2017-12-19 00:04:06 +00:00
|
|
|
/**
|
2016-09-08 01:04:33 +00:00
|
|
|
* Copyright (c) 2014-present, Facebook, Inc.
|
|
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
2019-02-19 18:52:19 +00:00
|
|
|
* This source code is licensed in accordance with the terms specified in
|
|
|
|
|
* the LICENSE file found in the root directory of this source tree.
|
2016-09-08 01:04:33 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#pragma once
|
|
|
|
|
|
|
|
|
|
#include <iostream>
|
|
|
|
|
#include <string>
|
|
|
|
|
#include <vector>
|
|
|
|
|
|
2018-09-21 18:54:31 +00:00
|
|
|
#include <osquery/utils/system/system.h>
|
2018-01-07 04:26:36 +00:00
|
|
|
|
2016-09-08 01:04:33 +00:00
|
|
|
#include <WbemIdl.h>
|
|
|
|
|
|
|
|
|
|
#include <osquery/tables.h>
|
|
|
|
|
|
|
|
|
|
namespace osquery {
|
|
|
|
|
|
|
|
|
|
/**
|
2017-01-11 03:09:46 +00:00
|
|
|
* @brief Helper class to hold 1 result object from a WMI request
|
2016-09-08 01:04:33 +00:00
|
|
|
*
|
|
|
|
|
* This class is used to return to the user just the base type
|
|
|
|
|
* and value requested from WMI. The class is largely used by
|
|
|
|
|
* the WmiRequest class defined below
|
|
|
|
|
*/
|
|
|
|
|
class WmiResultItem {
|
|
|
|
|
public:
|
|
|
|
|
explicit WmiResultItem(IWbemClassObject* result) : result_(result){};
|
|
|
|
|
WmiResultItem(WmiResultItem&& src);
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Destructor for our WMI Wrapper
|
|
|
|
|
*
|
|
|
|
|
* This destructor ensures to free the various pointers used
|
|
|
|
|
* to keep track of IWbem Objects needed for WMI queries.
|
|
|
|
|
*/
|
|
|
|
|
~WmiResultItem();
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Windows WMI Helper function to print the type associated with results
|
|
|
|
|
*
|
|
|
|
|
* @returns None.
|
|
|
|
|
*/
|
|
|
|
|
void PrintType(const std::string& name) const;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Windows WMI Helper function to retrieve a bool result from a WMI
|
|
|
|
|
* query
|
|
|
|
|
*
|
2019-03-01 11:34:34 +00:00
|
|
|
* @returns Status indicating the success of the query
|
2016-09-08 01:04:33 +00:00
|
|
|
*/
|
|
|
|
|
Status GetBool(const std::string& name, bool& ret) const;
|
|
|
|
|
|
2016-10-12 16:01:32 +00:00
|
|
|
/**
|
2018-09-11 00:05:44 +00:00
|
|
|
* @brief Windows WMI Helper function to retrieve a local/non-local FILETIME
|
|
|
|
|
* from WMI query.
|
|
|
|
|
*
|
|
|
|
|
* @returns Status indiciating the success of the query
|
|
|
|
|
*/
|
|
|
|
|
Status GetDateTime(const std::string& name,
|
|
|
|
|
bool is_local,
|
|
|
|
|
FILETIME& ft) const;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Windows WMI Helper function to retrieve an unsigned Char from WMI
|
|
|
|
|
* query
|
|
|
|
|
*
|
|
|
|
|
* @returns Status indiciating the success of the query
|
|
|
|
|
*/
|
2016-10-12 16:01:32 +00:00
|
|
|
Status GetUChar(const std::string& name, unsigned char& ret) const;
|
|
|
|
|
|
2017-01-11 03:09:46 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Windows WMI Helper function to retrieve an unsigned Short from WMI
|
|
|
|
|
* query
|
|
|
|
|
*
|
|
|
|
|
* @returns Status indiciating the success of the query
|
|
|
|
|
*/
|
|
|
|
|
Status GetUnsignedShort(const std::string& name, unsigned short& ret) const;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Windows WMI Helper function to retrieve an unsigned 32 bit integer
|
|
|
|
|
* from a WMI query
|
|
|
|
|
*
|
2019-03-01 11:34:34 +00:00
|
|
|
* @returns Status indicating the success of the query
|
2017-01-11 03:09:46 +00:00
|
|
|
*/
|
|
|
|
|
Status GetUnsignedInt32(const std::string& name, unsigned int& ret) const;
|
|
|
|
|
|
2016-09-08 01:04:33 +00:00
|
|
|
/**
|
|
|
|
|
* @brief Windows WMI Helper function to retrieve a Long result from a WMI
|
|
|
|
|
* query
|
|
|
|
|
*
|
2019-03-01 11:34:34 +00:00
|
|
|
* @returns Status indicating the success of the query
|
2016-09-08 01:04:33 +00:00
|
|
|
*/
|
|
|
|
|
Status GetLong(const std::string& name, long& ret) const;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Windows WMI Helper function to retrieve an unsigned Long result from
|
|
|
|
|
* a WMI query
|
|
|
|
|
*
|
2019-03-01 11:34:34 +00:00
|
|
|
* @returns Status indicating the success of the query
|
2016-09-08 01:04:33 +00:00
|
|
|
*/
|
|
|
|
|
Status GetUnsignedLong(const std::string& name, unsigned long& ret) const;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Windows WMI Helper function to retrieve a Long Long result from a WMI
|
|
|
|
|
* query
|
|
|
|
|
*
|
2019-03-01 11:34:34 +00:00
|
|
|
* @returns Status indicating the success of the query
|
2016-09-08 01:04:33 +00:00
|
|
|
*/
|
|
|
|
|
Status GetLongLong(const std::string& name, long long& ret) const;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Windows WMI Helper function to retrieve an Unsigned Long Long result
|
|
|
|
|
* from a WMI query
|
|
|
|
|
*
|
2019-03-01 11:34:34 +00:00
|
|
|
* @returns Status indicating the success of the query
|
2016-09-08 01:04:33 +00:00
|
|
|
*/
|
|
|
|
|
Status GetUnsignedLongLong(const std::string& name,
|
|
|
|
|
unsigned long long& ret) const;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Windows WMI Helper function to retrieve a String result from a WMI
|
|
|
|
|
* query
|
|
|
|
|
*
|
2019-03-01 11:34:34 +00:00
|
|
|
* @returns Status indicating the success of the query
|
2016-09-08 01:04:33 +00:00
|
|
|
*/
|
|
|
|
|
Status GetString(const std::string& name, std::string& ret) const;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Windows WMI Helper function to retrieve a vector of String result
|
|
|
|
|
* from
|
|
|
|
|
* a WMI query
|
|
|
|
|
*
|
2019-03-01 11:34:34 +00:00
|
|
|
* @returns Status indicating the success of the query
|
2016-09-08 01:04:33 +00:00
|
|
|
*/
|
|
|
|
|
Status GetVectorOfStrings(const std::string& name,
|
|
|
|
|
std::vector<std::string>& ret) const;
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
IWbemClassObject* result_{nullptr};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Windows wrapper class for querying WMI
|
|
|
|
|
*
|
|
|
|
|
* This class abstracts away the WMI querying logic and
|
|
|
|
|
* will return WMI results given a query string.
|
|
|
|
|
*/
|
|
|
|
|
class WmiRequest {
|
|
|
|
|
public:
|
2016-12-12 08:23:08 +00:00
|
|
|
explicit WmiRequest(const std::string& query,
|
|
|
|
|
BSTR nspace = (BSTR)L"ROOT\\CIMV2");
|
2016-09-08 01:04:33 +00:00
|
|
|
WmiRequest(WmiRequest&& src);
|
|
|
|
|
~WmiRequest();
|
|
|
|
|
|
2018-08-09 09:16:49 +00:00
|
|
|
const std::vector<WmiResultItem>& results() const {
|
2016-09-08 01:04:33 +00:00
|
|
|
return results_;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @brief Getter for retrieving the status of a WMI Request
|
|
|
|
|
*
|
|
|
|
|
* @returns the status of the WMI request.
|
|
|
|
|
*/
|
2018-08-09 09:16:49 +00:00
|
|
|
Status getStatus() const {
|
2016-09-08 01:04:33 +00:00
|
|
|
return status_;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
Status status_;
|
|
|
|
|
std::vector<WmiResultItem> results_;
|
|
|
|
|
IWbemLocator* locator_{nullptr};
|
|
|
|
|
IWbemServices* services_{nullptr};
|
|
|
|
|
IEnumWbemClassObject* enum_{nullptr};
|
|
|
|
|
};
|
2017-01-07 20:21:35 +00:00
|
|
|
}
|
