从 Windows 驱动程序执行 WMI 方法的示例
Example for executing a WMI method from Windows Driver
我正在寻找如何从 Windows 驱动程序执行 WMI 方法的示例。
我需要从 class MY_WMI_CLASS
调用 TestFunction
[WMI, dynamic: ToInstance, provider("xxx"), Locale("some"), Description("test xxx"), guid("{someguidhere}")]
class MY_WMI_CLASS
{
[key, read] string InstanceName;
[read] boolean Active;
[WmiMethodId(1),
Implemented,
Description("Test xxx")]
void TestFunction([out, Description("Test f")] uint32 Data);
};
MSDN 说我必须打电话
IoWMIQueryAllData, https://msdn.microsoft.com/en-us/library/windows/hardware/ff550453(v=vs.85).aspx
和
IoWMIExecuteMethod, https://msdn.microsoft.com/en-us/library/windows/hardware/ff550438(v=vs.85).aspx
函数。 IoWMIExecuteMethod 函数有一个我不知道如何获取的 InstanceName 参数。
NTSTATUS IoWMIExecuteMethod(
_In_ PVOID DataBlockObject,
_In_ PUNICODE_STRING InstanceName,
_In_ ULONG MethodId,
_In_ ULONG InBufferSize,
_Inout_ PULONG OutBufferSize,
_Inout_ PUCHAR InOutBuffer
);
找到了我自己的问题的答案。
PVOID wmiObject = NULL;
ULONG allocSize = 100;
UCHAR pBuffer[100] = ;
//Open block
rc = IoWMIOpenBlock(&guid, WMIGUID_EXECUTE, &wmiObject);
//get instance name
rc = IoWMIQueryAllData(wmiObject, &allocSize, pBuffer);
WNODE_ALL_DATA *pWNode = (WNODE_ALL_DATA*)pBuffer;
ULONG offset = *((PULONG)(pBuffer + pWNode->OffsetInstanceNameOffsets));
PWCHAR str = (PWCHAR)(pBuffer + offset + 2);
UNICODE_STRING uniInstanceName = { 0 };
RtlInitUnicodeString(&uniInstanceName, str);
UINT8 data[100];
size = 100;
//execute a method
rc = IoWMIExecuteMethod(wmiObject, &uniInstanceName, 1, 0, &size, data);
我正在寻找如何从 Windows 驱动程序执行 WMI 方法的示例。 我需要从 class MY_WMI_CLASS
调用 TestFunction[WMI, dynamic: ToInstance, provider("xxx"), Locale("some"), Description("test xxx"), guid("{someguidhere}")]
class MY_WMI_CLASS
{
[key, read] string InstanceName;
[read] boolean Active;
[WmiMethodId(1),
Implemented,
Description("Test xxx")]
void TestFunction([out, Description("Test f")] uint32 Data);
};
MSDN 说我必须打电话
IoWMIQueryAllData, https://msdn.microsoft.com/en-us/library/windows/hardware/ff550453(v=vs.85).aspx
和
IoWMIExecuteMethod, https://msdn.microsoft.com/en-us/library/windows/hardware/ff550438(v=vs.85).aspx
函数。 IoWMIExecuteMethod 函数有一个我不知道如何获取的 InstanceName 参数。
NTSTATUS IoWMIExecuteMethod(
_In_ PVOID DataBlockObject,
_In_ PUNICODE_STRING InstanceName,
_In_ ULONG MethodId,
_In_ ULONG InBufferSize,
_Inout_ PULONG OutBufferSize,
_Inout_ PUCHAR InOutBuffer
);
找到了我自己的问题的答案。
PVOID wmiObject = NULL;
ULONG allocSize = 100;
UCHAR pBuffer[100] = ;
//Open block
rc = IoWMIOpenBlock(&guid, WMIGUID_EXECUTE, &wmiObject);
//get instance name
rc = IoWMIQueryAllData(wmiObject, &allocSize, pBuffer);
WNODE_ALL_DATA *pWNode = (WNODE_ALL_DATA*)pBuffer;
ULONG offset = *((PULONG)(pBuffer + pWNode->OffsetInstanceNameOffsets));
PWCHAR str = (PWCHAR)(pBuffer + offset + 2);
UNICODE_STRING uniInstanceName = { 0 };
RtlInitUnicodeString(&uniInstanceName, str);
UINT8 data[100];
size = 100;
//execute a method
rc = IoWMIExecuteMethod(wmiObject, &uniInstanceName, 1, 0, &size, data);