We Keep Coding

Is it possible to query to WMI on a Remote Computer for MicrosoftTPM namespace? [Remote WMI query to Win32_Tpm class failed with, HRESULT 0x80041013]

I am trying to query to Win32_Tpm class of WMI from remote machine.but It's failing with HRESULT 0x80041013 & Description: Provider load failure.
Is it possible to access MicrosoftTPM namespace remotely?
Following is the code,
hres = pSvc ->CreateInstanceEnum(
bstr_t(Class),
WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
NULL,
&Enumerator);
hres = CoSetProxyBlanket(
Enumerator, // Indicates the proxy to set
RPC_C_AUTHN_DEFAULT, // RPC_C_AUTHN_xxx
RPC_C_AUTHZ_DEFAULT, // RPC_C_AUTHZ_xxx
COLE_DEFAULT_PRINCIPAL, // Server principal name
RPC_C_AUTHN_LEVEL_PKT_PRIVACY, // RPC_C_AUTHN_LEVEL_xxx
RPC_C_IMP_LEVEL_IMPERSONATE, // RPC_C_IMP_LEVEL_xxx
mUserAcct, // client identity
EOAC_NONE // proxy capabilities
);
hres = Enumerator->Next(WBEM_INFINITE, 1, &TPMClass, &uReturn);
//Here I am failing with hres = 0x80041013 and uReturn = 0, value of TPMClass is NULL after execution of above statement also.
Bellow is the detailed code,
IEnumWbemClassObject* Enumerator;
IWbemClassObject* TPMClass = NULL;
ULONG uReturn = 0;
hres = CoInitializeEx(0, COINIT_MULTITHREADED);
if (FAILED(hres))
{
cout << "Failed to initialize COM library. Error code = 0x"
<< hex << hres << endl;
return 1; // Program has failed.
}
// Step 2: --------------------------------------------------
// Set general COM security levels --------------------------
hres = CoInitializeSecurity(
NULL,
-1, // COM authentication
NULL, // Authentication services
NULL, // Reserved
RPC_C_AUTHN_LEVEL_DEFAULT, // Default authentication
RPC_C_IMP_LEVEL_IDENTIFY, // Default Impersonation
NULL, // Authentication info
EOAC_NONE, // Additional capabilities
NULL // Reserved
);
if (FAILED(hres))
{
cout << "Failed to initialize security. Error code = 0x"
<< hex << hres << endl;
CoUninitialize();
return 1; // Program has failed.
}
// Step 3: ---------------------------------------------------
// Obtain the initial locator to WMI -------------------------
IWbemLocator *pLoc = NULL;
hres = CoCreateInstance(
CLSID_WbemLocator,
0,
CLSCTX_INPROC_SERVER,
IID_IWbemLocator, (LPVOID *)&pLoc);
if (FAILED(hres))
{
cout << "Failed to create IWbemLocator object."
<< " Err code = 0x"
<< hex << hres << endl;
CoUninitialize();
return 1; // Program has failed.
}
// Step 4: -----------------------------------------------------
// Connect to WMI through the IWbemLocator::ConnectServer method
IWbemServices *pSvc = NULL;
hres = pLoc->ConnectServer(
_bstr_t(L"\\\\REMOTE\\root\\cimv2\\Security\\MicrosoftTpm"),
_bstr_t(useToken ? NULL : pszName), // User name
_bstr_t(useToken ? NULL : pszPwd), // User password
NULL, // Locale
NULL, // Security flags
_bstr_t(useNTLM ? NULL : pszAuthority),// Authority
NULL, // Context object
&pSvc // IWbemServices proxy
);
COAUTHIDENTITY *userAcct = NULL;
COAUTHIDENTITY authIdent;
//Created COAUTHIDENTITY with internal function
userAcct = &authIdent;
hres = CoSetProxyBlanket(
pSvc, // Indicates the proxy to set
RPC_C_AUTHN_DEFAULT, // RPC_C_AUTHN_xxx
RPC_C_AUTHZ_DEFAULT, // RPC_C_AUTHZ_xxx
COLE_DEFAULT_PRINCIPAL, // Server principal name
RPC_C_AUTHN_LEVEL_PKT_PRIVACY, // RPC_C_AUTHN_LEVEL_xxx
RPC_C_IMP_LEVEL_IMPERSONATE, // RPC_C_IMP_LEVEL_xxx
userAcct, // client identity
EOAC_NONE // proxy capabilities
);
hres = pSvc ->CreateInstanceEnum(
bstr_t(Class),
WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
NULL,
&Enumerator);
hres = CoSetProxyBlanket(
Enumerator, // Indicates the proxy to set
RPC_C_AUTHN_DEFAULT, // RPC_C_AUTHN_xxx
RPC_C_AUTHZ_DEFAULT, // RPC_C_AUTHZ_xxx
COLE_DEFAULT_PRINCIPAL, // Server principal name
RPC_C_AUTHN_LEVEL_PKT_PRIVACY, // RPC_C_AUTHN_LEVEL_xxx
RPC_C_IMP_LEVEL_IMPERSONATE, // RPC_C_IMP_LEVEL_xxx
mUserAcct, // client identity
EOAC_NONE // proxy capabilities
);
//Here I am failing , value of TPMClass is NULL after execution of following statement also.
hres = Enumerator->Next(WBEM_INFINITE, 1, &TPMClass, &uReturn);

Above class name is L"Win32_Tpm" in function CreateInstanceEnum().
I am able to get instance while accessing from local machine but it's failing while accessing from remote machine.
Note: I have assigned proper permissions to user on machine for remote.

Win32_SystemDriver to disable device drivers

Trying to find an answer to my question: https://stackoverflow.com/questions/29181012/c-control-usb-drives-connected-to-my-system, I figured it out using the SetupDiXxx Classes. But the problem was that,once it is disabled/enabled, it was able to enable/disable the device from device manager. So any user can easily overcome the ban.
On further study, I saw that Win32_SystemDriver class of WMI has a StopService method that can be used to disable the driver for the device. But I am not sure on how to write the code for the same. Can anyone help me in coding this in C++. I am in MSVS 2010.

You can access WMI classes in C++ with this:
https://msdn.microsoft.com/en-us/library/aa392109(v=vs.85).aspx
But that seems very hacky and not very easy. If you do this anyway, here is the shortest example I can find: https://msdn.microsoft.com/en-us/library/aa390421(v=vs.85).aspx . I've updated it to match what you're doing:
#define _WIN32_DCOM
#include <windows.h>
#include <Wbemidl.h>
#include <comdef.h>
# pragma comment(lib, "wbemuuid.lib")
void main()
{
BSTR MethodName = SysAllocString(L"StopService");
BSTR ClassName = SysAllocString(L"WINMGMTS:\\\\.\\ROOT\\CIMV2\\ms_409:Win32_SystemDriver");
IWbemServices *pSvc = NULL;
HRESULT hres = CoInitializeEx(0, COINIT_MULTITHREADED);
if (FAILED(hres))
{
return;
}
hres = CoInitializeSecurity(
NULL,
-1, // COM negotiates service
NULL, // Authentication services
NULL, // Reserved
RPC_C_AUTHN_LEVEL_DEFAULT, // Default authentication
RPC_C_IMP_LEVEL_IMPERSONATE, // Default Impersonation
NULL, // Authentication info
EOAC_NONE, // Additional capabilities
NULL // Reserved
);
if (FAILED(hres))
{
CoUninitialize();
return;
}
IWbemLocator *pLoc = NULL;
hres = CoCreateInstance(
CLSID_WbemLocator,
0,
CLSCTX_INPROC_SERVER,
IID_IWbemLocator, (LPVOID *)&pLoc);
if (FAILED(hres))
{
CoUninitialize();
return;
}
hres = pLoc->ConnectServer(
_bstr_t(L"ROOT\\CIMV2"),
NULL,
NULL,
0,
NULL,
0,
0,
&pSvc
);
IWbemClassObject* pClass = NULL;
hres = pSvc->GetObject(ClassName, 0, NULL, &pClass, NULL);
if (FAILED(hres))
{
CoUninitialize();
return;
}
IWbemClassObject* pInParamsDefinition = NULL;
hres = pClass->GetMethod(MethodName, 0,
&pInParamsDefinition, NULL);
// Execute Method
IWbemClassObject* pOutParams = NULL;
hres = pSvc->ExecMethod(ClassName, MethodName, 0, NULL, NULL, &pOutParams, NULL);
CoUninitialize();
}
You would replace the classname to point to your driver. If you don't, it will fail with WBEM_E_INVALID_OBJECT_PATH. To find this, You need to enumerate your wmi objects so you can see/pick. This is definitely easiest in powershell, just open powershell and run Get-WmiObject -class Win32_SystemDriver. Although you should probably do all of this from powershell, come to think of it.
It sounds like you might instead want to consider learning how to leverage windows security policies for restricting which devices can be used:
https://msdn.microsoft.com/en-us/library/bb530324.aspx . You would start by launching gpedit and follow the directions until you've blocked device installation.

Get all processes for Current User

I need to get all processes for current user. Currently I have a function implemented using WMI that gets all active processes by All Users. I need to somehow get all processes by Current User.
If you go to Task Manager in Windows, Details tab, you will see all processes by All Users. But say you are in Visual Studio and you go to Debug/Attach To Process, this shows all processes by Current User. That's the list that I need.
Here is my solution of All Processes by All Users:
CComPtr<IEnumWbemClassObject> pEnumerator;
hres = pSvc->ExecQuery(
bstr_t("WQL"),
bstr_t("SELECT * FROM Win32_Process"),
WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
NULL,
&pEnumerator);
Either a WMI or Win32 solution will be good enough. Thank you!!

OK, there is now short way. But here is the working solution if anyone is interested:
std::wstring GetProcessUserName(DWORD dwProcessId)
{
HANDLE processHandle = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcessId);
if (processHandle != NULL)
{
HANDLE tokenHandle;
if (OpenProcessToken(processHandle, TOKEN_READ, &tokenHandle))
{
TOKEN_USER tokenUser;
ZeroMemory(&tokenUser, sizeof(TOKEN_USER));
DWORD tokenUserLength = 0;
PTOKEN_USER pTokenUser;
GetTokenInformation(tokenHandle, TOKEN_INFORMATION_CLASS::TokenUser, NULL,
0, &tokenUserLength);
pTokenUser = (PTOKEN_USER) new BYTE[tokenUserLength];
if (GetTokenInformation(tokenHandle, TOKEN_INFORMATION_CLASS::TokenUser, pTokenUser, tokenUserLength, &tokenUserLength))
{
TCHAR szUserName[_MAX_PATH];
DWORD dwUserNameLength = _MAX_PATH;
TCHAR szDomainName[_MAX_PATH];
DWORD dwDomainNameLength = _MAX_PATH;
SID_NAME_USE sidNameUse;
LookupAccountSid(NULL, pTokenUser->User.Sid, szUserName, &dwUserNameLength, szDomainName, &dwDomainNameLength, &sidNameUse);
delete pTokenUser;
return std::wstring(szUserName);
}
}
}
return std::wstring();
}
std::unordered_map<std::wstring, std::vector<DWORD>> GetAllRunningProcessesForCurrentUser()
{
std::unordered_map<std::wstring, std::vector<DWORD>> processHash;
HRESULT hres;
// Initialize COM. ------------------------------------------
hres = CoInitializeEx(0, COINIT_MULTITHREADED);
if (FAILED(hres))
{
return processHash;
}
do {
// Obtain the initial locator to WMI -------------------------
CComPtr<IWbemLocator> pLoc;
hres = pLoc.CoCreateInstance(CLSID_WbemLocator);
if (FAILED(hres))
{
break;
}
// Connect to WMI through the IWbemLocator::ConnectServer method
// Connect to the root\cimv2 namespace with
// the current user and obtain pointer pSvc
// to make IWbemServices calls.
CComPtr<IWbemServices> pSvc;
hres = pLoc->ConnectServer(
_bstr_t(L"ROOT\\CIMV2"), // Object path of WMI namespace
NULL, // User name. NULL = current user
NULL, // User password. NULL = current
0, // Locale. NULL indicates current
NULL, // Security flags.
0, // Authority (for example, Kerberos)
0, // Context object
&pSvc // pointer to IWbemServices proxy
);
if (FAILED(hres))
{
break;
}
// Set security levels on the proxy -------------------------
hres = CoSetProxyBlanket(
pSvc, // Indicates the proxy to set
RPC_C_AUTHN_WINNT, // RPC_C_AUTHN_xxx
RPC_C_AUTHZ_NONE, // RPC_C_AUTHZ_xxx
NULL, // Server principal name
RPC_C_AUTHN_LEVEL_CALL, // RPC_C_AUTHN_LEVEL_xxx
RPC_C_IMP_LEVEL_IMPERSONATE, // RPC_C_IMP_LEVEL_xxx
NULL, // client identity
EOAC_NONE // proxy capabilities
);
if (FAILED(hres))
{
break;
}
// Use the IWbemServices pointer to make requests of WMI ----
CComPtr<IEnumWbemClassObject> pEnumerator;
hres = pSvc->ExecQuery(
bstr_t("WQL"),
bstr_t("SELECT * FROM Win32_Process"),
WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
NULL,
&pEnumerator);
if (FAILED(hres))
{
break;
}
// Get the data from the query in step 6 -------------------
CComPtr<IWbemClassObject> pclsObj;
while (pEnumerator)
{
ULONG uReturn = 0;
HRESULT hr = pEnumerator->Next(WBEM_INFINITE, 1, &pclsObj, &uReturn);
if (0 == uReturn)
{
break;
}
VARIANT vtProp;
VARIANT vtProp2;
hr = pclsObj->Get(L"Name", 0, &vtProp, 0, 0);
hr = pclsObj->Get(L"ProcessId", 0, &vtProp2, NULL, NULL);
auto userName = GetProcessUserName(vtProp2.intVal);
TCHAR szActiveUserName[_MAX_PATH];
DWORD dwActiveUserNameLength = _MAX_PATH;
GetUserName(szActiveUserName, &dwActiveUserNameLength);
if (_tcscmp(userName.c_str(), szActiveUserName) == 0)
{
processHash[vtProp.bstrVal].push_back(vtProp2.intVal);
}
VariantClear(&vtProp2);
VariantClear(&vtProp);
pclsObj.Release();
}
} while (false);
CoUninitialize();
return processHash;
}

Using WMI in C++ to obtain the InterfaceIndex of an adapter

I've written some code to initialise COM and enumerate the network adapters attached to the PC by querying the Win32_NetworkAdapter class using WMI. The reason I need to use WMI is that the adapter I need to enumerate is disabled at the time but I still need to find out its InterfaceIndex, and using GetInterfaceInfo only detects enabled adapters. It all compiles and runs but at the line:
hr = pEnumerator->Next(WBEM_INFINITE, 1, &pClassObj, &ulReturnVal);
which is meant to retrieve the very first adapter, it returns no devices and a garbage HRESULT. I used the example on this page as my guidance.
CoInitialize(NULL); // Initialize COM
HRESULT hr = NULL;
hr = CoInitializeSecurity(
NULL, // security descriptor
-1, // use this simple setting
NULL, // use this simple setting
NULL, // reserved
RPC_C_AUTHN_LEVEL_DEFAULT, // authentication level
RPC_C_IMP_LEVEL_IMPERSONATE, // impersonation level
NULL, // use this simple setting
EOAC_NONE, // no special capabilities
NULL); // reserved
if (FAILED(hr))
{
CoUninitialize();
return -1;
}
IWbemLocator *pLoc = 0;
hr = CoCreateInstance(CLSID_WbemLocator, 0,
CLSCTX_INPROC_SERVER, IID_IWbemLocator, (LPVOID *) &pLoc);
if (FAILED(hr))
{
CoUninitialize();
return -1; // Program has failed.
}
IWbemServices *pSvc = 0;
// Connect to the root\default namespace with the current user.
hr = pLoc->ConnectServer( _bstr_t(L"ROOT\\CIMV2"), NULL, NULL, 0, NULL, 0, 0, &pSvc);
if (FAILED(hr))
{
pLoc->Release();
CoUninitialize();
return -1; // Program has failed.
}
hr = CoSetProxyBlanket(pSvc, RPC_C_AUTHN_WINNT, RPC_C_AUTHZ_NONE, NULL, RPC_C_AUTHN_LEVEL_CALL,
RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE);
if (FAILED(hr))
{
pSvc->Release();
pLoc->Release();
CoUninitialize();
return -1; // Program has failed.
}
IEnumWbemClassObject* pEnumerator = NULL;
hr = pSvc->ExecQuery(bstr_t("WQL"), bstr_t("SELECT * FROM Win32_NetworkAdapter"),
WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY, NULL, &pEnumerator);
if (FAILED(hr))
{
pSvc->Release();
pLoc->Release();
CoUninitialize();
return -1;
}
IWbemClassObject *pClassObj;
ULONG ulReturnVal;
while ( pEnumerator )
{
hr = pEnumerator->Next(WBEM_INFINITE, 1, &pClassObj, &ulReturnVal);
// code would go here to obtain the adapter properties.
pClassObj->Release();
}
return -1;

The correction/solution was to use the RPC_C_IMP_LEVEL_DELEGATE parameter with CoInitializeSecurity and CoSetProxyBlanket rather than RPC_C_IMP_LEVEL_IMPERSONATE.

How to get list of devices with yellow exclamation mark in Device Manager Windows - c++

i am using msdn WMI sample code to get the list of devices that show up in the device manager with yellow exclamation mark but its only returning a list of all properly
installed devices on the machine. Could anyone here help me reslove this problem only using c++.
Thanks
void GetUnKnownDeviceList()
{
HRESULT hres;
hres = CoInitializeEx(0, COINIT_MULTITHREADED);
hres = CoInitializeSecurity(NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_DEFAULT,
RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL);
IWbemLocator *pLoc = 0;
hres = CoCreateInstance( CLSID_WbemLocator, 0, CLSCTX_INPROC_SERVER, IID_IWbemLocator, (LPVOID *) &pLoc);
IWbemServices *pSvc = 0;
hres = pLoc->ConnectServer(_bstr_t(L"ROOT\\CIMV2"),NULL,NULL,0,NULL,0,0,&pSvc);
hres = CoSetProxyBlanket(pSvc, RPC_C_AUTHN_WINNT, RPC_C_AUTHZ_NONE, NULL, RPC_C_AUTHN_LEVEL_CALL,
RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE);
IEnumWbemClassObject* pEnumerator = NULL;
hres = pSvc->ExecQuery(
bstr_t("WQL"),
// bstr_t("SELECT * FROM Win32_PnPEntity"), DOES NOT LIST DEVICES SHOWING WITH YELLOW EXCLAMATION MARK
bstr_t("SELECT * FROM Win32_PnPEntity WHERE ConfigManagerErrorCode = 0"), // LIST ONLY PROPERLY INSTALLED DEVICES
WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
NULL,
&pEnumerator);
IWbemClassObject *pclsObj;
ULONG uReturn = 0;
while(1)
{
HRESULT hr = pEnumerator->Next(WBEM_INFINITE, 1, &pclsObj, &uReturn);
VARIANT vtProp;
hr = pclsObj->Get(L"Name", 0, &vtProp, 0, 0);
TRACE("Device Name : %s\r\n\", vtProp.bstrVal);
VariantClear(&vtProp);
pclsObj->Release();
}
}

To list he devices that aren’t working yoou need query for all devices with a ConfigManagerErrrorCode other than 0, you must modify your WQL sentence to.
SELECT * FROM Win32_PnPEntity WHERE ConfigManagerErrorCode <> 0

Why don't you try using setupapi for this? I think you should be able to enumerate the device node list of known and unknown devices with it.

it's possible to use wmi with this example in c#:
/ Query the device list trough the WMI. If you want to get
// all the properties listen in the MSDN article mentioned
// below, use "select * from Win32_PnPEntity" instead!
ManagementObjectSearcher deviceList =
new ManagementObjectSearcher("Select Name, Status from Win32_PnPEntity");
// Any results? There should be!
if ( deviceList != null )
// Enumerate the devices
foreach ( ManagementObject device in deviceList.Get() )
{
// To make the example more simple,
string name = device.GetPropertyValue("Name").ToString();
string status = device.GetPropertyValue("Status").ToString();
// Uncomment these lines and use the "select * query" if you
// want a VERY verbose list
// foreach (PropertyData prop in device.Properties)
// Console.WriteLine( "\t" + prop.Name + ": " + prop.Value);
// More details on the valid properties:
// http://msdn.microsoft.com/en-us/library/aa394353(VS.85).aspx
Console.WriteLine( "Device name: {0}", name );
Console.WriteLine( "\tStatus: {0}", status );
// Part II, Evaluate the device status.
bool working = (( status == "OK" ) || ( status == "Degraded" )
|| ( status == "Pred Fail" ));
Console.WriteLine( "\tWorking?: {0}", working );
}
http://www.codeproject.com/Articles/30031/Query-hardware-device-status-in-C
just change the status or ConfigManagerErrorCode to get the kind of error tou look for.