I am new to WMI.I tried to implement a java application that get the WQL query from the user and executes the query using a c++ native program which i call from the java application using JNI.I managed to make the WMI calls and retrieve the data. My problem is that i am not able to read all the contents for the retrieved object.I read a log file whose header along with a single entry is a follows. Header:
"Message","Id","Version","Qualifiers","Level","Task","Opcode","Keywords","RecordId","ProviderName","ProviderId","LogName","ProcessId","ThreadId","MachineName","UserId","TimeCreated","ActivityId","RelatedActivityId","ContainerLog","MatchedQueryIds","Bookmark","LevelDisplayName","OpcodeDisplayName","TaskDisplayName","KeywordsDisplayNames","Properties"
Single Entry :(I converted the log file to csv file just to view the contents)
"Windows service started.","2",,"4","5","0",,"36028357018723968","98","DigitalDelivery",,"Dell",,,"vignesh",,"14-01-2018 11:06:35",,,"c:\windows.old\windows\system32\winevt\logs\dell.evtx","System.UInt32[]","System.Diagnostics.Eventing.Reader.EventBookmark","Information","Info",,"System.Collection.ObjectModel.ReadOnlyCollection`1[System.String]","SystemCollections.Generic.List`[System.Diagnostics.EventingReader.EventProperty]"
c++ prgram to connect to WMI
#define _WIN32_DCOM
#include <iostream>
using namespace std ;
#include <wbemidl.h>
#pragma comment(lib, "wbemuuid.lib")
#include <windows.h>
#include <jni.h>
#include "WmiClientClassTwo.h"
#include <comdef.h>
JNIEXPORT void JNICALL Java_WmiClientClassTwo_createConnection(JNIEnv *env, jobject obj,jstring jquery)
{
const char *Cquery = env->GetStringUTFChars(jquery,NULL);
cout << "query string is :::" << Cquery << endl ;
// Initializing the COM
HRESULT hr ;
hr = CoInitializeEx( 0 , COINIT_MULTITHREADED );
if(FAILED(hr))
{
cout << "failed to initialize COM Library " << hex << hr << endl ;
return;
}
//Initialize COM security
hr = CoInitializeSecurity (
NULL,
-1,
NULL,
NULL,
RPC_C_AUTHN_LEVEL_DEFAULT,
RPC_C_IMP_LEVEL_IMPERSONATE,
NULL,
EOAC_NONE,
NULL
);
if(FAILED(hr))
{
cout << "failed to initilize security."<< hex << hr << endl ;
CoUninitialize();
return ;
}
cout << "Initilized the COM"<< endl ;
//Initializing the IWbemLocator throught a call to CoCreateInstance.
IWbemLocator *pLoc = 0 ;
hr = CoCreateInstance(CLSID_WbemLocator,0,CLSCTX_INPROC_SERVER,IID_IWbemLocator,(LPVOID*) & pLoc);
if(FAILED(hr))
{
cout << "failed to create IWbemLocator object"<< hex << hr << endl ;
CoUninitialize();
return ;
}
//Connect to WMI through a call to ConnectServer method of IWbemLocator
IWbemServices *pSvc = 0 ;
hr = pLoc->ConnectServer(
_bstr_t(L"ROOT\\CIMV2"),
NULL,
NULL,
0,
NULL,
0,
0,
&pSvc);
if(FAILED(hr))
{
cout << "could not connect to WMI from ConnectServer method"<<hex<<hr<<endl;
pLoc->Release();
CoUninitialize();
return ;
}
cout << "Connected to WMI" << endl ;
//Setting security level on a Wmi connection
hr = CoSetProxyBlanket(pSvc,
RPC_C_AUTHN_WINNT,
RPC_C_AUTHZ_NONE,
NULL,
RPC_C_AUTHN_LEVEL_CALL,
RPC_C_IMP_LEVEL_IMPERSONATE,
NULL,
EOAC_NONE
);
if(FAILED(hr))
{
cout << "could not set security level on wmi connection" << hex << hr << endl;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return ;
}
cout << "Security level set on wmi connection" << endl;
// Querying for data using executeQuery Method of IWbemServies pointer
IEnumWbemClassObject* pEnumerator = NULL ;
hr = pSvc->ExecQuery (
bstr_t("WQL"),
// bstr_t("SELECT * FROM Win32_NTLogEvent Where (Logfile = 'Dell')"),
bstr_t(Cquery),
WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
NULL,
&pEnumerator);
if(FAILED(hr))
{
cout << "Query for operating system failed" << hex << endl ;
pSvc->Release();
pLoc->Release();
CoUninitialize();
return ;
}
cout << "data is obtained from the operating system" << endl ;
//Getting the data from the query
IWbemClassObject *pclsobj = NULL ;
ULONG uReturn = 0 ;
while (pEnumerator)
{
HRESULT hr = pEnumerator->Next(WBEM_INFINITE,1,&pclsobj,&uReturn);
if( 0 == uReturn )
{
cout << "loop broke" << endl ;
break;
}
VARIANT vtProp;
hr = pclsobj->Get(L"Message",0,&vtProp,0,0);
wcout << "Message : " << vtProp.bstrVal << endl ;
VariantClear(&vtProp);
hr = pclsobj->Get(L"ComputerName",0,&vtProp,0,0);
wcout << "ComputerName : " << vtProp.bstrVal << endl;
VariantClear(&vtProp);
hr = pclsobj->Get(L"Id",0,&vtProp,0,0);
wcout << "Id : " << vtProp.plVal << endl ;
VariantClear(&vtProp);
hr = pclsobj->Get(L"ProviderName",0,&vtProp,0,0);
wcout << "ProviderName : " << vtProp.bstrVal << endl ;
VariantClear(&vtProp);
hr = pclsobj->Get(L"Level",0,&vtProp,0,0);
wcout << "Level : " << vtProp.plVal << endl ;
VariantClear(&vtProp);
pclsobj->Release();
}
pSvc->Release();
pLoc->Release();
pEnumerator->Release();
CoUninitialize();
return ;
}
when i execute the program only the Message and Computername properties are returning the correct value and all other fields are returning wrong values. Can any one tell me how can i read all the fields in the retrieved log file. the sample output of a single entry that i obtained is Output:
SELECT * FROM Win32_NTLogEvent Where (Logfile = 'Dell')
query string is :::SELECT * FROM Win32_NTLogEvent Where (Logfile = 'Dell')
Initilized the COM
Connected to WMI
Security level set on wmi connection
data is obtained from the operating system
Message : Windows service started.
ComputerName : vignesh
Id : 0000000000E93A88
ProviderName : vignesh
0
Level : 0000000000000000
TimeCreated : 0000000000EA1798
