157 lines
8.7 KiB
Plaintext
157 lines
8.7 KiB
Plaintext
#pragma autorecover
|
|
|
|
#pragma namespace("\\\\.\\root")
|
|
|
|
instance of __Namespace
|
|
{
|
|
Name = "cimv2" ;
|
|
} ;
|
|
|
|
#pragma namespace("\\\\.\\root\\cimv2")
|
|
|
|
/*
|
|
* Classes
|
|
*/
|
|
|
|
|
|
[DynProps : ToInstance ,ClassContext("Steve") ,Dynamic,Provider("InstanceProvider") ]
|
|
class Win32_ProcessEx : CIM_Process
|
|
{
|
|
[Read : ToSubclass,Privileges{"SeDebugPrivilege"} : ToSubclass,MappingStrings{"Win32API|Tool Help Structures|MODULEENTRY32|szExePath"} : ToSubclass] string ExecutablePath;
|
|
[Read : ToSubclass,Units("Kilobytes") : ToSubclass,Privileges{"SeDebugPrivilege"} : ToSubclass,MappingStrings{"Win32|WINNT.H|QUOTA_LIMITS|MaximumWorkingSetSize"} : ToSubclass] uint32 MaximumWorkingSetSize;
|
|
[Read : ToSubclass,Units("Kilobytes") : ToSubclass,Privileges{"SeDebugPrivilege"} : ToSubclass,MappingStrings{"Win32|WINNT.H|QUOTA_LIMITS|MinimumWorkingSetSize"} : ToSubclass] uint32 MinimumWorkingSetSize;
|
|
[Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|PageFaultCount"} : ToSubclass] uint32 PageFaults;
|
|
[Read : ToSubclass,Units("Kilobytes") : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|PagefileUsage"} : ToSubclass] uint32 PageFileUsage;
|
|
[Read : ToSubclass,Units("Kilobytes") : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|PeakPagefileUsage"} : ToSubclass] uint32 PeakPageFileUsage;
|
|
[Read : ToSubclass,Units("Kilobytes") : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|PeakWorkingSetSize"} : ToSubclass] uint32 PeakWorkingSetSize;
|
|
[Read : ToSubclass,MappingStrings{"Win32API|Process and Thread Structures|PROCESS_INFORMATION|dwProcessId "} : ToSubclass] uint32 ProcessId;
|
|
[Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|QuotaNonPagedPoolUsage"} : ToSubclass] uint32 QuotaNonPagedPoolUsage;
|
|
[Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|QuotaPagedPoolUsage"} : ToSubclass] uint32 QuotaPagedPoolUsage;
|
|
[Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|QuotaPeakNonPagedPoolUsage"} : ToSubclass] uint32 QuotaPeakNonPagedPoolUsage;
|
|
[Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|QuotaPeakPagedPoolUsage"} : ToSubclass] uint32 QuotaPeakPagedPoolUsage;
|
|
[Read : ToSubclass,MappingStrings{"Win32API|Process and Thread Functions|GetProcessVersion"} : ToSubclass] string WindowsVersion;
|
|
[Read : ToSubclass,Override("Priority") : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|BasePriority"} : ToSubclass] uint32 Priority;
|
|
[Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|NumberOfThreads"} : ToSubclass] uint32 ThreadCount;
|
|
[Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|HandleCount"} : ToSubclass] uint32 HandleCount;
|
|
[Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|InheritedFromUniqueProcessId"} : ToSubclass] uint32 ParentProcessId;
|
|
[Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|SessionId"} : ToSubclass] uint32 SessionId;
|
|
[Read : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|PrivatePageCount"} : ToSubclass] uint64 PrivatePageCount;
|
|
[Read : ToSubclass,Units("Bytes") : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|PeakVirtualSize"} : ToSubclass] uint64 PeakVirtualSize;
|
|
[Read : ToSubclass,Units("Bytes") : ToSubclass,MappingStrings{"Win32API|Process Status|SYSTEM_PROCESS_INFORMATION|VirtualSize"} : ToSubclass] uint64 VirtualSize;
|
|
[Read : ToSubclass,MappingStrings{"Win32API|Process and Thread Structures|SYSTEM_PROCESS_INFORMATION|ReadOperationCount"} : ToSubclass] uint64 ReadOperationCount;
|
|
[Read : ToSubclass,MappingStrings{"Win32API|Process and Thread Structures|SYSTEM_PROCESS_INFORMATION|WriteOperationCount"} : ToSubclass] uint64 WriteOperationCount;
|
|
[Read : ToSubclass,MappingStrings{"Win32API|Process and Thread Structures|SYSTEM_PROCESS_INFORMATION|OtherOperationCount"} : ToSubclass] uint64 OtherOperationCount;
|
|
[Read : ToSubclass,Units("Bytes") : ToSubclass,MappingStrings{"Win32API|Process and Thread Structures|SYSTEM_PROCESS_INFORMATION|ReadTransferCount"} : ToSubclass] uint64 ReadTransferCount;
|
|
[Read : ToSubclass,Units("Bytes") : ToSubclass,MappingStrings{"Win32API|Process and Thread Structures|SYSTEM_PROCESS_INFORMATION|WriteTransferCount"} : ToSubclass] uint64 WriteTransferCount;
|
|
[Read : ToSubclass,Units("Bytes") : ToSubclass,MappingStrings{"Win32API|Process and Thread Structures|SYSTEM_PROCESS_INFORMATION|OtherTransferCount"} : ToSubclass] uint64 OtherTransferCount;
|
|
[Read : ToSubclass,Dynamic : ToInstance,Provider("PropertyProvider"): ToInstance,PropertyContext("Process Extra Property1"): ToInstance] String ExtraProperty1;
|
|
[Read : ToSubclass,Dynamic : ToInstance,Provider("PropertyProvider"): ToInstance,PropertyContext("Process Extra Property2"): ToInstance] String ExtraProperty2;
|
|
[Constructor,Static,Implemented,Privileges{"SeAssignPrimaryTokenPrivilege", "SeIncreaseQuotaPrivilege"} : ToSubclass,MappingStrings{"Win32API|Process and Thread Functions|CreateProcess"} : ToSubclass] uint32 Create([In : ToSubclass,MappingStrings{"Win32API|Process and Thread Functions|lpCommandLine "} : ToSubclass] string CommandLine,[In : ToSubclass,MappingStrings{"Win32API|Process and Thread Functions|CreateProcess|lpCurrentDirectory "} : ToSubclass] string CurrentDirectory,[In : ToSubclass,MappingStrings{"WMI|Win32_ProcessStartup"} : ToSubclass] Win32_ProcessStartup ProcessStartupInformation,[Out : ToSubclass,MappingStrings{"Win32API|Process and Thread Functions|CreateProcess|lpProcessInformation|dwProcessId"} : ToSubclass] uint32 ProcessId);
|
|
[Destructor,Implemented,MappingStrings{"Win32API|Process and Thread Functions|TerminateProcess"} : ToSubclass] uint32 Terminate([In : ToSubclass,MappingStrings{"Win32API|Process and Thread Functions|TerminateProcess|uExitCode "} : ToSubclass] uint32 Reason);
|
|
[Implemented,MappingStrings{"WMI"} : ToSubclass] uint32 GetOwner([Out : ToSubclass,MappingStrings{"WMI"} : ToSubclass] string User,[Out : ToSubclass,MappingStrings{"WMI"} : ToSubclass] string Domain);
|
|
[Implemented,MappingStrings{"WMI"} : ToSubclass] uint32 GetOwnerSid([Out : ToSubclass,MappingStrings{"WMI"} : ToSubclass] string Sid);
|
|
[Implemented,MappingStrings{"Win32API|Process and Thread Functions|SetPriorityClass"} : ToSubclass] uint32 SetPriority([in,MappingStrings{"Win32API|Process and Thread Functions|SetPriorityClass|dwPriorityClass"} : ToSubclass,ValueMap{"0x00000040", "0x00004000", "0x00000020", "0x00008000", "0x00000080", "0x00000100"} : ToSubclass] sint32 Priority);
|
|
[Implemented] uint32 AttachDebugger();
|
|
};
|
|
|
|
class SampleEvent : __ExtrinsicEvent
|
|
{
|
|
String Name ;
|
|
} ;
|
|
|
|
/*
|
|
* Registrations
|
|
*/
|
|
|
|
instance of __Win32Provider as $PDecoupledInstance
|
|
{
|
|
Name = "DecoupledInstanceProvider";
|
|
HostingModel = "Decoupled:Com" ;
|
|
SecurityDescriptor = "O:BAG:SYD:(A;;0x10000001;;;BA)(A;;0x10000001;;;SY)" ;
|
|
};
|
|
|
|
instance of __InstanceProviderRegistration
|
|
{
|
|
Provider = $PDecoupledInstance;
|
|
SupportsGet = TRUE;
|
|
SupportsPut = TRUE;
|
|
SupportsDelete = TRUE;
|
|
SupportsEnumeration = TRUE;
|
|
|
|
QuerySupportLevels = { "WQL:UnarySelect" } ;
|
|
};
|
|
|
|
instance of __MethodProviderRegistration
|
|
{
|
|
Provider = $PDecoupledInstance;
|
|
};
|
|
|
|
instance of __Win32Provider as $PDecoupledEvent
|
|
{
|
|
Name = "DecoupledEventProvider";
|
|
HostingModel = "Decoupled:Com" ;
|
|
};
|
|
|
|
instance of __EventProviderRegistration
|
|
{
|
|
Provider = $PDecoupledEvent ;
|
|
|
|
EVentQueryList = {
|
|
|
|
"Select * from SampleEvent"
|
|
} ;
|
|
|
|
} ;
|
|
|
|
instance of __Win32Provider as $PEvent
|
|
{
|
|
CLSID = "{D884E55D-7E96-4707-9456-86ABC6DC6D7E}" ;
|
|
Name = "EventProvider";
|
|
HostingModel = "NetworkServiceHost" ;
|
|
};
|
|
|
|
instance of __Win32Provider as $PProperty
|
|
{
|
|
Name = "PropertyProvider";
|
|
Clsid = "{FE186DC7-0FE8-4b59-81CA-8D45E50D394C}";
|
|
HostingModel = "NetworkServiceHost" ;
|
|
};
|
|
|
|
instance of __Win32Provider as $PInstance
|
|
{
|
|
Name = "InstanceProvider";
|
|
HostingModel = "NetworkServiceHost" ;
|
|
Clsid = "{FE186DC7-0FE8-4b59-81CA-8D45E50D394C}";
|
|
};
|
|
|
|
instance of __PropertyProviderRegistration
|
|
{
|
|
Provider = $PProperty;
|
|
SupportsGet = TRUE;
|
|
SupportsPut = TRUE;
|
|
};
|
|
instance of __InstanceProviderRegistration
|
|
{
|
|
Provider = $PInstance;
|
|
SupportsGet = TRUE;
|
|
SupportsPut = TRUE;
|
|
SupportsDelete = TRUE;
|
|
SupportsEnumeration = TRUE;
|
|
|
|
QuerySupportLevels = { "WQL:UnarySelect" } ;
|
|
};
|
|
|
|
instance of __EventProviderRegistration
|
|
{
|
|
Provider = $PEvent ;
|
|
|
|
EVentQueryList = {
|
|
|
|
"Select * from SampleEvent"
|
|
} ;
|
|
|
|
} ;
|
|
|
|
|
|
|