Python library - WMI.py RegistryValueChangeEvent
I have a question about RegistryValueChangeEvent that I have not been able to
find an answer to on the internet so far. I would appreciate any help since I
have already spent a lot of time finding any material that explains this:
What I am trying to do:
- create an event when a value for a registry key changes
How I am doing it:
>raw_wql = "SELECT * FROM RegistryValueChangeEvent WHERE
>Hive='HKEY_LOCAL_MACHINE' AND KeyPath='SoftwareTemp' AND ValueName='Name\'"
>watcher = c.watch_for(raw_wql=raw_wql,wmi_class = "__ExtrinsicEvent")
>while TRUE:
>process_created = watcher()
Problem:
the _wmi_event object returned is not coming back as Extrinsic event -
So, in wmi.py, in class _wmi_watcher:
"self.is_extrinsic" returns false and I get an exception from the else part
- [line 1186 - 1195]
What I need
- Any reference/idea/explanation on => why does RegistryValueChangeEvent
returns as a Non-Extrinsic event? even though it has been derived from
__ExtrinsicEvent
Other information:
Running on Windows 8 64 Bit
>>> platform.machine()
'AMD64'
>>> platform.architecture()
('64bit', 'WindowsPE')
>>> platform.python_version()
'2.7.8'
>>> platform.python_implementation()
'CPython'
Using WMI-1.4.9.win32 - downloaded via PIP
pywin32-219.win-amd64-py2.7
Thanks
--
https://mail.python.org/mailman/listinfo/python-list
Re: Python library - WMI.py RegistryValueChangeEvent
Thanks for taking a look, Chris.
The error trace:
traceback (most recent call last):
File "MonitorRegistry.py", line 18, in
process_created = watcher()
File "C:\Python27\lib\site-packages\wmi.py", line 1195, in __call__
handle_com_error ()
File "C:\Python27\lib\site-packages\wmi.py", line 241, in handle_com_error
raise klass (com_error=err)
_wmi:
when I debugged this is the module that throws the exception:
wmi.py [Line 1178-1195]
def __call__ (self, timeout_ms=-1):
"""When called, return the instance which caused the event. Supports
timeout in milliseconds (defaulting to infinite). If the watcher
times out, :exc:`x_wmi_timed_out` is raised. This makes it easy to support
watching for multiple objects.
"""
try:
event = self.wmi_event.NextEvent (timeout_ms)
if self.is_extrinsic:
return _wmi_event (event, None, self.fields)
else:
return _wmi_event (
event.Properties_ ("TargetInstance").Value,
_wmi_object (event, property_map=self._event_property_map),
self.fields
)
except pywintypes.com_error:
handle_com_error ()
self.is_extrinsic returns false and event.Properties_("TargetInstance").Value
throws the exception
Here is the entire(minimal) code:
import wmi
import _winreg
c = wmi.WMI ()
raw_wql = "SELECT * FROM RegistryValueChangeEvent WHERE
Hive='HKEY_LOCAL_MACHINE' AND KeyPath='SoftwareTemp' AND ValueName='Name'"
print raw_wql
watcher = c.watch_for(raw_wql=raw_wql,wmi_class = "__ExtrinsicEvent")
while True:
try:
process_created = watcher()
print 'value changed'
I have already emailed - Tim Golden
Any other group that I can reach to?
Thanks
Khyati
On Monday, April 6, 2015 at 7:50:37 PM UTC-4, Chris Angelico wrote:
> On Tue, Apr 7, 2015 at 8:02 AM, Khyati wrote:
> > I have a question about RegistryValueChangeEvent that I have not been able
> > to find an answer to on the internet so far. I would appreciate any help
> > since I have already spent a lot of time finding any material that explains
> > this:
> >
> > What I am trying to do:
> > - create an event when a value for a registry key changes
>
> Thanks for being clear about this part! Unfortunately, there are a few
> other parts that aren't clear yet, so hopefully you can expand on your
> question a bit.
>
> > How I am doing it:
> >>raw_wql = "SELECT * FROM RegistryValueChangeEvent WHERE
> >>Hive='HKEY_LOCAL_MACHINE' AND KeyPath='SoftwareTemp' AND
> >>ValueName='Name\'"
>
> Tip: Try adding "print(raw_wql)" just underneath this line, to see if
> you're getting back what you really want. The backslash at the end of
> ValueName is not currently doing anything.
>
> >>watcher = c.watch_for(raw_wql=raw_wql,wmi_class = "__ExtrinsicEvent")
> >>while TRUE:
> >>process_created = watcher()
>
> This code isn't complete. Can you post a complete (and minimal)
> example piece of code?
>
> > Problem:
> > the _wmi_event object returned is not coming back as Extrinsic event -
> > So, in wmi.py, in class _wmi_watcher:
> >"self.is_extrinsic" returns false and I get an exception from the else
> > part - [line 1186 - 1195]
>
> It'd help hugely if you could post the entire traceback here - what
> exception you're getting, and the exact lines that produce it.
>
> > What I need
> > - Any reference/idea/explanation on => why does RegistryValueChangeEvent
> > returns as a Non-Extrinsic event? even though it has been derived from
> > __ExtrinsicEvent
> >
> > Other information:
> > Running on Windows 8 64 Bit
> >>>> platform.machine()
> > 'AMD64'
> >>>> platform.architecture()
> > ('64bit', 'WindowsPE')
> >>>> platform.python_version()
> > '2.7.8'
> >>>> platform.python_implementation()
> > 'CPython'
> >
> > Using WMI-1.4.9.win32 - downloaded via PIP
> > pywin32-219.win-amd64-py2.7
>
> Just for reference, this is a general Python discussion list. Lots of
> us won't know specific libraries, so all we can offer is fairly
> general information. If you can't get the help you need here, you may
> do better to look for more specific help about this module.
>
> All the best!
>
> ChrisA
--
https://mail.python.org/mailman/listinfo/python-list
Re: Python library - WMI.py RegistryValueChangeEvent
On Tuesday, April 7, 2015 at 10:31:47 AM UTC-4, Chris Angelico wrote: > On Wed, Apr 8, 2015 at 12:15 AM, Khyati wrote: > > Thanks for taking a look, Chris. > > The error trace: > > traceback (most recent call last): > > File "MonitorRegistry.py", line 18, in > >process_created = watcher() > > File "C:\Python27\lib\site-packages\wmi.py", line 1195, in __call__ > >handle_com_error () > > File "C:\Python27\lib\site-packages\wmi.py", line 241, in handle_com_error > >raise klass (com_error=err) > > _wmi: > u'SWbemPropertySet', u'Not found ', None, 0, -2147217406), None)> > > It looks to me like this is a thin wrapper around the underlying API > call, and you're getting back an error from the lower-level services. > The way this reads, there might well not be an > HKLM\Software\Temp\Name; maybe the ValueName is what's wrong here? > > Someone somewhere knows more than I do, but if you can't find that > someone here on python-list, you might be able to find some help on > Stack Overflow or another mailing list, from people who know how to do > this kind of thing in a different language. You'd have to translate > their suggestions back into Python, but when the wrappers are thin > enough, that's usually not too hard. > > ChrisA HKLM\Software\Temp\Name exists since the event is caught correctly only when I change that key. i'll keep looking :) -- https://mail.python.org/mailman/listinfo/python-list
Re: Python library - WMI.py RegistryValueChangeEvent
Thanks TJG for your reply. I guess at this point the question is why is the event not returned to wmi as Extrinsic. May be I should explicitly initialize the class _wmi_watcher and set self.is_extrinsic = True? Thanks Khyati On Tuesday, April 7, 2015 at 11:18:39 AM UTC-4, Tim Golden wrote: > On 07/04/2015 15:52, Tim Golden wrote: > > On 07/04/2015 15:35, Khyati wrote: > >> On Tuesday, April 7, 2015 at 10:31:47 AM UTC-4, Chris Angelico wrote: > >>> On Wed, Apr 8, 2015 at 12:15 AM, Khyati wrote: > >>>> Thanks for taking a look, Chris. > >>>> The error trace: > >>>> traceback (most recent call last): > >>>> File "MonitorRegistry.py", line 18, in > >>>>process_created = watcher() > >>>> File "C:\Python27\lib\site-packages\wmi.py", line 1195, in __call__ > >>>>handle_com_error () > >>>> File "C:\Python27\lib\site-packages\wmi.py", line 241, in > >>>> handle_com_error > >>>>raise klass (com_error=err) > >>>> _wmi: >>>> (0, u'SWbemPropertySet', u'Not found ', None, 0, -2147217406), None)> > >>> > >>> It looks to me like this is a thin wrapper around the underlying API > >>> call, and you're getting back an error from the lower-level services. > >>> The way this reads, there might well not be an > >>> HKLM\Software\Temp\Name; maybe the ValueName is what's wrong here? > >>> > >>> Someone somewhere knows more than I do, but if you can't find that > >>> someone here on python-list, you might be able to find some help on > >>> Stack Overflow or another mailing list, from people who know how to do > >>> this kind of thing in a different language. You'd have to translate > >>> their suggestions back into Python, but when the wrappers are thin > >>> enough, that's usually not too hard. > >>> > >>> ChrisA > >> > >> HKLM\Software\Temp\Name exists since the event is caught correctly only > >> when I change that key. > >> i'll keep looking :) > >> > > > > Hi, Khyati. > > > > Unfortunately, extrinsic events don't come with much information. As you > > can see from the MSDN description: > > > > https://msdn.microsoft.com/en-us/library/aa390355%28v=vs.85%29.aspx > > > > they're not linked to WMI objects internally (which the intrinsic events > > are) so all they can do is echo back to you details of what changed -- > > which will usually be the thing you were asking about in the first place! > > > > So the Python wrapper doesn't receive any TargetInstance because it's > > not a *WMI* event as such, linked to a WMI object; rather, it's an > > external event which has provided a hook for WMI to hang on to. > > > > In this specific case, you could use the WMI Registry provider to pick > > up the current value of that registry value, but that wouldn't tell you > > what was there before or anything else. In another case, the event might > > be about some entirely external system -- such as the > > SecurityViolationEvent in the MSDN example -- which provides no WMI > > interface beyond the event itself. > > > > Feel free to ask more, either on this list or on the win32-specific > > Python list: > > > > https://mail.python.org/mailman/listinfo/python-win32 > > > > (I'm not often free to answer questions so best to use the public forums > > where more people will be able to help). > > > Forgot to say: you can simplify your code a little as well: > > > import wmi > > c = wmi.WMI(namespace="root/default") > watcher = c.RegistryValueChangeEvent(Hive="HKEY_LOCAL_MACHINE", > KeyPath=r"Software\\Temp", ValueName="Name") > > event = watcher() > > > > TJG -- https://mail.python.org/mailman/listinfo/python-list
Re: Python library - WMI.py RegistryValueChangeEvent
Resolved: watcher = c.watch_for(raw_wql=raw_wql,wmi_class = "RegistryValueChangeEvent") is the right way - instead of wmi_class = __ExtrinsicEvent Thanks, everyone. On Tuesday, April 7, 2015 at 11:30:33 AM UTC-4, Khyati wrote: > Thanks TJG for your reply. > I guess at this point the question is why is the event not returned to wmi as > Extrinsic. May be I should explicitly initialize the class _wmi_watcher and > set self.is_extrinsic = True? > > > Thanks > Khyati > > On Tuesday, April 7, 2015 at 11:18:39 AM UTC-4, Tim Golden wrote: > > On 07/04/2015 15:52, Tim Golden wrote: > > > On 07/04/2015 15:35, Khyati wrote: > > >> On Tuesday, April 7, 2015 at 10:31:47 AM UTC-4, Chris Angelico wrote: > > >>> On Wed, Apr 8, 2015 at 12:15 AM, Khyati wrote: > > >>>> Thanks for taking a look, Chris. > > >>>> The error trace: > > >>>> traceback (most recent call last): > > >>>> File "MonitorRegistry.py", line 18, in > > >>>>process_created = watcher() > > >>>> File "C:\Python27\lib\site-packages\wmi.py", line 1195, in __call__ > > >>>>handle_com_error () > > >>>> File "C:\Python27\lib\site-packages\wmi.py", line 241, in > > >>>> handle_com_error > > >>>>raise klass (com_error=err) > > >>>> _wmi: > >>>> occurred.', (0, u'SWbemPropertySet', u'Not found ', None, 0, > > >>>> -2147217406), None)> > > >>> > > >>> It looks to me like this is a thin wrapper around the underlying API > > >>> call, and you're getting back an error from the lower-level services. > > >>> The way this reads, there might well not be an > > >>> HKLM\Software\Temp\Name; maybe the ValueName is what's wrong here? > > >>> > > >>> Someone somewhere knows more than I do, but if you can't find that > > >>> someone here on python-list, you might be able to find some help on > > >>> Stack Overflow or another mailing list, from people who know how to do > > >>> this kind of thing in a different language. You'd have to translate > > >>> their suggestions back into Python, but when the wrappers are thin > > >>> enough, that's usually not too hard. > > >>> > > >>> ChrisA > > >> > > >> HKLM\Software\Temp\Name exists since the event is caught correctly only > > >> when I change that key. > > >> i'll keep looking :) > > >> > > > > > > Hi, Khyati. > > > > > > Unfortunately, extrinsic events don't come with much information. As you > > > can see from the MSDN description: > > > > > > https://msdn.microsoft.com/en-us/library/aa390355%28v=vs.85%29.aspx > > > > > > they're not linked to WMI objects internally (which the intrinsic events > > > are) so all they can do is echo back to you details of what changed -- > > > which will usually be the thing you were asking about in the first place! > > > > > > So the Python wrapper doesn't receive any TargetInstance because it's > > > not a *WMI* event as such, linked to a WMI object; rather, it's an > > > external event which has provided a hook for WMI to hang on to. > > > > > > In this specific case, you could use the WMI Registry provider to pick > > > up the current value of that registry value, but that wouldn't tell you > > > what was there before or anything else. In another case, the event might > > > be about some entirely external system -- such as the > > > SecurityViolationEvent in the MSDN example -- which provides no WMI > > > interface beyond the event itself. > > > > > > Feel free to ask more, either on this list or on the win32-specific > > > Python list: > > > > > > https://mail.python.org/mailman/listinfo/python-win32 > > > > > > (I'm not often free to answer questions so best to use the public forums > > > where more people will be able to help). > > > > > > Forgot to say: you can simplify your code a little as well: > > > > > > import wmi > > > > c = wmi.WMI(namespace="root/default") > > watcher = c.RegistryValueChangeEvent(Hive="HKEY_LOCAL_MACHINE", > > KeyPath=r"Software\\Temp", ValueName="Name") > > > > event = watcher() > > > > > > > > TJG -- https://mail.python.org/mailman/listinfo/python-list
