A Perl script to list process info through WMI (local / remote)

A perl script to list all the current running processes / a particular process on an array of systems. Needs Windows Management and
Instrumentation Service Enabled on the remote machine. Tested on Active
Perl 5.6+ and XP. Useful for maintaining inventory information. Usefull to find an instance of say a suspicious process on all ur systems on the network.

use strict;

use Win32::OLE(‘in’);

use constant wbemFlagReturnImmediately => 0×10;
use constant wbemFlagForwardOnly => 0×20;

my @computers = (“localhost”);
foreach my $computer (@computers) {
print “\n”;
print “————————————————————\n”;
print “| Computer: $computer | \n”;
print “————————————————————\n”;

my $objWMIService = Win32::OLE->GetObject(“winmgmts:\\\\$computer\\root\\CIMV2″) or die “WMI connection failed.\n”;
my $colItems = $objWMIService->ExecQuery(“SELECT * FROM Win32_Process”, “WQL”,
wbemFlagReturnImmediately | wbemFlagForwardOnly);

foreach my $objItem (in $colItems) {
print “Caption: $objItem->{Caption}\n”;
print “CommandLine: $objItem->{CommandLine}\n”;
print “CreationClassName: $objItem->{CreationClassName}\n”;
print “CreationDate: $objItem->{CreationDate}\n”;
print “CSCreationClassName: $objItem->{CSCreationClassName}\n”;
print “CSName: $objItem->{CSName}\n”;
print “Description: $objItem->{Description}\n”;
print “ExecutablePath: $objItem->{ExecutablePath}\n”;
print “ExecutionState: $objItem->{ExecutionState}\n”;
print “Handle: $objItem->{Handle}\n”;
print “HandleCount: $objItem->{HandleCount}\n”;
print “InstallDate: $objItem->{InstallDate}\n”;
print “KernelModeTime: $objItem->{KernelModeTime}\n”;
print “MaximumWorkingSetSize: $objItem->{MaximumWorkingSetSize}\n”;
print “MinimumWorkingSetSize: $objItem->{MinimumWorkingSetSize}\n”;
print “Name: $objItem->{Name}\n”;
print “OSCreationClassName: $objItem->{OSCreationClassName}\n”;
print “OSName: $objItem->{OSName}\n”;
print “OtherOperationCount: $objItem->{OtherOperationCount}\n”;
print “OtherTransferCount: $objItem->{OtherTransferCount}\n”;
print “PageFaults: $objItem->{PageFaults}\n”;
print “PageFileUsage: $objItem->{PageFileUsage}\n”;
print “ParentProcessId: $objItem->{ParentProcessId}\n”;
print “PeakPageFileUsage: $objItem->{PeakPageFileUsage}\n”;
print “PeakVirtualSize: $objItem->{PeakVirtualSize}\n”;
print “PeakWorkingSetSize: $objItem->{PeakWorkingSetSize}\n”;
print “Priority: $objItem->{Priority}\n”;
print “PrivatePageCount: $objItem->{PrivatePageCount}\n”;
print “ProcessId: $objItem->{ProcessId}\n”;
print “QuotaNonPagedPoolUsage: $objItem->{QuotaNonPagedPoolUsage}\n”;
print “QuotaPagedPoolUsage: $objItem->{QuotaPagedPoolUsage}\n”;
print “QuotaPeakNonPagedPoolUsage: $objItem->{QuotaPeakNonPagedPoolUsage}\n”;
print “QuotaPeakPagedPoolUsage: $objItem->{QuotaPeakPagedPoolUsage}\n”;
print “ReadOperationCount: $objItem->{ReadOperationCount}\n”;
print “ReadTransferCount: $objItem->{ReadTransferCount}\n”;
print “SessionId: $objItem->{SessionId}\n”;
print “Status: $objItem->{Status}\n”;
print “TerminationDate: $objItem->{TerminationDate}\n”;
print “ThreadCount: $objItem->{ThreadCount}\n”;
print “UserModeTime: $objItem->{UserModeTime}\n”;
print “VirtualSize: $objItem->{VirtualSize}\n”;
print “WindowsVersion: $objItem->{WindowsVersion}\n”;
print “WorkingSetSize: $objItem->{WorkingSetSize}\n”;
print “WriteOperationCount: $objItem->{WriteOperationCount}\n”;
print “WriteTransferCount: $objItem->{WriteTransferCount}\n”;
print “\n”;
}
}

Blogged with Flock

A WMI perl script for local/ remote OS info.

Below is a simple perl script to fetch local / remote Operating System Information (for Microsoft Platform). Needs Windows Management and Instrumentation Service Enabled on the remote machine. Tested on Active Perl 5.6+ and XP. Useful for maintaining inventory information.

use strict;
use Win32::OLE(‘in’);

use constant bFlagReturnImmediately => 0×10;
use constant bFlagForwardOnly => 0×20;

my @computers = (“localhost”);
foreach my $computer (@computers)
{
print “\n”;
print “—————————————————————–\n”;
print “| System Name : $computer |\n”;
print “—————————————————————–\n”;

my $oWMIService = Win32::OLE->GetObject( “winmgmts:\\\\$computer\\root\\CIMV2″)
or die “WMI connection failed.\n”;

my $colItems = $oWMIService->ExecQuery ( “SELECT * FROM Win32_ComputerSystem”, “WQL”, bFlagReturnImmediately | bFlagForwardOnly
);
foreach my $objItem (in $colItems)
{
print “AdminPasswordStatus: $objItem->{AdminPasswordStatus}\n”;
print “AutomaticResetBootOption: $objItem->{AutomaticResetBootOption}\n”;
print “AutomaticResetCapability: $objItem->{AutomaticResetCapability}\n”;
print “BootOptionOnLimit: $objItem->{BootOptionOnLimit}\n”;
print “BootOptionOnWatchDog: $objItem->{BootOptionOnWatchDog}\n”;
print “BootROMSupported: $objItem->{BootROMSupported}\n”;
print “BootupState: $objItem->{BootupState}\n”;
print “Caption: $objItem->{Caption}\n”;
print “ChassisBootupState: $objItem->{ChassisBootupState}\n”;
print “CreationClassName: $objItem->{CreationClassName}\n”;
print “CurrentTimeZone: $objItem->{CurrentTimeZone}\n”;
print “DaylightInEffect: $objItem->{DaylightInEffect}\n”;
print “Description: $objItem->{Description}\n”;
print “Domain: $objItem->{Domain}\n”;
print “DomainRole: $objItem->{DomainRole}\n”;
print “EnableDaylightSavingsTime: $objItem->{EnableDaylightSavingsTime}\n”;
print “FrontPanelResetStatus: $objItem->{FrontPanelResetStatus}\n”;
print “InfraredSupported: $objItem->{InfraredSupported}\n”;
print “InitialLoadInfo: ” . join(“,”, (in $objItem->{InitialLoadInfo})) . “\n”;
print “InstallDate: $objItem->{InstallDate}\n”;
print “KeyboardPasswordStatus: $objItem->{KeyboardPasswordStatus}\n”;
print “LastLoadInfo: $objItem->{LastLoadInfo}\n”;
print “Manufacturer: $objItem->{Manufacturer}\n”;
print “Model: $objItem->{Model}\n”;
print “Name: $objItem->{Name}\n”;
print “NameFormat: $objItem->{NameFormat}\n”;
print “NetworkServerModeEnabled: $objItem->{NetworkServerModeEnabled}\n”;
print “NumberOfProcessors: $objItem->{NumberOfProcessors}\n”;
print “OEMLogoBitmap: ” . join(“,”, (in $objItem->{OEMLogoBitmap})) . “\n”;
print “OEMStringArray: ” . join(“,”, (in $objItem->{OEMStringArray})) . “\n”;
print “PartOfDomain: $objItem->{PartOfDomain}\n”;
print “PauseAfterReset: $objItem->{PauseAfterReset}\n”;
print “PowerManagementCapabilities: ” . join(“,”, (in $objItem->{PowerManagementCapabilities})) . “\n”;
print “PowerManagementSupported: $objItem->{PowerManagementSupported}\n”;
print “PowerOnPasswordStatus: $objItem->{PowerOnPasswordStatus}\n”;
print “PowerState: $objItem->{PowerState}\n”;
print “PowerSupplyState: $objItem->{PowerSupplyState}\n”;
print “PrimaryOwnerContact: $objItem->{PrimaryOwnerContact}\n”;
print “PrimaryOwnerName: $objItem->{PrimaryOwnerName}\n”;
print “ResetCapability: $objItem->{ResetCapability}\n”;
print “ResetCount: $objItem->{ResetCount}\n”;
print “ResetLimit: $objItem->{ResetLimit}\n”;
print “Roles: ” . join(“,”, (in $objItem->{Roles})) . “\n”;
print “Status: $objItem->{Status}\n”;
print “SupportContactDescription: ” . join(“,”, (in $objItem->{SupportContactDescription})) . “\n”;
print “SystemStartupDelay: $objItem->{SystemStartupDelay}\n”;
print “SystemStartupOptions: ” . join(“,”, (in $objItem->{SystemStartupOptions})) . “\n”;
print “SystemStartupSetting: $objItem->{SystemStartupSetting}\n”;
print “SystemType: $objItem->{SystemType}\n”;
print “ThermalState: $objItem->{ThermalState}\n”;
print “TotalPhysicalMemory: $objItem->{TotalPhysicalMemory}\n”;
print “UserName: $objItem->{UserName}\n”;
print “WakeUpType: $objItem->{WakeUpType}\n”;
print “Workgroup: $objItem->{Workgroup}\n”;
print “\n”;
}
}

 

Blogged with Flock