On Friday 05 May 2017 23:55:46 Mario.Limonciello@xxxxxxxx wrote: > Unfortunately the MOF data that comes out of wmi-mof is so called > "Binary MOF" which has been pre-compiled to an intermediate format > with mofcomp.exe on Windows. The format of binary MOF is not > documented and the only known way to get text mof back out is by > using mofcomp.exe with some esoteric arguments. > > mofcomp.exe -MOF:recovered.mof -MFL:ms_409.mof -Amendment:MS_409 > binary_mof_file Looks like that binary MOF file has "well-known" file extension .bmf. File itself starts with magic hader "FOMB" which is in reverse BMOF (binary mof). But I was not able to find any specification nor any other details. As this binary format is dated back to Win9x I guess data would compressed by some old MS compression algorithm (CAB?). Moreover via tool wmiofck.exe it is possible to generate header file for WMI driver from binary mof file: wmiofck.exe -hfile.h -m -u file.bmf And what is interesting that in this file are also comments which looks like comes from that binary mof file. When I looked into output from mofcomp.exe with above args, that MOF output did not contain comments, so looks like we still can miss something. See: http://blog.nietrzeba.pl/2011/12/mof-decompilation.html -- Pali Rohár pali.rohar@xxxxxxxxx
Attachment:
signature.asc
Description: This is a digitally signed message part.
