Re: how to use WMI to discover disk sizes?

Tue, 05 Aug 2008 11:42:55 -0700 

Jason Haar wrote:
> Hi there
> 
> I'm trying to use "SELECT * FROM Win32_LogicalDisk WHERE DriveType=3 and 
> Name='C:'" to discover the disk size of C:, but the result returned is a 
> "uint64" according to the WMI docs, and not a string (it can show up as 
> "......"). Examples on M$ techpages refer to throwing it through "int()" 
> functions - but that doesn't seem to work with Nessus.
> 
> Are non-string results supported by NASL, and in any case, is there a 
> way of pulling back the size of the harddisk via Nessus?
> 


Hi Jason,

You could use the byte_func include library to work with the double
word returned by WMI query. Working with full words in NASL is not
supported that well. I recommend grabbing the upper bytes of the
disk size and dividing by 4 to get the gigabyte size. Here is some
sample code which prints out some other Win32_LogicalDisk items
without the C: filter:

include("byte_func.inc");
import("wmi_func.nlib");
wmiObject = WMI_ConnectServer("root\CIMV2");
if ( isnull(wmiObject) ) exit(0);
res = WMI_ExecQuery(wmiObject, "SELECT * FROM Win32_LogicalDisk");
repeat {
info = WMI_GetNextElement (res);
display("DeviceID: ", info["DeviceID"],"\n");
display("Name: ", info["Name"],"\n");
disksize = getword( blob:info["Size"], pos:0);
disksize = disksize / 4;
display("DiskSize: ",disksize," Gb\n");
display("\n");
} until (isnull(info));
WMI_ReleaseObject(res);
WMI_ReleaseObject(wmiObject);


The loop could be cleaned up more, but the logic and computation
of the gigabit is what you were looking for.

Here is a run against my laptop:

C:\Program Files\Tenable\Nessus\plugins\scripts>"c:\Program Files\Tenable\Nessus
\nasl.exe" -t 127.0.0.1 wmi-test.nasl.txt
Login : rgula
Password : **********

Domain :
DeviceID: C:
Name: C:
DiskSize: 48 Gb


Here is a run against a W2003 with an 8Gb VM partition:

[EMAIL PROTECTED] plugins]# /opt/nessus/bin/nasl -t 192.168.30.6 ./wmi-test.nasl
Login : Administrator
Password : **********
Domain :
DeviceID: A:
Name: A:
DiskSize: 0 Gb

DeviceID: C:
Name: C:
DiskSize: 8 Gb

DeviceID: D:
Name: D:
DiskSize: 0 Gb


I hope this helps you.

Ron Gula
Tenable Network Security



_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to