Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

OSR Seminars


Go Back   OSR Online Lists > ntdev
Welcome, Guest
You must login to post to this list
  Message 1 of 3  
03 Jan 18 17:56
James Danks
xxxxxx@gmx.com
Join Date: 26 Dec 2017
Posts To This List: 12
Question about WMI architecture

This is question more about windows internals that driver development itself. From what I learnt myself it looks like that(more or less): 1. Process calls CoCreateInstance to create WMI instance 2. Process loads fastprox.dll 3. svchost.exe looks for providers and loads them into newly created WMIPrvSE.exe process (like cimwin32.dll) 4. I execute some WMI query 5. fastprox.dll uses ALPC to query WMIPrvSE.exe it gets response from cimwin32.dll and passes it back to process that queried WMI Is that more or less correct? Could someone give me more in-deep overview of what happens under the hood?
  Message 2 of 3  
03 Jan 18 18:39
James Danks
xxxxxx@gmx.com
Join Date: 26 Dec 2017
Posts To This List: 12
Question about WMI architecture

I'm interested more how it spawns processes and how it looks for providers, not how it implements them (because I already know that). How internally WmiPrvSE.exe is spawned and what's the role of WmiApSrv.exe and how exactly communication between each processes is managed and how WmiPrvSE.exe knows to which process it should send.
  Message 3 of 3  
04 Jan 18 14:05
Tim Roberts
xxxxxx@probo.com
Join Date: 28 Jan 2005
Posts To This List: 11997
Question about WMI architecture

xxxxx@gmx.com wrote: > This is question more about windows internals that driver development itself. > > From what I learnt myself it looks like that(more or less): > > 1. Process calls CoCreateInstance to create WMI instance > 2. Process loads fastprox.dll > 3. svchost.exe looks for providers and loads them into newly created WMIPrvSE.exe process (like cimwin32.dll) > 4. I execute some WMI query > 5. fastprox.dll uses ALPC to query WMIPrvSE.exe it gets response from cimwin32.dll and passes it back to process that queried WMI > <...excess quoted lines suppressed...> This is all very standard out-of-process COM stuff, doing RPC to proxy between the processes.  There's nothing terribly special about WMI in this respect.  One of the good COM texts, like Don Box's "Essential COM" or Dale Rogerson's "Inside COM" might be a good place to start. -- Tim Roberts, xxxxx@probo.com Providenza & Boekelheide, Inc.
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntdev list to be able to post.

All times are GMT -5. The time now is 02:52.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license