I ve been itching to write a plugin table that talks to WMI

Question

I ve been itching to write a plugin table that talks to WMI smile

Ian Fernandez · Answer

Is that you that is trying to write this

thor · Answer

Why not in core smile heart Please don t say lockdown gt gt

groob · Answer

go has a decent library for WMI i think

groob · Answer

I dont like sticking things in core until they re proven both in terms of need and in terms of stability of the APIs I m calling

groob · Answer

< thor> check out some of the crazy tables < fritz> has been adding lately smile

thor · Answer

Ah I see Nah I meant like I d really love to have a way of speaking to WMI directly via osquery so gut how we currently do things and make an interface table or something that just passes queries through directly to WMI The hardest part that I could never really sort out is the dynamic typing of things coming back We could do it with just everything presumed to be a string and then handle the typing on the backend but I ve never liked that answer That being said I also don t super love the current WMI abstraction either confused

fritz · Answer

I would love to see an interface similar to mdfind s current implementation of passing a query Typing doesn t worry me so long as you could cast the results ATC returns everything as strings

fritz · Answer

I wonder if you could return whatever the results were as just a JSON blob

thor · Answer

Possibly Might be something worth taking a stab at

fritz · Answer

The advantage to that is you wouldn t lose potential relational context by flattening everything into strings

fritz · Answer

Which is something the `plist` table currently suffers from when you deal with some nested items