Need explanation for Invoke-CimMethod

metablaster · February 2, 2022, 5:33pm

Following command:

Invoke-CimMethod -ClassName Win32_Process -MethodName Create -CimSession $CimServer `
        -Arguments @{ CommandLine = "cmd /c del $TempLocation" } -ErrorAction Stop | Out-Null

Variables $CimServer and $TempLocation are not important, what I don’t understad is what does this command do?

I particular what does the create method do and why is there no need to specify command name which is to be created?
Why is command name cmd bundled into -Arguments parameter and how does that work, how is it parsed?

Are there MS docs that explain syntax of the create cim method?

EDIT:

Here is nother example:

[string] $cmd = "cmd /c c:\windows\system32\netstat.exe -ano >> $TempLocation"

$ProcessID = (Invoke-CimMethod -ClassName Win32_Process -MethodName Create `
	-Arguments @{ CommandLine = $cmd } -CimSession $CimServer -ErrorAction Stop).ProcessId

krzydoug · February 2, 2022, 7:51pm

It’s simply creating a process. It’s type is Win32_Process. That type has a method called Create(). Inside that process you can run whatever you would like. It has nothing to do with powershell specifically, you can create the same process and call the same method with cmd, vba, C#, etc. I would go look at the Win32_Process docs

metablaster · February 3, 2022, 8:45am

Thanks, I found following 2 links if anyone is interested:

Create method of the Win32_Process class - Win32 apps | Microsoft Docs

Calling a WMI Method - Win32 apps | Microsoft Docs

I see how it works but it’s still hard to comprehend in my head how is it possible to create a process out of a bundled command line and without knowing it what the process will do, there must be some parser for that, very good one I guess.

I know there is CreateProcess Win32 API, and I know how to use it in C++, but how it works in PS is still beyond my imagination.

For now I guess a special process is created which is able to execute command line and nothing more or less.

krzydoug · February 3, 2022, 5:56pm

You can’t do anything more or less with the process create method in powershell. The commandline property is a member of the process object, which you can run the same in many other languages. In your example the process is running cmd. You could change that to notepad, iexplore, etc. I must be misunderstanding you.

metablaster · February 3, 2022, 8:30pm

Thanks I get it.

CommandLine property is executed by newly created process, what ever that command line is.

Topic		Replies	Views
Invoke-CimMethod Executes Correct, But Returns WMI Error 0x8004101e PowerShell Help	6	232	May 2, 2018
invoke-command + CIM question PowerShell Help	6	194	May 6, 2020
How to start process remotely with admin console PowerShell Help	5	215	August 17, 2013
Renaming a file or folder on remote machine through WMI PowerShell Help	6	162	April 23, 2018
Software Installation, Logging, etc. PowerShell Help	0	109	December 31, 2011

Need explanation for Invoke-CimMethod

Related Topics