0

I need to find the list of all the installed Antivirus in Windows 7 machine. I am using WMI. I am not able to get the list of all the AV. Its showing only 1 AV. I am not able to know how to loop in to get all the AV. Below is my sample code. 

 #define _WIN32_DCOM
 #include <iostream>
 using namespace std;
 #include <comdef.h>
 #include <Wbemidl.h>

 # pragma comment(lib, "wbemuuid.lib")

 int main(int argc, char **argv)
{
HRESULT hres = S_FALSE;

// Step 1: --------------------------------------------------
// Initialize COM. ------------------------------------------

hres =  CoInitializeEx(0, COINIT_MULTITHREADED); 
if (FAILED(hres))
{
    cout << "Failed to initialize COM library. Error code = 0x" 
        << hex << hres << endl;
    return 1;                  // Program has failed.
}

// Step 2: --------------------------------------------------
// Set general COM security levels --------------------------

hres =  CoInitializeSecurity(
    NULL, 
    -1,                          // COM authentication
    NULL,                        // Authentication services
    NULL,                        // Reserved
    RPC_C_AUTHN_LEVEL_DEFAULT,   // Default authentication 
    RPC_C_IMP_LEVEL_IMPERSONATE, // Default Impersonation  
    NULL,                        // Authentication info
    EOAC_NONE,                   // Additional capabilities 
    NULL                         // Reserved
    );


if (FAILED(hres))
{
    cout << "Failed to initialize security. Error code = 0x" 
        << hex << hres << endl;
    CoUninitialize();
    return 1;                    // Program has failed.
}

// Step 3: ---------------------------------------------------
// Obtain the initial locator to WMI -------------------------

IWbemLocator *pLoc = NULL;

hres = CoCreateInstance(
    CLSID_WbemLocator,             
    0, 
    CLSCTX_INPROC_SERVER, 
    IID_IWbemLocator, (LPVOID *) &pLoc);

if (FAILED(hres))
{
    cout << "Failed to create IWbemLocator object."
        << " Err code = 0x"
        << hex << hres << endl;
    CoUninitialize();
    return 1;                 // Program has failed.
}

// Step 4: -----------------------------------------------------
// Connect to WMI through the IWbemLocator::ConnectServer method

IWbemServices *pSvc = NULL;

// Connect to the root\cimv2 namespace with
// the current user and obtain pointer pSvc
// to make IWbemServices calls.
hres = pLoc->ConnectServer(
     _bstr_t(L"root\\SecurityCenter2"), // Object path of WMI namespace
     NULL,                    // User name. NULL = current user
     NULL,                    // User password. NULL = current
     0,                       // Locale. NULL indicates current
     NULL,                    // Security flags.
     0,                       // Authority (for example, Kerberos)
     0,                       // Context object 
     &pSvc                    // pointer to IWbemServices proxy
     );

if (FAILED(hres))
{
    cout << "Could not connect. Error code = 0x" 
         << hex << hres << endl;
    pLoc->Release();     
    CoUninitialize();
    return 1;                // Program has failed.
}
hres = S_FALSE;

cout << "Connected to root\\SecurityCenter2 WMI namespace" << endl;


// Step 5: --------------------------------------------------
// Set security levels on the proxy -------------------------

hres = CoSetProxyBlanket(
   pSvc,                        // Indicates the proxy to set
   RPC_C_AUTHN_WINNT,           // RPC_C_AUTHN_xxx
   RPC_C_AUTHZ_NONE,            // RPC_C_AUTHZ_xxx
   NULL,                        // Server principal name 
   RPC_C_AUTHN_LEVEL_CALL,      // RPC_C_AUTHN_LEVEL_xxx 
   RPC_C_IMP_LEVEL_IMPERSONATE, // RPC_C_IMP_LEVEL_xxx
   NULL,                        // client identity
   EOAC_NONE                    // proxy capabilities 
);

if (FAILED(hres))
{
    cout << "Could not set proxy blanket. Error code = 0x" 
        << hex << hres << endl;
    pSvc->Release();
    pLoc->Release();     
    CoUninitialize();
    return 1;               // Program has failed.
}
hres = S_FALSE;

// Step 6: --------------------------------------------------
// Use the IWbemServices pointer to make requests of WMI ----

// For example, get the name of the operating system
IEnumWbemClassObject* pEnumerator = NULL;
hres = pSvc->ExecQuery(
    bstr_t("WQL"), 
    bstr_t("SELECT * FROM AntiVirusProduct"),
    WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY, 
    NULL,
    &pEnumerator);

if (FAILED(hres))
{
    cout << "Query for AV  name failed."
        << " Error code = 0x" 
        << hex << hres << endl;
    pSvc->Release();
    pLoc->Release();
    CoUninitialize();
    return 1;               // Program has failed.
}

// Step 7: -------------------------------------------------
// Get the data from the query in step 6 -------------------

IWbemClassObject *pclsObj;
ULONG uReturn = 0;

while (pEnumerator)
{
    HRESULT hr = pEnumerator->Next(WBEM_INFINITE, 10, 
        &pclsObj, &uReturn);

   if(0 == uReturn)
    {
        break;
    }

    VARIANT vtProdName;
    VARIANT vtGuid;
    VARIANT vtPathSignedPrd;
    VARIANT vtPathSignedRpt;
    VARIANT vtProductState;

    // Get the value of the Name property
    hr = pclsObj->Get(L"displayName", 0, &vtProdName, 0, 0);
    hr = pclsObj->Get(L"instanceGuid", 0, &vtGuid, 0, 0);
    hr = pclsObj->Get(L"pathToSignedProductExe", 0, &vtPathSignedPrd, 0, 0);
    hr = pclsObj->Get(L"pathToSignedReportingExe", 0, &vtPathSignedRpt, 0, 0);
    hr = pclsObj->Get(L"productState", 0, &vtProductState, 0, 0);

    wcout << " AS Name : " << vtProdName.bstrVal << endl;
    wcout << " AS GUID : " << vtGuid.bstrVal << endl;
    wcout << " AS pathToSignedProductExe : " << vtPathSignedPrd.bstrVal << endl;
    wcout << " AS pathToSignedReportingExe : " << vtPathSignedRpt.bstrVal << endl;
    wcout << " AS productState : " << vtProductState.lVal << endl;



    VariantClear(&vtProdName);
    VariantClear(&vtGuid);
    VariantClear(&vtPathSignedPrd);
    VariantClear(&vtPathSignedPrd);
    VariantClear(&vtProductState);

    pclsObj->Release();
}

// Cleanup
// ========
if(!pclsObj)
pclsObj->Release();
pSvc->Release();
pLoc->Release();
pEnumerator->Release();
CoUninitialize();

return 0;   // Program successfully completed.

Can any one let me know what changes I need to make in the above code to get the list of all the AV installed on the machine. Thanks in advance for helping.

iggy
  • 31
  • 1
  • 8
  • Why are you using `10` as the *uCount* argument in your call to [`IEnumWbemClassObject::Next`](https://msdn.microsoft.com/en-us/library/aa390860.aspx), without passing an array for *ppObjects*? – IInspectable Apr 16 '15 at 09:46
  • @iggy: IInspectable is right. It should be 1 instead of 10. And you are ignoring the `HRESULT` that `Next()` returns. – Remy Lebeau Apr 16 '15 at 10:03
  • @IInspectable Actually i need the information of all the installed AntiVirus on the machine so I passed it as 10. In real scenario we do not know how much AV is installed on the system so in that case what should be uCount. – iggy Apr 16 '15 at 10:36
  • @IInspectable how to loop in to get all the Anti Virus details. – iggy Apr 16 '15 at 10:48
  • Had you considered reading the [answer](http://stackoverflow.com/a/29671817/1889329)? Also, if you're having difficulty enumerating items in a collection, you're not going to make it very far. – IInspectable Apr 16 '15 at 10:49
  • @IInspectable Thank you. for the answer. The code you suggested i tried. Still i am getting only 1 AV statues. is it possible to get the list of all the AV in a loop at one time. – iggy Apr 16 '15 at 11:05

1 Answers1

0

The easiest way to fix your code is by enumerating the IWbemClassObject's one at a time. To do so you need to change your enumeration code to the following:

while (pEnumerator) {
    IWbemClassObject *pclsObj = NULL;
    ULONG uReturn = 0;

    HRESULT hr = pEnumerator->Next( WBEM_INFINITE, 1,  &pclsObj, &uReturn );

    if( FAILED( hr ) || ( 0 == uReturn ) ) {
        break;
    }

    // ...

    pclsObj->Release();
}
IInspectable
  • 46,945
  • 8
  • 85
  • 181