时间戳

首页 > 解决方案 > 使用 C++ 和 WMI(Windows Management Instrumentation)读取 Windows 日志文件

c++ - 使用 C++ 和 WMI(Windows Management Instrumentation)读取 Windows 日志文件

问题描述

我一直在浏览 windows 文档以使用 C++ 和 WMI 访问 windows 日志文件。我看到了一个用于创建 WMI 应用程序的示例代码。但是当我使用 g++ 编译器编译它时它会显示一个错误。

代码:

#define _WIN32_DCOM
#include <iostream>
using namespace std;
#include <comdef.h>
#include <Wbemidl.h>

#pragma comment(lib, "wbemuuid.lib")

int main(int argc, char **argv)
{
    HRESULT hres;

// Initialize COM.
hres =  CoInitializeEx(0, COINIT_MULTITHREADED); 
if (FAILED(hres))
{
    cout << "Failed to initialize COM library. " 
        << "Error code = 0x" 
        << hex << hres << endl;
    return 1;              // Program has failed.
}

// Initialize 
hres =  CoInitializeSecurity(
    NULL,     
    -1,      // COM negotiates service                  
    NULL,    // Authentication services
    NULL,    // Reserved
    RPC_C_AUTHN_LEVEL_DEFAULT,    // authentication
    RPC_C_IMP_LEVEL_IMPERSONATE,  // Impersonation
    NULL,             // Authentication info 
    EOAC_NONE,        // Additional capabilities
    NULL              // Reserved
    );


if (FAILED(hres))
{
    cout << "Failed to initialize security. " 
        << "Error code = 0x" 
        << hex << hres << endl;
    CoUninitialize();
    return 1;          // Program has failed.
}

// Obtain the initial locator to Windows Management
// on a particular host computer.
IWbemLocator *pLoc = 0;

hres = CoCreateInstance(
    CLSID_WbemLocator,             
    0, 
    CLSCTX_INPROC_SERVER, 
    IID_IWbemLocator, (LPVOID *) &amp;pLoc);

if (FAILED(hres))
{
    cout << "Failed to create IWbemLocator object. "
        << "Error code = 0x"
        << hex << hres << endl;
    CoUninitialize();
    return 1;       // Program has failed.
}

IWbemServices *pSvc = 0;

// Connect to the root\cimv2 namespace with the
// current user and obtain pointer pSvc
// to make IWbemServices calls.

hres = pLoc->ConnectServer(

    _bstr_t(L"ROOT\\CIMV2"), // WMI namespace
    NULL,                    // User name
    NULL,                    // User password
    0,                       // Locale
    NULL,                    // Security flags                 
    0,                       // Authority       
    0,                       // Context object
    &amp;pSvc                    // IWbemServices proxy
    );                              

if (FAILED(hres))
{
    cout << "Could not connect. Error code = 0x" 
        << hex << hres << endl;
    pLoc->Release();     
    CoUninitialize();
    return 1;                // Program has failed.
}

cout << "Connected to ROOT\\CIMV2 WMI namespace" << endl;

// Set the IWbemServices proxy so that impersonation
// of the user (client) occurs.
hres = CoSetProxyBlanket(

   pSvc,                         // the proxy to set
   RPC_C_AUTHN_WINNT,            // authentication service
   RPC_C_AUTHZ_NONE,             // authorization service
   NULL,                         // Server principal name
   RPC_C_AUTHN_LEVEL_CALL,       // authentication level
   RPC_C_IMP_LEVEL_IMPERSONATE,  // impersonation level
   NULL,                         // client identity 
   EOAC_NONE                     // proxy capabilities     
);

if (FAILED(hres))
{
    cout << "Could not set proxy blanket. Error code = 0x" 
         << hex << hres << endl;
    pSvc->Release();
    pLoc->Release();     
    CoUninitialize();
    return 1;               // Program has failed.
}


// Use the IWbemServices pointer to make requests of WMI. 
// Make requests here:

// For example, query for all the running processes
IEnumWbemClassObject* pEnumerator = NULL;
hres = pSvc->ExecQuery(
    bstr_t("WQL"), 
    bstr_t("SELECT * FROM Win32_Process"),
    WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY, 
    NULL,
    &amp;pEnumerator);

if (FAILED(hres))
{
    cout << "Query for processes failed. "
         << "Error code = 0x" 
         << hex << hres << endl;
    pSvc->Release();
    pLoc->Release();     
    CoUninitialize();
    return 1;               // Program has failed.
}
else
{ 
    IWbemClassObject *pclsObj;
    ULONG uReturn = 0;

    while (pEnumerator)
    {
        hres = pEnumerator->Next(WBEM_INFINITE, 1, 
            &amp;pclsObj, &amp;uReturn);

        if(0 == uReturn)
        {
            break;
        }

        VARIANT vtProp;

        // Get the value of the Name property
        hres = pclsObj->Get(L"Name", 0, &amp;vtProp, 0, 0);
        wcout << "Process Name : " << vtProp.bstrVal << endl;
        VariantClear(&amp;vtProp);

        pclsObj->Release();
        pclsObj = NULL;
    }

}

// Cleanup
// ========

pSvc->Release();
pLoc->Release();
pEnumerator->Release();  

CoUninitialize();

return 0;   // Program successfully completed.
}

如果我将它保存在名为 sample.cpp 的文件中,我会使用命令对其进行编译

 g++ -o sample sample.cpp

这是一个错误吗?我应该以不同的方式编译它吗?

我是新手。有人可以指导我如何使用 C++ 学习 WMI 以阅读 Windows 日志文件吗?

请回复

谢谢你。

标签: c++wmi

解决方案

似乎您刚刚从网站复制粘贴了代码,因此(由于 HTML)&已成为&amp;@Vlad274 的评论中提到的。

如果你在命令提示符下编译,你必须在编译之前链接你的库,可能ole32oleaut.

如果您使用的是 Visual Studio,请确保它们包含在链接器设置中。(它们在 VS2017 中默认设置)

额外:在使用该Get方法之前,您可以使用该方法检查属性名称GetNames以确保属性“名称”存在。

推荐阅读