interface. The picture is much better than what I said.
2) Call is also a verb. This verb is very powerful. No one who controls a class does not use it. It is a general who can call various methods of various classes. Here we call the terminate method. Literally, you can see it’s vicious.
3) Where allows you to query and filter. Find what you want in the super many instances. Instance refers to the concrete implementation of each class. The processes shown in the previous example are called Win32_ An instance in process.
3. Task 3: save the process information of remote host in a web page through wmic
This task is roughly the same as that in task 1, which is an enhancement of task 1. In task one, the information is displayed as text. In fact, in addition to text output, wmic can also return command execution results in other forms, such as XML, HTML, or CSV (comma separated text file), as shown in Figure 3. We can type in the following command:
wmic /output:C:\1.html /node:192.168.1.2 /user:net process list full /format:hform.xsl
1) The global switch output indicates where to store this information.
2) The global switch format indicates what format to use. As for the formats that can be used, you can refer to the *. XSL file in the directory of C: Windows / system32 / WBEM. You don’t even care where they come from, just use it. Look next to each other and you’ll find what you like.
The second part: using script to understand WMI
Command prompt tool is really easy to use, but it does not show that we are masters, masters are able to use the program to achieve the purpose. Now we will start to use the foot to realize our task. The function will be more powerful and the operation will be more flexible.
Whether a script or a real program, in order to retrieve the information of the WMI managed resources and then query and utilize WMI, the following three steps should be followed.
1. Connect to the WMI service. Establish a connection to the windows management service on the target computer.
2. Retrieve instances of WMI managed resources. It depends largely on the task to be performed.
3. Display the properties of an instance of WMI and call its methods.