Crate query_wmi

query-wmi

A crate to query WMI classes in windows

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page

Windows Management Instrumentation (WMI) is the infrastructure for management data and operations on Windows-based operating systems. You can write WMI scripts or applications to automate administrative tasks on remote computers, but WMI also supplies management data to other parts of the operating system and products—for example, System Center Operations Manager (formerly Microsoft Operations Manager (MOM)), or Windows Remote Management (WinRM).

Usage:

use query_wmi::{COMLibrary, Variant, WMIConnection};
use query_wmi::computer_hardware::{
    get_Win32_CDROMDrive, get_Win32_ComputerSystem,
    get_Win32_PCMCIAController, get_Win32_PnPEntity, get_Win32_Processor,
    get_Win32_SystemEnclosure, get_Win32_TapeDrive, get_Win32_USBHub,
};
use query_wmi::operating_systems::get_Win32_OperatingSystem;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let com_con = COMLibrary::new()?;
    dbg!(get_Win32_OperatingSystem(com_con)?);
    dbg!(get_Win32_CDROMDrive(com_con)?);
    dbg!(get_Win32_ComputerSystem(com_con)?);
    dbg!(get_Win32_PCMCIAController(com_con)?);
    dbg!(get_Win32_PnPEntity(com_con)?);
    dbg!(get_Win32_Processor(com_con)?);
    dbg!(get_Win32_SystemEnclosure(com_con)?);
    dbg!(get_Win32_USBHub(com_con)?);
    dbg!(get_Win32_TapeDrive(com_con)?);
    Ok(())
}

Return type

type Query = Vec<HashMap<String, Variant>>.

String is the name of the returned struct field with Variant being an enum type.

Currently included queries:

The subsections were defined according to WMI Tasks for Scripts and Applications, you can find more classes here.

Accounts and Domains

• Win32_ComputerSystem
• Win32_Group

Computer Hardware

• Win32_CDROMDrive
• Win32_ComputerSystem
• Win32_PCMCIAController
• Win32_PnPEntity
• Win32_PointingDevice
• Win32_Processor
• Win32_SystemEnclosure
• Win32_USBHub
• Win32_TapeDrive

Computer Software

• Win32_Product

Dates and Times

• Win32_LocalTime
• Win32_TimeZone

Desktop Management

• Win32_Desktop
• Win32_DesktopMonitor
• Win32_StartupCommand

Disks and File Systems

• Win32_DiskQuota
• Win32_VolumeChangeEvent
• Win32_LogicalDisk
• Win32_MappedLogicalDisk
• Win32_Volume
• Win32_DiskDrive
• Win32_DiskPartition

Event Logs

• Win32_NTLogEvent
• Win32_NTEventlogFile

Files and Folders

• CIM_DataFile
• Win32_Share
• Win32_Directory

Networking

• Win32_NetworkAdapterConfiguration
• Win32_NetworkAdapter

Operating Systems

• Win32_OperatingSystem
• Win32_QuickFixEngineering
• Win32_WindowsProductActivation

Performance Monitoring

• Win32_Perf
• Win32_PerfFormattedData
• Win32_PerfRawData

Processes

• Win32_Process
• Win32_ProcessStartup

Printers and Printing

• Win32_Printer

Registry

• Win32_Registry

Scheduled Tasks

• Win32_ScheduledJob

Services

• Win32_Service
• Win32_DependentService

Building your own class queries

You can use the provided wmi macro to make your own queries:

#![allow(non_snake_case)]

use query_wmi::wmi;
use query_wmi::Query;
use paste::paste;
use std::collections::HashMap;
use query_wmi::COMLibrary;
use query_wmi::{Variant, WMIConnection};

// this creates the function `get_CLASS_NAME()`
wmi!{
/// documentation
CLASS_NAME, r"path_to_namespace"
}

// calling it
let com_con = COMLibrary::new()?;
dbg!(get_CLASS_NAME(com_con)?);

Building your own queries

You can also replace CLASS_NAME with a query like CLASS_NAME where SOME_CONDITION=VALUE

See WQL Operators

Modules

accounts_and_domains

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--accounts-and-domains

computer_hardware

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--computer-hardware

computer_software

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--computer-software

date_and_times

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--dates-and-times

desktop_management

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--desktop-management

disks_and_file_systems

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--disks-and-file-systems

event_logs

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--event-logs

files_and_folders

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--files-and-folders

networking

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--networking

operating_systems

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--operating-systems

performance_monitoring

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--performance-monitoring

printers_and_printing

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--printers-and-printing

processes

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--processes

registry

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--registry

scheduled_tasks

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--scheduled-tasks

services

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-tasks--services

Macros

wmi

Our main macro to build queries.

Structs

COMLibrary

A marker to indicate that the current thread was CoInitialized. It can be freely copied within the same thread.

WMIConnection

Enums

Variant

Type Aliases

Query

type Query = Vec<HashMap<String, Variant>>.