Skip to content

_ACPI Monitoring and Debugging

Jump to bottom
Serge edited this page Feb 28, 2024 · 6 revisions

Quick manual on how to monitor, what specifically AC sends to the device

Preparation

  1. Disable windows Bitlocker / Drive Encryption
  2. Turn off Secure Boot in BIOS
  3. Download and IRPMon application install https://github.com/MartinDrab/IRPMon/releases
  4. Reboot

EXPLANATION: In order to allow IRPM Mon run, you need to disable Secure Boot in BIOS. But with secure boot disabled, your windows bitlocker also won't work, so you need to turn off Bitlocker beforehand as well

Setting up IRPMon

  1. Right click on IRPMon icon, and select Run as Administrator

  2. In popup window select Device tab, enter \\.\irpmndrv there and click OK Screenshot 2024-02-25 223521

  3. Go to Action -> Drivers and Devices and scroll down to Driver/ATKWMIACPIIO Screenshot 2024-02-25 223549

  4. Right click on it, and check Data (important!) and Hook to it. Under IRP column (on the right) select only DeviceControl checkbox. Screenshot 2024-02-25 223556

  5. Under Request -> Filters create a new filter with this params

Type : IRP, Column : DeviceName, Contains : ATKACPI, Action : INCLUDE. Click ADD and APPLY (important) Screenshot 2024-02-25 224105

  1. Under Monitoring select Capture Packets. You should see some requests coming from AC (or any other app) Screenshot 2024-02-25 224135

By double clicking on packets, you should see Hexer tab containing actual data payload that app sends

Capturing

  1. Launch AC and in UI prepare to perform action you want to monitor. For example go to Manual mode
  2. In IRPMmon, select Monitoring -> Start capturing and Clear everything (AC could be quite spammy with data)
  3. Quickly alt-tab to AC and perform your action - i.e. click Apply on Manual mode
  4. In IRPMon - Stop Capturing and save captured data as a log :)
Clone this wiki locally