wmi包学习

介绍 #

Windows Management Instrumentation

WMI是Windows的一组扩展,可提供有关计算机系统的信息和通知。

MI允许脚本语言在本地和远程管理Microsoft Windows计算机。

WMI允许您执行各种操作,包括但不限于:

  • 获取正在运行的进程的列表
  • 获取已安装程序的列表
  • 缺少启动程序
  • 获取磁盘使用率
  • 获取计算机的品牌,型号和序列号
  • 获取当前的内存和CPU使用率
  • 创建新流程时获取通知
  • 在计算机进入或退出睡眠模式时获取通知
  • 创建并终止进程
  • 关闭电脑

https://docs.microsoft.com/zh-cn/windows/win32/cimwin32prov/cimwin32-wmi-providers

microsoft官网地址

Go语言操作 #

go get github.com/StackExchange/wmi

获取正在运行的进程的列表 #

https://docs.microsoft.com/zh-cn/windows/win32/cimwin32prov/win32-process

字段对应,特殊字段(datetime -> time.time)

type Win32_Process struct {
	CSName string
	Description string
	ExecutablePath string
	ExecutionState uint16
	Handle string
	Name string
	OSName string
	ProcessId uint32


func GetProcess() {
	var dst []Win32_Process
	errQuery := wmi.Query("Select * from Win32_Process", &dst)
	if errQuery != nil {
		fmt.Println("err", errQuery)
	}
	for _, p := range dst {
		fmt.Printf("名称:%s\t进程:%d\t句柄:%s\n",p.Name,p.ProcessId,p.Handle)
	}
}

输出结果:

名称:System Idle Process	进程:0	句柄:0
名称:System	进程:4	句柄:4
名称:smss.exe	进程:420	句柄:420
名称:csrss.exe	进程:564	句柄:564
名称:wininit.exe	进程:668	句柄:668
名称:services.exe	进程:824	句柄:824
名称:lsass.exe	进程:832	句柄:832
名称:svchost.exe	进程:928	句柄:928
名称:svchost.exe	进程:992	句柄:992
名称:svchost.exe	进程:532	句柄:532
...

处理器Cpu信息 #

https://docs.microsoft.com/zh-cn/windows/win32/cimwin32prov/win32-processor

type Win32_Processer struct {
	Caption string
	Name string
	SystemName string
	ProcessorId string
	ProcessorType uint16
}

func GetProcesser()  {
	var dst []Win32_Processer
	errQuery := wmi.Query("select * from Win32_Processor", &dst)
	if errQuery != nil {
		fmt.Println("err", errQuery)
	}
	for _, p := range dst {
		fmt.Printf("%+v\n",p)
	}
}

#输出
{Caption:Intel64 Family 6 Model 61 Stepping 4 Name:Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz SystemName:VKRN8DIPVKH9S80 ProcessorId:BFEBFBFF000306D4 ProcessorType:3}

获取磁盘信息 #

https://docs.microsoft.com/zh-cn/windows/win32/cimwin32prov/win32-logicaldisk

type Win32_LogicalDisk struct {
	Access                       uint16
	Availability                 uint16
	BlockSize                    uint64
	Caption                      string
	Compressed                   bool
	ConfigManagerErrorCode       uint32
	ConfigManagerUserConfig      bool
	CreationClassName            string
	Description                  string
	DeviceID                     string
	DriveType                    uint32
	ErrorCleared                 bool
	ErrorDescription             string
	ErrorMethodology             string
	FileSystem                   string
	FreeSpace                    uint64
	InstallDate                  string
	LastErrorCode                uint32
	MaximumComponentLength       uint32
	MediaType                    uint32
	Name                         string
	NumberOfBlocks               uint64
	PNPDeviceID                  string
	PowerManagementCapabilities  []uint16
	PowerManagementSupported     bool
	ProviderName                 string
	Purpose                      string
	QuotasDisabled               bool
	QuotasIncomplete             bool
	QuotasRebuilding             bool
	Size                         string
	Status                       string
	StatusInfo                   uint16
	SupportsDiskQuotas           bool
	SupportsFileBasedCompression bool
	SystemCreationClassName      string
	SystemName                   string
	VolumeDirty                  bool
	VolumeName                   string
	VolumeSerialNumber           string
}

// t 2、移动磁盘 3、本地磁盘 4、网络驱动器 5、光盘 6、RAM 磁盘
func GetDiskInfo(t uint32) {
	// 创建wmi客户端
	s, err := wmi.InitializeSWbemServices(wmi.DefaultClient)
	defer s.Close()
	if err != nil {
		log.Fatalf("InitializeSWbemServices: %s", err)
	}
	//// 查询的数据类型
	var dst []Win32_LogicalDisk
	// 查询的条件
	//q := wmi.CreateQuery(&dst, "WHERE DriveType=2")
	// 查询信息
	errQuery := wmi.Query(fmt.Sprintf("select * from Win32_LogicalDisk where DriveType=%d",t), &dst)
	if errQuery != nil {
		fmt.Println("err", errQuery)
	}
	for _, value := range dst {
		fmt.Printf("%+v\n", value)
	}
}

即插即用设备 #

https://docs.microsoft.com/zh-cn/windows/win32/cimwin32prov/win32-pnpentity

// 即插即用设备
type PnPEntity struct {
	Availability                uint16
	Caption                     string
	ClassGuid                   string
	CompatibleID                []string
	ConfigManagerErrorCode      uint32
	ConfigManagerUserConfig     bool
	CreationClassName           string
	Description                 string
	DeviceID                    string
	ErrorCleared                bool
	ErrorDescription            string
	HardwareID                  []string
	InstallDate                 time.Time
	LastErrorCode               uint32
	Manufacturer                string
	Name                        string
	PNPClass                    string
	PNPDeviceID                 string
	PowerManagementCapabilities []uint16
	PowerManagementSupported    bool
	Present                     bool
	Service                     string
	Status                      string
	StatusInfo                  uint16
	SystemCreationClassName     string
	SystemName                  string
}

func GetPnPEntity() {
	var dst []PnPEntity
	str := "SELECT * FROM Win32_PnPEntity"
	err := wmi.Query(str, &dst)
	if err != nil {
		log.Fatal(err)
		return
	}
	for _, v := range dst {
			fmt.Println(v)
	}
}

查询有效IP地址 #

https://docs.microsoft.com/zh-cn/windows/win32/cimwin32prov/win32-networkadapterconfiguration

type Win32_NetworkAdapterConfiguration struct {
	IPAddress []string
	DefaultIPGateway []string
	InterfaceIndex uint32
	IPEnabled bool
	IPFilterSecurityEnabled bool
	IPPortSecurityEnabled bool
	MACAddress string
}


func main() {
	var dst []Win32_NetworkAdapterConfiguration
	str :=  "select * from Win32_NetworkAdapterConfiguration WHERE (IPEnabled = 'true')"
	err := wmi.Query(str, &dst)
	if err != nil {
		log.Fatal(err)
		return
	}
	for _, v := range dst {
		if v.DefaultIPGateway != nil {
			fmt.Println(v)
		}
	}
}


// 硬盘序列号 
 "SELECT * FROM Win32_DiskDrive WHERE (SerialNumber IS NOT NULL) AND (MediaType LIKE 'Fixed hard disk%')"

// 主板序列号 
"SELECT * FROM Win32_BaseBoard WHERE (SerialNumber IS NOT NULL)",

// BIOS序列号 
"SELECT * FROM Win32_BIOS WHERE (SerialNumber IS NOT NULL)",

// 主板型号 
"SELECT * FROM Win32_BaseBoard WHERE (Product IS NOT NULL)",
 
//当前机器的型号和厂商

"SELECT * FROM Win32_computersystem",

Mac地址 #

type Win32_NetworkAdapter struct {
	Name string
	MACAddress string
	PNPDeviceID string
}


func main() {
	var dst []Win32_NetworkAdapter
	str := `SELECT * FROM Win32_NetworkAdapter WHERE (MACAddress IS NOT NULL) AND (NOT (PNPDeviceID LIKE 'ROOT%'))`
	err := wmi.Query(str, &dst)
	if err != nil {
		log.Fatal(err)
		return
	}
	for _, v := range dst {
			fmt.Println(v)
	}
}