{"id":596,"date":"2020-10-14T15:29:53","date_gmt":"2020-10-14T15:29:53","guid":{"rendered":"http:\/\/144.76.171.171\/blog\/?p=596"},"modified":"2020-10-14T15:29:53","modified_gmt":"2020-10-14T15:29:53","slug":"get-wmiobject-namespace-class","status":"publish","type":"post","link":"https:\/\/berenkudaygorun.com\/blog\/blog\/2020\/10\/14\/get-wmiobject-namespace-class\/","title":{"rendered":"Get-WmiObject, Namespace, Class"},"content":{"rendered":"

C Sharp'ta bir proje yazd\u0131\u011f\u0131n\u0131z\u0131 d\u00fc\u015f\u00fcn\u00fcn. Her \u015fey birer class'tan ibaret ve bu class'lar\u0131n \u00fcs\u00fcnde bir de namespace'ler var. Namespace'leri yazd\u0131\u011f\u0131m\u0131z class'lar\u0131 ba\u015fka class'lar alt\u0131nda kullanabilmek i\u00e7in using anahtar kelimesi ile birlikte kullan\u0131r\u0131z. Burdaki hiyerar\u015fik yap\u0131n\u0131n ayn\u0131s\u0131 asl\u0131nda \u015fuan odaklanaca\u011f\u0131m\u0131z konu i\u00e7inde ge\u00e7erlidir.<\/p>\n

WMI yap\u0131lar\u0131 hiyerar\u015fik class'lardan olu\u015fmaktad\u0131r. E\u011fer bir i\u015f yapabilmek i\u00e7in class'\u0131n\u0131z\u0131 ve namespace'inizi biliyorsan\u0131z \u00e7ok k\u0131sa powershell komutlar\u0131 ile windows d\u00fcnyas\u0131nda m\u00fckemmel i\u015fler yapabilirsiniz. Diyelim ki class'\u0131n\u0131z\u0131 ve namespace'inizi bilmiyorsunuz. Yapmak istedi\u011finiz i\u015flem ise bir process ba\u015flatmak olsun. \u0130lerleyece\u011fimiz yol a\u015fa\u011f\u0131daki gibidir.<\/p>\n

\u0130lk olarak powershell i\u00e7erisinde \u015fansl\u0131 bir arama yapal\u0131m ve wmi i\u00e7eren cmdlet'leri elde edelim.<\/p>\n

PS C:\\Users\\Administrator> Get-Help *wmi*\n\nName                              Category  Module                    Synopsis\n----                              --------  ------                    --------\ngwmi                              Alias                               Get-WmiObject\niwmi                              Alias                               Invoke-WmiMethod\nrwmi                              Alias                               Remove-WmiObject\nswmi                              Alias                               Set-WmiInstance\nGet-WmiObject                     Cmdlet    Microsoft.PowerShell.M... ...\nInvoke-WmiMethod                  Cmdlet    Microsoft.PowerShell.M... ...\nRegister-WmiEvent                 Cmdlet    Microsoft.PowerShell.M... ...\nRemove-WmiObject                  Cmdlet    Microsoft.PowerShell.M... ...\nSet-WmiInstance                   Cmdlet    Microsoft.PowerShell.M... ...<\/code><\/pre>\n
Get-WmiObject yap\u0131s\u0131 ile kullanmak istedi\u011fim class'\u0131 ke\u015ffetmeyi deneyece\u011fim. help ile i\u00e7erisinde okuma yapt\u0131\u011f\u0131mda class ve namespace gibi parametreleri kulland\u0131\u011f\u0131n\u0131 g\u00f6rd\u00fcm.
\nNamespace'leri yaz\u0131n\u0131n ba\u015f\u0131nda basit\u00e7e anlatm\u0131\u015ft\u0131k. Bir klas\u00f6r gibi d\u00fc\u015f\u00fcnebiliriz ve i\u00e7erisinde class'lar\u0131m\u0131z bulunmaktad\u0131r. Ayn\u0131 zamanda namespace i\u00e7erisinde namespace tan\u0131mlamas\u0131da yap\u0131labilir ve en yukar\u0131daki namespace'in ad\u0131 root<\/code>'tur.
\nBilgisayar\u0131n\u0131zdaki b\u00fct\u00fcn namespace'leri ke\u015ffetmek isterseniz a\u015fa\u011f\u0131daki powershell kodunu \u00e7al\u0131\u015ft\u0131r\u0131n.<\/p>\n
PS C:\\Users\\sbi> # create a new queue\n>> $namespaces = [System.Collections.Queue]::new()\n>>\n>> # add an initial namespace to the queue\n>> # any namespace in the queue will later be processed\n>> $namespaces.Enqueue('root')\n>>\n>> # process all elements on the queue until all are taken\n>> While ($namespaces.Count -gt 0 -and ($current = $namespaces.Dequeue()))\n>> {\n>>     # find child namespaces\n>>     Get-CimInstance -Namespace $current -ClassName __Namespace -ErrorAction Ignore |\n>>     # ignore localization namespaces\n>>     Where-Object Name -NotMatch '^ms_\\d{2}' |\n>>     ForEach-Object {\n>>         # construct the full namespace name\n>>         $childnamespace = '{0}\\{1}' -f $current, $_.Name\n>>         # add namespace to queue\n>>         $namespaces.Enqueue($childnamespace)\n>>     }\n>>\n>>     # output current namespace\n>>     $current\n>> }<\/code><\/pre>\n
Kod \u00e7\u0131kt\u0131s\u0131 bende a\u015fa\u011f\u0131daki gibi bir cevap d\u00f6nd\u00fcrm\u00fc\u015ft\u00fcr.<\/p>\n
root\nroot\\subscription\nroot\\DEFAULT\nroot\\CIMV2\nroot\\msdtc\nroot\\Cli\nroot\\SECURITY\nroot\\HyperVCluster\nroot\\SecurityCenter2\nroot\\RSOP\nroot\\PEH\nroot\\StandardCimv2\nroot\\WMI\nroot\\directory\nroot\\Policy\nroot\\virtualization\nroot\\Interop\nroot\\Hardware\nroot\\ServiceModel\nroot\\SecurityCenter\nroot\\Microsoft\nroot\\aspnet\nroot\\Appv\nroot\\CIMV2\\mdm\nroot\\CIMV2\\Security\nroot\\CIMV2\\power\nroot\\CIMV2\\TerminalServices\nroot\\HyperVCluster\\v2\nroot\\RSOP\\User\nroot\\RSOP\\Computer\nroot\\StandardCimv2\\embedded\nroot\\directory\\LDAP\nroot\\virtualization\\v2\nroot\\Microsoft\\SqlServer\nroot\\Microsoft\\HomeNet\nroot\\Microsoft\\protectionManagement\nroot\\Microsoft\\Windows\nroot\\Microsoft\\SecurityClient\nroot\\Microsoft\\Uev\nroot\\CIMV2\\mdm\\dmmap\nroot\\CIMV2\\Security\\MicrosoftTpm\nroot\\CIMV2\\Security\\MicrosoftVolumeEncryption\nroot\\Microsoft\\SqlServer\\ComputerManagement15\nroot\\Microsoft\\SqlServer\\ServerEvents\nroot\\Microsoft\\Windows\\RemoteAccess\nroot\\Microsoft\\Windows\\Dns\nroot\\Microsoft\\Windows\\Powershellv3\nroot\\Microsoft\\Windows\\Hgs\nroot\\Microsoft\\Windows\\WindowsUpdate\nroot\\Microsoft\\Windows\\DeviceGuard\nroot\\Microsoft\\Windows\\TaskScheduler\nroot\\Microsoft\\Windows\\DesiredStateConfigurationProxy\nroot\\Microsoft\\Windows\\SmbWitness\nroot\\Microsoft\\Windows\\Wdac\nroot\\Microsoft\\Windows\\winrm\nroot\\Microsoft\\Windows\\AppBackgroundTask\nroot\\Microsoft\\Windows\\PS_MMAgent\nroot\\Microsoft\\Windows\\Storage\nroot\\Microsoft\\Windows\\HardwareManagement\nroot\\Microsoft\\Windows\\SMB\nroot\\Microsoft\\Windows\\EventTracingManagement\nroot\\Microsoft\\Windows\\DesiredStateConfiguration\nroot\\Microsoft\\Windows\\Attestation\nroot\\Microsoft\\Windows\\CI\nroot\\Microsoft\\Windows\\Defender\nroot\\Microsoft\\SqlServer\\ServerEvents\\MSSQLSERVER\nroot\\Microsoft\\SqlServer\\ServerEvents\\SQLEXPRESS\nroot\\Microsoft\\Windows\\RemoteAccess\\Client\nroot\\Microsoft\\Windows\\Storage\\PT\nroot\\Microsoft\\Windows\\Storage\\Providers_v2\nroot\\Microsoft\\Windows\\Storage\\PT\\Alt<\/code><\/pre>\n
Biz bu kadar namespace ile ilgilenmeyece\u011fiz ve recursive bir \u015fekilde ilerlemeyece\u011fiz. Benzer bir \u00e7\u0131kt\u0131ya a\u015fa\u011f\u0131daki powershell komutu ile elde etmekte m\u00fcmk\u00fcnd\u00fcr.<\/p>\n
PS C:\\Users\\Administrator> Get-WmiObject -Namespace "root" -Class "__Namespace" | select name\n\nname\n----\nsubscription\nDEFAULT\nMicrosoftDfs\nCIMV2\nmsdtc\nCli\nMicrosoftActiveDirectory\nSECURITY\nRSOP\nMicrosoftDNS\nPEH\nStandardCimv2\nWMI\nAccessLogging\ndirectory\nPolicy\nInventoryLogging\nInterop\nHardware\nServiceModel\nMicrosoft\nAppv<\/code><\/pre>\n
Windows'un default se\u00e7ili olan namespace'i root\/cimv2<\/code>'dir. Bunu birazdan kendi kendimize kan\u0131tlam\u0131\u015f olaca\u011f\u0131z. Namespace'lerin bir klas\u00f6r gibi oldu\u011funu s\u00f6ylemi\u015ftik \u015fimdi bu klas\u00f6r\u00fcn i\u00e7eri\u011fini g\u00f6relim.<\/p>\n
Get-WmiObject -Namespace "root\/cimv2" -List<\/code><\/pre>\n
Bu komut \u00e7al\u0131\u015ft\u0131r\u0131ld\u0131\u011f\u0131nda cimv2<\/code> alt\u0131ndaki class'lar listelenecektir. \u015eimdi \u015fansl\u0131 bir arama yapa\u0131m ve listelenen class'lar aras\u0131nda process kelimesi ge\u00e7enleri bulal\u0131m.<\/p>\n
PS C:\\Users\\Administrator> Get-WmiObject -Namespace "root\/cimv2" -List | Where-Object {$_.Name -match "process"}\n\n   NameSpace: ROOT\\cimv2\n\nName                                Methods              Properties\n----                                -------              ----------\nWin32_ProcessTrace                  {}                   {ParentProcessID, ProcessID, ProcessName, SECURITY_DESCRIPTOR...}\nWin32_ProcessStartTrace             {}                   {ParentProcessID, ProcessID, ProcessName, SECURITY_DESCRIPTOR...}\nWin32_ProcessStopTrace              {}                   {ExitStatus, ParentProcessID, ProcessID, ProcessName...}\nCIM_Processor                       {SetPowerState, R... {AddressWidth, Availability, Caption, ConfigManagerErrorCode...}\nWin32_Processor                     {SetPowerState, R... {AddressWidth, Architecture, AssetTag, Availability...}\nCIM_Process                         {}                   {Caption, CreationClassName, CreationDate, CSCreationClassName...}\nWin32_Process                       {Create, Terminat... {Caption, CommandLine, CreationClassName, CreationDate...}\nWin32_NamedJobObjectProcess         {}                   {Collection, Member}\nWin32_ProcessStartup                {}                   {CreateFlags, EnvironmentVariables, ErrorMode, FillAttribute...}\nWin32_ComputerSystemProcessor       {}                   {GroupComponent, PartComponent}\nWin32_SystemProcesses               {}                   {GroupComponent, PartComponent}\nCIM_ProcessThread                   {}                   {GroupComponent, PartComponent}\nCIM_OSProcess                       {}                   {GroupComponent, PartComponent}\nCIM_ProcessExecutable               {}                   {Antecedent, BaseAddress, Dependent, GlobalProcessCount...}\nWin32_SessionProcess                {}                   {Antecedent, Dependent}\nCIM_AssociatedProcessorMemory       {}                   {Antecedent, BusSpeed, Dependent}\nWin32_AssociatedProcessorMemory     {}                   {Antecedent, BusSpeed, Dependent}\nWin32_PerfFormattedData_Counters... {}                   {BuildScatterGatherCyclesPersec, Caption, Description, Frequency_Object...}\nWin32_PerfRawData_Counters_PerPr... {}                   {BuildScatterGatherCyclesPersec, Caption, Description, Frequency_Object...}\nWin32_PerfFormattedData_Counters... {}                   {BuildScatterGatherListCallsPersec, Caption, Description, DPCsDeferredPersec...}\nWin32_PerfRawData_Counters_PerPr... {}                   {BuildScatterGatherListCallsPersec, Caption, Description, DPCsDeferredPersec...}\nWin32_PerfFormattedData_Counters... {}                   {AverageIdleTime, C1TransitionsPersec, C2TransitionsPersec, C3TransitionsPersec...}\nWin32_PerfRawData_Counters_Proce... {}                   {AverageIdleTime, AverageIdleTime_Base, C1TransitionsPersec, C2TransitionsPersec...}\nWin32_PerfFormattedData_GPUPerfo... {}                   {Caption, DedicatedUsage, Description, Frequency_Object...}\nWin32_PerfRawData_GPUPerformance... {}                   {Caption, DedicatedUsage, Description, Frequency_Object...}\nWin32_PerfFormattedData_HvStats_... {}                   {C1TransitionsPersec, C2TransitionsPersec, C3TransitionsPersec, Caption...}\nWin32_PerfRawData_HvStats_HyperV... {}                   {C1TransitionsPersec, C2TransitionsPersec, C3TransitionsPersec, Caption...}\nWin32_PerfFormattedData_HvStats_... {}                   {AddressDomainFlushesPersec, AddressSpaceEvictionsPersec, AddressSpaceFlushesPersec, AddressSpaceSwitchesPersec...}\nWin32_PerfRawData_HvStats_HyperV... {}                   {AddressDomainFlushesPersec, AddressSpaceEvictionsPersec, AddressSpaceFlushesPersec, AddressSpaceSwitchesPersec...}\nWin32_PerfFormattedData_Lsa_Secu... {}                   {Caption, ContextHandles, CredentialHandles, Description...}\nWin32_PerfRawData_Lsa_SecurityPe... {}                   {Caption, ContextHandles, CredentialHandles, Description...}\nWin32_PerfFormattedData_LSM_User... {}                   {Caption, Description, Frequency_Object, Frequency_PerfTime...}\nWin32_PerfRawData_LSM_UserInputD... {}                   {Caption, Description, Frequency_Object, Frequency_PerfTime...}\nWin32_PerfFormattedData_PerfOS_P... {}                   {C1TransitionsPersec, C2TransitionsPersec, C3TransitionsPersec, Caption...}\nWin32_PerfRawData_PerfOS_Processor  {}                   {C1TransitionsPersec, C2TransitionsPersec, C3TransitionsPersec, Caption...}\nWin32_PerfFormattedData_PerfProc... {}                   {Caption, CreatingProcessID, Description, ElapsedTime...}\nWin32_PerfRawData_PerfProc_Process  {}                   {Caption, CreatingProcessID, Description, ElapsedTime...}\n<\/code><\/pre>\n
Burda bana g\u00f6z k\u0131rpan class Win32_Process<\/code> class'\u0131. Bu class'\u0131n metotlar\u0131n\u0131 g\u00f6rmek istiyorum. B\u00f6ylece class'\u0131 ayn\u0131 programlamada oldu\u011fu gibi kullanabiliriz.<\/p>\n
PS C:\\Users\\Administrator> Get-WmiObject -Namespace "root\/cimv2" -List | Where-Object {$_.Name -eq "Win32_Process"} | select -ExpandProperty Methods\n\nName          : Create\nInParameters  : System.Management.ManagementBaseObject\nOutParameters : System.Management.ManagementBaseObject\nOrigin        : Win32_Process\nQualifiers    : {Constructor, Implemented, MappingStrings, Privileges...}\n\nName          : Terminate\nInParameters  : System.Management.ManagementBaseObject\nOutParameters : System.Management.ManagementBaseObject\nOrigin        : Win32_Process\nQualifiers    : {Destructor, Implemented, MappingStrings, Privileges...}\n\nName          : GetOwner\nInParameters  :\nOutParameters : System.Management.ManagementBaseObject\nOrigin        : Win32_Process\nQualifiers    : {Implemented, MappingStrings, ValueMap}\n\nName          : GetOwnerSid\nInParameters  :\nOutParameters : System.Management.ManagementBaseObject\nOrigin        : Win32_Process\nQualifiers    : {Implemented, MappingStrings, ValueMap}\n\nName          : SetPriority\nInParameters  : System.Management.ManagementBaseObject\nOutParameters : System.Management.ManagementBaseObject\nOrigin        : Win32_Process\nQualifiers    : {Implemented, MappingStrings, ValueMap}\n\nName          : AttachDebugger\nInParameters  :\nOutParameters : System.Management.ManagementBaseObject\nOrigin        : Win32_Process\nQualifiers    : {Implemented, ValueMap}\n\nName          : GetAvailableVirtualSize\nInParameters  :\nOutParameters : System.Management.ManagementBaseObject\nOrigin        : Win32_Process\nQualifiers    : {Implemented, ValueMap}<\/code><\/pre>\n
Evet ha-ri-ka! Burdaki Create<\/code> metodu olduk\u00e7a ilgimi \u00e7ekti. Ancak ilk olarak normal bir \u015fekilde bu class'\u0131 \u00e7a\u011f\u0131rmak istiyorum.<\/p>\n
Get-WmiObject -Class Win32_Process<\/code><\/pre>\n
Bu komutu \u00e7al\u0131\u015ft\u0131rd\u0131\u011f\u0131m\u0131zda local bilgisayar\u0131m\u0131zdaki process'lerle alakal\u0131 ayr\u0131nt\u0131l\u0131 bilgiye sahip olabiliriz. Get-WmiObject -Class Win32_Process  |Out-GridView   <\/code> daha iyi bir g\u00f6r\u00fcn\u00fcm i\u00e7in grid \u00e7\u0131kt\u0131s\u0131n\u0131 kullanmak isteyebilirsiniz. \u0130sterseniz sonu\u00e7lar\u0131 select-object<\/code> ile de d\u00fczenleyebilirsiniz ama konumuz bu de\u011fil...<\/p>\n
\u0130lk powershell komutumuzu hat\u0131rlayal\u0131m. Get-Help *wmi*<\/code> komutu ile gelen \u00e7\u0131kt\u0131larda Invoke-WmiMethod<\/code> cmdlet'ini g\u00f6rm\u00fc\u015ft\u00fck. \u015eimdi bunu kullanman\u0131n zaman\u0131 geldi...<\/p>\n
PS C:\\Users\\Administrator> Invoke-WmiMethod -Class Win32_Process -Name Create -ArgumentList "notepad.exe"\n\n__GENUS          : 2\n__CLASS          : __PARAMETERS\n__SUPERCLASS     :\n__DYNASTY        : __PARAMETERS\n__RELPATH        :\n__PROPERTY_COUNT : 2\n__DERIVATION     : {}\n__SERVER         :\n__NAMESPACE      :\n__PATH           :\nProcessId        : 4988\nReturnValue      : 0\nPSComputerName   :\n<\/code><\/pre>\n
Yukar\u0131daki komut arac\u0131l\u0131\u011f\u0131 ile bir notepad.exe i\u015flemi ba\u015flatm\u0131\u015f olduk.<\/p>\n
Yukar\u0131daki default namespace ten bahsetti\u011fimiz k\u0131s\u0131mda bunun root\/cimv2<\/code> oldu\u011funu s\u00f6ylemi\u015ftik. Bundan dolay\u0131 Invoke-WmiMethod<\/code> ile Win32_Process<\/code> class'\u0131n\u0131 kullan\u0131rken ayr\u0131ca namespace parametresini kullanmam\u0131za gerek kalmad\u0131.<\/p>\n","protected":false},"excerpt":{"rendered":"
C Sharp’ta bir proje yazd\u0131\u011f\u0131n\u0131z\u0131 d\u00fc\u015f\u00fcn\u00fcn. Her \u015fey birer class’tan ibaret ve bu class’lar\u0131n \u00fcs\u00fcnde bir de namespace’ler var. Namespace’leri yazd\u0131\u011f\u0131m\u0131z class’lar\u0131 ba\u015fka class’lar alt\u0131nda…<\/p>\n
Devam\u0131n\u0131 okuGet-WmiObject, Namespace, Class<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[269,320],"tags":[408,411,409,18,407,410,412],"class_list":["post-596","post","type-post","status-publish","format-standard","hentry","category-active-directory","category-powershell","tag-cimv2","tag-get-wmiobject","tag-invoke-wmimethod","tag-namespace","tag-root-cimv2","tag-win32_process","tag-wmi","entry"],"_links":{"self":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts\/596","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/comments?post=596"}],"version-history":[{"count":2,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts\/596\/revisions"}],"predecessor-version":[{"id":598,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/posts\/596\/revisions\/598"}],"wp:attachment":[{"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/media?parent=596"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/categories?post=596"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/berenkudaygorun.com\/blog\/wp-json\/wp\/v2\/tags?post=596"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}