Search notes:

Windows Management Instrumentation

WMI is Microsoft's implementation of CIM (Common Information Model) for the Windows platform.
«Instrumentation» because it shows internal values of Windows like dashboard instruments in a car do.
WMI is Microsoft's implementation of WBEM and CIF.
WMI providers are:
WMI clients are:
MOF files are Managed Object Format files.

WMI Classes

Win32_Process, Win32_Service, AntiVirusProduct, Win32_Startup ...
WMI objects are queried using a SQL like language: WMI Query Language (WQL).
Persistent objects are stored in %SYSTEMROOT%\System32\wbem\Repository\OBJECTS.DATA.
Most classes are implemented as providers. Such providers are either COM dlls or kernel drivers.

Providers/

A provider monitors a managed object such as
A provider consists of
These DLLs and MOF files are located under %SYSTEMROOT%\System32\wbem.

Hierarchical Namespace

WMI classes are hierarchically organized into namespaces.

Remote usage

WMI can be used locally, and even more importantly and powerfully remotely.
There are two protocols for remote adminstering: DCOM and WinRM.
DCOM unfortunately is not very firewall friendly.
See also

PowerShell cmdlets

PowerShell cmdlets for WMI are

VBScript

The following simple script demonstrates how WMI can be queried with VBScript: 
option explicit

dim winos
set winos = getObject("winmgmts:").instancesOf("Win32_OperatingSystem")

dim rec
for each rec in winos ' {

    wScript.echo "Caption:           " & rec.caption
    wScript.echo "Manufacturer:      " & rec.manufacturer
    wScript.echo "Build Type:        " & rec.BuildType
    WScript.echo "Version:           " & rec.Version
    WScript.echo "Locale:            " & rec.Locale
    WScript.echo "Windows Directory: " & rec.windowsDirectory
    WScript.echo "Total memory:      " & round(rec.totalVisibleMemorySize/1024/1024) & " MB"
    WScript.echo "Serial Number:     " & rec.SerialNumber
    Wscript.echo ""
next ' }
Ideally, this script is executed from the command line with script.exe rather than wscript.exe: 
C:\users\rene> cscript query-Win32.vbs

See also

WMIC.exe
wbemtest.exe
WmiMgmt.msc and WinMgmt.exe
The Perl module DBD::WMI.
The Winmgmt service
DMTF
The PowerShell command noun wmiObject
The .NET class System.Management.ManagementObject represents a WMI instance.
WMI namespaces are securable objects.
IWbemServices, IWbemProviderInit

Links

https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf

Index

Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error: 8 attempt to write a readonly database in /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php:78 Stack trace: #0 /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php(78): PDOStatement->execute(Array) #1 /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php(30): insert_webrequest_('/notes/Windows/...', 1759955240, '216.73.216.10', 'Mozilla/5.0 App...', NULL) #2 /home/httpd/vhosts/renenyffenegger.ch/httpsdocs/notes/Windows/Management-Instrumentation/index(185): insert_webrequest() #3 {main} thrown in /home/httpd/vhosts/renenyffenegger.ch/php/web-request-database.php on line 78