Say Goodbye to Quirky APIs:
Building a WMI Provider to Expose Your Object Info

indows® Management Instrumentation (WMI) is a Microsoft® technology that simplifies system and hardware management by providing one consistent, standardized interface to application and device management data. WMI is built on standards set by the Desktop Management Task Force (DMTF) to make it useable across systems and platforms. For a broader view of WMI, see Jeffrey Cooperstein�s article, "Windows Management Instrumentation: Administering Windows and Applications across Your Enterprise," in this issue.
      In this article we will focus on building a WMI provider. A WMI provider is an object-oriented database that provides data about apps, devices, and other sources of system information. Unlike a standard relational database, it supports classes, instances of those classes, and inheritance relationships between classes. Many of the terms used by WMI map fairly well to the relational database concepts you�re probably already familiar with (see Figure 1). Remember, however, that these are rough approximationsâ€"WMI offers features that a relational database does not, and vice versa.
      Unlike standard relational databases, WMI can retrieve instances of classes either by reading the repository (a persisted description of the objects WMI manages), or by calling a COM object to retrieve the information. This architecture offers significantly more flexibility in the types of information that can be managed. These COM objects are referred to as providers.
      Conceptually, WMI looks like the illustration shown in Figure 2. Here you can see a client application calling into WMI for information. WMI examines its repository to determine whether the information is stored statically or is provided by one or more providers. If a provider supplies the information, WMI loads the provider and requests the information. The provider will then do whatever it needs to doâ€"perform IOCTL calls, read registry keys, make Win32® API calls, and so onâ€"to retrieve the information and send it back to WMI. When WMI has the information, it responds to the client�s request.

Figure 2 WMI Architecture

      WMI also supports events. Using WMI, it is possible for a client application to be notified when certain events occur. The runtime services supported by WMI operate through the WinMgmt service (WINMGMT.EXE), also referred to as the Common Information Model Object Manager (CIMOM). These services provide certain built-in event types, but custom types can also be defined and fired by event providers. This capability makes it possible, for example, for devices to report when they are overheating, or applications to report when they are running out of resources.
      The fact that WMI supports inheritance allows for a general schema that defines the relationships between the manageable components of a computer. The DMTF has defined a schema that does just that. Their schema (known as the Common Information Model, or CIM) describes many of the common classes needed to define a computer. A (very) small extract of the CIM schema is shown in Figure 3. However, the DMTF only defines where in the schema classes should be, as well as a very general set of properties. It is up to individual hardware and software manufacturers to add classes at the very lowest levels describing the capabilities of their specific components. Additionally, the DMTF only defines the schema. They don�t create the providers that report the dataâ€"this is a task for you, the provider developer.

Figure 3 CIM Schema Excerpt

      The complexity of your provider will primarily depend on how much information you have available. Information for a single device will probably require just a few classes and perhaps an association or two. The total management of an e-mail or database server could require well over a hundred classes. Once the schema is defined, writing a provider for a single class is generally easy. It�s just a matter of calling the API for your component, taking the data from your structures, and passing it to WinMgmt.

Why Use WMI?

Getting Started

Implementing a Provider

  
CMSJ_User MyMSJ_UserSet (PROVIDER_NAME_MSJ_USER, L"NameSpace") ;

This declares a static instance of your class. This instance, which is created when your provider loads, allows the framework to map the class internally as one that it interacts with. All calls from WinMgmt involving MSJ_User will be routed by the framework through this instance. This is important when you consider that WinMgmt is a multithreaded application. It is possible that multiple calls will be made into your class concurrently, and each will be routed through this instance.
      The direct implication of this functionality is that the implementation of framework classes must be thread-safe. For this reason, we do not recommend the use of member or global variables to store data. Because you are building a dynamic provider, this is generally not a problem; you will want to regenerate volatile data in response to each call. For instance, the class MSJ_GroupMembership should query the OS for group membership each time the class is enumerated, as group membership may have changed since the last time this class enumerated. Storing this data in a member array is tempting from a performance standpoint, but it is not the appropriate choice unless you are modeling truly static data, in which case you can create static instances of the class rather than writing a dynamic instance provider.
      It�s now time to implement each of the six functions mentioned previously. We will describe both basic and advanced implementations of GetObject and EnumerateInstances. Because implementations of ExecQuery, ExecMethod, PutInstance, and DeleteInstance are not required, we will describe each of these functions as part of an advanced implementation only.

Implementing GetObject

  
HRESULT CMSJ_User::GetObject(CInstance* pInstance, long lFlags, 
                             CFrameworkQuery& Query)
{
    HRESULT hr = WBEM_E_NOT_FOUND;
    CHString sLogonScriptPath;
    hr = FindSingleInstance(pInstance, sLogonScriptPath, 
                            PROP_ALL_REQUIRED);
    if (SUCCEEDED(hr))
    {
        hr = LoadPropertyValues(pInstance, sLogonScriptPath, 
                                PROP_ALL_REQUIRED);
    }
    return hr ;
}

In this example, and in those that follow for the other methods that our provider instruments, we will attempt to separate the structure of the provider from the implementation details specific to the particular class and/or properties used in the examples. We do this to more clearly highlight those aspects of provider writing that will be common to most of the providers you write. You can see that the work of GetObject itself is straightforward. It attempts to find the instance requested. If the instance is found, it sets the nonkey properties for that instance.
      The two functions used in GetObjectâ€"FindSingleInstance and LoadPropertyValues, or functions similar to theseâ€"commonly appear in providers. FindSingleInstance takes as its arguments a pointer to the CInstance passed into GetObject and parameters used to hold data associated with that object. The advantage of this design is that we will be able to use the same LoadPropertyValues function in both our ExecQuery and our EnumerateInstances functions. This approach helps us avoid coding errors introduced by filling in different sets of properties in response to a GetObject versus an ExecQuery or EnumerateInstances.
      In FindSingleInstance, we use the framework property extraction function GetCHString to extract the value of the instance key properties (Name and Domain in this case). Based on this key value, we find the matching user account. If the user is found, we store the properties we will use to populate the MSJ_User instance, and return WBEM_S_ NO_ERROR to indicate that we actually did find the instance. Note again that for our sample provider, which only supports local instances of user accounts, the Domain property is not requiredâ€"its value will always be the name of the local machine. We have chosen to keep two keys for this class, however, for illustrative purposes.
      It is important to note that you may not be able, in all cases, to retrieve all the properties of a particular instance. For such properties, simply do not set them. They will be presented to the client with a value of NULL, which by convention means no information is available. Do not, for instance, set a string property to an empty string in such a case. That would indicate that the property value was in fact obtained and was found to be empty. In cases where not all the properties could be obtained, you should still return WBEM_S_NO_ERROR or WBEM_S_PARTIAL_RESULTS from GetObject, as long as the object was found.
      The function LoadPropertyValues takes the CInstance pointer passed into GetObject, as well as parameters containing the data we will set for the new instance. LoadPropertyValues simply uses CInstance functions to set the instance�s properties.

GetObject for Association Classes

A Better GetObject

  
DWORD CMSJ_User::GetRequestedProps(CFrameworkQuery& Query)
{
    
DWORD dwReqProps = PROP_NONE_REQUIRED;
    if(Query.IsPropertyRequired(pName)
        dwReqProps |= PROP_NAME;
    if(Query.IsPropertyRequired(pDomain)
        dwReqProps |= PROP_DOMAIN;
    if(Query.IsPropertyRequired(pSID)
        dwReqProps |= PROP_SID;
    if(Query.IsPropertyRequired( pLogonScriptPath))
        DwReqProps |= PROP_LOGSCRIPTPATH;    
    return dwReqProps;
}

GetRequestedProps is a helper function we use to encapsulate calls to the CFrameworkQuery function IsPropertyRequired, which returns true if the caller requested the property supplied as its argument. If the caller did not explicitly request the property, the function returns false. We use this function to modify a DWORD bitmask of the requested properties.
      The benefit of doing this extra work is realized in the FindSingleInstance and LoadPropertyValues functions. The SID property, which is a string representation of the security identifier associated with the particular user account, is a relatively expensive property to obtain. In this simple sample class, which only provides for accounts defined on the local machine, the overhead of determining the user�s SID is not terribly onerous. However, if the user account were located on another domain, this account name resolution would involve costly network user lookup calls. For this reason, we would like to avoid filling this property if at all possible. In LoadPropertyValues, we only resolve the user account to its SID if this property was required.

Implementing EnumerateInstances

  
HRESULT CMSJ_User::EnumerateInstances
(MethodContext* pMethodContext, long lFlags)
{
    HRESULT hr = WBEM_S_NO_ERROR;
    Hr = Enumerate(pMethodContext, PROP_ALL_REQUIRED);
    return hr;
}

We construct the calls this way to take advantage of the fact that certain variations of ExecQuery (which we will discuss later) can call the same Enumerate function.
      The basic implementation of the Enumerate function in Figure 8 is where the real work takes place. Although much of the code in this example is specific to obtaining instances of user accounts, the overall function flow used here will appear in most of the providers you write. Essentially, for each instance of a Win32 user account, we need to create a new CInstance, which we do via the framework function CreateNewInstance. We then must set the key values for the instance (we make use of the creatively named framework function SetWCHARSplat to set the Name and Domain key properties). We then set the rest of the properties using the same helper function used in our GetObject routine: LoadPropertyValues. Finally, we commit the instance, release the pointer to CInstance, and return.
      Note that we check the return value of the Commit function and add it as a condition to our inner loop. This is important, as it allows our Enumerate function to terminate quickly in response to a failed Commit, which can happen due to the client�s request to abort the enumeration. Without this check, the client would wait (if they were calling our provider synchronously) until our provider had finished processing all instances.

Improving EnumerateInstances

Advanced Implementation of ExecQuery

  
HRESULT GetValuesForProp(LPCWSTR wszPropName,    
                         std::vector<_bstr_t>&vectorNames);

Hence, the WHERE clause

  
WHERE Domain = "LocalComputer" OR 
      Domain = "Redmond"

would result in GetValuesForProp returning an array of two strings: LocalComputer and Redmond. GetValuesForProp operators other than the equal sign will not result in GetValuesForProp returning any elements.
      We use the results from GetValuesForProp to limit which domains we look at (only the local computer) and which accounts we attempt to find. If specific users were requested in the query, we use the helper FindSingleInstance; if no specific users were requested, we enumerate all local user accounts using the helper function Enumerate. If a particular domain is specified, we filter the request to look only for accounts defined locally.
      As was the case in our instrumentation of GetObject, we also optimize our queries to obtain only those properties required to satisfy the query request. Hence, we use the helper function GetRequestedProps and pass the values it returns along to both FindSingleInstance and Enumerate.

ExecQuery for Association Classes

Advanced Implementation of ExecMethod

  
[Description("The Rename method allows one to change
 the name of a user account"): ToInstanceToSubClass] 
uint32 Rename([IN] string NewName);

The uint32 return code is used to indicate whether the method performed as expected. What doesn�t appear in the MOF, however, is the HRESULT value returned to the client for the ExecMethod call. This value is used to indicate whether the provider successfully managed to call our method.
      You should also note that methods can have in parameters, out parameters (our sample does not have any out parameters), both, or neither. The return value can be any valid CIM datatype. Whether or not you specify any out parameters in your function definition in the MOF, you will always have one invisible out parameter called ReturnValue. ReturnValue holds the result of the method called (the uint32 value in our Rename method). In the sample you can see that we set this out parameter just prior to returning from ExecMethod.

PutInstance and DeleteInstance

  
PutInstance(const CInstance& Instance, long lFlags);

The lFlags parameter can be one of several values. WBEM_ FLAG_CREATE_OR_UPDATE signals the provider that the caller would like to create a new object (as specified by the key properties of the Instance parameter), if such an object does not already exist. If an object already exists as specified by the key properties, this signals that the caller would like to modify the properties of that object. WBEM_FLAG_UPDATE_ONLY specifies that the caller wants to update the properties of an existing instance. It returns an error if the specified instance does not already exist. WBEM_ FLAG_CREATE_ONLY requests that a new instance should be created as specified. An error should be returned if such an instance already exists.
      MSJ_User.cpp also contains the sample code for the PutInstance function of the class MSJ_User. You need not support all three options specified by the lFlags parameter, although we do here. If you do not support a particular lFlag value, you should return WBEM_E_UNSUPPORTED_PARAMETER. If lFlags has been specified by a value other than the three shown here, your PutInstance function should return WBEM_E_INVALID_PARAMETER. If everything has been specified properly and in a manner your provider supports, and if the object is created or updated successfully, you should return WBEM_S_NO_ERROR.
      As you can see, we condition the behavior of our PutInstance implementation on the value of lFlags. We also make use of our helper function FindSingleInstance (from our discussion of GetObject) and the new helper functions Update and Create. The latter two functions update an existing instance with new property values (really only the LogonScriptPath property) and create a new instance with the property values supplied in the CInstance parameter, respectively.
      Just about the easiest function to implement is DeleteInstance. As shown in MSJ_User.cpp, the process is merely to find the actual object specified by the CInstance parameter and, if it exists, delete it. If it existed, and was deleted successfully, you should return WBEM_S_NO_ERROR. If it does not exist, you should return WBEM_E_NOT_FOUND. If an error is encountered, return the appropriate HRESULT.

Testing the Provider

1. Compile your MOF files.
   
2. Build a debug version of your provider, and link it to the debug version of the framework (FRAMEDYD.DLL), not the release version (FRAMEDYN.DLL). This enables additional error checking in the framework.
   
3. Register your provider using regsvr32. If you used the code generator to produce the skeleton of your provider, everything you need for provider self-registration and unregistration has been automatically generated for you and appears in the file MAINDLL.CPP.
   
4. Enable detailed logging support for WinMgmt. To do this, go to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\WBEM\CIMOM and change the Logging entry from 1 (the default) to 2. The log file that you will be interested in examining is located in %WINDIR%\System32\ WBEM\Logs, and is called FRAMEWORK.LOG.
   

• You didn�t register your provider with COM using regsvr32
  
• Your provider is not registered correctly with CIMOM (you need to run MOFCOMP.EXE). Make sure that it is listed in your MOF as being either an instance of __InstanceProviderRegistration or __MethodProviderRegistration, or both, depending on your implementation. Also make sure that your provider is correctly specified as an instance of __Win32Provider. The correct provider name and its classid should be specified. Examples of these settings appear in Figure 4.
  
• You linked to the release version of the Framework, FRAMEDYN.DLL for your debug build.
  
• The debug version of the Visual C++® runtime library, MSVCRTD.DLL, is missing.
  
• You linked statically to the C runtime library rather than to MSVCRTD.DLL. The framework requires that you use this rather than the static C runtime library.
  
• Your MOF file is either missing the dynamic qualifier on the class you are calling, or the provider qualifier is missing or incorrect. It should give the name of your providerâ€"in the case of our sample, MSJSampProv.
  
• You may have a provider class ID mismatch between the MOF and MAINDLL.CPP.
  

Conclusion