Retreive Antivirus Information using WMI

Post date: Apr 26, 2011 5:51:12 PM

This snippet, written by opc0de, uses WMI (Windows Management Instruction - http://en.wikipedia.org/wiki/Windows_Management_Instrumentation) to retrieve information about the currently installed antivirus software.

program PGetAntiVirusProductInfo;

//by opc0de

//ic0de.org

{$APPTYPE CONSOLE}

uses

  SysUtils,

  ActiveX,

  ComObj,

  Variants;

function VarArrayToStr(const vArray: variant): string;

    function _VarToStr(const V: variant): string;

var

    Vt: integer;

    begin

    Vt := VarType(V);

        case Vt of

          varSmallint,

          varInteger  : Result := IntToStr(integer(V));

          varSingle,

          varDouble,

          varCurrency : Result := FloatToStr(Double(V));

          varDate     : Result := VarToStr(V);

          varOleStr   : Result := WideString(V);

          varBoolean  : Result := VarToStr(V);

          varVariant  : Result := VarToStr(Variant(V));

          varByte     : Result := char(byte(V));

          varString   : Result := String(V);

          varArray    : Result := VarArrayToStr(Variant(V));

        end;

    end;

var

i : integer;

begin

    Result := '[';

     if (VarType(vArray) and VarArray)=0 then

       Result := _VarToStr(vArray)

    else

    for i := VarArrayLowBound(vArray, 1) to VarArrayHighBound(vArray, 1) do

     if i=VarArrayLowBound(vArray, 1)  then

      Result := Result+_VarToStr(vArray[i])

     else

      Result := Result+'|'+_VarToStr(vArray[i]);

    Result:=Result+']';

end;

function VarStrNull(const V:OleVariant):string; //avoid problems with null strings

begin

  Result:='';

  if not VarIsNull(V) then

  begin

    if VarIsArray(V) then

       Result:=VarArrayToStr(V)

    else

    Result:=VarToStr(V);

  end;

end;

function GetWMIObject(const objectName: String): IDispatch; //create the Wmi instance

var

  chEaten: Integer;

  BindCtx: IBindCtx;

  Moniker: IMoniker;

begin

  OleCheck(CreateBindCtx(0, bindCtx));

  OleCheck(MkParseDisplayName(BindCtx, StringToOleStr(objectName), chEaten, Moniker));

  OleCheck(Moniker.BindToObject(BindCtx, nil, IDispatch, Result));

end;

procedure  GetAntiVirusProductInfo;

var

 objWMIService : OLEVariant;

 colItems      : OLEVariant;

 colItem       : OLEVariant;

 oEnum         : IEnumvariant;

 iValue        : LongWord;

begin;

 objWMIService := GetWMIObject('winmgmts:\\localhost\root\SecurityCenter2');

 colItems      := objWMIService.ExecQuery('SELECT * FROM AntiVirusProduct','WQL',0);

 oEnum         := IUnknown(colItems._NewEnum) as IEnumVariant;

 while oEnum.Next(1, colItem, iValue) = 0 do

 begin

   Writeln(Format('displayName                    %s',[VarStrNull(colItem.displayName)]));// String

   Writeln(Format('instanceGuid                   %s',[VarStrNull(colItem.instanceGuid)]));// String

   Writeln(Format('pathToSignedProductExe         %s',[VarStrNull(colItem.pathToSignedProductExe)]));// String

   Writeln(Format('pathToSignedReportingExe       %s',[VarStrNull(colItem.pathToSignedReportingExe)]));// String

   Writeln(Format('productState                   %s',[VarStrNull(colItem.productState)]));// Uint32

   Writeln('');

 end;

end;

begin

try

    CoInitialize(nil);

try

      GetAntiVirusProductInfo;

      Readln;

    finally

    CoUninitialize;

    end;

 except

    on E:Exception do

    begin

        Writeln(E.Classname, ':', E.Message);

        Readln;

    end;

  end;

end.