Here’s how to list WMI event classes in the root\cimv2 namespace with C# and System.Management:

using System;
using System.Management;

class Program
{
    static void Main()
    {
        string query =
            @"Select * From Meta_Class Where __This Isa '__Event'";

        ManagementObjectSearcher searcher =
            new ManagementObjectSearcher(query);

        foreach (ManagementBaseObject cimv2Class in searcher.Get())
        {
            Console.WriteLine(cimv2Class.ClassPath.ClassName);
        }
    }
}

root\cimv2 is the default WMI namespace so you don’t have to use a ManagementScope instance. The WQL query passed to ManagementObjectSearcher is a WMI metadata query. It uses:

• Meta_Class to designate the query as a schema query, and
• __This property to recursively list __Event subclasses

(see here and here).

WMI class is an event class if its provider implemented as an event WMI provider and must be a subclass of __Event. This doesn’t mean that you can’t use ‘ordinary’ WMI classes like Win32_Process and Win32_Service in WQL event queries. You just have to use one of the __InstanceOperationEvent derived helper classes like __InstanceCreationEvent or __InstanceDeletionEvent, and WMI will use its own event subsystem to deliver events.

Here is a sample WQL query that subscribes to Win32_Process creation events:

Select * From __InstanceCreationEvent Within 5 Where TargetInstance Isa 'Win32_Process'

In this case you have to use the Within clause.