C language > Windows questions
Working with WMI
bitcoin:
Is call CoSetProxyBlanket required? Or I can skip it? I don't understand this api.
TimoVJL:
Maybe that 'blanket' is for RPC ?
An example to avoid notepad.exe running ;)
--- Code: ---HRESULT STDMETHODCALLTYPE EventSink_Indicate(IWbemObjectSink *this, long lObjectCount, IWbemClassObject **apObjArray)
{
for (int i = 0; i < lObjectCount; i++)
{
printf("Event occurred %d/%d\n", i, lObjectCount);
IWbemClassObject *pIWbemClassObject = apObjArray[i];
//IWbemClassObject *pIWbemClassObject = *apObjArray;
VARIANT vcn;
HRESULT hr;
if (!(hr = pIWbemClassObject->lpVtbl->Get(pIWbemClassObject, L"__Class", 0, &vcn, NULL, NULL)))
{
if (vcn.vt == VT_BSTR)
printf("%ls\n", vcn.bstrVal);
VariantClear(&vcn);
}
else
printf("error: 0x%Xh\n", hr);
if (!(hr = pIWbemClassObject->lpVtbl->Get(pIWbemClassObject, L"TargetInstance", 0, &vcn, NULL, NULL)))
{
IUnknown *pUnk = vcn.punkVal;
IWbemClassObject *pIWbemClassObject1;
if (!(hr = pUnk->lpVtbl->QueryInterface(pUnk, &IID_IWbemClassObject, (void **)&pIWbemClassObject1)))
{
BOOL bFound = 0;
UINT pid;
VARIANT vcn1;
if (!(hr = pIWbemClassObject1->lpVtbl->Get(pIWbemClassObject1, L"Name", 0, &vcn1, NULL, NULL)))
{
printf("%ls\t", vcn1.bstrVal);
bFound = !wcscmp(vcn1.bstrVal, L"notepad.exe");
VariantClear(&vcn1);
}
VARIANT vcn2;
if (!(hr = pIWbemClassObject1->lpVtbl->Get(pIWbemClassObject1, L"Handle", 0, &vcn2, NULL, NULL)))
{
printf("%ls\n", vcn2.bstrVal);
pid = wcstoul(vcn2.bstrVal, 0, 10);
VariantClear(&vcn2);
}
if (bFound) {
printf("found: %d\n", pid);
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid);
TerminateProcess(hProc, 0);
}
}
VariantClear(&vcn);
}
else
printf("error: 0x%Xh\n", hr);
}
return WBEM_S_NO_ERROR;
}
--- End code ---
bitcoin:
Yes, it works! Thank you! :)
Yesterday,I tried to do
--- Code: ---VARIANT vcn3;
if (!(hr = pIWbemClassObject1->lpVtbl->Get(pIWbemClassObject1,L"ProcessId",0,&vcn3,NULL,NULL)))
{
TerminateProcess((void*)vcn3.intVal,0);
--- End code ---
This shit don't works (unlike of your code). Thanks!
bitcoin:
Hello,
how I can to terminate process without winapi? I saw that Win32_Process have method Terminate , but how to call it?
TimoVJL:
https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/terminate-method-in-class-win32-process
Navigation
[0] Message Index
[*] Previous page
Go to full version