[英]How to get registry and file exclusions from UWF using WMI query in C#
我想使用 WMI 从 UWF 中获取所有注册表排除项和文件排除项。
我已经尝试从 UWF_RegistryFilter 类调用 GetExclusions 方法,但没有成功。
我期待着一个有效的示例代码,在此先感谢您的帮助!
困难的部分是从方法结果中读取输出参数。 Microsoft 网站上没有合适的文档,很难猜测如何使用 ManagementBaseObject 来读取输出参数。
为了找到解决方案,我试图根据其他有据可查的 wmi 示例来了解 WMI 如何使用 out 参数。 请使用下面的 C# 代码,希望对您有所帮助:
public static void GetRegistryExclusions()
{
ManagementScope scope = new ManagementScope(@"root\standardcimv2\embedded");
using (ManagementClass mc = new ManagementClass(scope.Path.Path, "UWF_RegistryFilter",
null))
{
ManagementObjectCollection moc = mc.GetInstances();
foreach (ManagementObject mo in moc)
{
ManagementBaseObject[] result = (ManagementBaseObject[])mo.InvokeMethod("GetExclusions", null, null).Properties["ExcludedKeys"].Value;
if (result != null)
{
foreach (var r in result)
{
Console.WriteLine(r.GetPropertyValue("RegistryKey"));
}
}
}
}
}
注意/请求请求具有1500 声誉的人创建并链接以下标签,以便像我这样的人更容易在 stackoverflow 上请求解决方案/回答问题。
当我想把我的代码放在 SO 上时,只有在我从微软论坛上的提示中自己弄清楚之后,才找到 Manoj 的答案。 因此添加关键字 Unified Write Filter 和 UWF_Volume(它是这样工作的吗?)。
我使用了稍微短一点的语法来访问属性,并且还按照 OP 的要求返回了排除的文件。 我试图让它尽可能健壮,因为似乎有一些无效的卷条目。 如果有人知道它们是什么,请告诉我。
public static string GetFilterDetail()
{
string details = "";
string detailsCurrent = "";
string detailsNext = "";
try
{
// Get WMI provider for UWF
var scope = new ManagementScope(@"\\localhost\root\StandardCimv2\embedded");
var managementPath = scope.Path.Path;
using (ManagementClass volumeFilterClass = new ManagementClass(managementPath, "UWF_Volume", null))
{
var volumeFilters = volumeFilterClass?.GetInstances();
if (volumeFilters != null && volumeFilters.Count > 0)
{
foreach (ManagementObject volumeFilter in volumeFilters)
{
if (volumeFilter != null)
{
// Now we have access to the Volume's WMI provider class
// First check if this is a valid Volume instance, as from trial and error it seems that is not always the case.
// Some invalid/undocumented instances throw a Not Found ManagementException on the GetExclusions method.
// Some also throw a NullReferenceException on mo.GetPropertyValue("Protected"), but that covers less cases.
bool isInstanceValid = true;
try
{
volumeFilter.InvokeMethod("GetExclusions", null, null);
}
catch (ManagementException ex)
{
if (ex.Message.ToLower().Contains("not found"))
isInstanceValid = false;
else throw ex;
}
if (isInstanceValid)
{
bool currentSession = ((bool)volumeFilter.GetPropertyValue("CurrentSession"));
string driveLetter = (string)volumeFilter.GetPropertyValue("DriveLetter");
bool isProtected = ((bool)volumeFilter.GetPropertyValue("Protected"));
string detail = "Volume " + driveLetter + " is " + (isProtected ? "protected" : "not protected") + ".\n";
detail += "Excluded files:\n";
ManagementBaseObject outParams = volumeFilter.InvokeMethod("GetExclusions", null, null);
if (outParams != null)
{
var excludedItems = (ManagementBaseObject[])outParams["ExcludedFiles"];
if (excludedItems != null)
{
foreach (var excludedItem in excludedItems)
{
detail += " " + driveLetter + excludedItem["FileName"] + "\n";
}
}
else detail += " [No excluded files]\n";
}
if (currentSession)
detailsCurrent += detail;
else
detailsNext += detail;
}
}
}
}
}
using (ManagementClass registryFilterClass = new ManagementClass(managementPath, "UWF_RegistryFilter", null))
{
var registryFilters = registryFilterClass?.GetInstances();
if (registryFilters != null && registryFilters.Count > 0)
{
foreach (ManagementObject registryFilter in registryFilters)
{
if (registryFilter != null)
{
// Now we have access to the RegistryFilter's WMI provider class
bool currentSession = ((bool)registryFilter.GetPropertyValue("CurrentSession"));
string detail = "Excluded registry keys:\n";
ManagementBaseObject outParams = registryFilter.InvokeMethod("GetExclusions", null, null);
if (outParams != null)
{
var excludedItems = (ManagementBaseObject[])outParams["ExcludedKeys"];
if (excludedItems != null)
{
foreach (var excludedItem in excludedItems)
{
detail += " " + excludedItem["RegistryKey"] + "\n";
}
}
else detail += " [No excluded registry keys]\n";
}
if (currentSession)
detailsCurrent += detail;
else
detailsNext += detail;
}
}
}
}
}
catch (Exception ex)
{
details += ex.ToString();
}
details += "\nNOTE: These settings are only active if the Write Filter is Enabled\n"
+ "\nCURRENT SETTINGS:\n" + detailsCurrent
+ "\nNEXT SETTINGS: (after next reboot)\n" + detailsNext;
return details;
}
示例输出:
在 C# 中使用 WMI 获取 UWF_Filter 的状态时接收拒绝访问
[英]receiving Acces Denied when get status of UWF_Filter using WMI in c#
如何使用 C#、WMI 和/或 System.Management 从 IIS 6.0 获取站点列表和 SSL 证书?
[英]How to get a list of sites and SSL certificates from IIS 6.0 using C#, WMI, and/or System.Management?
从PowerShell或C#使用WMI-如何获得远程主机时间(包括毫秒)?
[英]Using WMI from PowerShell or C# - how can I get remote host time, including milliseconds?
如何从 C# 应用程序控制 UWF 统一写入过滤器访问?
[英]How to control the UWF Unified Write Filter Access from a C# Application?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.