#pragma autorecover #pragma namespace("\\\\.\\root") instance of __Namespace { Name = "cimv2" ; } ; #pragma namespace("\\\\.\\root\\cimv2") /* * Classes */ [DynProps : ToInstance ,ClassContext("Steve") ,Dynamic,Provider("InstanceProvider") ] class Win32_ProcessEx : CIM_Process { [Read : ToSubclass,Privileges{"SeDebugPrivilege"} : ToSubclass,MappingStrings{"Win32API|Tool Help Structures|MODULEENTRY32|szExePath"} : ToSubclass] string ExecutablePath; [Read : ToSubclass,Units("Kilobytes") : ToSubclass,Privileges{"SeDebugPrivilege"} : ToSubclass,MappingStrings{"Win32|WINNT.H|QUOTA_LIMITS|MaximumWorkingSetSize"} : ToSubclass] uint32 MaximumWorkingSetSize; [Read : ToSubclass,Units("Kilobytes") : ToSubclass,Privileges{"SeDebugPrivilege"} : ToSubclass,MappingStrings{"Win32|WINNT.H|QUOTA_LIMITS|MinimumWorkingSetSize"} : ToSubclass] uint32 MinimumWorkingSetSize; [Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|PageFaultCount"} : ToSubclass] uint32 PageFaults; [Read : ToSubclass,Units("Kilobytes") : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|PagefileUsage"} : ToSubclass] uint32 PageFileUsage; [Read : ToSubclass,Units("Kilobytes") : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|PeakPagefileUsage"} : ToSubclass] uint32 PeakPageFileUsage; [Read : ToSubclass,Units("Kilobytes") : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|PeakWorkingSetSize"} : ToSubclass] uint32 PeakWorkingSetSize; [Read : ToSubclass,MappingStrings{"Win32API|Process and Thread Structures|PROCESS_INFORMATION|dwProcessId "} : ToSubclass] uint32 ProcessId; [Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|QuotaNonPagedPoolUsage"} : ToSubclass] uint32 QuotaNonPagedPoolUsage; [Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|QuotaPagedPoolUsage"} : ToSubclass] uint32 QuotaPagedPoolUsage; [Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|QuotaPeakNonPagedPoolUsage"} : ToSubclass] uint32 QuotaPeakNonPagedPoolUsage; [Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|QuotaPeakPagedPoolUsage"} : ToSubclass] uint32 QuotaPeakPagedPoolUsage; [Read : ToSubclass,MappingStrings{"Win32API|Process and Thread Functions|GetProcessVersion"} : ToSubclass] string WindowsVersion; [Read : ToSubclass,Override("Priority") : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|BasePriority"} : ToSubclass] uint32 Priority; [Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|NumberOfThreads"} : ToSubclass] uint32 ThreadCount; [Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|HandleCount"} : ToSubclass] uint32 HandleCount; [Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|InheritedFromUniqueProcessId"} : ToSubclass] uint32 ParentProcessId; [Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|SessionId"} : ToSubclass] uint32 SessionId; [Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|PrivatePageCount"} : ToSubclass] uint64 PrivatePageCount; [Read : ToSubclass,Units("Bytes") : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|PeakVirtualSize"} : ToSubclass] uint64 PeakVirtualSize; [Read : ToSubclass,Units("Bytes") : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|VirtualSize"} : ToSubclass] uint64 VirtualSize; [Read : ToSubclass,MappingStrings{"Win32API|Process and Thread Structures|SYSTEM_PROCESS_INFORMATION|ReadOperationCount"} : ToSubclass] uint64 ReadOperationCount; [Read : ToSubclass,MappingStrings{"Win32API|Process and Thread Structures|SYSTEM_PROCESS_INFORMATION|WriteOperationCount"} : ToSubclass] uint64 WriteOperationCount; [Read : ToSubclass,MappingStrings{"Win32API|Process and Thread Structures|SYSTEM_PROCESS_INFORMATION|OtherOperationCount"} : ToSubclass] uint64 OtherOperationCount; [Read : ToSubclass,Units("Bytes") : ToSubclass,MappingStrings{"Win32API|Process and Thread Structures|SYSTEM_PROCESS_INFORMATION|ReadTransferCount"} : ToSubclass] uint64 ReadTransferCount; [Read : ToSubclass,Units("Bytes") : ToSubclass,MappingStrings{"Win32API|Process and Thread Structures|SYSTEM_PROCESS_INFORMATION|WriteTransferCount"} : ToSubclass] uint64 WriteTransferCount; [Read : ToSubclass,Units("Bytes") : ToSubclass,MappingStrings{"Win32API|Process and Thread Structures|SYSTEM_PROCESS_INFORMATION|OtherTransferCount"} : ToSubclass] uint64 OtherTransferCount; [Read : ToSubclass,Dynamic : ToInstance,Provider("PropertyProvider"): ToInstance,PropertyContext("Process Extra Property1"): ToInstance] String ExtraProperty1; [Read : ToSubclass,Dynamic : ToInstance,Provider("PropertyProvider"): ToInstance,PropertyContext("Process Extra Property2"): ToInstance] String ExtraProperty2; [Constructor,Static,Implemented,Privileges{"SeAssignPrimaryTokenPrivilege", "SeIncreaseQuotaPrivilege"} : ToSubclass,MappingStrings{"Win32API|Process and Thread Functions|CreateProcess"} : ToSubclass] uint32 Create([In : ToSubclass,MappingStrings{"Win32API|Process and Thread Functions|lpCommandLine "} : ToSubclass] string CommandLine,[In : ToSubclass,MappingStrings{"Win32API|Process and Thread Functions|CreateProcess|lpCurrentDirectory "} : ToSubclass] string CurrentDirectory,[In : ToSubclass,MappingStrings{"WMI|Win32_ProcessStartup"} : ToSubclass] Win32_ProcessStartup ProcessStartupInformation,[Out : ToSubclass,MappingStrings{"Win32API|Process and Thread Functions|CreateProcess|lpProcessInformation|dwProcessId"} : ToSubclass] uint32 ProcessId); [Destructor,Implemented,MappingStrings{"Win32API|Process and Thread Functions|TerminateProcess"} : ToSubclass] uint32 Terminate([In : ToSubclass,MappingStrings{"Win32API|Process and Thread Functions|TerminateProcess|uExitCode "} : ToSubclass] uint32 Reason); [Implemented,MappingStrings{"WMI"} : ToSubclass] uint32 GetOwner([Out : ToSubclass,MappingStrings{"WMI"} : ToSubclass] string User,[Out : ToSubclass,MappingStrings{"WMI"} : ToSubclass] string Domain); [Implemented,MappingStrings{"WMI"} : ToSubclass] uint32 GetOwnerSid([Out : ToSubclass,MappingStrings{"WMI"} : ToSubclass] string Sid); [Implemented,MappingStrings{"Win32API|Process and Thread Functions|SetPriorityClass"} : ToSubclass] uint32 SetPriority([in,MappingStrings{"Win32API|Process and Thread Functions|SetPriorityClass|dwPriorityClass"} : ToSubclass,ValueMap{"0x00000040", "0x00004000", "0x00000020", "0x00008000", "0x00000080", "0x00000100"} : ToSubclass] sint32 Priority); [Implemented] uint32 AttachDebugger(); }; class SampleEvent : __ExtrinsicEvent { String Name ; } ; /* * Registrations */ instance of __Win32Provider as $PDecoupledInstance { Name = "DecoupledInstanceProvider"; HostingModel = "Decoupled:Com" ; SecurityDescriptor = "O:BAG:SYD:(A;;0x10000001;;;BA)(A;;0x10000001;;;SY)" ; }; instance of __InstanceProviderRegistration { Provider = $PDecoupledInstance; SupportsGet = TRUE; SupportsPut = TRUE; SupportsDelete = TRUE; SupportsEnumeration = TRUE; QuerySupportLevels = { "WQL:UnarySelect" } ; }; instance of __MethodProviderRegistration { Provider = $PDecoupledInstance; }; instance of __Win32Provider as $PDecoupledEvent { Name = "DecoupledEventProvider"; HostingModel = "Decoupled:Com" ; }; instance of __EventProviderRegistration { Provider = $PDecoupledEvent ; EVentQueryList = { "Select * from SampleEvent" } ; } ; instance of __Win32Provider as $PEvent { CLSID = "{D884E55D-7E96-4707-9456-86ABC6DC6D7E}" ; Name = "EventProvider"; HostingModel = "NetworkServiceHost" ; }; instance of __Win32Provider as $PProperty { Name = "PropertyProvider"; Clsid = "{FE186DC7-0FE8-4b59-81CA-8D45E50D394C}"; HostingModel = "NetworkServiceHost" ; }; instance of __Win32Provider as $PInstance { Name = "InstanceProvider"; HostingModel = "NetworkServiceHost" ; Clsid = "{FE186DC7-0FE8-4b59-81CA-8D45E50D394C}"; }; instance of __PropertyProviderRegistration { Provider = $PProperty; SupportsGet = TRUE; SupportsPut = TRUE; }; instance of __InstanceProviderRegistration { Provider = $PInstance; SupportsGet = TRUE; SupportsPut = TRUE; SupportsDelete = TRUE; SupportsEnumeration = TRUE; QuerySupportLevels = { "WQL:UnarySelect" } ; }; instance of __EventProviderRegistration { Provider = $PEvent ; EVentQueryList = { "Select * from SampleEvent" } ; } ;