Now we need to get the class identifier or CLSID of the provider from the provider name. To do so, you submit a WMI query for the system class called __Win32Provider, which will contain the CLSID or GUID of the provider COM object. Run wbemtest.exe, connect to the target namespace (root\default), click the Query button, and issue the following query:
Select * from __Win32Provider where name="InstProvSamp"
In the query result box, you'll see an entry like the following:
_Win32Provider.Name="InstProvSamp"
Open the Object editor by double-clicking this entry, as Figure 3 shows.
Notice the CLSID entry pointing to the GUID that we need; every COM object places a registration entry under HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID. We can use regedit.exe to pinpoint our search directly to the COM registration information and get right to the exact name and location of the WMI provider binary, as Figure 4 shows.
As I mentioned, the provider binary name doesn't always match the class name. For instance, the registry provider is defined under the root\default class, and the __Win32Provider name is RegProv. However, the actual DLL name is STDPROV.DLL and is located under the c:\windows\system32\wbem directory.
More Uses
There are several reasons why you might need to find the binary name for a given WMI class; I only mentioned CPU utilization as one possible scenario. Although your scenario may be different, the steps I've described will work to find the WMI provider binary name and location for every scenario. Good luck, and as usual please feel free to contact me regarding this article or any of my previous articles.