Windows: Identify a WPBT binary in the ACPI Table of BIOS/UEFI

Hi,

to identify a Windows executable in the ACPI Windows Platform Binary Table entry of a BIOS or UEFI fimware start a live linux distribution from a CD, DVD or USB Stick.


Use the acpidump command and looking for a section

root@devdeb # acpidump | grep WPBT

Or look in sysfs

root@devdeb # ls -l /sys/firmware/acpi/tables
r-------- 1 root root 0 Sep 7 22:48 DSDT
drwxr-xr-x 2 root root 0 Sep 7 22:48 dynamic
-r-------- 1 root root 0 Sep 7 22:48 FACP
-r-------- 1 root root 0 Sep 7 22:48 FACS
-r-------- 1 root root 0 Sep 7 22:48 SSDT
-r-------- 1 root root 0 Sep 7 22:48 WPBT

To copy the binary to your harddisk use

root@devdeb # dd if=/sys/firmware/acpi/tables/WPBT of=/tmp/binary.exe

To identify if your Windows system is executing a WPBT binary check if file C:\Windows\system32\wpbbin.exe exists

Michael

Leave a Reply