WMI Programming with Visual Basic.NET: Trapping System Events - What is “WqlEventQuery”?
(Page 3 of 4 )
Let me explain the above program line by line. Consider the first statement:
DimqueryAsNewWqlEventQuery( _
"__InstanceModificationEvent", _
NewTimeSpan(0, 0, 1), _
"TargetInstance isa ""Win32_Service""")
We see from the above statement that we are about to work with a new class “WqlEventQuery” in “System.Management” namespace. This is the class specially used to work with event based queries in WMI.
The “__InstanceModificationEvent” is a special WMI system class used to report an instance of a modification event, which is a type of intrinsic event generated when an instance changes (gets modified) in the namespace. Any event, treated as modification to a state of the event, will be immediately notified to this class. We also have similar event classes like “__InstanceCreationEvent” and “__InstanceDeletionEvent”. But all these get inherited from “__InstanceOperationEvent” class. And even “__InstanceOperationEvent” gets inherited from “__Event”. You can get an entire hierarchy of these classes from WMI SDK documentation.
The value of an instance of “TimeSpan” class represents a period of time. This interval is the maximum amount of time that can pass before notification of an event must be delivered. That means something like “send notification of the creation (or modification) of Win32_Service instances, with a ‘specified timespan’ of polling interval”. “TimeSpan(0,0,1)” specifies a time interval of zero hours, zero minutes and one second. So, it polls every second.
“__InstanceModificationEvent” may be reporting several types of instances and not only “Win32_Service” based events. So, we need to filter the events to only the ones we want (in this case, the events of type “Win32_Service”). Any instance of “__InstanceModificationEvent” has a property named “TargetInstance”. This property is the instance used to fire the event. In this case we are checking whether it is an instance of “Win32_Service” event being fired or not. If you carefully observe, there exists a keyword, “isa” keyword, which is defined as an operator in WQL. It is generally used to compare directly with the instances (rather than to the property values).
Next: Watching the event >>
More Visual Basic.NET Articles
More By Jagadish Chaterjee
