linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Binary MOF buffer in WMI is finally decoded!
@ 2017-06-04 16:09 Pali Rohár
  2017-06-05 22:08 ` Pali Rohár
  0 siblings, 1 reply; 3+ messages in thread
From: Pali Rohár @ 2017-06-04 16:09 UTC (permalink / raw)
  To: Darren Hart, Mario.Limonciello, Rafael Wysocki, Andy Lutomirski,
	andriy.shevchenko
  Cc: platform-driver-x86, linux-kernel

[-- Attachment #1: Type: Text/Plain, Size: 1657 bytes --]

Hi!

As already mentioned in RFC: WMI Enhancements thread [1], I looked at 
binary MOF buffer used by WMI which is included in ACPI DSDT table.

That binary MOF buffer contains description of WMI methods and 
structures used by ACPI-WMI. It also contains mapping from human 
readable function names to ACPI-WMI magical numbers used for calling WMI 
methods via ACPI.

Basically in that binary MOF buffer is description of structures used as 
input and output arguments for WMI methods/function calls.

Until now, there were not information nor any parser of those binary MOF 
files (.bmf file). There is some Microsoft proprietary tool which can 
compile text MOF file to binary and vice versa.

I was able to decode that binary MOF format and wrote simple bmfparse 
tool. It is available in git repository [2]. Currently parsing of 
function parameters is not implemented yet.

Binary MOF format is compressed by prehistoric DS-01 algorithm 
(modification of LZ-77) which was used as compression algorithm for 
FAT-16. Maybe you remember DMSDOS or DoubleSpace... After decompression, 
the whole format is so shitty, probably half of data are just lengths of 
sub structures and sub-sub-... structures.

I hope this bmfparse program would help in writing new wmi drivers for 
Linux or inspection of available WMI methods.

Probably we could implement parser of BMOF in kernel and allow 
validation of function parameters or usage of human readable names of 
WMI methods?

[1] - https://www.spinics.net/lists/platform-driver-x86/msg11574.html
[2] - https://github.com/pali/bmfdec

-- 
Pali Rohár
pali.rohar@gmail.com

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Binary MOF buffer in WMI is finally decoded!
  2017-06-04 16:09 Binary MOF buffer in WMI is finally decoded! Pali Rohár
@ 2017-06-05 22:08 ` Pali Rohár
  2017-06-16 12:53   ` Pali Rohár
  0 siblings, 1 reply; 3+ messages in thread
From: Pali Rohár @ 2017-06-05 22:08 UTC (permalink / raw)
  To: Darren Hart
  Cc: Mario.Limonciello, Rafael Wysocki, Andy Lutomirski,
	andriy.shevchenko, platform-driver-x86, linux-kernel

[-- Attachment #1: Type: Text/Plain, Size: 2414 bytes --]

On Sunday 04 June 2017 18:09:21 Pali Rohár wrote:
> Hi!
> 
> As already mentioned in RFC: WMI Enhancements thread [1], I looked at
> binary MOF buffer used by WMI which is included in ACPI DSDT table.
> 
> That binary MOF buffer contains description of WMI methods and
> structures used by ACPI-WMI. It also contains mapping from human
> readable function names to ACPI-WMI magical numbers used for calling
> WMI methods via ACPI.
> 
> Basically in that binary MOF buffer is description of structures used
> as input and output arguments for WMI methods/function calls.
> 
> Until now, there were not information nor any parser of those binary
> MOF files (.bmf file). There is some Microsoft proprietary tool
> which can compile text MOF file to binary and vice versa.
> 
> I was able to decode that binary MOF format and wrote simple bmfparse
> tool. It is available in git repository [2]. Currently parsing of
> function parameters is not implemented yet.
> 
> Binary MOF format is compressed by prehistoric DS-01 algorithm
> (modification of LZ-77) which was used as compression algorithm for
> FAT-16. Maybe you remember DMSDOS or DoubleSpace... After
> decompression, the whole format is so shitty, probably half of data
> are just lengths of sub structures and sub-sub-... structures.
> 
> I hope this bmfparse program would help in writing new wmi drivers
> for Linux or inspection of available WMI methods.
> 
> Probably we could implement parser of BMOF in kernel and allow
> validation of function parameters or usage of human readable names of
> WMI methods?
> 
> [1] - https://www.spinics.net/lists/platform-driver-x86/msg11574.html
> [2] - https://github.com/pali/bmfdec

Small update: function parameters are now decoded too. I fixed some 
problems and added new tool bmf2mof which decompile BMF file back to 
UTF-8 encoded plain text MOF file. It is in git repository:

https://github.com/pali/bmfdec

I run it on more binary WMI MOF buffers and it successfully parsed 
everything.

So if you have some time, I would like you to ask for testing those 
tools if they can parse binary WMI MOF buffers without problems.

As I wrote it by just looking at decompressed dumps without any 
documentation, it does not have to be correct or working... Also there 
are no proper checks for buffer overflows yet.

-- 
Pali Rohár
pali.rohar@gmail.com

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: Binary MOF buffer in WMI is finally decoded!
  2017-06-05 22:08 ` Pali Rohár
@ 2017-06-16 12:53   ` Pali Rohár
  0 siblings, 0 replies; 3+ messages in thread
From: Pali Rohár @ 2017-06-16 12:53 UTC (permalink / raw)
  To: Darren Hart
  Cc: Mario.Limonciello, Rafael Wysocki, Andy Lutomirski,
	andriy.shevchenko, platform-driver-x86, linux-kernel

[-- Attachment #1: Type: Text/Plain, Size: 2699 bytes --]

On Tuesday 06 June 2017 00:08:49 Pali Rohár wrote:
> On Sunday 04 June 2017 18:09:21 Pali Rohár wrote:
> > Hi!
> > 
> > As already mentioned in RFC: WMI Enhancements thread [1], I looked
> > at binary MOF buffer used by WMI which is included in ACPI DSDT
> > table.
> > 
> > That binary MOF buffer contains description of WMI methods and
> > structures used by ACPI-WMI. It also contains mapping from human
> > readable function names to ACPI-WMI magical numbers used for
> > calling WMI methods via ACPI.
> > 
> > Basically in that binary MOF buffer is description of structures
> > used as input and output arguments for WMI methods/function calls.
> > 
> > Until now, there were not information nor any parser of those
> > binary MOF files (.bmf file). There is some Microsoft proprietary
> > tool which can compile text MOF file to binary and vice versa.
> > 
> > I was able to decode that binary MOF format and wrote simple
> > bmfparse tool. It is available in git repository [2]. Currently
> > parsing of function parameters is not implemented yet.
> > 
> > Binary MOF format is compressed by prehistoric DS-01 algorithm
> > (modification of LZ-77) which was used as compression algorithm for
> > FAT-16. Maybe you remember DMSDOS or DoubleSpace... After
> > decompression, the whole format is so shitty, probably half of data
> > are just lengths of sub structures and sub-sub-... structures.
> > 
> > I hope this bmfparse program would help in writing new wmi drivers
> > for Linux or inspection of available WMI methods.
> > 
> > Probably we could implement parser of BMOF in kernel and allow
> > validation of function parameters or usage of human readable names
> > of WMI methods?
> > 
> > [1] -
> > https://www.spinics.net/lists/platform-driver-x86/msg11574.html
> > [2] - https://github.com/pali/bmfdec
> 
> Small update: function parameters are now decoded too. I fixed some
> problems and added new tool bmf2mof which decompile BMF file back to
> UTF-8 encoded plain text MOF file. It is in git repository:
> 
> https://github.com/pali/bmfdec
> 
> I run it on more binary WMI MOF buffers and it successfully parsed
> everything.
> 
> So if you have some time, I would like you to ask for testing those
> tools if they can parse binary WMI MOF buffers without problems.
> 
> As I wrote it by just looking at decompressed dumps without any
> documentation, it does not have to be correct or working... Also
> there are no proper checks for buffer overflows yet.

Now added support for parsing BMOFQUALFLAVOR11 part. Which means whole 
parsing of BMOF files should be complete now.

-- 
Pali Rohár
pali.rohar@gmail.com

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2017-06-16 12:53 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-06-04 16:09 Binary MOF buffer in WMI is finally decoded! Pali Rohár
2017-06-05 22:08 ` Pali Rohár
2017-06-16 12:53   ` Pali Rohár

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).