PHP wrapper wmic

Asked

Viewed 86 times

1

I’m currently using wmic on Linux to query data on a Windows machine.

The web interface of the query system is written in PHP, whereas the core that makes the query is written in Python, because I need the wmi_client_wrapper library to wrapper the wmic output.

I would like to do this parser (wrapper) in PHP itself. The goal would be to have the output in array format. For example, when executing the code:

$var = shell_exec('wmic -U administrador%1QAZxsw2 //192.168.56.101 "select * from Win32_OperatingSystem"');

echo $var;

The exit is:

CLASS: Win32_Process
CreationDate|ExecutablePath|Handle|Name|Priority|ProcessId|WorkingSetSize
20160824162429.944953-180|(null)|4|System|8|4|2285568
20160824162429.954968-180|(null)|416|smss.exe|11|416|716800
20160824162431.296897-180|C:\Windows\system32\csrss.exe|484|csrss.exe|13|484|5029888
20160824162431.717502-180|C:\Windows\system32\csrss.exe|528|csrss.exe|13|528|6160384
20160824162431.847689-180|C:\Windows\system32\wininit.exe|536|wininit.exe|13|536|4005888
20160824162431.877732-180|C:\Windows\system32\winlogon.exe|564|winlogon.exe|13|564|4403200
20160824162432.168150-180|C:\Windows\system32\services.exe|616|services.exe|9|616|6356992
20160824162432.328380-180|C:\Windows\system32\lsass.exe|628|lsass.exe|9|628|8413184
20160824162432.338395-180|C:\Windows\system32\lsm.exe|636|lsm.exe|8|636|3878912
20160824162433.119518-180|C:\Windows\system32\svchost.exe|800|svchost.exe|8|800|5939200
20160824162433.219662-180|C:\Windows\system32\VBoxService.exe|848|VBoxService.exe|8|848|5877760
20160824162433.483040-180|C:\Windows\system32\svchost.exe|900|svchost.exe|8|900|6172672
20160824162433.582182-180|C:\Windows\System32\svchost.exe|936|svchost.exe|8|936|7872512
20160824162434.033830-180|C:\Windows\system32\svchost.exe|1020|svchost.exe|8|1020|5718016
20160824162434.199067-180|C:\Windows\system32\svchost.exe|1060|svchost.exe|8|1060|31662080
20160824162434.254146-180|C:\Windows\system32\SLsvc.exe|1092|SLsvc.exe|8|1092|13414400
20160824162434.386336-180|C:\Windows\system32\svchost.exe|1116|svchost.exe|8|1116|11026432
20160824162434.496494-180|C:\Windows\System32\svchost.exe|1196|svchost.exe|8|1196|8716288
20160824162434.551573-180|C:\Windows\system32\svchost.exe|1220|svchost.exe|8|1220|14458880
20160824162434.837984-180|C:\Windows\system32\svchost.exe|1348|svchost.exe|8|1348|9605120
20160824162441.788953-180|C:\Windows\System32\spoolsv.exe|1484|spoolsv.exe|8|1484|8818688
20160824162441.943175-180|C:\Windows\system32\svchost.exe|1548|svchost.exe|8|1548|5152768
20160824162441.998254-180|C:\Windows\system32\svchost.exe|1580|svchost.exe|8|1580|2920448
20160824162442.064348-180|C:\Windows\System32\svchost.exe|1616|svchost.exe|8|1616|2306048
20160824162445.706577-180|C:\Windows\system32\taskeng.exe|1992|taskeng.exe|6|1992|5599232
20160824162450.843965-180|C:\Windows\system32\taskeng.exe|428|taskeng.exe|8|428|7766016
20160824162456.632288-180|C:\Windows\system32\Dwm.exe|1832|dwm.exe|8|1832|3710976
20160824162456.932720-180|C:\Windows\Explorer.EXE|688|explorer.exe|8|688|21454848
20160824162457.713843-180|C:\Windows\System32\VBoxTray.exe|1032|VBoxTray.exe|8|1032|5095424
20160824162501.909877-180|C:\Windows\system32\conime.exe|1588|conime.exe|8|1588|3432448
20160824162646.109709-180|C:\Windows\System32\msdtc.exe|1836|msdtc.exe|8|1836|6926336
20160824162732.316150-180|C:\Windows\system32\wbem\wmiprvse.exe|2008|WmiPrvSE.exe|8|2008|13152256
20160824162747.558067-180|C:\Windows\system32\wuauclt.exe|1232|wuauclt.exe|8|1232|4935680
20160825115345.986686-180|C:\Users\Administrador\Desktop\wmiexplorer.exe|2080|wmiexplorer.exe|8|2080|8876032
20160826130558.767043-180|C:\Windows\system32\SLUI.exe|2928|SLUI.exe|8|2928|6709248
20160826130639.427821-180|C:\Windows\system32\taskeng.exe|3432|taskeng.exe|6|3432|4108288

However, the objective is to treat the above data and present it as such:

Array
(
    [0] => Array
        (
            [Name] => System
            [Priority] => 8
            [WorkingSetSize] => 2.18 MB
            [CreationDate] => 24/08/2016 - 16:24:29
            [ExecutablePath] => 
        )

    [1] => Array
        (
            [Name] => smss.exe
            [Priority] => 11
            [WorkingSetSize] => 700.00 KB
            [CreationDate] => 24/08/2016 - 16:24:29
            [ExecutablePath] => 
        )

    [2] => Array
        (
            [Name] => csrss.exe
            [Priority] => 13
            [WorkingSetSize] => 4.80 MB
            [CreationDate] => 24/08/2016 - 16:24:31
            [ExecutablePath] => C:\Windows\system32\csrss.exe
        )

    [3] => Array
        (
            [Name] => csrss.exe
            [Priority] => 13
            [WorkingSetSize] => 5.88 MB
            [CreationDate] => 24/08/2016 - 16:24:31
            [ExecutablePath] => C:\Windows\system32\csrss.exe
        )

    [4] => Array
        (
            [Name] => wininit.exe
            [Priority] => 13
            [WorkingSetSize] => 3.82 MB
            [CreationDate] => 24/08/2016 - 16:24:31
            [ExecutablePath] => C:\Windows\system32\wininit.exe
        )

    [5] => Array
        (
            [Name] => winlogon.exe
            [Priority] => 13
            [WorkingSetSize] => 4.20 MB
            [CreationDate] => 24/08/2016 - 16:24:31
            [ExecutablePath] => C:\Windows\system32\winlogon.exe
        )

    [6] => Array
        (
            [Name] => services.exe
            [Priority] => 9
            [WorkingSetSize] => 6.05 MB
            [CreationDate] => 24/08/2016 - 16:24:32
            [ExecutablePath] => C:\Windows\system32\services.exe
        )

    [7] => Array
        (
            [Name] => lsass.exe
            [Priority] => 9
            [WorkingSetSize] => 8.03 MB
            [CreationDate] => 24/08/2016 - 16:24:32
            [ExecutablePath] => C:\Windows\system32\lsass.exe
        )

    [8] => Array
        (
            [Name] => lsm.exe
            [Priority] => 8
            [WorkingSetSize] => 3.70 MB
            [CreationDate] => 24/08/2016 - 16:24:32
            [ExecutablePath] => C:\Windows\system32\lsm.exe
        )

    [9] => Array
        (
            [Name] => svchost.exe
            [Priority] => 8
            [WorkingSetSize] => 5.64 MB
            [CreationDate] => 24/08/2016 - 16:24:33
            [ExecutablePath] => C:\Windows\system32\svchost.exe
        )

    [10] => Array
        (
            [Name] => VBoxService.exe
            [Priority] => 8
            [WorkingSetSize] => 5.61 MB
            [CreationDate] => 24/08/2016 - 16:24:33
            [ExecutablePath] => C:\Windows\system32\VBoxService.exe
        )

    [11] => Array
        (
            [Name] => svchost.exe
            [Priority] => 8
            [WorkingSetSize] => 5.86 MB
            [CreationDate] => 24/08/2016 - 16:24:33
            [ExecutablePath] => C:\Windows\system32\svchost.exe
        )

    [12] => Array
        (
            [Name] => svchost.exe
            [Priority] => 8
            [WorkingSetSize] => 7.39 MB
            [CreationDate] => 24/08/2016 - 16:24:33
            [ExecutablePath] => C:\Windows\System32\svchost.exe
        )

    [13] => Array
        (
            [Name] => svchost.exe
            [Priority] => 8
            [WorkingSetSize] => 5.44 MB
            [CreationDate] => 24/08/2016 - 16:24:34
            [ExecutablePath] => C:\Windows\system32\svchost.exe
        )

    [14] => Array
        (
            [Name] => svchost.exe
            [Priority] => 8
            [WorkingSetSize] => 30.14 MB
            [CreationDate] => 24/08/2016 - 16:24:34
            [ExecutablePath] => C:\Windows\system32\svchost.exe
        )

    [15] => Array
        (
            [Name] => SLsvc.exe
            [Priority] => 8
            [WorkingSetSize] => 12.78 MB
            [CreationDate] => 24/08/2016 - 16:24:34
            [ExecutablePath] => C:\Windows\system32\SLsvc.exe
        )

    [16] => Array
        (
            [Name] => svchost.exe
            [Priority] => 8
            [WorkingSetSize] => 10.49 MB
            [CreationDate] => 24/08/2016 - 16:24:34
            [ExecutablePath] => C:\Windows\system32\svchost.exe
        )

    [17] => Array
        (
            [Name] => svchost.exe
            [Priority] => 8
            [WorkingSetSize] => 8.28 MB
            [CreationDate] => 24/08/2016 - 16:24:34
            [ExecutablePath] => C:\Windows\System32\svchost.exe
        )

    [18] => Array
        (
            [Name] => svchost.exe
            [Priority] => 8
            [WorkingSetSize] => 13.77 MB
            [CreationDate] => 24/08/2016 - 16:24:34
            [ExecutablePath] => C:\Windows\system32\svchost.exe
        )

    [19] => Array
        (
            [Name] => svchost.exe
            [Priority] => 8
            [WorkingSetSize] => 9.14 MB
            [CreationDate] => 24/08/2016 - 16:24:34
            [ExecutablePath] => C:\Windows\system32\svchost.exe
        )

    [20] => Array
        (
            [Name] => spoolsv.exe
            [Priority] => 8
            [WorkingSetSize] => 8.41 MB
            [CreationDate] => 24/08/2016 - 16:24:41
            [ExecutablePath] => C:\Windows\System32\spoolsv.exe
        )

    [21] => Array
        (
            [Name] => svchost.exe
            [Priority] => 8
            [WorkingSetSize] => 4.91 MB
            [CreationDate] => 24/08/2016 - 16:24:41
            [ExecutablePath] => C:\Windows\system32\svchost.exe
        )

    [22] => Array
        (
            [Name] => svchost.exe
            [Priority] => 8
            [WorkingSetSize] => 2.79 MB
            [CreationDate] => 24/08/2016 - 16:24:41
            [ExecutablePath] => C:\Windows\system32\svchost.exe
        )

    [23] => Array
        (
            [Name] => svchost.exe
            [Priority] => 8
            [WorkingSetSize] => 2.20 MB
            [CreationDate] => 24/08/2016 - 16:24:42
            [ExecutablePath] => C:\Windows\System32\svchost.exe
        )

    [24] => Array
        (
            [Name] => taskeng.exe
            [Priority] => 6
            [WorkingSetSize] => 5.33 MB
            [CreationDate] => 24/08/2016 - 16:24:45
            [ExecutablePath] => C:\Windows\system32\taskeng.exe
        )

    [25] => Array
        (
            [Name] => taskeng.exe
            [Priority] => 8
            [WorkingSetSize] => 7.40 MB
            [CreationDate] => 24/08/2016 - 16:24:50
            [ExecutablePath] => C:\Windows\system32\taskeng.exe
        )

    [26] => Array
        (
            [Name] => dwm.exe
            [Priority] => 8
            [WorkingSetSize] => 3.54 MB
            [CreationDate] => 24/08/2016 - 16:24:56
            [ExecutablePath] => C:\Windows\system32\Dwm.exe
        )

    [27] => Array
        (
            [Name] => explorer.exe
            [Priority] => 8
            [WorkingSetSize] => 20.45 MB
            [CreationDate] => 24/08/2016 - 16:24:56
            [ExecutablePath] => C:\Windows\Explorer.EXE
        )

    [28] => Array
        (
            [Name] => VBoxTray.exe
            [Priority] => 8
            [WorkingSetSize] => 4.87 MB
            [CreationDate] => 24/08/2016 - 16:24:57
            [ExecutablePath] => C:\Windows\System32\VBoxTray.exe
        )

    [29] => Array
        (
            [Name] => conime.exe
            [Priority] => 8
            [WorkingSetSize] => 3.27 MB
            [CreationDate] => 24/08/2016 - 16:25:01
            [ExecutablePath] => C:\Windows\system32\conime.exe
        )

    [30] => Array
        (
            [Name] => msdtc.exe
            [Priority] => 8
            [WorkingSetSize] => 6.61 MB
            [CreationDate] => 24/08/2016 - 16:26:46
            [ExecutablePath] => C:\Windows\System32\msdtc.exe
        )

    [31] => Array
        (
            [Name] => WmiPrvSE.exe
            [Priority] => 8
            [WorkingSetSize] => 12.37 MB
            [CreationDate] => 24/08/2016 - 16:27:32
            [ExecutablePath] => C:\Windows\system32\wbem\wmiprvse.exe
        )

    [32] => Array
        (
            [Name] => wuauclt.exe
            [Priority] => 8
            [WorkingSetSize] => 4.70 MB
            [CreationDate] => 24/08/2016 - 16:27:47
            [ExecutablePath] => C:\Windows\system32\wuauclt.exe
        )

    [33] => Array
        (
            [Name] => wmiexplorer.exe
            [Priority] => 8
            [WorkingSetSize] => 8.45 MB
            [CreationDate] => 25/08/2016 - 11:53:45
            [ExecutablePath] => C:\Users\Administrador\Desktop\wmiexplorer.exe
        )

    [34] => Array
        (
            [Name] => SLUI.exe
            [Priority] => 8
            [WorkingSetSize] => 6.40 MB
            [CreationDate] => 26/08/2016 - 13:05:58
            [ExecutablePath] => C:\Windows\system32\SLUI.exe
        )

    [35] => Array
        (
            [Name] => taskeng.exe
            [Priority] => 6
            [WorkingSetSize] => 3.91 MB
            [CreationDate] => 26/08/2016 - 13:06:39
            [ExecutablePath] => C:\Windows\system32\taskeng.exe
        )

)
  • 1

    Does the output always come in this format? There is line break?

  • Just out of curiosity, why a soft with this level of integration with OS would be done just in PHP, and not a normal executable?

  • I need to develop fast, very fast and as the language with which I have more contact is PHP, I had to opt for it. In a second moment because they requested a web solution.

2 answers

1

Doing the combination of functions str_replace, explode and array_combine we can do it this way:

$output =  <<<OUTPUT
CLASS: Win32_Process
CreationDate|ExecutablePath|Handle|Name|Priority|ProcessId|WorkingSetSize \r
20160824162429.944953-180|(null)|4|System|8|4|2285568 \r
20160824162429.954968-180|(null)|416|smss.exe|11|416|716800 \r
20160824162431.296897-180|C:\Windows\system32\csrss.exe|484|csrss.exe|13|484|5029888 \r
20160824162431.717502-180|C:\Windows\system32\csrss.exe|528|csrss.exe|13|528|6160384 \r
20160824162431.847689-180|C:\Windows\system32\wininit.exe|536|wininit.exe|13|536|4005888 \r
20160824162431.877732-180|C:\Windows\system32\winlogon.exe|564|winlogon.exe|13|564|4403200 \r
20160824162432.168150-180|C:\Windows\system32\services.exe|616|services.exe|9|616|6356992 \r
20160824162432.328380-180|C:\Windows\system32\lsass.exe|628|lsass.exe|9|628|8413184 \r
20160824162432.338395-180|C:\Windows\system32\lsm.exe|636|lsm.exe|8|636|3878912 \r
20160824162433.119518-180|C:\Windows\system32\svchost.exe|800|svchost.exe|8|800|5939200 \r
20160824162433.219662-180|C:\Windows\system32\VBoxService.exe|848|VBoxService.exe|8|848|5877760 \r
20160824162433.483040-180|C:\Windows\system32\svchost.exe|900|svchost.exe|8|900|6172672 \r
20160824162433.582182-180|C:\Windows\System32\svchost.exe|936|svchost.exe|8|936|7872512 \r
20160824162434.033830-180|C:\Windows\system32\svchost.exe|1020|svchost.exe|8|1020|5718016 \r
20160824162434.199067-180|C:\Windows\system32\svchost.exe|1060|svchost.exe|8|1060|31662080 \r
20160824162434.254146-180|C:\Windows\system32\SLsvc.exe|1092|SLsvc.exe|8|1092|13414400 \r
20160824162434.386336-180|C:\Windows\system32\svchost.exe|1116|svchost.exe|8|1116|11026432 \r
20160824162434.496494-180|C:\Windows\System32\svchost.exe|1196|svchost.exe|8|1196|8716288 \r
20160824162434.551573-180|C:\Windows\system32\svchost.exe|1220|svchost.exe|8|1220|14458880 \r
20160824162434.837984-180|C:\Windows\system32\svchost.exe|1348|svchost.exe|8|1348|9605120 \r
20160824162441.788953-180|C:\Windows\System32\spoolsv.exe|1484|spoolsv.exe|8|1484|8818688 \r
20160824162441.943175-180|C:\Windows\system32\svchost.exe|1548|svchost.exe|8|1548|5152768 \r
20160824162441.998254-180|C:\Windows\system32\svchost.exe|1580|svchost.exe|8|1580|2920448 \r
20160824162442.064348-180|C:\Windows\System32\svchost.exe|1616|svchost.exe|8|1616|2306048 \r
20160824162445.706577-180|C:\Windows\system32\taskeng.exe|1992|taskeng.exe|6|1992|5599232 \r
20160824162450.843965-180|C:\Windows\system32\taskeng.exe|428|taskeng.exe|8|428|7766016 \r
20160824162456.632288-180|C:\Windows\system32\Dwm.exe|1832|dwm.exe|8|1832|3710976 \r
20160824162456.932720-180|C:\Windows\Explorer.EXE|688|explorer.exe|8|688|21454848 \r
20160824162457.713843-180|C:\Windows\System32\VBoxTray.exe|1032|VBoxTray.exe|8|1032|5095424 \r
20160824162501.909877-180|C:\Windows\system32\conime.exe|1588|conime.exe|8|1588|3432448 \r
20160824162646.109709-180|C:\Windows\System32\msdtc.exe|1836|msdtc.exe|8|1836|6926336 \r
20160824162732.316150-180|C:\Windows\system32\wbem\wmiprvse.exe|2008|WmiPrvSE.exe|8|2008|13152256 \r
20160824162747.558067-180|C:\Windows\system32\wuauclt.exe|1232|wuauclt.exe|8|1232|4935680 \r
20160825115345.986686-180|C:\Users\Administrador\Desktop\wmiexplorer.exe|2080|wmiexplorer.exe|8|2080|8876032 \r
20160826130558.767043-180|C:\Windows\system32\SLUI.exe|2928|SLUI.exe|8|2928|6709248 \r
20160826130639.427821-180|C:\Windows\system32\taskeng.exe|3432|taskeng.exe|6|3432|4108288 \r
OUTPUT;

$output = str_replace("CLASS: Win32_Process","", $output);
$output = (explode("\r\n", $output));

$keys = explode("|", $output[0]);


for($i = 1; $i <= count($output)-1; $i++){
    $values[$i] = explode("|", $output[$i]);
    $final[] = array_combine($keys, $values[$i]);
}   


print_r($final);

See working on ideone

  • The class is variable, can change, whereas the raw data is separated by line break ('n'). I’ve built a method to parse, I’ll post it as an answer.

0

public static function parse($resultado)
    {
        ## Remove a primeira e a ultima linha
        $var = trim(preg_replace('/^.+\n/', '', $resultado));

        # Transforma a lista retornada em array
        $wmic = explode("\n", $var);

        # Pega a primeira linha do array e cria um novo array de titulos
        $titulos = explode("|", $wmic[0]);
        unset($wmic[0]);
        $wmic = array_values($wmic);


            for ($i = 0; $i < sizeof($wmic); $i++)
            {
                $campos = explode("|", $wmic[$i]);

                for ($y = 0; $y < sizeof($campos); $y++)
                {
                    $novo[$i][$titulos[$y]] = $campos[$y];
                }
            }


        return $novo;
    }

Browser other questions tagged

You are not signed in. Login or sign up in order to post.