I am looking for an example of how to execute WMI method from Windows Driver. I need to call TestFunction from class MY_WMI_CLASS
[WMI, dynamic: ToInstance, provider("xxx"), Locale("some"), Description("test xxx"), guid("{someguidhere}")]
class MY_WMI_CLASS
{
[key, read] string InstanceName;
[read] boolean Active;
[WmiMethodId(1),
Implemented,
Description("Test xxx")]
void TestFunction([out, Description("Test f")] uint32 Data);
};
MSDN says I have to call
IoWMIQueryAllData, https://msdn.microsoft.com/en-us/library/windows/hardware/ff550453(v=vs.85).aspx
and
IoWMIExecuteMethod, https://msdn.microsoft.com/en-us/library/windows/hardware/ff550438(v=vs.85).aspx
functions. IoWMIExecuteMethod function has an InstanceName parameter which I don't know how to get.
NTSTATUS IoWMIExecuteMethod(
_In_ PVOID DataBlockObject,
_In_ PUNICODE_STRING InstanceName,
_In_ ULONG MethodId,
_In_ ULONG InBufferSize,
_Inout_ PULONG OutBufferSize,
_Inout_ PUCHAR InOutBuffer
);
Found an answer on my own question.
PVOID wmiObject = NULL;
ULONG allocSize = 100;
UCHAR pBuffer[100] = ;
//Open block
rc = IoWMIOpenBlock(&guid, WMIGUID_EXECUTE, &wmiObject);
//get instance name
rc = IoWMIQueryAllData(wmiObject, &allocSize, pBuffer);
WNODE_ALL_DATA *pWNode = (WNODE_ALL_DATA*)pBuffer;
ULONG offset = *((PULONG)(pBuffer + pWNode->OffsetInstanceNameOffsets));
PWCHAR str = (PWCHAR)(pBuffer + offset + 2);
UNICODE_STRING uniInstanceName = { 0 };
RtlInitUnicodeString(&uniInstanceName, str);
UINT8 data[100];
size = 100;
//execute a method
rc = IoWMIExecuteMethod(wmiObject, &uniInstanceName, 1, 0, &size, data);