介绍 #
Windows Management Instrumentation
WMI是Windows的一组扩展,可提供有关计算机系统的信息和通知。
MI允许脚本语言在本地和远程管理Microsoft Windows计算机。
WMI允许您执行各种操作,包括但不限于:
- 获取正在运行的进程的列表
- 获取已安装程序的列表
- 缺少启动程序
- 获取磁盘使用率
- 获取计算机的品牌,型号和序列号
- 获取当前的内存和CPU使用率
- 创建新流程时获取通知
- 在计算机进入或退出睡眠模式时获取通知
- 创建并终止进程
- 关闭电脑
https://docs.microsoft.com/zh-cn/windows/win32/cimwin32prov/cimwin32-wmi-providers
microsoft官网地址
Go语言操作 #
go get github.com/StackExchange/wmi
获取正在运行的进程的列表 #
https://docs.microsoft.com/zh-cn/windows/win32/cimwin32prov/win32-process
字段对应,特殊字段(datetime -> time.time)
type Win32_Process struct {
CSName string
Description string
ExecutablePath string
ExecutionState uint16
Handle string
Name string
OSName string
ProcessId uint32
func GetProcess() {
var dst []Win32_Process
errQuery := wmi.Query("Select * from Win32_Process", &dst)
if errQuery != nil {
fmt.Println("err", errQuery)
}
for _, p := range dst {
fmt.Printf("名称:%s\t进程:%d\t句柄:%s\n",p.Name,p.ProcessId,p.Handle)
}
}
输出结果:
名称:System Idle Process 进程:0 句柄:0
名称:System 进程:4 句柄:4
名称:smss.exe 进程:420 句柄:420
名称:csrss.exe 进程:564 句柄:564
名称:wininit.exe 进程:668 句柄:668
名称:services.exe 进程:824 句柄:824
名称:lsass.exe 进程:832 句柄:832
名称:svchost.exe 进程:928 句柄:928
名称:svchost.exe 进程:992 句柄:992
名称:svchost.exe 进程:532 句柄:532
...
处理器Cpu信息 #
https://docs.microsoft.com/zh-cn/windows/win32/cimwin32prov/win32-processor
type Win32_Processer struct {
Caption string
Name string
SystemName string
ProcessorId string
ProcessorType uint16
}
func GetProcesser() {
var dst []Win32_Processer
errQuery := wmi.Query("select * from Win32_Processor", &dst)
if errQuery != nil {
fmt.Println("err", errQuery)
}
for _, p := range dst {
fmt.Printf("%+v\n",p)
}
}
#输出
{Caption:Intel64 Family 6 Model 61 Stepping 4 Name:Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz SystemName:VKRN8DIPVKH9S80 ProcessorId:BFEBFBFF000306D4 ProcessorType:3}
获取磁盘信息 #
https://docs.microsoft.com/zh-cn/windows/win32/cimwin32prov/win32-logicaldisk
type Win32_LogicalDisk struct {
Access uint16
Availability uint16
BlockSize uint64
Caption string
Compressed bool
ConfigManagerErrorCode uint32
ConfigManagerUserConfig bool
CreationClassName string
Description string
DeviceID string
DriveType uint32
ErrorCleared bool
ErrorDescription string
ErrorMethodology string
FileSystem string
FreeSpace uint64
InstallDate string
LastErrorCode uint32
MaximumComponentLength uint32
MediaType uint32
Name string
NumberOfBlocks uint64
PNPDeviceID string
PowerManagementCapabilities []uint16
PowerManagementSupported bool
ProviderName string
Purpose string
QuotasDisabled bool
QuotasIncomplete bool
QuotasRebuilding bool
Size string
Status string
StatusInfo uint16
SupportsDiskQuotas bool
SupportsFileBasedCompression bool
SystemCreationClassName string
SystemName string
VolumeDirty bool
VolumeName string
VolumeSerialNumber string
}
// t 2、移动磁盘 3、本地磁盘 4、网络驱动器 5、光盘 6、RAM 磁盘
func GetDiskInfo(t uint32) {
// 创建wmi客户端
s, err := wmi.InitializeSWbemServices(wmi.DefaultClient)
defer s.Close()
if err != nil {
log.Fatalf("InitializeSWbemServices: %s", err)
}
//// 查询的数据类型
var dst []Win32_LogicalDisk
// 查询的条件
//q := wmi.CreateQuery(&dst, "WHERE DriveType=2")
// 查询信息
errQuery := wmi.Query(fmt.Sprintf("select * from Win32_LogicalDisk where DriveType=%d",t), &dst)
if errQuery != nil {
fmt.Println("err", errQuery)
}
for _, value := range dst {
fmt.Printf("%+v\n", value)
}
}
即插即用设备 #
https://docs.microsoft.com/zh-cn/windows/win32/cimwin32prov/win32-pnpentity
// 即插即用设备
type PnPEntity struct {
Availability uint16
Caption string
ClassGuid string
CompatibleID []string
ConfigManagerErrorCode uint32
ConfigManagerUserConfig bool
CreationClassName string
Description string
DeviceID string
ErrorCleared bool
ErrorDescription string
HardwareID []string
InstallDate time.Time
LastErrorCode uint32
Manufacturer string
Name string
PNPClass string
PNPDeviceID string
PowerManagementCapabilities []uint16
PowerManagementSupported bool
Present bool
Service string
Status string
StatusInfo uint16
SystemCreationClassName string
SystemName string
}
func GetPnPEntity() {
var dst []PnPEntity
str := "SELECT * FROM Win32_PnPEntity"
err := wmi.Query(str, &dst)
if err != nil {
log.Fatal(err)
return
}
for _, v := range dst {
fmt.Println(v)
}
}
查询有效IP地址 #
https://docs.microsoft.com/zh-cn/windows/win32/cimwin32prov/win32-networkadapterconfiguration
type Win32_NetworkAdapterConfiguration struct {
IPAddress []string
DefaultIPGateway []string
InterfaceIndex uint32
IPEnabled bool
IPFilterSecurityEnabled bool
IPPortSecurityEnabled bool
MACAddress string
}
func main() {
var dst []Win32_NetworkAdapterConfiguration
str := "select * from Win32_NetworkAdapterConfiguration WHERE (IPEnabled = 'true')"
err := wmi.Query(str, &dst)
if err != nil {
log.Fatal(err)
return
}
for _, v := range dst {
if v.DefaultIPGateway != nil {
fmt.Println(v)
}
}
}
// 硬盘序列号
"SELECT * FROM Win32_DiskDrive WHERE (SerialNumber IS NOT NULL) AND (MediaType LIKE 'Fixed hard disk%')"
// 主板序列号
"SELECT * FROM Win32_BaseBoard WHERE (SerialNumber IS NOT NULL)",
// BIOS序列号
"SELECT * FROM Win32_BIOS WHERE (SerialNumber IS NOT NULL)",
// 主板型号
"SELECT * FROM Win32_BaseBoard WHERE (Product IS NOT NULL)",
//当前机器的型号和厂商
"SELECT * FROM Win32_computersystem",
Mac地址 #
type Win32_NetworkAdapter struct {
Name string
MACAddress string
PNPDeviceID string
}
func main() {
var dst []Win32_NetworkAdapter
str := `SELECT * FROM Win32_NetworkAdapter WHERE (MACAddress IS NOT NULL) AND (NOT (PNPDeviceID LIKE 'ROOT%'))`
err := wmi.Query(str, &dst)
if err != nil {
log.Fatal(err)
return
}
for _, v := range dst {
fmt.Println(v)
}
}