WMI is a windows Library used to get the information like no of processes running currently in the computer and their event notifications like process creation modification and deletion notifications, cumputer's name, version, Win32 processes list etc
The information above mentioned can be fetched not only from local PC but also the remote machine too..
WMI can be accessed through a query langauge in two ways they are:
1. WBEMTEST.exe [GUI Tool]
2 WMIC- stands for WMI Commandline tool
3. Programatically [using Powershell and VBScript]
1. wbemtest.exe:
How to start
1. go to start
2. go to Run
3. Type wbemtest.exe
4. the following window opens up.
Queries that can be run with this tool
1. Usual queries
2. Notification queries
Usual queries are used to query the processes and other system information etc. the query fetches the information from repository and ends the task.
Example Query:
SELECT * From Win32_Process
the above syntax fetches the current running Win32 process.
Notification queries are those which runs continuously and gives the notification of Process creation, modification and deletion and returns the object through which process information can be fetched accordingly.
Example Query:
SELECT * FROM __InstanceDeletionEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'
the above query notifies us whenever an existing process is deleted. WITHIN clause checks the condition for every 1 second. this query needs to be executed in Notification Query window. please refer the above figure.
SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'
This above query notifies when new process is created
2. WMIC.exe
The second approach for accessing WMI is WMIC.exe which is a command line tool.
1. goto start
2. goto Run
3. open the CMD.exe
4. type wmic.exe
the above steps opens up the wmic command line tool where we can fetch OS, Processes, memory information and many more :) details of a PC.
Example command
Process List
the Process list command lists the all the processes running currently in local machine.
Apart of these tools we can access the WMI through programs too using VBScript and Powershell.
The information above mentioned can be fetched not only from local PC but also the remote machine too..
WMI can be accessed through a query langauge in two ways they are:
1. WBEMTEST.exe [GUI Tool]
2 WMIC- stands for WMI Commandline tool
3. Programatically [using Powershell and VBScript]
1. wbemtest.exe:
How to start
1. go to start
2. go to Run
3. Type wbemtest.exe
4. the following window opens up.
Queries that can be run with this tool
1. Usual queries
2. Notification queries
Usual queries are used to query the processes and other system information etc. the query fetches the information from repository and ends the task.
Example Query:
SELECT * From Win32_Process
the above syntax fetches the current running Win32 process.
Notification queries are those which runs continuously and gives the notification of Process creation, modification and deletion and returns the object through which process information can be fetched accordingly.
Example Query:
SELECT * FROM __InstanceDeletionEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'
the above query notifies us whenever an existing process is deleted. WITHIN clause checks the condition for every 1 second. this query needs to be executed in Notification Query window. please refer the above figure.
SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'
This above query notifies when new process is created
2. WMIC.exe
The second approach for accessing WMI is WMIC.exe which is a command line tool.
1. goto start
2. goto Run
3. open the CMD.exe
4. type wmic.exe
the above steps opens up the wmic command line tool where we can fetch OS, Processes, memory information and many more :) details of a PC.
Example command
Process List
the Process list command lists the all the processes running currently in local machine.
Apart of these tools we can access the WMI through programs too using VBScript and Powershell.
Happy Coding! :)