MASM32编程通过WMI获取Windows计划任务

简介: MASM32编程通过WMI获取Windows计划任务

上回MASM32编程使用了Windows系统提供的API函数:NetScheduleJobEnum()来枚举Windows计划任务(详见 MASM32编程枚举Windows计划任务,javascript:void(0)),这次通过WMI来实现。

 需要注意的是:不管是通过WMI,还是使用API函数NetScheduleJobEnum(),都只能枚举使用Win32_ScheduledJob类别或At.exe实用程序创建的计划任务。

 所以 pe_xscan 在扫描计划任务时使用的是另外一种方法:-D

 

 完整的代码如下:

(源代码+EXE下载:

 http://purpleendurer.ys168.com

 

;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
; 文 件 名:WmiScheduleJob.asm (控制台程序)
; 功    能: 通过WMI获取计划任务
; 注    意:通过WMI只能枚举使用Win32_ScheduledJob类别
;           或At.exe实用程序创建的计划任务。
; 开发环境:Win XP PRO SP3 + MASM32 v8
; 作    者:PurpleEndurer, 2010-04-19,广西河池
;
; log
; --------------------------------------------------
; 2010-04-18 完成
; 2010-04-09 开始编写
;<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
.586
.MODEL FLAT,STDCALL
OPTION CASEMAP:NONE
INCLUDE /masm32/include/windows.inc
INCLUDE /masm32/include/kernel32.inc
INCLUDELIB /masm32/lib/kernel32.lib
INCLUDE /masm32/include/ole32.inc
INCLUDELIB /masm32/lib/ole32.lib
INCLUDE /masm32/include/user32.inc
INCLUDELIB /masm32/lib/user32.lib
INCLUDE /masm32/include/masm32.inc
INCLUDELIB /masm32/lib/masm32.lib
EnumScheduleJob proto
;ssssssssssssssssssssssss
;.const
;ssssssssssssssssssssssss
EOAC_NONE   EQU 0
COINIT_MULTITHREADED equ 00h
; located in RpcDce.h
RPC_C_AUTHN_LEVEL_DEFAULT   EQU 0
RPC_C_IMP_LEVEL_DEFAULT     EQU 0
RPC_C_IMP_LEVEL_IMPERSONATE EQU 3
GUID2 STRUC
     dd1 DWORD ?
     dw1 WORD ?
     dw2 WORD ?
     db1 BYTE ?
     db2 BYTE ?
     db3 BYTE ?
     db4 BYTE ?
     db5 BYTE ?
     db6 BYTE ?
     db7 BYTE ?
     db8 BYTE ?
GUID2 ENDS
IWbemLocator STRUCT
    lpVtbl DWORD   ?
IWbemLocator ENDS
IWbemLocatorVtbl STRUCT
    QueryInterface DWORD   ?
    AddRef         DWORD   ?
    Release        DWORD   ?
    ConnectServer  DWORD   ?
IWbemLocatorVtbl ENDS
IWbemServices STRUCT
    lpVtbl DWORD   ?
IWbemServices ENDS
IWbemServicesVtbl STRUCT
    QueryInterface             DWORD   ?
    AddRef                     DWORD   ?
    Release                    DWORD   ?
    OpenNamespace              DWORD   ?
    CancelAsyncCall            DWORD   ?
    QueryObjectSink            DWORD   ?
    GetObject                  DWORD   ?
    GetObjectAsync             DWORD   ?
    PutClass                   DWORD   ?
    PutClassAsync              DWORD   ?
    DeleteClass                DWORD   ?
    DeleteClassAsync           DWORD   ?
    CreateClassEnum            DWORD   ?
    CreateClassEnumAsync       DWORD   ?
    PutInstance                DWORD   ?
    PutInstanceAsync           DWORD   ?
    DeleteInstance             DWORD   ?
    DeleteInstanceAsync        DWORD   ?
    CreateInstanceEnum         DWORD   ?
    CreateInstanceEnumAsync    DWORD   ?
    ExecQuery                  DWORD   ?
    ExecQueryAsync             DWORD   ?
    ExecNotificationQuery      DWORD   ?
    ExecNotificationQueryAsync DWORD   ?
    ExecMethod                 DWORD   ?
    ExecMethodAsync            DWORD   ?
IWbemServicesVtbl ENDS
IEnumWbemClassObject STRUCT
    lpVtbl          DWORD   ?
IEnumWbemClassObject ENDS
IEnumWbemClassObjectVtbl STRUCT
    QueryInterface DWORD   ?
    AddRef         DWORD   ?
    Release        DWORD   ?
    Reset          DWORD   ?
    Next           DWORD   ?
    NextAsync      DWORD   ?
    Clone          DWORD   ?
    Skip           DWORD   ?
IEnumWbemClassObjectVtbl ENDS
IWbemClassObject STRUCT
    lpVtbl DWORD   ?
IWbemClassObject ENDS
IWbemClassObjectVtbl STRUCT
    QueryInterface          DWORD   ?
    AddRef                  DWORD   ?
    Release                 DWORD   ?
    GetQualifierSet         DWORD   ?
    Get                     DWORD   ?
    Put                     DWORD   ?
    Delete                  DWORD   ?
    GetNames                DWORD   ?
    BeginEnumeration        DWORD   ?
    Next                    DWORD   ?
    EndEnumeration          DWORD   ?
    GetPropertyQualifierSet DWORD   ?
    GetObjectText           DWORD   ?
    SpawnDerivedClass       DWORD   ?
    SpawnInstance           DWORD   ?
    CompareTo               DWORD   ?
    GetPropertyOrigin       DWORD   ?
    InheritsFrom            DWORD   ?
    GetMethod               DWORD   ?
    PutMethod               DWORD   ?
    DeleteMethod            DWORD   ?
    BeginMethodEnumeration  DWORD   ?
    NextMethod              DWORD   ?
    EndMethodEnumeration    DWORD   ?
    GetMethodQualifierSet   DWORD   ?
    GetMethodOrigin         DWORD   ?
IWbemClassObjectVtbl ENDS
;ssssssssssssssssssssssss
.DATA
;ssssssssssssssssssssssss
    g_wszNameSpace word "r", "o", "o", "t", "/", "c", "i", "m", "v", "2", 0
    g_wszQueryLanguage word "W", "Q", "L", 0
    WBEM_FLAG_CONNECT_USE_MAX_WAIT  EQU     80h
    WBEM_FLAG_FORWARD_ONLY          EQU     20h
    WBEM_FLAG_RETURN_IMMEDIATELY    EQU     10h
    WBEM_INFINITE                   EQU     -1
    WBEM_E_INVALID_QUERY            EQU     80041017h
    WBEM_E_INVALID_QUERY_TYPE       EQU     80041018h
    IID_IWbemLocator                GUID2   <0dc12a687h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h>
    IID_IEnumWbemClassObject        GUID2   <027947e1h,0d731h,011ceh,0a3h,057h,000h,000h,000h,000h,000h,001h>
    IID_IWbemClassObject            GUID2   <0dc12a681h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h>
    ; located in WbemProv.h
    CLSID_WbemAdministrativeLocator GUID2   <0cb8555cch,09128h,011d1h,0adh,09bh,000h,0c0h,04fh,0d8h,0fdh,0ffh>
    locator     IWbemLocator            <>
    service     IWbemServices           <>
    enumerator  IEnumWbemClassObject    <>
    processor   IWbemClassObject        <>
    retCount    DWORD   ?
    var_val     DWORD   ?
                DWORD   ?
                DWORD   ?
                DWORD   ?
    g_szAppInfo db "通过WMI获取计划任务信息", 0dh ,0ah
                db "作  者:PurpleEndurer, 2010-04-19,广西河池", 0dh ,0ah, 0
    g_wszSelectWin32_ScheduledJob WORD "S","E","L","E","C","T"," ","*"," ","F","R","O","M"," "
    g_wszWin32_ScheduledJob WORD "W", "i", "n", "3", "2", "_", "S", "c", "h", "e", "d", "u", "l", "e", "d", "J", "o", "b", 0
    g_szJobID db 0dh, 0ah, "Job ID: ", 0
    g_wszJobID word "J", "o", "b", "I", "D", 0
    g_szCommand db "Command: ", 0
    g_wszCommand word "C", "o", "m", "m", "a", "n", "d", 0
    g_szJobStatus db "Job Status: ", 0  ;Success
    g_wszJobStatus word "J", "o", "b", "S", "t", "a", "t", "u", "s", 0
    g_szStartTime db "Start Time: ", 0  ;********215000.000000+480
                                        ;时间前有八个星号是WMIC的特性,其显示时间的方式是YYYYMMDDHHMMSS.MMMMMM+时区,
                                        ;但我们并不需要指定年月日,所以用*星号来替代
    g_wszStartTime word "S", "t", "a", "r", "t", "T", "i", "m", "e", 0
    g_szPerSCr db "%S"
    g_szCrLf   db 0dh, 0ah, 0
    g_szPerXCr db "%x", 0dh, 0ah, 0
    g_szFail   db "Fail", 0dh, 0ah, 0
;ssssssssssssssssssssssss
.CODE
;ssssssssssssssssssssssss
start:
    invoke CoInitializeEx, NULL, COINIT_MULTITHREADED
    invoke CoInitializeSecurity, NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_DEFAULT,/
                RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL
    invoke CoCreateInstance, ADDR CLSID_WbemAdministrativeLocator, NULL,/
                CLSCTX_INPROC_SERVER, ADDR IID_IWbemLocator, ADDR locator
    invoke StdOut, ADDR g_szAppInfo
    invoke EnumScheduleJob
    invoke CoUninitialize
    invoke ExitProcess, 0
;======================================================
wmiConnectServer proc
;======================================================
    mov esi, locator
    lodsd
    push OFFSET service
    push NULL
    push NULL
    push WBEM_FLAG_CONNECT_USE_MAX_WAIT
    push NULL
    push NULL
    push NULL
    push OFFSET g_wszNameSpace
    push DWORD PTR [locator]
    call DWORD PTR [eax][IWbemLocatorVtbl.ConnectServer]
    ret
wmiConnectServer endp
;======================================================
wmiExecQuery proc lpwszSQL: LPWSTR
;======================================================
    mov esi, service
    lodsd
    push OFFSET enumerator
    push NULL
    push WBEM_FLAG_FORWARD_ONLY or WBEM_FLAG_RETURN_IMMEDIATELY
    push lpwszSQL
    push OFFSET g_wszQueryLanguage
    push DWORD PTR [service]
    call DWORD PTR [eax][IWbemServicesVtbl.ExecQuery]
    ret
wmiExecQuery endp
;======================================================
wmiNext proc
;======================================================
    mov esi, enumerator
    lodsd
    push OFFSET retCount
    push OFFSET processor
    push TRUE
    push WBEM_INFINITE
    push DWORD PTR [enumerator]
    call DWORD PTR [eax][IEnumWbemClassObjectVtbl.Next]
    ret
wmiNext endp
;======================================================
wmiGet proc lpwszItem: LPWSTR
;======================================================
    mov esi, processor
    lodsd
    push NULL
    push NULL
    push OFFSET var_val
    push 0
    push lpwszItem
    push DWORD PTR [processor]
    call DWORD PTR [eax][IWbemClassObjectVtbl.Get]
    ret
wmiGet endp
;======================================================
writeWmiStr proc lpszItem: LPSTR, lpwszItem: LPWSTR, lpszFmt: LPSTR
;======================================================
    LOCAL szbuf[256]: byte
    invoke StdOut, lpszItem
    invoke wmiGet, lpwszItem
    test eax, eax
    .if ZERO?
        invoke wsprintf, ADDR szbuf, lpszFmt, [var_val + 8]
        invoke StdOut, ADDR szbuf
    .else
        invoke StdOut, ADDR g_szFail
    .endif
    ret
writeWmiStr endp
;======================================================
EnumScheduleJob proc
;======================================================
    invoke wmiConnectServer
    test   eax, eax
    jnz    @EnumScheduleJobRet
    invoke wmiExecQuery, OFFSET g_wszSelectWin32_ScheduledJob
    test   eax, eax
    jnz    @EnumScheduleJobRet
@EnumScheduleJobNext1:
    invoke wmiNext
    test   eax, eax
    jnz    @EnumScheduleJobRet
    ;.if retCount==0
    ;    jmp @EnumScheduleJobRet
    ;.endif
    invoke writeWmiStr, ADDR g_szJobID, ADDR g_wszJobID, ADDR g_szPerXCr
    invoke writeWmiStr, ADDR g_szCommand, ADDR g_wszCommand, ADDR g_szPerSCr
    invoke writeWmiStr, ADDR g_szJobStatus, ADDR g_wszJobStatus, ADDR g_szPerSCr
    invoke writeWmiStr, ADDR g_szStartTime, ADDR g_wszStartTime, ADDR g_szPerSCr
    jmp @EnumScheduleJobNext1
@EnumScheduleJobRet:
    ret
EnumScheduleJob endp
END
相关文章
|
2月前
|
人工智能 监控 安全
掌握Windows管理利器:WMI命令实战
本文介绍了Windows Management Instrumentation (WMI) 的基本概念和用途,通过多个实用的`wmic`命令示例,如获取CPU信息、查看操作系统详情、管理服务、检查磁盘空间等,展示了WMI在系统维护中的强大功能。适合IT专业人士学习和参考。
70 4
|
3月前
|
网络协议 API Windows
MASM32编程调用 API函数RtlIpv6AddressToString,windows 10 容易,Windows 7 折腾
MASM32编程调用 API函数RtlIpv6AddressToString,windows 10 容易,Windows 7 折腾
|
3月前
|
Windows
[原创]用MASM32编程获取windows类型
[原创]用MASM32编程获取windows类型
|
3月前
|
小程序 Windows
MASM32编写的程序在Windows 7,10下运行正常,但在Win XP下运行时只闻其声不见其形的故障
MASM32编写的程序在Windows 7,10下运行正常,但在Win XP下运行时只闻其声不见其形的故障
|
3月前
|
调度 Windows Python
windows计划任务的“等待空闲时间”已弃用
【9月更文挑战第1天】在Windows中,若“等待空闲时间”功能被弃用,可采用第三方任务调度软件(如Task Scheduler Pro、Advanced Task Scheduler)替代,或使用Python库(如schedule)和PowerShell脚本来实现。此外,还可调整任务触发条件,如设置特定时间或事件触发,以达到类似效果。这些方法能有效实现任务的精准调度。
|
3月前
|
安全 网络安全 API
基于WMI更新Windows系统信息采集程序sysInfo的一些收获
基于WMI更新Windows系统信息采集程序sysInfo的一些收获
|
3月前
|
API Windows
MASM32编程获取Windows当前桌面主题名
MASM32编程获取Windows当前桌面主题名
|
4月前
|
数据库 Windows
超详细步骤解析:从零开始,手把手教你使用 Visual Studio 打造你的第一个 Windows Forms 应用程序,菜鸟也能轻松上手的编程入门指南来了!
【8月更文挑战第31天】创建你的第一个Windows Forms (WinForms) 应用程序是一个激动人心的过程,尤其适合编程新手。本指南将带你逐步完成一个简单WinForms 应用的开发。首先,在Visual Studio 中创建一个“Windows Forms App (.NET)”项目,命名为“我的第一个WinForms 应用”。接着,在空白窗体中添加一个按钮和一个标签控件,并设置按钮文本为“点击我”。然后,为按钮添加点击事件处理程序`button1_Click`,实现点击按钮后更新标签文本为“你好,你刚刚点击了按钮!”。
307 0
|
24天前
|
网络安全 Windows
Windows server 2012R2系统安装远程桌面服务后无法多用户同时登录是什么原因?
【11月更文挑战第15天】本文介绍了在Windows Server 2012 R2中遇到的多用户无法同时登录远程桌面的问题及其解决方法,包括许可模式限制、组策略配置问题、远程桌面服务配置错误以及网络和防火墙问题四个方面的原因分析及对应的解决方案。