{"id":3000,"date":"2015-09-07T22:48:21","date_gmt":"2015-09-07T20:48:21","guid":{"rendered":"http:\/\/michlstechblog.info\/blog\/?p=3000"},"modified":"2015-09-08T10:17:41","modified_gmt":"2015-09-08T08:17:41","slug":"windows-identify-a-wpbt-binary-in-biosuefi","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/windows-identify-a-wpbt-binary-in-biosuefi\/","title":{"rendered":"Windows: Identify a WPBT binary in the ACPI Table of BIOS\/UEFI"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_3000 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_3000')){$('.twoclick_social_bookmarks_post_3000').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"Windows%3A%20Identify%20a%20WPBT%20binary%20in%20the%20ACPI%20Table%20of%20BIOS%2FUEFI\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Ato%20identify%20a%20Windows%20executable%20in%20the%20ACPI%20Windows%20Platform%20Binary%20Table%20entry%20of%20a%20BIOS%20or%20UEFI%20fimware%20start%20a%20live%20linux%20distribution%20from%20a%20CD%2C%20DVD%20or%20USB%20Stick.%0D%0A%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/windows-identify-a-wpbt-binary-in-biosuefi\\\/\",\"post_id\":3000,\"post_title_referrer_track\":\"Windows%3A+Identify+a+WPBT+binary+in+the+ACPI+Table+of+BIOS%2FUEFI\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>to identify a Windows executable in the ACPI Windows Platform Binary Table entry of a BIOS or UEFI fimware start a live linux distribution from a CD, DVD or USB Stick.<\/p>\n<p><!--more--><br \/>\nUse the acpidump command and looking for a section<br \/>\n<code><br \/>\nroot@devdeb # acpidump | grep WPBT<br \/>\n<\/code><\/p>\n<p>Or look in sysfs<br \/>\n<code><br \/>\nroot@devdeb # ls -l \/sys\/firmware\/acpi\/tables<br \/>\nr-------- 1 root root 0 Sep  7 22:48 DSDT<br \/>\ndrwxr-xr-x 2 root root 0 Sep  7 22:48 dynamic<br \/>\n-r-------- 1 root root 0 Sep  7 22:48 FACP<br \/>\n-r-------- 1 root root 0 Sep  7 22:48 FACS<br \/>\n-r-------- 1 root root 0 Sep  7 22:48 SSDT<br \/>\n-r-------- 1 root root 0 Sep  7 22:48 WPBT<br \/>\n<\/code><\/p>\n<p>To copy the binary to your harddisk use<br \/>\n<code><br \/>\nroot@devdeb # dd if=\/sys\/firmware\/acpi\/tables\/WPBT of=\/tmp\/binary.exe<br \/>\n<\/code><\/p>\n<p>To identify if your Windows system is executing a WPBT binary check if file <strong>C:\\Windows\\system32\\wpbbin.exe<\/strong> exists<\/p>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, to identify a Windows executable in the ACPI Windows Platform Binary Table entry of a BIOS or UEFI fimware start a live linux distribution from a CD, DVD or USB Stick.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[466,5],"tags":[740,20,738,739],"class_list":["post-3000","post","type-post","status-publish","format-standard","hentry","category-security","category-windowsknowhow","tag-identify","tag-windows-2","tag-windows-platform-binary-table","tag-wpbt"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/3000","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=3000"}],"version-history":[{"count":8,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/3000\/revisions"}],"predecessor-version":[{"id":3006,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/3000\/revisions\/3006"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=3000"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=3000"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=3000"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}