📄 wmievent.cpp
字号:
#include "stdafx.h"
#include "Test_WMISample.h"
#include "Test_WMISampleDlg.h"
#include <wbemidl.h>
#ifdef _DEBUG
#undef THIS_FILE
static char THIS_FILE[]=__FILE__;
#define new DEBUG_NEW
#endif
extern HANDLE m_hEvent2;
extern volatile BOOL KeepRunning;
// This console application runs a simple WMI query that waits for an event.
// By moving the mouse very quickly, you can cause the MouseFilter driver
// to signal the event.
IWbemLocator *pLocator = NULL;
IWbemServices *pNamespace = 0;
void Connect_WMI()
{ //联接WMI数据库
CString msg;
HRESULT hr = CoInitializeEx(NULL, 0);
if (!SUCCEEDED(hr))
{
msg.Format("CoInitializeEx failed with error code %x\n", hr);
Print_Event::SendEvent(msg);
return;
}
hr = CoInitializeSecurity(NULL, -1, NULL, NULL,
RPC_C_AUTHN_LEVEL_NONE,
RPC_C_IMP_LEVEL_IMPERSONATE,
NULL, 0, 0
);
if (!SUCCEEDED(hr))
{
msg.Format("CoInitializeSecurity failed with error code %x\n", hr);
Print_Event::SendEvent(msg);
CoUninitialize();
return;
}
hr = CoCreateInstance(
CLSID_WbemLocator,
0,
CLSCTX_INPROC_SERVER,
IID_IWbemLocator,
(LPVOID *) &pLocator
);
if (!SUCCEEDED(hr))
{
msg.Format("CoCreateInstance failed with error code %x\n", hr);
Print_Event::SendEvent(msg);
CoUninitialize();
return;
}
BSTR path = SysAllocString(L"root\\WMI");
hr = pLocator->ConnectServer(path, NULL, NULL, NULL, 0, NULL, NULL, &pNamespace);
SysFreeString(path);
if (hr != WBEM_S_NO_ERROR)
{
msg.Format("ConnectServer failed with error code %x\n", hr);
Print_Event::SendEvent(msg);
pLocator->Release();
CoUninitialize();
return;
}
return;
}
void Disconnect_WMI()
{ //断开WMI数据库
pNamespace->Release();
pLocator->Release();
CoUninitialize();
}
///////////////////////////////////////////////////////////////////////////
// class QuerySink
//
// This object supplies a target for event notifications from the WMI driver.
//
class QuerySink : public IWbemObjectSink
{
// Declare the reference count for the object.
LONG m_lRef;
public:
QuerySink() { m_lRef = 0; }
// ~QuerySink();
// IUnknown methodsp
virtual ULONG STDMETHODCALLTYPE AddRef();
virtual ULONG STDMETHODCALLTYPE Release();
virtual HRESULT STDMETHODCALLTYPE QueryInterface
(REFIID riid, void** ppv);
// IWbemObjectSink methods
virtual HRESULT STDMETHODCALLTYPE Indicate(
/* [in] */ long lObjectCount,
/* [size_is][in] */ IWbemClassObject __RPC_FAR *__RPC_FAR
*apObjArray
);
virtual HRESULT STDMETHODCALLTYPE SetStatus(
/* [in] */ long lFlags,
/* [in] */ HRESULT hResult,
/* [in] */ BSTR strParam,
/* [in] */ IWbemClassObject __RPC_FAR *pObjParam
)
{
CString msg;
msg.Format("SetStatus: 0x%x\n", hResult);
Print_Event::SendEvent(msg);
return WBEM_S_NO_ERROR;
}
};
typedef QuerySink QUERY_SINK;
ULONG QuerySink::AddRef()
{
return InterlockedIncrement(&m_lRef);
}
ULONG QuerySink::Release()
{
long lRef = InterlockedDecrement(&m_lRef);
if(lRef == 0) delete this;
return lRef;
}
HRESULT QuerySink::QueryInterface(REFIID riid, void** ppv)
{
if (riid == IID_IUnknown || riid == IID_IWbemObjectSink)
{
*ppv = (IWbemObjectSink *) this;
AddRef();
return S_OK;
}
else return E_NOINTERFACE;
}
/////////////////////////////////////////////////////////////////////
//
// The WMI subsystem calls this function when the driver fires the
// event.
//
HRESULT QuerySink::Indicate(long lObjCount, IWbemClassObject **pArray)
{ //WMI事件处理
CString msg;
// Loop through the array, examining the objects.
BSTR xClicksPropName = SysAllocString(L"xClicks");
for (long i = 0; i < lObjCount; i++)
{
IWbemClassObject* pTemp = pArray[i];
VARIANT v;
BSTR strClassProp = SysAllocString(L"__CLASS");
pTemp->Get(strClassProp, 0, &v, 0, 0);
SysFreeString(strClassProp);
msg.Format("The class name is %ls\n", V_BSTR(&v));
Print_Event::SendEvent(msg);
VariantClear( &v );
BSTR strSupProp = SysAllocString(L"__SUPERCLASS");
pTemp->Get(strSupProp, 0, &v, 0, 0);
SysFreeString(strSupProp);
msg.Format("The superclass is %ls\n", V_BSTR(&v));
Print_Event::SendEvent(msg);
VariantClear( &v );
BSTR strDynProp = SysAllocString(L"__DYNASTY");
pTemp->Get(strDynProp, 0, &v, 0, 0);
SysFreeString(strDynProp);
msg.Format("The dynasty is %ls\n", V_BSTR(&v));
Print_Event::SendEvent(msg);
VariantClear( &v );
BSTR strInstNameProp = SysAllocString(L"InstanceName");
pTemp->Get(strInstNameProp, 0, &v, 0, 0);
SysFreeString(strInstNameProp);
msg.Format("The instance name is %ls\n", V_BSTR(&v));
Print_Event::SendEvent(msg);
VariantClear( &v );
BSTR strXProp = SysAllocString(L"ClickCount");
pTemp->Get(strXProp, 0, &v, 0, 0);
SysFreeString(strXProp);
msg.Format("xClicks is %d\n", V_I4(&v));
Print_Event::SendEvent(msg);
VariantClear( &v );
}
SysFreeString(xClicksPropName);
return WBEM_S_NO_ERROR;
}
DWORD WINAPI Event(PVOID pParam)
{ //
CString msg;
QUERY_SINK* EventHandler = new QUERY_SINK;
BSTR QueryLang = SysAllocString(L"WQL");
BSTR QueryStr = SysAllocString(L"select * from SampleEvent");
HRESULT hr = pNamespace->ExecNotificationQueryAsync(QueryLang, QueryStr, 0, NULL, EventHandler);
//允许WMI事件发生
SysFreeString(QueryStr);
SysFreeString(QueryLang);
if (hr != WBEM_S_NO_ERROR)
{
msg.Format("ExecNotificationQueryAsync failed with error code %x\n", hr);
Print_Event::SendEvent(msg);
return 1;
}
WaitForSingleObject(m_hEvent2,INFINITE);
hr=pNamespace->CancelAsyncCall(EventHandler);
//禁止WMI事件发生
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -