deprecated/removed wmic.exe is used internally

[AndreasDiet]

Type: Bug

found by accident, opened repos directory instead of a directory below of repos

note: wmic.exe is removed by default in WIn11 24H2/Server 2025 see https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features and search for wmic

1. in explorer, goto users directory source, select repos (with a a lot of subdirs) and open repos directory with VSCode
2. I wrote a catcher for wmic.exe usage, and that one get triggered

this is the process tree leading to wmic.exe usage 11172@3 C:\WINDOWS\Explorer.EXE

11792@3 "C:\Users\userName\AppData\Local\Programs\Microsoft VS Code\Code.exe" "Y:\Users\userName\Source\Repos"

    6016@3 "C:\Users\userName\AppData\Local\Programs\Microsoft VS Code\Code.exe" --type=utility --utility-sub-type=node.mojom.NodeService --lang=en-US --service-sandbox-type=none --dns-result-order=ipv4first --inspect-port=0 --user-data-dir="C:\Users\userName\AppData\Roaming\Code" --standard-schemes=vscode-webview,vscode-file --enable-sandbox --secure-schemes=vscode-webview,vscode-file --cors-schemes=vscode-webview,vscode-file --fetch-schemes=vscode-webview,vscode-file --service-worker-schemes=vscode-webview --code-cache-schemes=vscode-webview,vscode-file --field-trial-handle=3592,i,2303426158107455322,744989615190165103,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:8

      15208@3 c:\wmicCatcher\wmicCatcher.exe **wmic os get osarchitecture**

VS Code version: Code 1.93.1 (38c31bc77e0dd6ae88a4e9cc93428cc27a56ba40, 2024-09-11T17:20:05.685Z) OS version: Windows_NT x64 10.0.22631 Modes:

System Info

|Item|Value| |---|---| |CPUs|Intel(R) Core(TM) i5-8259U CPU @ 2.30GHz (8 x 2304)| |GPU Status|2d_canvas: enabled
canvas_oop_rasterization: enabled_on
direct_rendering_display_compositor: disabled_off_ok
gpu_compositing: enabled
multiple_raster_threads: enabled_on
opengl: enabled_on
rasterization: enabled
raw_draw: disabled_off_ok
skia_graphite: disabled_off
video_decode: enabled
video_encode: enabled
vulkan: disabled_off
webgl: enabled
webgl2: enabled
webgpu: enabled
webnn: disabled_off| |Load (avg)|undefined| |Memory (System)|31.87GB (13.97GB free)| |Process Argv|--crash-reporter-id e1aa181c-fd69-4fa8-809b-5a908b73639a| |Screen Reader|no| |VM|0%|

Extensions (41)

Extension|Author (truncated)|Version ---|---|--- doxdocgen|csc|1.4.0 vscode-markdownlint|Dav|0.56.0 gitlens|eam|15.5.0 esp-idf-extension|esp|1.8.1 vscode-pull-request-github|Git|0.96.0 better-cpp-syntax|jef|1.27.1 csdevkit|ms-|1.10.18 csharp|ms-|2.45.25 vscode-dotnet-runtime|ms-|2.1.5 debugpy|ms-|2024.10.0 isort|ms-|2023.10.1 python|ms-|2024.14.1 vscode-pylance|ms-|2024.9.1 jupyter|ms-|2024.8.1 jupyter-keymap|ms-|1.1.2 jupyter-renderers|ms-|1.0.19 vscode-jupyter-cell-tags|ms-|0.1.9 vscode-jupyter-slideshow|ms-|0.1.6 remote-containers|ms-|0.384.0 remote-ssh|ms-|0.114.3 remote-ssh-edit|ms-|0.86.0 remote-wsl|ms-|0.88.3 cmake-tools|ms-|1.19.51 cpptools|ms-|1.22.3 cpptools-extension-pack|ms-|1.3.0 hexeditor|ms-|1.10.0 powershell|ms-|2024.2.2 remote-explorer|ms-|0.4.3 vscode-serial-monitor|ms-|0.12.0 vsliveshare|ms-|1.0.5936 nrf-connect|nor|2024.9.87 nrf-connect-extension-pack|nor|2024.9.5 nrf-devicetree|nor|2024.9.26 nrf-kconfig|nor|2024.9.20 nrf-terminal|nor|2024.9.14 platformio-ide|pla|3.3.3 gnu-mapfiles|tro|1.1.0 cmake|twx|0.0.17 intellicode-api-usage-examples|Vis|0.2.8 vscodeintellicode|Vis|1.3.1 volar|Vue|2.1.6 (1 theme extensions excluded)

A/B Experiments

``` vsliv368cf:30146710 vspor879:30202332 vspor708:30202333 vspor363:30204092 vscod805:30301674 binariesv615:30325510 vsaa593cf:30376535 py29gd2263:31024239 c4g48928:30535728 azure-dev_surveyone:30548225 2i9eh265:30646982 962ge761:30959799 pythongtdpath:30769146 welcomedialogc:30910334 pythonnoceb:30805159 asynctok:30898717 pythonmypyd1:30879173 h48ei257:31000450 pythontbext0:30879054 accentitlementsc:30995553 dsvsc016:30899300 dsvsc017:30899301 dsvsc018:30899302 cppperfnew:31000557 dsvsc020:30976470 pythonait:31006305 dsvsc021:30996838 da93g388:31013173 a69g1124:31058053 dvdeprecation:31068756 dwnewjupytercf:31046870 2f103344:31071589 impr_priority:31102340 refactort:31108082 pythonrstrctxt:31112756 flighttreat:31134774 wkspc-onlycs-t:31132770 wkspc-ranged-c:31125598 fje88620:31121564 iacca1:31138162 ```

[AndreasDiet]

code.exe is internally using createProcess with wmic os get osarchitecture don't know how the program will behave if wmic.exe is no longer available starting with OS build 26100 (Win11 24H2/Server 2025) and createProcess will return with error code 2 (The system cannot find the file specified.) and code.exe cannot parse the output from wmic.exe

stdout output from wmic.exe send 1-> OSArchitecture
1-> 64-bit
1->
1->

something might rely on '64-bit'

[AndreasDiet]

a way to detect usage of wmic.exe reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmic.exe" /f /t REG_SZ /v debugger /d notepad.exe with this registry key notepad will open instead of using wmic.exe (in my case wmicCatcher.exe will be launched, which is starting the normal wmic.exe, redirecting the output from the child to the caller and is adding additional information in a log file)

in case wmic.exe is in c:\windows\system32\wbem, everything will work as expected (which is normal with current released operating systems) this exe is gone with build 26100 and VSCode might behave erroneously

I can setup a debugger and add a breakpoint in CreateProcess to get the full call stack please get in contact with me if I should do so