query_wmi

A crate to query WMI classes in windows

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page

Windows Management Instrumentation (WMI) is the infrastructure for management data and operations on Windows-based operating systems. You can write WMI scripts or applications to automate administrative tasks on remote computers, but WMI also supplies management data to other parts of the operating system and products—for example, System Center Operations Manager (formerly Microsoft Operations Manager (MOM)), or Windows Remote Management (WinRM). Usage:

use query_wmi::{COMLibrary, Variant, WMIConnection};
use query_wmi::computer_hardware::{
    get_Win32_CDROMDrive, get_Win32_ComputerSystem,
    get_Win32_PCMCIAController, get_Win32_PnPEntity, get_Win32_Processor,
    get_Win32_SystemEnclosure, get_Win32_TapeDrive, get_Win32_USBHub,
};
use query_wmi::operating_systems::get_Win32_OperatingSystem;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let com_con = COMLibrary::new()?;
    dbg!(get_Win32_OperatingSystem(com_con)?);
    dbg!(get_Win32_CDROMDrive(com_con)?);
    dbg!(get_Win32_ComputerSystem(com_con)?);
    dbg!(get_Win32_PCMCIAController(com_con)?);
    dbg!(get_Win32_PnPEntity(com_con)?);
    dbg!(get_Win32_Processor(com_con)?);
    dbg!(get_Win32_SystemEnclosure(com_con)?);
    dbg!(get_Win32_USBHub(com_con)?);
    dbg!(get_Win32_TapeDrive(com_con)?);
    Ok(())
}

Return type

type Query = Vec<HashMap<String, Variant>>.

String is the name of the returned struct field with Variant being an enum type.

Currently included queries:

The subsections were defined according to WMI Tasks for Scripts and Applications, you can find more classes here.

Accounts and Domains

• Win32_ComputerSystem
• Win32_Group

Computer Hardware

• Win32_CDROMDrive
• Win32_ComputerSystem
• Win32_PCMCIAController
• Win32_PnPEntity
• Win32_PointingDevice
• Win32_Processor
• Win32_SystemEnclosure
• Win32_USBHub
• Win32_TapeDrive

Computer Software

• Win32_Product

Dates and Times

• Win32_LocalTime
• Win32_TimeZone

Desktop Management

• Win32_Desktop
• Win32_DesktopMonitor
• Win32_StartupCommand

Disks and File Systems

• Win32_DiskQuota
• Win32_VolumeChangeEvent
• Win32_LogicalDisk
• Win32_MappedLogicalDisk
• Win32_Volume
• Win32_DiskDrive
• Win32_DiskPartition

Event Logs

• Win32_NTLogEvent
• Win32_NTEventlogFile

Files and Folders

• CIM_DataFile
• Win32_Share
• Win32_Directory

Networking

• Win32_NetworkAdapterConfiguration
• Win32_NetworkAdapter

Operating Systems

• Win32_OperatingSystem
• Win32_QuickFixEngineering
• Win32_WindowsProductActivation

Performance Monitoring

• Win32_Perf
• Win32_PerfFormattedData
• Win32_PerfRawData

Processes

• Win32_Process
• Win32_ProcessStartup

Printers and Printing

• Win32_Printer

Registry

• Win32_Registry

Scheduled Tasks

• Win32_ScheduledJob

Services

• Win32_Service
• Win32_DependentService

Building your own class queries

You can use the provided wmi macro to make your own queries:

#![allow(non_snake_case)]

use query_wmi::wmi;
use query_wmi::Query;
use paste::paste;
use std::collections::HashMap;
use query_wmi::COMLibrary;
use query_wmi::{Variant, WMIConnection};

// this creates the function `get_CLASS_NAME()`
wmi! {
    /// Documentation
    CLASS_NAME, r"path_to_namespace"
}

// calling it
let com_con = COMLibrary::new() ?;
dbg!(get_CLASS_NAME(com_con)?);

Building your own queries

You can also replace CLASS_NAME with a query like CLASS_NAME where SOME_CONDITION=VALUE

See WQL Operators