WMI:监视注册表更改
[英]WMI:monitor registry change
问题描述
In my project ,i want to monitor sofeware installation and unstallation in my system, so i use WMI event mechanism,but now i encounter a problem and have a question. 
在我的项目中,我想监视系统中软件的安装和卸载,因此我使用WMI事件机制,但是现在遇到问题并提出了问题。
problem: 问题:
i want to monitor HKLM'SOFTWARE\\Microsoft\\Windows\\currentversion\\unistall',but code[1] works error(ExecNotificationQueryAnsync failed with =0x80041058).while code[2] works ok,what's wrong? 我想监视HKLM'SOFTWARE \\ Microsoft \\ Windows \\ currentversion \\ unistall',但是代码[1]发生错误(ExecNotificationQueryAnsync失败,= 0x80041058)。代码[2]正常,出了什么问题?
[1] [1]
hres = pSvc->ExecNotificationQueryAsync(
_bstr_t("WQL"),
_bstr_t("SELECT * FROM RegistryTreeChangeEvent WITHIN 1 " "WHERE Hive='HKEY_LOCAL_MACHINE'" "AND RootPath='software\\Microsoft\\Windows\\currentversion\\unistall'"
),
WBEM_FLAG_SEND_STATUS,
NULL,
pStubSink);
[2]
hres = pSvc->ExecNotificationQueryAsync(
_bstr_t("WQL"),
_bstr_t("SELECT * FROM RegistryTreeChangeEvent WITHIN 1 " "WHERE Hive='HKEY_LOCAL_MACHINE'" "AND RootPath='software'"
),
WBEM_FLAG_SEND_STATUS,
NULL,
pStubSink);
question:in My event consumer ,i want to get the software's name ,how can i do ? 问题:在我的活动用户中,我想获得软件的名称,该怎么办?
thanks!! 谢谢!!
1 个解决方案
解决方案1
0 2014-08-14 05:46:00
只需使用
SELECT * FROM RegistryTreeChangeEvent WITHIN 1 " "WHERE Hive='HKEY_LOCAL_MACHINE'" "AND RootPath='software\\\\Microsoft\\\\Windows\\\\currentversion\\\\unistall'"
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.