WMI不返回任何结果

Question

当我使用不带where子句的WMI时，它可以返回一些结果。但是，当我将其与where子句一起使用时，它不会返回任何结果。例如，我的事件日志的事件代码为4798，但是WMI不返回它。

procedure GetLogEvents(domain, user, password: string; Proc: TEventLogResultProc);
const
  wbemFlagForwardOnly = $00000020;
var
  FSWbemLocator : OLEVariant;
  FWMIService   : OLEVariant;
  FWbemObjectSet: OLEVariant;
  FWbemObject   : OLEVariant;
  oEnum         : IEnumvariant;
  iValue        : LongWord;
  i             : integer;
  Res: TEventLog;
begin;
    FSWbemLocator := CreateOleObject('WbemScripting.SWbemLocator');
    try
      FWMIService   := FSWbemLocator.ConnectServer(domain, 'root\CIMV2', user, password);
    except
      FWMIService   := FSWbemLocator.ConnectServer('localhost', 'root\CIMV2', '', '');
    end;
    FWbemObjectSet:= FWMIService.ExecQuery('SELECT Category,'+
                                                  ' ComputerName,'+
                                                  ' EventCode,'+
                                                  ' Message,'+
                                                  ' RecordNumber,'+
                                                  ' EventType,'+
                                                  ' TimeGenerated,'+
                                                  ' TimeWritten,'+
                                                  ' User,'+
                                                  ' Type,'+
                                                  ' EventIdentifier,'+
                                                  ' SourceName FROM Win32_NTLogEvent '+
                                                  ' Where EventCode="4798" or EventCode="5140" or EventCode="5142" '+
                                                  ' or EventCode="5143" or EventCode="5144" or ' +
                                                  ' EventCode="4663" or EventCode="4659" or EventCode="4656" or EventCode="4907" '+
                                                  ' or EventCode="4663" or EventCode="4660" or EventCode="4670"','WQL',wbemFlagForwardOnly);
    oEnum := IUnknown(FWbemObjectSet._NewEnum) as IEnumVariant;
    while oEnum.Next(1, FWbemObject, iValue) = 0 do
    begin
      try Res.Category        := String(FWbemObject.Category); except end;
      try Res.ComputerName    := String(FWbemObject.ComputerName); except end;
      try Res.sMessage        := String(FWbemObject.Message); except end;
      try Res.RecordNumber    := Integer(FWbemObject.RecordNumber); except end;
      try Res.EventCode       := Integer(FWbemObject.EventCode); except end;
      try Res.EventType       := String(FWbemObject.EventType); except end;
      try Res.TimeGenerated   := String(FWbemObject.TimeGenerated); except end;
      try Res.TimeWritten     := String(FWbemObject.TimeWritten); except end;
      try Res.SourceName      := String(FWbemObject.SourceName); except end;

      try Res.User            := String(FWbemObject.User); except end;
      try Res.sType           := String(FWbemObject.Type); except end;
      try Res.EventIdentifier := String(FWbemObject.EventIdentifier); except end;
      Proc(Res);
      FWbemObject:=Unassigned;
    end;
end;