ULONG FindAwardBios( UCHAR** ppBiosAddr )
{
UCHAR* pBiosAddr = *ppBiosAddr + 0xEC71;
UCHAR *p;
UCHAR szBiosData[128];
ULONG iLen;
RtlCopyMemory( szBiosData, pBiosAddr, 127 );
szBiosData[127] = 0;
iLen = strlen( ( CHAR* )szBiosData );
if( iLen > 0 && iLen < 128 )
{
//AWard: 07/08/2002-i845G-ITE8712-JF69VD0CC-00
//Phoenix-Award: 03/12/2002-sis645-p4s333
if( szBiosData[2] == '/' && szBiosData[5] == '/' )
{
p = szBiosData;
while( * p )
{
if( *p < ' ' || *p >= 127 )
{
break;
}
++ p;
}
if( *p == 0 )
{
*ppBiosAddr = pBiosAddr;
return iLen;
}
}
}
return 0;
}
ULONG FindAmiBios( UCHAR** ppBiosAddr )
{
UCHAR* pBiosAddr = * ppBiosAddr + 0xF478;
UCHAR *p;
UCHAR szBiosData[128];
ULONG iLen;
RtlCopyMemory( szBiosData, pBiosAddr, 127 );
szBiosData[127] = 0;
iLen = strlen( ( char* )szBiosData );
if( iLen > 0 && iLen < 128 )
{
// Example: "AMI: 51-2300-000000-00101111-030199-"
if( szBiosData[2] == '-' && szBiosData[7] == '-' )
{
p = szBiosData;
while( *p )
{
if( *p < ' ' || *p >= 127 )
{
break;
}
++ p;
}
if( *p == 0 )
{
*ppBiosAddr = pBiosAddr;
return ( ULONG )iLen;
}
}
}
return 0;
}
ULONG FindPhoenixBios( UCHAR** ppBiosAddr )
{
ULONG uOffset[3] = { 0x6577, 0x7196, 0x7550 };
ULONG i;
ULONG iLen;
UCHAR *pBiosAddr, *p;
UCHAR szBiosData[128];
for( i = 0; i < 3; ++ i )
{
pBiosAddr = * ppBiosAddr + uOffset[i];
RtlCopyMemory( szBiosData, pBiosAddr, 127 );
szBiosData[127] = 0;
iLen = strlen( ( char* )szBiosData );
if( iLen > 0 && iLen < 128 )
{
// Example: Phoenix "NITELT0.86B.0044.P11.9910111055"
if( szBiosData[7] == '.' && szBiosData[11] == '.' )
{
p = szBiosData;
while( *p )
{
if( *p < ' ' || *p >= 127 )
{
break;
}
++ p;
}
if( *p == 0 )
{
*ppBiosAddr = pBiosAddr;
return iLen;
}
}
}
}
return 0;
}
NTSTATUS FindBIOSTable(PUCHAR pBiosBuffer, ULONG uBufferLen,USHORT *TableLength,ULONG *TableAddr, USHORT *TableNum)
{
PUCHAR p = pBiosBuffer;
ULONG len = uBufferLen-5;
while(len-- > 0)
{
if (*p == '_' && *(p+1) == 'D' && *(p+2) == 'M' && *(p+3) == 'I' && *(p+4) == '_')
{
p += 5;
*TableLength = *((USHORT*)(p+1));
*TableAddr = *((ULONG*)(p+3));
*TableNum = *((USHORT*)(p+7));
return STATUS_SUCCESS;
}
p++;
}
return STATUS_UNSUCCESSFUL;
}
typedef struct
{
UCHAR Type;
UCHAR Length;
USHORT Handle;
} HEADER;
typedef struct
{
HEADER h;
UCHAR Manufacturer;
UCHAR ProductName;
UCHAR Version;
UCHAR SerialNumber;
} BIOS_SYSTEM_INFO;
typedef struct
{
HEADER h;
UCHAR BIOSVersion;
USHORT BIOSStarting;
UCHAR BIOSReleaseDate;
} BIOS_INFO;
HEADER* FindStructure(UCHAR *TableAddress, USHORT StructureCount, UCHAR Type ,USHORT uLen)
{
USHORT i;
UCHAR lasttype;
UCHAR *pOrgTableAddress = TableAddress;
i = 0;
while( i < StructureCount && TableAddress - pOrgTableAddress < uLen )
{
i++;
lasttype = ((HEADER *)TableAddress)->Type;
if( lasttype == Type )
{
//handle = ((HEADER *)TableAddress)->Handle;
return ((HEADER *)TableAddress);
} /* Found first structure of the requested type */
else
{
TableAddress += ((HEADER *)TableAddress)->Length;
while( *((short *)TableAddress) != 0 )
{
TableAddress++;
} /* Get past trailing string-list */
TableAddress += 2;
} /* Increment address to start of next structure */
} /* END while-loop looking for structure type */
return NULL;
} /* END FindStructure */
UCHAR *GetString(UCHAR *p, ULONG Str)
{
ULONG Str1 = 1;
if (Str < 1 || Str > 10)
return NULL;
while (Str1 < Str)
{
if (*p == '\0')
{
if (*(p+1)=='\0')
return NULL;
Str1++;
}
p++;
}
return p;
}
void CopyString(PCHAR *pBuffer, ULONG *uBufLen, PCHAR Str)
{
ULONG Len = strlen(Str)+1;
if (Len < *uBufLen)
{
RtlCopyMemory(*pBuffer,Str,Len);
*pBuffer += Len;
*((*pBuffer)-1) = ';';
*uBufLen -= Len;
}
}
ULONG GetBIOSInfo(PUCHAR pBiosBuffer, ULONG uBiosLen, PUCHAR pBuffer, ULONG uBufLen)
{
ULONG TableAddr;
USHORT TableLength,TableNum;
BIOS_INFO *binfo;
BIOS_SYSTEM_INFO *bsinfo;
PUCHAR p;
ULONG Len,uOrgBufLen = uBufLen;
ULONG Find = 0;
UCHAR* pBiosSerial;
ULONG uBiosSerialLen;
if (NT_SUCCESS(FindBIOSTable(pBiosBuffer,uBiosLen,&TableLength,&TableAddr,&TableNum)))
{
binfo = (BIOS_INFO*)FindStructure(pBiosBuffer+(TableAddr-0xf0000),TableNum,0,TableLength);
if (binfo)
{
p = GetString(((PUCHAR)binfo)+binfo->h.Length,binfo->BIOSVersion);
if (p)
CopyString(&pBuffer,&uBufLen,p);
p = GetString(((PUCHAR)binfo)+binfo->h.Length,binfo->BIOSReleaseDate);
if (p)
CopyString(&pBuffer,&uBufLen,p);
}
bsinfo = (BIOS_SYSTEM_INFO*)FindStructure(pBiosBuffer+(TableAddr-0xf0000),TableNum,1,TableLength);
if (bsinfo)
{
p = GetString(((PUCHAR)bsinfo)+bsinfo->h.Length,bsinfo->SerialNumber);
if (p && strlen(p) > 3)
{
Find = 1;
CopyString(&pBuffer,&uBufLen,p);
}
}
if (!Find)
{
uBiosSerialLen = FindAwardBios( &pBiosBuffer );
if( uBiosSerialLen == 0U )
{
uBiosSerialLen = FindAmiBios( &pBiosBuffer );
if( uBiosSerialLen == 0U )
{
uBiosSerialLen = FindPhoenixBios( &pBiosBuffer );
}
}
if( uBiosSerialLen != 0U && uBufLen > uBiosSerialLen)
{
CopyString(&pBuffer,&uBufLen,pBiosBuffer);
}
}
}
return uOrgBufLen - uBufLen;
}
// BIOS 编号,支持 AMI, AWARD, PHOENIX
ULONG GetBIOS(PVOID pBuffer, ULONG uBufLen)
{
SIZE_T ssize;
PVOID ba = 0;
UNICODE_STRING struniph;
OBJECT_ATTRIBUTES oa;
HANDLE hSectionRet = NULL;
NTSTATUS Status;
LARGE_INTEGER so;
ULONG Len = 0;
so.LowPart = 0x000f0000;
so.HighPart = 0x00000000;
ssize = 0xffff;
RtlInitUnicodeString(&struniph,L"\\device\\physicalmemory");
InitializeObjectAttributes( &oa, &struniph, OBJ_CASE_INSENSITIVE, NULL, NULL );
Status = ZwOpenSection(&hSectionRet,SECTION_MAP_READ,&oa);
if (NT_SUCCESS( Status ))
{
Status = ZwMapViewOfSection(hSectionRet,( HANDLE )0xFFFFFFFF,&ba,0,0xFFFF,&so,&ssize,ViewShare,0,2);
if(NT_SUCCESS( Status ))
{
//执行后会在当前进程的空间开辟一段64k的空间,并把f000:0000到f000:ffff处的内容映射到这里
//映射的基址由ba返回,如果映射不再有用,应该用ZwUnmapViewOfSection断开映射
Len = GetBIOSInfo((PUCHAR )ba,ssize,(PUCHAR)pBuffer,uBufLen);
}
ZwUnmapViewOfSection( ( HANDLE )0xFFFFFFFF, ( void* )ba );
ZwClose(hSectionRet);
}
return Len;
}
{
UCHAR* pBiosAddr = *ppBiosAddr + 0xEC71;
UCHAR *p;
UCHAR szBiosData[128];
ULONG iLen;
RtlCopyMemory( szBiosData, pBiosAddr, 127 );
szBiosData[127] = 0;
iLen = strlen( ( CHAR* )szBiosData );
if( iLen > 0 && iLen < 128 )
{
//AWard: 07/08/2002-i845G-ITE8712-JF69VD0CC-00
//Phoenix-Award: 03/12/2002-sis645-p4s333
if( szBiosData[2] == '/' && szBiosData[5] == '/' )
{
p = szBiosData;
while( * p )
{
if( *p < ' ' || *p >= 127 )
{
break;
}
++ p;
}
if( *p == 0 )
{
*ppBiosAddr = pBiosAddr;
return iLen;
}
}
}
return 0;
}
ULONG FindAmiBios( UCHAR** ppBiosAddr )
{
UCHAR* pBiosAddr = * ppBiosAddr + 0xF478;
UCHAR *p;
UCHAR szBiosData[128];
ULONG iLen;
RtlCopyMemory( szBiosData, pBiosAddr, 127 );
szBiosData[127] = 0;
iLen = strlen( ( char* )szBiosData );
if( iLen > 0 && iLen < 128 )
{
// Example: "AMI: 51-2300-000000-00101111-030199-"
if( szBiosData[2] == '-' && szBiosData[7] == '-' )
{
p = szBiosData;
while( *p )
{
if( *p < ' ' || *p >= 127 )
{
break;
}
++ p;
}
if( *p == 0 )
{
*ppBiosAddr = pBiosAddr;
return ( ULONG )iLen;
}
}
}
return 0;
}
ULONG FindPhoenixBios( UCHAR** ppBiosAddr )
{
ULONG uOffset[3] = { 0x6577, 0x7196, 0x7550 };
ULONG i;
ULONG iLen;
UCHAR *pBiosAddr, *p;
UCHAR szBiosData[128];
for( i = 0; i < 3; ++ i )
{
pBiosAddr = * ppBiosAddr + uOffset[i];
RtlCopyMemory( szBiosData, pBiosAddr, 127 );
szBiosData[127] = 0;
iLen = strlen( ( char* )szBiosData );
if( iLen > 0 && iLen < 128 )
{
// Example: Phoenix "NITELT0.86B.0044.P11.9910111055"
if( szBiosData[7] == '.' && szBiosData[11] == '.' )
{
p = szBiosData;
while( *p )
{
if( *p < ' ' || *p >= 127 )
{
break;
}
++ p;
}
if( *p == 0 )
{
*ppBiosAddr = pBiosAddr;
return iLen;
}
}
}
}
return 0;
}
NTSTATUS FindBIOSTable(PUCHAR pBiosBuffer, ULONG uBufferLen,USHORT *TableLength,ULONG *TableAddr, USHORT *TableNum)
{
PUCHAR p = pBiosBuffer;
ULONG len = uBufferLen-5;
while(len-- > 0)
{
if (*p == '_' && *(p+1) == 'D' && *(p+2) == 'M' && *(p+3) == 'I' && *(p+4) == '_')
{
p += 5;
*TableLength = *((USHORT*)(p+1));
*TableAddr = *((ULONG*)(p+3));
*TableNum = *((USHORT*)(p+7));
return STATUS_SUCCESS;
}
p++;
}
return STATUS_UNSUCCESSFUL;
}
typedef struct
{
UCHAR Type;
UCHAR Length;
USHORT Handle;
} HEADER;
typedef struct
{
HEADER h;
UCHAR Manufacturer;
UCHAR ProductName;
UCHAR Version;
UCHAR SerialNumber;
} BIOS_SYSTEM_INFO;
typedef struct
{
HEADER h;
UCHAR BIOSVersion;
USHORT BIOSStarting;
UCHAR BIOSReleaseDate;
} BIOS_INFO;
HEADER* FindStructure(UCHAR *TableAddress, USHORT StructureCount, UCHAR Type ,USHORT uLen)
{
USHORT i;
UCHAR lasttype;
UCHAR *pOrgTableAddress = TableAddress;
i = 0;
while( i < StructureCount && TableAddress - pOrgTableAddress < uLen )
{
i++;
lasttype = ((HEADER *)TableAddress)->Type;
if( lasttype == Type )
{
//handle = ((HEADER *)TableAddress)->Handle;
return ((HEADER *)TableAddress);
} /* Found first structure of the requested type */
else
{
TableAddress += ((HEADER *)TableAddress)->Length;
while( *((short *)TableAddress) != 0 )
{
TableAddress++;
} /* Get past trailing string-list */
TableAddress += 2;
} /* Increment address to start of next structure */
} /* END while-loop looking for structure type */
return NULL;
} /* END FindStructure */
UCHAR *GetString(UCHAR *p, ULONG Str)
{
ULONG Str1 = 1;
if (Str < 1 || Str > 10)
return NULL;
while (Str1 < Str)
{
if (*p == '\0')
{
if (*(p+1)=='\0')
return NULL;
Str1++;
}
p++;
}
return p;
}
void CopyString(PCHAR *pBuffer, ULONG *uBufLen, PCHAR Str)
{
ULONG Len = strlen(Str)+1;
if (Len < *uBufLen)
{
RtlCopyMemory(*pBuffer,Str,Len);
*pBuffer += Len;
*((*pBuffer)-1) = ';';
*uBufLen -= Len;
}
}
ULONG GetBIOSInfo(PUCHAR pBiosBuffer, ULONG uBiosLen, PUCHAR pBuffer, ULONG uBufLen)
{
ULONG TableAddr;
USHORT TableLength,TableNum;
BIOS_INFO *binfo;
BIOS_SYSTEM_INFO *bsinfo;
PUCHAR p;
ULONG Len,uOrgBufLen = uBufLen;
ULONG Find = 0;
UCHAR* pBiosSerial;
ULONG uBiosSerialLen;
if (NT_SUCCESS(FindBIOSTable(pBiosBuffer,uBiosLen,&TableLength,&TableAddr,&TableNum)))
{
binfo = (BIOS_INFO*)FindStructure(pBiosBuffer+(TableAddr-0xf0000),TableNum,0,TableLength);
if (binfo)
{
p = GetString(((PUCHAR)binfo)+binfo->h.Length,binfo->BIOSVersion);
if (p)
CopyString(&pBuffer,&uBufLen,p);
p = GetString(((PUCHAR)binfo)+binfo->h.Length,binfo->BIOSReleaseDate);
if (p)
CopyString(&pBuffer,&uBufLen,p);
}
bsinfo = (BIOS_SYSTEM_INFO*)FindStructure(pBiosBuffer+(TableAddr-0xf0000),TableNum,1,TableLength);
if (bsinfo)
{
p = GetString(((PUCHAR)bsinfo)+bsinfo->h.Length,bsinfo->SerialNumber);
if (p && strlen(p) > 3)
{
Find = 1;
CopyString(&pBuffer,&uBufLen,p);
}
}
if (!Find)
{
uBiosSerialLen = FindAwardBios( &pBiosBuffer );
if( uBiosSerialLen == 0U )
{
uBiosSerialLen = FindAmiBios( &pBiosBuffer );
if( uBiosSerialLen == 0U )
{
uBiosSerialLen = FindPhoenixBios( &pBiosBuffer );
}
}
if( uBiosSerialLen != 0U && uBufLen > uBiosSerialLen)
{
CopyString(&pBuffer,&uBufLen,pBiosBuffer);
}
}
}
return uOrgBufLen - uBufLen;
}
// BIOS 编号,支持 AMI, AWARD, PHOENIX
ULONG GetBIOS(PVOID pBuffer, ULONG uBufLen)
{
SIZE_T ssize;
PVOID ba = 0;
UNICODE_STRING struniph;
OBJECT_ATTRIBUTES oa;
HANDLE hSectionRet = NULL;
NTSTATUS Status;
LARGE_INTEGER so;
ULONG Len = 0;
so.LowPart = 0x000f0000;
so.HighPart = 0x00000000;
ssize = 0xffff;
RtlInitUnicodeString(&struniph,L"\\device\\physicalmemory");
InitializeObjectAttributes( &oa, &struniph, OBJ_CASE_INSENSITIVE, NULL, NULL );
Status = ZwOpenSection(&hSectionRet,SECTION_MAP_READ,&oa);
if (NT_SUCCESS( Status ))
{
Status = ZwMapViewOfSection(hSectionRet,( HANDLE )0xFFFFFFFF,&ba,0,0xFFFF,&so,&ssize,ViewShare,0,2);
if(NT_SUCCESS( Status ))
{
//执行后会在当前进程的空间开辟一段64k的空间,并把f000:0000到f000:ffff处的内容映射到这里
//映射的基址由ba返回,如果映射不再有用,应该用ZwUnmapViewOfSection断开映射
Len = GetBIOSInfo((PUCHAR )ba,ssize,(PUCHAR)pBuffer,uBufLen);
}
ZwUnmapViewOfSection( ( HANDLE )0xFFFFFFFF, ( void* )ba );
ZwClose(hSectionRet);
}
return Len;
}
扫一扫
2046
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
