On Mon, Jun 5, 2017 at 3:19 PM, Pali Rohár <pali.rohar@xxxxxxxxx> wrote: > On Tuesday 06 June 2017 00:14:56 Darren Hart wrote: >> On Sat, May 27, 2017 at 01:14:15PM +0200, Pali Rohár wrote: >> > > metadata. I think that Samba has tools to interpret it, but there >> > > is currently no interface to get the data in the first place. >> > >> > No, there is no non-ms-windows tool for interpreting those binary >> > MOF (BMF) data yet. >> >> Good point. Updated. > > You are too late :-) Now there is my at https://github.com/pali/bmfdec > See my email "Binary MOF buffer in WMI is finally decoded!". > It comes out like this on my laptop. I don't know enough about MOF to know what we're supposed to do with this, but I suspect it at least gives us the sizes of buffers that we should be passing to the various methods. class WMIEvent : __ExtrinsicEvent { }; [WMI, Locale("MS\0x409"), Description("QDATA"), guid("{ABBC0F60-8EA1-11d1-00A0-C90629100000}")] class QDat { [WmiDataId(1), read, write, Description("qdata")] uint8 Bytes[128]; }; [WMI, Dynamic, Provider("WmiProv"), Locale("MS\0x409"), Description("BIOS WMI Query"), guid("{8D9DDCBC-A997-11DA-B012-B622A1EF5492}")] class WMI_Query { [key, read] String InstanceName; [read] Boolean Active; [WmiDataId(1), read, write, Description("BIOS WMI info")] QDat QDATA; }; [WMI, Locale("MS\0x409"), Description("Data"), guid("{a3776ce0-1e88-11db-a98b-0800200c9a66}")] class BDat { [WmiDataId(1), read, write, Description("data")] uint8 Bytes[4096]; }; [WMI, Dynamic, Provider("WmiProv"), Locale("MS\0x409"), Description("Interface"), guid("{A80593CE-A997-11DA-B012-B622A1EF5492}")] class BFn { [key, read] String InstanceName; [read] Boolean Active; [WmiMethodId(1), Implemented, read, write, Description("Do BFn")] void DoBFn([in, Description("Fn buf"), ID(0)] BDat Data, [out, Description("Fn buf"), ID(0)] BDat Data); }; [WMI, Dynamic, Provider("WmiProv"), Locale("MS\0x409"), Description("Event"), guid("{9DBB5994-A997-11DA-B012-B622A1EF5492}")] class BIOSEvent : WmiEvent { [key, read] String InstanceName; [read] Boolean Active; [WmiDataId(1), read, write, Description("Ev buf")] QDat Data; };