WMI:监控注册表更改

时间:2012-10-10 02:59:53

标签: c++ wmi

在我的项目中,我想在我的系统中监视软件安装和安装,所以我使用WMI事件机制,但现在遇到问题并有问题。

问题:

我想要监控HKLM'SOFTWARE \ Microsoft \ Windows \ currentversion \ unistall',但是代码[1]工作错误(ExecNotificationQueryAnsync失败并且= 0x80041058)。而代码[2]工作正常,出了什么问题?

[1] 

hres = pSvc->ExecNotificationQueryAsync(
    _bstr_t("WQL"), 
    _bstr_t("SELECT * FROM RegistryTreeChangeEvent WITHIN 1 " "WHERE Hive='HKEY_LOCAL_MACHINE'" "AND RootPath='software\\Microsoft\\Windows\\currentversion\\unistall'"
    ), 
    WBEM_FLAG_SEND_STATUS, 
    NULL,   
    pStubSink);
[2]

hres = pSvc->ExecNotificationQueryAsync(
    _bstr_t("WQL"), 
    _bstr_t("SELECT * FROM RegistryTreeChangeEvent WITHIN 1 " "WHERE Hive='HKEY_LOCAL_MACHINE'" "AND RootPath='software'"
    ), 
    WBEM_FLAG_SEND_STATUS, 
    NULL,   
    pStubSink);

问题:在我的活动消费者中,我想获得该软件的名称,我该怎么办?

谢谢!

1 个答案:

答案 0 :(得分:0)

只需使用

SELECT * FROM RegistryTreeChangeEvent WITHIN 1 " "WHERE Hive='HKEY_LOCAL_MACHINE'" "AND RootPath='software\\\\Microsoft\\\\Windows\\\\currentversion\\\\unistall'"
相关问题
最新问题