WMIDumpper

This is a set of tools to help analyze a WMI ACPI device mapping information and descriptors.

WDG blocks contain the WMI device mapping information like data blocks GUIDs, object IDs, and notify IDs. The buffers contain a list of mapping information of the following structure.

        
            typedef struct
            {
                GUID guid;             // GUID that names data block
                union
                {
                    CHAR ObjectId[2];  // 2-character ACPI ID  (Data Blocks and Methods)
                    struct
                    {
                        UCHAR NotificationValue;  // Byte value passed by event handler control method
                        UCHAR Reserved[1];
                    } NotifyId;
                }
                USHORT InstanceCount;  // Number of separate instances of data block
                USHORT Flags;          // Flags
            };

BMF blocks on the other hand, describe what data blocks, methods, and events a WMI device has to offer.

Please refer to wmi-acpi for more information and examples.

WDG Block Parser

Usage

Find the _WDG name block of your WMI device and copy the content of the buffer to the left textbox.


        Name (_WDG, Buffer (0x50)
        {
        --- cut here ---
        /* 0000 */    0xD0, 0x5E, 0x84, 0x97, 0x6D, 0x4E, 0xDE, 0x11,
        /* 0008 */    0x8A, 0x39, 0x08, 0x00, 0x20, 0x0C, 0x9A, 0x66,
        /* 0010 */    0x42, 0x43, 0x01, 0x02, 0xA0, 0x47, 0x67, 0x46,
        /* 0018 */    0xEC, 0x70, 0xDE, 0x11, 0x8A, 0x39, 0x08, 0x00,
        /* 0020 */    0x20, 0x0C, 0x9A, 0x66, 0x42, 0x44, 0x01, 0x02,
        /* 0028 */    0x72, 0x0F, 0xBC, 0xAB, 0xA1, 0x8E, 0xD1, 0x11,
        /* 0030 */    0x00, 0xA0, 0xC9, 0x06, 0x29, 0x10, 0x00, 0x00,
        /* 0038 */    0xD2, 0x00, 0x01, 0x08, 0x21, 0x12, 0x90, 0x05,
        /* 0040 */    0x66, 0xD5, 0xD1, 0x11, 0xB2, 0xF0, 0x00, 0xA0,
        /* 0048 */    0xC9, 0x06, 0x29, 0x10, 0x4D, 0x4F, 0x01, 0x00
        --- end cut ---
        })

Click submit to parse the _WDG block.


BMF Block Parser

Usage

Find the BMF name block of your WMI device and copy the content of the buffer to the left textbox. The BMF block usually named like WQxx.


        Name (WQBA, Buffer (0x03EE)
        {
        --- cut here ---
        /* 0000 */  0x46, 0x4F, 0x4D, 0x42, 0x01, 0x00, 0x00, 0x00,  // FOMB....
        /* 0008 */  0xDE, 0x03, 0x00, 0x00, 0x38, 0x0C, 0x00, 0x00,  // ....8...
        /* 0010 */  0x44, 0x53, 0x00, 0x01, 0x1A, 0x7D, 0xDA, 0x54,  // DS...}.T
        /* 0018 */  0x18, 0xD3, 0x85, 0x00, 0x01, 0x06, 0x18, 0x42,  // .......B
        /* 0030 */  0x40, 0x24, 0x09, 0x42, 0xBC, 0x22, 0x20, 0x42,  // @$.B." B
        ...
        /* 03C8 */  0x73, 0xB2, 0x91, 0x11, 0x10, 0x29, 0x03, 0x11,  // s....)..
        /* 03D0 */  0x90, 0xFF, 0xFF, 0x42, 0x9E, 0x46, 0x02, 0xB2,  // ...B.F..
        /* 03D8 */  0x2C, 0x10, 0x01, 0x39, 0x22, 0x10, 0x0D, 0x0C,  // ,..9"...
        /* 03E0 */  0x44, 0xE5, 0x9A, 0x00, 0x61, 0x61, 0x41, 0x68,  // D...aaAh
        /* 03E8 */  0x4C, 0x15, 0x20, 0xEC, 0xFF, 0x0F               // L. ...
        --- end cut ---
        })

Click submit to parse the BMF block.




Credits