Determining a device type with Win32_Battery WMI class
The purpose of the article is to use some WMI classes to determine whether the analyzed device is a laptop or desktop. For this, we will use Win32_Battery WMI class that represents a battery connected to the computer system[1].
Some notebooks use more than one battery and return more than one instance. Systems without a battery yield no instances, which may indicate and give us a greater chance of understanding the target as a desktop and not a laptop:
Syntax:[Dynamic, Provider("CIMWin32"), UUID("{8502C4B9-5FBB-11D2-AAC1-006008C78BC7}"), AMENDMENT]
class Win32_Battery : CIM_Battery
{
uint16 Availability;
uint32 BatteryRechargeTime;
uint16 BatteryStatus;
string Caption;
uint16 Chemistry;
uint32 ConfigManagerErrorCode;
boolean ConfigManagerUserConfig;
string CreationClassName;
string Description;
uint32 DesignCapacity;
uint64 DesignVoltage;
string DeviceID;
boolean ErrorCleared;
string ErrorDescription;
uint16 EstimatedChargeRemaining;
uint32 EstimatedRunTime;
uint32 ExpectedBatteryLife;
uint32 ExpectedLife;
uint32 FullChargeCapacity;
datetime InstallDate;
uint32 LastErrorCode;
uint32 MaxRechargeTime;
string Name;
string PNPDeviceID;
uint16 PowerManagementCapabilities[];
boolean PowerManagementSupported;
string SmartBatteryVersion;
string Status;
uint16 StatusInfo;
string SystemCreationClassName;
string SystemName;
uint32 TimeOnBattery;
uint32 TimeToFullCharge;
};
The Win32_Battery class has the following properties:
- Availability
- BatteryRechargeTime
- BatteryStatus
- Caption
- Chemistry
- ConfigManagerErrorCode
- ConfigManagerUserConfig
- CreationClassName
- Description
- DesignCapacity
- DesignVoltage
- DeviceID
- ErrorCleared
- ErrorDescription
- EstimatedChargeRemaining
- EstimatedRunTime
- ExpectedBatteryLife
- ExpectedLife
- FullChargeCapacity
- InstallDate
- LastErrorCode
- MaxRechargeTime
- Name
- PNPDeviceID
- PowerManagementCapabilities
- PowerManagementSupported
- SmartBatteryVersion
- Status
- StatusInfo
- SystemCreationClassName
- SystemName
Each of these properties contains a specific piece of battery-related information that can be queried using the WMI API.
Here’s a PowerShell script that uses the Win32_Battery WMI class to retrieve the battery status, FullChargeCapacity, and TimeToFullCharge information:
$battery = Get-WmiObject Win32_Battery
if ($battery.FullChargeCapacity -le 0) {
throw "Possible virtual machine"
}
else {
Write-Host "Battery Status: $($battery.BatteryStatus)"
Write-Host "Full Charge Capacity: $($battery.FullChargeCapacity) mWh"
Write-Host "Time to Full Charge: $($battery.EstimatedChargeRemaining) minutes"
}This API can also be used for identifying possible virtual machines. When using the Win32_Battery class on a virtual machine, the result may vary depending on the virtualization technology being used.
In some cases, the Win32_Battery class may not return any information because the virtual machine does not have a battery. For example, if the virtual machine is running on a hypervisor that does not provide battery emulation or does not have a virtualized battery installed, the Win32_Battery class will not be able to retrieve any battery-related information.
In other cases, the Win32_Battery class may return simulated or emulated battery information. Some virtualization technologies, such as VMware and Hyper-V, provide virtualized battery information to the guest operating system. This information may not reflect the actual battery status of the host machine and may only be used for testing or debugging purposes.
Overall, the Win32_Battery class may not be a reliable method for identifying virtual machines as the presence or absence of battery information does not necessarily indicate the presence or absence of virtualization. See you!!
