BitLocker Values

Question

I'm trying to get BitLocker information from a remote host. I used to do this using PowerShell (Get-BitLockerVolume) which would provide lots of useful information. When I try using C#, I don't get as much information back. Looking on Microsoft's website and from further research, I can't find anything to help me.

Does anyone know how to get the same output as Get-BitLockerVolume in C#?

By the way, this is what I've been testing within C#:

CimSession session = CimSession.Create(computerHostName);

IEnumerable<CimInstance> GI1 = session.QueryInstances(@"root\cimv2\Security\MicrosoftVolumeEncryption", "WQL", "SELECT * FROM Win32_EncryptableVolume");

foreach(CimInstance i in GI1)
{
    Console.WriteLine("MountPoint: {0}, Protection: {1}",
        i.CimInstanceProperties["DriveLetter"].Value,
        i.CimInstanceProperties["ProtectionStatus"].Value);
}

The user account you use matters, DriverLetter is a per-user setting. — Hans Passant, May 29 '19 at 13:01
PowerShell modules are typically implemented in either PowerShell or a .NET assembly (easily decompiled). `(Get-Command Get-BitLockerVolume).Module | Get-Module | Select Path` will point you directly to the source in this case. Looking at that (`Get-BitLockerVolumeInternal`), you'll see it uses the same CIM class as you're using, but calls a few more methods to get some data directly as properties. You can either replicate that stuff, or go the easy way and use a PowerShell pipeline in C# to just call `Get-BitLockerVolume` directly. — Jeroen Mostert, May 29 '19 at 13:04
Thanks @JeroenMostert ! Didn't know I could track back the source like that. I was hoping to only use C# but using PowerShell as well seems simpler in this case. — I.T Delinquent, May 29 '19 at 13:07
@JeroenMostert When I used a runspace and run PowerShell inside to the remote host, when running Get-Process I get the information back but I don't get anything back when using Get-BitLockerVolume — I.T Delinquent, May 29 '19 at 15:01

score 0 · Accepted Answer · answered May 29 '19 at 13:30

As Jeroen recalls, you will be able to get that information calling methods on your WMI instances. As for the docs, Win32_EncryptableVolume only exposes the following properties:

class Win32_EncryptableVolume
{
  string DeviceID;
  string PersistentVolumeID;
  string DriveLetter;
  uint32 ProtectionStatus;
};

To easily get the information you need using WMI and method access, you can use ORMi library:

You can define for example your class like this:

public class Win32_EncryptableVolume : WMIInstance
{
  public string DeviceID {get; set;}
  public string PersistentVolumeID {get; set;}
  public string DriveLetter {get; set;}
  public int ProtectionStatus {get; set;}

  [WMIIgnore]
  public int Version {get; set;}

  public int GetVersion()
  {
     return WMIMethod.ExecuteMethod<int>(this)
  }
}

Then you could do something like:

WmiHelper _helper = new WmiHelper("root\\Cimv2"); //Define the correct scope

List<Win32_EncryptableVolume> volumes = _helper.Query<Win32_EncryptableVolume>().ToList();

foreach(Win32_EncryptableVolume v in volumes)
{
    v.Version = v.GetVersion();
}

I suppose `public int Version => GetVersion()` would also do, if we don't care about caching the value or updating any instances? That would save on some initialization code. — Jeroen Mostert, May 29 '19 at 14:25
So to get the same output as Get-BitLockerVolume I would have to query a couple of WMI locations and add them all together? — I.T Delinquent, May 29 '19 at 14:51
@JeroenMostert Yes!... yours would be much better implementation — NicoRiff, May 29 '19 at 15:02

BitLocker Values

1 Answers1