Re: RFC: WMI Enhancements
From: Andy Shevchenko
Date: Tue May 09 2017 - 15:04:22 EST
On Tue, May 9, 2017 at 9:10 PM, <Mario.Limonciello@xxxxxxxx> wrote:
>> > > Then took relevant decompression code and it really decompressed that
>> > > binary MOF WMI buffer. But still decompressed format is binary, but I
>> > > now see all WMI GUID encoded in UTF-16. Decompressed BMF file has again
>> > > "FOMB" magic header.
>> >
>> > Well that's great. Is it possible that this compression is used for every time
>> > a class was declared?
>>
>> Looks like not. That decompressed output seems to be not compressed
>> anymore. Just use same magic header.
> Actually it looks like a new magic header to me after decompressed.
>
> 46 4f 4d 42 54 15 00 00 01 00 00 00 01 00 00 00
> That's now FOMBT
I think you just mistakenly take 0x54 as letter when it looks more like
0x00001554
0x00000001
0x00000001
from the above dump.
--
With Best Regards,
Andy Shevchenko