ansaurus

Question

Answer 1

+2 A:

Doesn't MSDN have a list of all the MSMCA classes here

UPDATE:
I don't do tons of work with WMI, but I just found this WMI tool that would have been helpful. It gives you a GUI for viewing the WMI hierarchy of objects, and even allows you to register and consume events. This should give you the information you need.

Josh 2009-06-25 10:48:01

I saw that too, but the list doesn't seem to be what he wants. It doesn't even have the example class (Win32_ProcessStartTrace), unfortunately.

Noldorin 2009-06-25 10:48:55

But (Win32_ProcessStartTrace) doesn't ultimately derive from WMIEvent. It has (__ExtrinsicEvent) as a parent class, but WMIEvent is a child of (__ExtrinsicEvent). The example he provides isn't a WMIEvent...

Josh 2009-06-25 10:52:16

Answer 2

+3 A:

WMI Code Creator is a great tool for learning WMI that, among other things, lets you explore WMI event classes on the local or remote computer and generate code for receiving event notifications.

Edit: Since you tagged your question as C#, you might be interested in the code for getting the list of event classes derived from a particular class programmatically:

using System.Management;
...

string ancestor = "WMIEvent";     // the ancestor class
string scope = "root\\wmi";       // the WMI namespace to search within

try
{
    EnumerationOptions options = new EnumerationOptions();
    options.ReturnImmediately = true;
    options.Rewindable = false;

    ManagementObjectSearcher searcher =
        new ManagementObjectSearcher(scope, "SELECT * FROM meta_class", options);

    foreach (ManagementClass cls in searcher.Get())
    {
        if (cls.Derivation.Contains(ancestor))
        {
            Console.WriteLine(cls["__CLASS"].ToString());
        }
    }
}
catch (ManagementException exception)
{
    Console.WriteLine(exception.Message);
}

Helen 2009-06-25 13:29:54

This tool is very useful for poking around the available WMI classes.

Peter J 2009-06-25 13:39:28

Answer 3

+3 A:

Here's how to list WMI event classes in the root\cimv2 namespace with C# and System.Management:

using System;
using System.Management;

class Program
{
    static void Main()
    {
        string query =
            @"Select * From Meta_Class Where __This Isa '__Event'";

        ManagementObjectSearcher searcher =
            new ManagementObjectSearcher(query);

        foreach (ManagementBaseObject cimv2Class in searcher.Get())
        {
            Console.WriteLine(cimv2Class.ClassPath.ClassName);
        }
    }
}

root\cimv2 is the default WMI namespace so you don't have to use a ManagementScope instance. The WQL query passed to ManagementObjectSearcher is a WMI metadata query. It uses "Meta_Class" to designate the query as a schema query, and "__This" property to recursively list __Event subclasses (see here and here). WMI class is an event class if its provider implemented as an event WMI provider and must be a subclass of __Event. This doesn't mean that you can't use 'ordinary' WMI classes like Win32_Process and Win32_Service in WQL event queries. You just have to use one of the __InstanceOperationEvent derived helper classes like __InstanceCreationEvent or __InstanceDeletionEvent, and WMI will use its own event subsystem to deliver events. Here is a sample WQL query that subscribes to Win32_Process creation events:

"Select * From __InstanceCreationEvent Within 5 Where TargetInstance Isa 'Win32_Process'"

In this case you have to use the Within clause

Uros Calakovic 2009-06-25 19:52:51

ansaurus

tags:

views:

answers:

List of WMIEvent classes

related questions