WMIEvent类的列表

本文介绍了WMIEvent类的列表的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

最近，我一直在学习有关WMI和WQL。我发现的Win32类（从MSDN），我可以查询的名单，但我不能找出事件类的列表（应该是Win32的类列表的子集，是不是？）没有任何一个有一个列表或某种备忘单为这个？我仅仅指刚问这个是出于好奇。

Recently I have been learning about WMI and WQL. I found out the list of Win32 classes (from MSDN) that I can query for but I am not able to find out the list of event classes (should be the subset of the list of Win32 classes isn't it ?) Does any one have a list or some kind of cheat sheet for this? I am jsut asking this out of curiosity.

示例事件类 - Win32_ProcessStartTrace

推荐答案

下面是如何列出在root\cimv2命名空间WMI事件类与C＃和System.Management：

Here's how to list WMI event classes in the root\cimv2 namespace with C# and System.Management:

using System;
using System.Management;

class Program
{
    static void Main()
    {
        string query =
            @"Select * From Meta_Class Where __This Isa '__Event'";

        ManagementObjectSearcher searcher =
            new ManagementObjectSearcher(query);

        foreach (ManagementBaseObject cimv2Class in searcher.Get())
        {
            Console.WriteLine(cimv2Class.ClassPath.ClassName);
        }
    }
}

root\cimv2是默认WMI命名空间，所以你不必使用管理范围的实例。传递给ManagementObjectSearcher WQL查询是一个WMI元数据查询。它采用Meta_Class指定查询作为架构查询，而__This属性递归列出__event子类（见的和的）。
WMI类是如果它的提供者实现作为一个事件WMI提供程序，并且必须是__event的子类，事件类。这并不意味着你不能在WQL事件查询使用普通WMI类一样的Win32_Process和win32_service时。你只需要使用__InstanceOperationEvent派生辅助类像__InstanceCreationEvent或__InstanceDeletionEvent之一，WMI将使用自己的事件子系统提供的事件。下面是赞同的Win32_Process创建事件的样本WQL查询：

root\cimv2 is the default WMI namespace so you don't have to use a ManagementScope instance. The WQL query passed to ManagementObjectSearcher is a WMI metadata query. It uses "Meta_Class" to designate the query as a schema query, and "__This" property to recursively list __Event subclasses (see here and here).WMI class is an event class if its provider implemented as an event WMI provider and must be a subclass of __Event. This doesn't mean that you can't use 'ordinary' WMI classes like Win32_Process and Win32_Service in WQL event queries. You just have to use one of the __InstanceOperationEvent derived helper classes like __InstanceCreationEvent or __InstanceDeletionEvent, and WMI will use its own event subsystem to deliver events. Here is a sample WQL query that subscribes to Win32_Process creation events:

SELECT * FROM __InstanceCreationEvent在5哪里TargetInstance伊萨Win32_Process的'。

"Select * From __InstanceCreationEvent Within 5 Where TargetInstance Isa 'Win32_Process'"

在这种情况下，你必须使用的条款

In this case you have to use the Within clause

这篇关于WMIEvent类的列表的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！