Defrag Tools #120 - Windows Management Instrumentation

Sign in to queue

Description

In this episode of Defrag Tools, Andrew Richards and Chad Beeder discuss Windows Management Instrumentation (WMI).

Resources:
PDE Debugger Extension

Timeline:
[00:00] - Windows Management Instrumentation (WMI)
[02:25] - wbemtest
[04:21] - Hey, Scripting Guy!
[05:25] - PowerShell - Get-WmiObject
[06:10] - Classes
[06:55] - List Namespaces in root: Get-WmiClass -namespace root -class __NAMESPACE
[08:08] - List Namespaces in root\cimv2: Get-WmiClass -namespace root\cimv2 -class __NAMESPACE
[08:25] - List Classes in Namespace: Get-WmiClass -namespace root\cimv2\power -list
[08:52] - List Instances of a Class: Get-WmiClass -namespace root\cimv2\power -class Win32_PowerPlan
[09:30] - WmiPrvSE - Process that runs WMI Providers
[12:08] - Debugging a WmiPrvSE crash (caught by procdump -ma -i c:\dumps)
[12:08] - .exr -1 / !pde.err <code>
[14:12] - !sos.pe / !pde.err <code>
[14:57] - List the managed stack objects -- !sos.dso
[15:27] - !sos.pe <Exception Address> / Inner Exception
[17:30] - !pde.bold FileNotFound !sos.dso -- no strings close to indicate the filename
[18:10] - !pde.grep System.String !sos.dso -- no filename, but there is a package name
[19:18] - !sos.do --> FileNotFoundException._fileName -- unfortunately it is blank
[19:18] - Display the WMI objects -- !sos.dso --> !sos.do WmiNative.WbemProvider -- all blank
[20:51] - Display the WMI objects -- !sos.dso --> !sos.do WmiNative.WbemProvider+WMIClassCacheEntry
[21:14] - m_FullPathClassName -- has the Namespace and Class (SMS_Windows8Application)
[21:26] - Class exists: Get-WmiObject -namespace root\cimv2\sms -class sms_ -list
[22:03] - Using it repro's the crash: Get-WmiObject -namespace root\cimv2\sms -class sms_windows8application
[22:37] - Bing says the class is from System Center Configuration Manager
[23:55] - Use Process Explorer to see that WmiPrvSE is a transitory process
[24:57] - Use Process Monitor to find the missing filename
[27:26] - Jump To gets us to the folder
[27:32] - Back to the dump, !pde.dpx -du finds the filename, class name and the query
[28:17] - Get-WmiObject -Namespace root\cimv2\sms -Query "select ..."
[29:05] - System Center Configuration Manager log file tells us it was a partial uninstall
[29:46] - Summary and some examples
[32:07] - Email us your issues at defragtools@microsoft.com.

Embed

Download

Download this episode

Download captions

The Discussion

Add Your 2 Cents