关于使用WMI获取杀毒软件信息
来源:互联网 发布:跨域上传图片 java 编辑:程序博客网 时间:2024/05/15 04:27
使用WMI获取杀毒软件信息时需要区分不同的操作系统,不然 会获取不到杀毒软件的信息。以下范例是针对Vista之后版本的:
//利用WMI获取杀毒软件信息
#include "stdafx.h"#include "Antivirus.h"
#include "comutil.h"
#include "atlbase.h"
#pragma comment(lib, "wbemuuid.lib")//wmi
#pragma comment(lib, "comsuppw.lib ")
#define _WIN32_DCOM
int GetWMIAVInfo()
{
printf("GetWMIAVInfo\r\n");
HRESULT hres;
// Step 1: --------------------------------------------------
// Initialize COM. ------------------------------------------
hres = CoInitializeEx(0, COINIT_MULTITHREADED);
if (FAILED(hres))
{
char failmsg[MAX_PATH] = {0};
sprintf_s(failmsg,MAX_PATH,"Failed to initialize COM library. Error code = %0Xd",hres);
printf(failmsg);
return 1; // Program has failed.
}
// Step 2: --------------------------------------------------
// Set general COM security levels --------------------------
// Note: If you are using Windows 2000, you need to specify -
// the default authentication credentials for a user by using
// a SOLE_AUTHENTICATION_LIST structure in the pAuthList ----
// parameter of CoInitializeSecurity ------------------------
hres = CoInitializeSecurity(
NULL,
-1, // COM authentication
NULL, // Authentication services
NULL, // Reserved
RPC_C_AUTHN_LEVEL_DEFAULT, // Default authentication
RPC_C_IMP_LEVEL_IMPERSONATE, // Default Impersonation
NULL, // Authentication info
EOAC_NONE, // Additional capabilities
NULL // Reserved
);
if (FAILED(hres))
{
char failmsg[MAX_PATH] = {0};
sprintf_s(failmsg,MAX_PATH,"Failed to initialize security. Error code = 0Xd",hres);
printf(failmsg);
CoUninitialize();
return 1; // Program has failed.
}
// Step 3: ---------------------------------------------------
// Obtain the initial locator to WMI -------------------------
IWbemLocator *pLoc = NULL;
hres = CoCreateInstance(
CLSID_WbemLocator,
0,
CLSCTX_INPROC_SERVER,
IID_IWbemLocator, (LPVOID *) &pLoc);
if (FAILED(hres))
{
char failmsg[MAX_PATH] = {0};
sprintf_s(failmsg,MAX_PATH, "Failed to create IWbemLocator object.Err code = 0xd",hres);
printf(failmsg);
CoUninitialize();
return 1; // Program has failed.
}
// Step 4: -----------------------------------------------------
// Connect to WMI through the IWbemLocator::ConnectServer method
IWbemServices *pSvc = NULL;
// Connect to the root/SecurityCenter namespace with
// the current user and obtain pointer pSvc
// to make IWbemServices calls.
hres = pLoc->ConnectServer(
_bstr_t(L"ROOT\\SecurityCenter2"), // Object path of WMI namespace
NULL, // User name. NULL = current user
NULL, // User password. NULL = current
0, // Locale. NULL indicates current
NULL, // Security flags.
0, // Authority (e.g. Kerberos)
0, // Context object
&pSvc // pointer to IWbemServices proxy
);
if (FAILED(hres))
{
char failmsg[MAX_PATH] = {0};
sprintf_s(failmsg,MAX_PATH,"Could not connect. Error code = 0Xd ",hres);
printf(failmsg);
if ( hres == WBEM_E_ACCESS_DENIED )
{
printf("The current or specified user name and password were not valid or authorized to make the connection\r\n");
}
if ( hres == WBEM_E_FAILED )
{
printf("This indicates other unspecified errors\r\n");
}
if ( hres == WBEM_E_INVALID_NAMESPACE )
{
printf("The specified namespace did not exist on the server\r\n");
}
if ( hres == WBEM_E_INVALID_PARAMETER )
{
printf("An invalid parameter was specified\r\n");
}
if ( hres == WBEM_E_OUT_OF_MEMORY )
{
printf("There was not enough memory to complete the operation\r\n");
}
if (hres == WBEM_E_TRANSPORT_FAILURE)
{
printf("This indicates the failure of the remote procedure call (RPC) link "
"between the current process and WMI\r\n");
}
if (hres == WBEM_E_LOCAL_CREDENTIALS)
{
printf("WMI is passing the user credential on local connection\r\n");
}
if ( hres == WBEM_S_NO_ERROR)
{
printf("The call succeeded\r\n");
}
pLoc->Release();
CoUninitialize();
return 1; // Program has failed.
}
char msginfo[MAX_PATH] = {0};
memcpy_s(msginfo,MAX_PATH,"Connected to ROOT//SecurityCenter WMI namespace",strlen("Connected to ROOT//SecurityCenter WMI namespace"));
printf(msginfo);
// Step 5: --------------------------------------------------
// Set security levels on the proxy -------------------------
hres = CoSetProxyBlanket(
pSvc, // Indicates the proxy to set
RPC_C_AUTHN_WINNT, // RPC_C_AUTHN_xxx
RPC_C_AUTHZ_NONE, // RPC_C_AUTHZ_xxx
NULL, // Server principal name
RPC_C_AUTHN_LEVEL_CALL, // RPC_C_AUTHN_LEVEL_xxx
RPC_C_IMP_LEVEL_IMPERSONATE, // RPC_C_IMP_LEVEL_xxx
NULL, // client identity
EOAC_NONE // proxy capabilities
);
if (FAILED(hres))
{
char errmsg[MAX_PATH] = {0};
sprintf_s(errmsg,MAX_PATH,"Could not set proxy blanket. Error code = 0xd",hres);
printf(errmsg);
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 1; // Program has failed.
}
// Step 6: --------------------------------------------------
// Use the IWbemServices pointer to make requests of WMI ----
IEnumWbemClassObject* pEnumerator = NULL;
hres = pSvc->ExecQuery(
bstr_t("WQL"),
bstr_t("SELECT * FROM AntiVirusProduct"),
WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
NULL,
&pEnumerator);
if (FAILED(hres))
{
char failmsg[MAX_PATH] = {0};
sprintf_s(failmsg,MAX_PATH,"Query for operating system name failed.Error code = 0xd",hres);
printf(failmsg);
pSvc->Release();
pLoc->Release();
CoUninitialize();
return 1; // Program has failed.
}
// Step 7: -------------------------------------------------
// Get the data from the query in step 6 -------------------
IWbemClassObject *pclsObj=NULL;
ULONG uReturn = 0;
while (pEnumerator)
{
HRESULT hr = pEnumerator->Next(WBEM_INFINITE, 1,
&pclsObj, &uReturn);
if(0 == uReturn)
{
break;
}
CComBSTR bstrText;
hr = pclsObj->GetObjectText(0, &bstrText);
USES_CONVERSION;
MessageBox(NULL,bstrText,L"杀毒软件",0);
char msginfo[MAX_PATH*4] = {"0"};
sprintf_s(msginfo,MAX_PATH*4,"杀毒软件为%s",W2A(bstrText));
printf(msginfo);
}
// Cleanup
// ========
if (pSvc != NULL )
{
pSvc->Release();
pSvc = NULL;
}
if (pLoc != NULL )
{
pLoc->Release();
pLoc = NULL;
}
if (pEnumerator != NULL)
{
pEnumerator->Release();
pEnumerator = NULL;
}
if ( pclsObj != NULL )
{
pclsObj->Release();
pclsObj = NULL;
}
CoUninitialize();
return 0;
}
vista之前版本的杀毒软件的获取修改wmi的命名空间为root/SecurityCenter就可以了。
参考网址:http://neophob.com/2010/03/wmi-query-windows-securitycenter2/
0 0
- 关于使用WMI获取杀毒软件信息
- 关于使用WMI获取杀毒软件信息
- MASM32编程通过WMI获取杀毒软件信息
- 使用WMI获取系统信息
- 使用WMI获取系统信息
- 使用WMI获取硬盘信息
- 【WMI-2】使用WMI获取系统信息过程
- 如何使用WMI获取进程信息
- 【PERL】使用wmi获取windows硬件信息
- 使用WIN系统自带wmi测试工具查询杀毒软件信息
- 使用WIN系统自带wmi测试工具查询杀毒软件信息
- WMI获取磁盘信息
- WMI获取硬件信息
- WMI获取系统信息
- WMI获取硬件信息
- WMI获取硬件信息
- 关于C#中用WMI获取系统信息问题
- 【WMI】WMI For C#/dotNet 用WMI获取系统信息
- IEC61850 总结
- Docker源码分析(一):Docker架构
- 解决maven执行命令时提示:cached in the local repository
- ecshop一步购物的实现
- Codeforces Round #292 (Div. 2)C,D拓扑排序
- 关于使用WMI获取杀毒软件信息
- IE6 PNG透明终极解决方案
- C调用简单函数的反汇编分析记录
- 自学宝典:10个学习Android开发的网站推荐
- 设计模式——命令模式
- Ubuntu-14.04 安装 R 语言开发环境
- ArcGIS教程:网络分析图层的类型(三)
- 虚拟机下Ubuntu共享主机文件(Ubuntu、VMware、共享)
- 自定义视图
