MASM32编程通过WMI获取Windows计划任务
.586.MODEL FLAT,STDCALL
OPTION CASEMAP:NONE
INCLUDE \masm32\include\windows.inc
INCLUDE \masm32\include\kernel32.inc
INCLUDELIB \masm32\lib\kernel32.lib
INCLUDE \masm32\include\ole32.inc
INCLUDELIB \masm32\lib\ole32.lib
INCLUDE \masm32\include\user32.inc
INCLUDELIB \masm32\lib\user32.lib
INCLUDE \masm32\include\masm32.inc
INCLUDELIB \masm32\lib\masm32.lib
EnumScheduleJob proto
;ssssssssssssssssssssssss
;.const
;ssssssssssssssssssssssss
EOAC_NONE EQU 0
COINIT_MULTITHREADED equ 00h
; located in RpcDce.h
RPC_C_AUTHN_LEVEL_DEFAULT EQU 0
RPC_C_IMP_LEVEL_DEFAULT EQU 0
RPC_C_IMP_LEVEL_IMPERSONATE EQU 3
GUID2 STRUC
dd1 DWORD ?
dw1 WORD ?
dw2 WORD ?
db1 BYTE ?
db2 BYTE ?
db3 BYTE ?
db4 BYTE ?
db5 BYTE ?
db6 BYTE ?
db7 BYTE ?
db8 BYTE ?
GUID2 ENDS
IWbemLocator STRUCT
lpVtbl DWORD ?
IWbemLocator ENDS
IWbemLocatorVtbl STRUCT
QueryInte**ce DWORD ?
AddRef DWORD ?
Release DWORD ?
ConnectServerDWORD ?
IWbemLocatorVtbl ENDS
IWbemServices STRUCT
lpVtbl DWORD ?
IWbemServices ENDS
IWbemServicesVtbl STRUCT
QueryInte**ce DWORD ?
AddRef DWORD ?
Release DWORD ?
OpenNamespace DWORD ?
CancelAsyncCall DWORD ?
QueryObjectSink DWORD ?
GetObject DWORD ?
GetObjectAsync DWORD ?
PutClass DWORD ?
PutClassAsync DWORD ?
DeleteClass DWORD ?
DeleteClassAsync DWORD ?
CreateClassEnum DWORD ?
CreateClassEnumAsync DWORD ?
PutInstance DWORD ?
PutInstanceAsync DWORD ?
DeleteInstance DWORD ?
DeleteInstanceAsync DWORD ?
CreateInstanceEnum DWORD ?
CreateInstanceEnumAsync DWORD ?
ExecQuery DWORD ?
ExecQueryAsync DWORD ?
ExecNotificationQuery DWORD ?
ExecNotificationQueryAsync DWORD ?
ExecMethod DWORD ?
ExecMethodAsync DWORD ?
IWbemServicesVtbl ENDS
IEnumWbemClassObject STRUCT
lpVtbl DWORD ?
IEnumWbemClassObject ENDS
IEnumWbemClassObjectVtbl STRUCT
QueryInte**ce DWORD ?
AddRef DWORD ?
Release DWORD ?
Reset DWORD ?
Next DWORD ?
NextAsync DWORD ?
Clone DWORD ?
Skip DWORD ?
IEnumWbemClassObjectVtbl ENDS
IWbemClassObject STRUCT
lpVtbl DWORD ?
IWbemClassObject ENDS
IWbemClassObjectVtbl STRUCT
QueryInte**ce DWORD ?
AddRef DWORD ?
Release DWORD ?
GetQualifierSet DWORD ?
Get DWORD ?
Put DWORD ?
Delete DWORD ?
GetNames DWORD ?
BeginEnumeration DWORD ?
Next DWORD ?
EndEnumeration DWORD ?
GetPropertyQualifierSet DWORD ?
GetObjectText DWORD ?
SpawnDerivedClass DWORD ?
SpawnInstance DWORD ?
CompareTo DWORD ?
GetPropertyOrigin DWORD ?
InheritsFrom DWORD ?
GetMethod DWORD ?
PutMethod DWORD ?
DeleteMethod DWORD ?
BeginMethodEnumerationDWORD ?
NextMethod DWORD ?
EndMethodEnumeration DWORD ?
GetMethodQualifierSet DWORD ?
GetMethodOrigin DWORD ?
IWbemClassObjectVtbl ENDS
;ssssssssssssssssssssssss
.DATA
;ssssssssssssssssssssssss
g_wszNameSpace word "r", "o", "o", "t", "\", "c", "i", "m", "v", "2", 0
g_wszQueryLanguage word "W", "Q", "L", 0
WBEM_FLAG_CONNECT_USE_MAX_WAITEQU 80h
WBEM_FLAG_FORWARD_ONLY EQU 20h
WBEM_FLAG_RETURN_IMMEDIATELY EQU 10h
WBEM_INFINITE EQU -1
WBEM_E_INVALID_QUERY EQU 80041017h
WBEM_E_INVALID_QUERY_TYPE EQU 80041018h
IID_IWbemLocator GUID2 <0dc12a687h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h>
IID_IEnumWbemClassObject GUID2 <027947e1h,0d731h,011ceh,0a3h,057h,000h,000h,000h,000h,000h,001h>
IID_IWbemClassObject GUID2 <0dc12a681h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h>
; located in WbemProv.h
CLSID_WbemAdministrativeLocator GUID2 <0cb8555cch,09128h,011d1h,0adh,09bh,000h,0c0h,04fh,0d8h,0fdh,0ffh>
locator IWbemLocator <>
service IWbemServices <>
enumeratorIEnumWbemClassObject <>
processor IWbemClassObject <>
retCount DWORD ?
var_val DWORD ?
DWORD ?
DWORD ?
DWORD ?
g_szAppInfo db "通过WMI获取计划任务信息", 0dh ,0ah
db "作者:PurpleEndurer, 2010-04-19,广西河池", 0dh ,0ah, 0
g_wszSelectWin32_ScheduledJob WORD "S","E","L","E","C","T"," ","*"," ","F","R","O","M"," "
g_wszWin32_ScheduledJob WORD "W", "i", "n", "3", "2", "_", "S", "c", "h", "e", "d", "u", "l", "e", "d", "J", "o", "b", 0
g_szJobID db 0dh, 0ah, "Job ID: ", 0
g_wszJobID word "J", "o", "b", "I", "D", 0
g_szCommand db "Command: ", 0
g_wszCommand word "C", "o", "m", "m", "a", "n", "d", 0
g_szJobStatus db "Job Status: ", 0;Success
g_wszJobStatus word "J", "o", "b", "S", "t", "a", "t", "u", "s", 0
g_szStartTime db "Start Time: ", 0;********215000.000000+480
;时间前有八个星号是WMIC的特性,其显示时间的方式是YYYYMMDDHHMMSS.MMMMMM+时区,
;但我们并不需要指定年月日,所以用*星号来替代
g_wszStartTime word "S", "t", "a", "r", "t", "T", "i", "m", "e", 0
g_szPerSCr db "%S"
g_szCrLf db 0dh, 0ah, 0
g_szPerXCr db "%x", 0dh, 0ah, 0
g_szFail db "Fail", 0dh, 0ah, 0
;ssssssssssssssssssssssss
.CODE
;ssssssssssssssssssssssss
start:
invoke CoInitializeEx, NULL, COINIT_MULTITHREADED
invoke CoInitializeSecurity, NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_DEFAULT,\
RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL
invoke CoCreateInstance, ADDR CLSID_WbemAdministrativeLocator, NULL,\
CLSCTX_INPROC_SERVER, ADDR IID_IWbemLocator, ADDR locator
invoke StdOut, ADDR g_szAppInfo
invoke EnumScheduleJob
invoke CoUninitialize
invoke ExitProcess, 0
;======================================================
wmiConnectServer proc
;======================================================
mov esi, locator
lodsd
push OFFSET service
push NULL
push NULL
push WBEM_FLAG_CONNECT_USE_MAX_WAIT
push NULL
push NULL
push NULL
push OFFSET g_wszNameSpace
push DWORD PTR
call DWORD PTR
ret
wmiConnectServer endp
;======================================================
wmiExecQuery proc lpwszSQL: LPWSTR
;======================================================
mov esi, service
lodsd
push OFFSET enumerator
push NULL
push WBEM_FLAG_FORWARD_ONLY or WBEM_FLAG_RETURN_IMMEDIATELY
push lpwszSQL
push OFFSET g_wszQueryLanguage
push DWORD PTR
call DWORD PTR
ret
wmiExecQuery endp
;======================================================
wmiNext proc
;======================================================
mov esi, enumerator
lodsd
push OFFSET retCount
push OFFSET processor
push TRUE
push WBEM_INFINITE
push DWORD PTR
call DWORD PTR
ret
wmiNext endp
;======================================================
wmiGet proc lpwszItem: LPWSTR
;======================================================
mov esi, processor
lodsd
push NULL
push NULL
push OFFSET var_val
push 0
push lpwszItem
push DWORD PTR
call DWORD PTR
ret
wmiGet endp
;======================================================
writeWmiStr proc lpszItem: LPSTR, lpwszItem: LPWSTR, lpszFmt: LPSTR
;======================================================
LOCAL szbuf: byte
invoke StdOut, lpszItem
invoke wmiGet, lpwszItem
test eax, eax
.if ZERO?
invoke wsprintf, ADDR szbuf, lpszFmt,
invoke StdOut, ADDR szbuf
.else
invoke StdOut, ADDR g_szFail
.endif
ret
writeWmiStr endp
;======================================================
EnumScheduleJob proc
;======================================================
invoke wmiConnectServer
test eax, eax
jnz @EnumScheduleJobRet
invoke wmiExecQuery, OFFSET g_wszSelectWin32_ScheduledJob
test eax, eax
jnz @EnumScheduleJobRet
@EnumScheduleJobNext1:
invoke wmiNext
test eax, eax
jnz @EnumScheduleJobRet
;.if retCount==0
; jmp @EnumScheduleJobRet
;.endif
invoke writeWmiStr, ADDR g_szJobID, ADDR g_wszJobID, ADDR g_szPerXCr
invoke writeWmiStr, ADDR g_szCommand, ADDR g_wszCommand, ADDR g_szPerSCr
invoke writeWmiStr, ADDR g_szJobStatus, ADDR g_wszJobStatus, ADDR g_szPerSCr
invoke writeWmiStr, ADDR g_szStartTime, ADDR g_wszStartTime, ADDR g_szPerSCr
jmp @EnumScheduleJobNext1
@EnumScheduleJobRet:
ret
EnumScheduleJob endp
END start 看不懂噢 这个是关于com组件的编程!
页:
[1]