Mapping from NDIS OIDs to WMI classes

In which we write a PowerShell script, install the WDK, attach a kernel debugger, reverse-engineer the OS, and prove Goldbach’s conjecture We’ve previously talked about how to rummage through all the NDIS WMI classes, but there’s one topic we haven’t fully covered.  Suppose you’re looking for the WMI class that maps to a specific OID…


Why is there a redundant Restart-NetAdapter cmdlet?

Sometimes you can’t just Enable your way out of a Disable mess Windows 8 and Windows Server 2012 include a whole set of new PowerShell cmdlets to manage the network stack.  These cmdlets include Enable-NetAdapter and Disable-NetAdapter.  Believe it or not, those two cmdlets let you enable and disable your network adapters, respectively.  Want to…


WMI events

Smarter than polling Suppose you want to know if a network adapter is connected.  If you read our last WMI blog post, you’re already clever enough to solve this handily: just query MSNdis_LinkState and execute  the WmiQueryLinkState method.  This is great if you need to poll the NIC for connectivity status — but what if…


Exploring NDIS’s WMI classes

Getting fancy with PowerShell and WMI Last time we got our feet wet with a simple PowerShell script to query Ethernet MAC addresses.  It looked easy, but of course, it requires you to know the magic WMI class name “MSNdis_EthernetCurrentAddress”.  How do you go about discovering other interesting WMI classes?  Once again, PowerShell to the…


PWN* your network adapter

*PWN = PowerShell, WMI, and NDIS WMI is frequently misunderstood.   WMI is a large collection of technologies designed to help you manage computers.  Most commonly, you’ll see IT pros using WMI (usually via VBScript) to do something funky across their domain, like search 1000 computers for nearly-full disk volumes.  But (another misunderstood point) VBScript isn’t…