如何使用C#中的WMI查询从UWF获取注册表和文件排除项

时间:2016-05-08 11:23:08

标签: c# windows-10 wmi

我希望使用WMI从UWF获取所有注册表排除和文件排除。

我已经尝试从UWF_RegistryFilter类调用GetExclusions方法,但没有运气。

我期待着一个有效的示例代码,提前感谢您的帮助!

2 个答案:

答案 0 :(得分:1)

困难的部分是从方法结果中读出out参数。 Microsoft website上没有适当的文档,很难猜测如何使用ManagementBaseObject读取输出参数。

为了找到解决方案,我尝试了解WMI如何根据其他记录良好的wmi样本使用out参数。请使用下面的C#代码,我希望它有所帮助:

public static void GetRegistryExclusions()
    {

        ManagementScope scope = new ManagementScope(@"root\standardcimv2\embedded");
        using (ManagementClass mc = new ManagementClass(scope.Path.Path, "UWF_RegistryFilter",
        null))
        {
            ManagementObjectCollection moc = mc.GetInstances();
            foreach (ManagementObject mo in moc)
            {
                ManagementBaseObject[] result = (ManagementBaseObject[])mo.InvokeMethod("GetExclusions", null, null).Properties["ExcludedKeys"].Value;

                if (result != null)
                {
                    foreach (var r in result)
                    {
                        Console.WriteLine(r.GetPropertyValue("RegistryKey"));
                    }
                }
            }
        }
    }

注意/请求请求1500 reputation的人创建并链接以下标记,以便像我这样的人更容易在stackoverflow上请求解决方案/回答问题。

  1. UWF
  2. UWFMGR

答案 1 :(得分:0)

仅当我想将自己的代码放在SO上时,我才从hint on a microsoft forum中弄清楚了自己的想法,才找到了Manoj的答案。因此,添加了关键字“统一写入过滤器”和UWF_Volume(这样是否起作用?)。

我使用了稍微短一点的语法来访问属性,并且还按照OP的要求返回排除的文件。我试图使其尽可能强大,因为似乎存在一些无效的卷条目。如果有人知道他们是什么,请告诉我。

public static string GetFilterDetail()
{
  string details = "";
  string detailsCurrent = "";
  string detailsNext = "";
  try
  {
    // Get WMI provider for UWF
    var scope = new ManagementScope(@"\\localhost\root\StandardCimv2\embedded");
    var managementPath = scope.Path.Path;
    using (ManagementClass volumeFilterClass = new ManagementClass(managementPath, "UWF_Volume", null))
    {
      var volumeFilters = volumeFilterClass?.GetInstances();
      if (volumeFilters != null && volumeFilters.Count > 0)
      {
        foreach (ManagementObject volumeFilter in volumeFilters)
        {
          if (volumeFilter != null)
          {
            // Now we have access to the Volume's WMI provider class

            // First check if this is a valid Volume instance, as from trial and error it seems that is not always the case.
            // Some invalid/undocumented instances throw a Not Found ManagementException on the GetExclusions method.
            // Some also throw a NullReferenceException on mo.GetPropertyValue("Protected"), but that covers less cases.
            bool isInstanceValid = true;
            try
            {
              volumeFilter.InvokeMethod("GetExclusions", null, null);
            }
            catch (ManagementException ex)
            {
              if (ex.Message.ToLower().Contains("not found"))
                isInstanceValid = false;
              else throw ex;
            }

            if (isInstanceValid)
            {
              bool currentSession = ((bool)volumeFilter.GetPropertyValue("CurrentSession"));
              string driveLetter = (string)volumeFilter.GetPropertyValue("DriveLetter");
              bool isProtected = ((bool)volumeFilter.GetPropertyValue("Protected"));
              string detail = "Volume " + driveLetter + " is " + (isProtected ? "protected" : "not protected") + ".\n";
              detail += "Excluded files:\n";

              ManagementBaseObject outParams = volumeFilter.InvokeMethod("GetExclusions", null, null);
              if (outParams != null)
              {
                var excludedItems = (ManagementBaseObject[])outParams["ExcludedFiles"];
                if (excludedItems != null)
                {
                  foreach (var excludedItem in excludedItems)
                  {
                    detail += "    " + driveLetter + excludedItem["FileName"] + "\n";
                  }
                }
                else detail += "    [No excluded files]\n";
              }

              if (currentSession)
                detailsCurrent += detail;
              else
                detailsNext += detail;
            }
          }
        }
      }
    }
    using (ManagementClass registryFilterClass = new ManagementClass(managementPath, "UWF_RegistryFilter", null))
    {
      var registryFilters = registryFilterClass?.GetInstances();
      if (registryFilters != null && registryFilters.Count > 0)
      {
        foreach (ManagementObject registryFilter in registryFilters)
        {
          if (registryFilter != null)
          {
            // Now we have access to the RegistryFilter's WMI provider class

            bool currentSession = ((bool)registryFilter.GetPropertyValue("CurrentSession"));
            string detail = "Excluded registry keys:\n";

            ManagementBaseObject outParams = registryFilter.InvokeMethod("GetExclusions", null, null);
            if (outParams != null)
            {
              var excludedItems = (ManagementBaseObject[])outParams["ExcludedKeys"];
              if (excludedItems != null)
              {
                foreach (var excludedItem in excludedItems)
                {
                  detail += "    " + excludedItem["RegistryKey"] + "\n";
                }
              }
              else detail += "    [No excluded registry keys]\n";
            }

            if (currentSession)
              detailsCurrent += detail;
            else
              detailsNext += detail;
          }
        }
      }
    }
  }
  catch (Exception ex)
  {
    details += ex.ToString();
  }

  details += "\nNOTE: These settings are only active if the Write Filter is Enabled\n"
          + "\nCURRENT SETTINGS:\n" + detailsCurrent
          + "\nNEXT SETTINGS: (after next reboot)\n" + detailsNext;

  return details;
}

示例输出:

example output

相关问题
最新问题