4

我尝试使用 WMI -> Win32_NTEventlogFile 读取 Windows 事件日志。我使用工具“WMI Delphi Code Creator”中的示例代码(链接到 WMI 教程

procedure TEventLogsForm.GetWin32_NTLogEventInfo;
const
  WbemUser            ='';
  WbemPassword        ='';
  WbemComputer        ='localhost';
  wbemFlagForwardOnly = $00000020;
var
  FSWbemLocator : OLEVariant;
  FWMIService   : OLEVariant;
  FWbemObjectSet: OLEVariant;
  FWbemObject   : OLEVariant;
  oEnum         : IEnumvariant;
  iValue        : LongWord;
begin;
  FSWbemLocator := CreateOleObject('WbemScripting.SWbemLocator');
  FWMIService   := FSWbemLocator.ConnectServer(WbemComputer, 'root\CIMV2', WbemUser, WbemPassword);
  FWbemObjectSet:= FWMIService.ExecQuery('SELECT * FROM Win32_NTLogEvent  Where Logfile="Application"','WQL',wbemFlagForwardOnly);
  oEnum         := IUnknown(FWbemObjectSet._NewEnum) as IEnumVariant;
  while oEnum.Next(1, FWbemObject, iValue) = 0 do
  begin
    try
      // ????
      if not VarIsNull(FWbemObject.Data) then
        Showmessage(IntToStr(Integer(FWbemObject.Data)));// Array of Uint8
      if not VarIsNull(FWbemObject.InsertionStrings) then
        Showmessage(String(FWbemObject.InsertionStrings));

    except
      on E:Exception do
      begin
        MessageDlg(E.Message, mtError, [mbOK], 0);
      end;
    end;

    FWbemObject:=Unassigned;
  end;
end;

我尝试读取参数“FWbemObject.Data”和“FWbemObject.InsertionStrings”。但我得到错误:类型的变体(Array Variant)无法转换为类型(OleStr)

如何读取/显示此参数?

4

1 回答 1

5

根据此处找到的文档,Data 和 InsertionString 是一个字节/字符串数组;

下面我用它在 for 循环中迭代它们,我不知道是否有任何意义,但你可以用它作为例子,做任何你需要的事情:)。

procedure GetWin32_NTLogEventInfo;
const
  WbemUser            ='';
  WbemPassword        ='';
  WbemComputer        ='localhost';
  wbemFlagForwardOnly = $00000020;
var
  FSWbemLocator : OLEVariant;
  FWMIService   : OLEVariant;
  FWbemObjectSet: OLEVariant;
  FWbemObject   : OLEVariant;
  oEnum         : IEnumvariant;
  iValue        : LongWord;
  Insertion     : array of String;
  Data          : array of Byte;
  I: integer;
begin;
  FSWbemLocator := CreateOleObject('WbemScripting.SWbemLocator');
  FWMIService   := FSWbemLocator.ConnectServer(WbemComputer, 'root\CIMV2', WbemUser, WbemPassword);
  FWbemObjectSet:= FWMIService.ExecQuery('SELECT * FROM Win32_NTLogEvent Where Logfile=''Application''','WQL',wbemFlagForwardOnly);
  oEnum         := IUnknown(FWbemObjectSet._NewEnum) as IEnumVariant;
  while oEnum.Next(1, FWbemObject, iValue) = 0 do
  begin
    try

      if not VarIsNull(FWbemObject.Data) then
      begin
        Data := FWbemObject.Data;
        for I:= VarArrayLowBound(data,1) to VarArrayHighBound(data,1) do
          Showmessage(IntToStr(Data[I]));// Array of Uint8
      end;

      if not VarIsNull(FWbemObject.InsertionStrings) then
      begin
        Insertion := FWbemObject.InsertionStrings;            
        for I:= VarArrayLowBound(Insertion,1) to VarArrayHighBound(Insertion,1) do
          Showmessage(Insertion[I]);
      end;

    except
      on E:Exception do
      begin
        MessageDlg(E.Message, mtError, [mbOK], 0);
      end;
    end;

    FWbemObject:=Unassigned;
  end;
end;

此链接中有几个示例,但它是用 VB 编写的

于 2013-06-07T11:56:21.270 回答