Results 1 to 13 of 13

Thread: Getting hardware infos about the local computer

  1. #1
    the Lamer ? it's ME ! Yes SynApsus's Avatar
    Join Date
    Feb 2004
    Location
    France
    Posts
    30

    Getting hardware infos about the local computer

    Hello guys. This is my first thread here and I hope you will be able to answer me, I thank you in advance... ( sorry for my crap english I'm young and french )
    That makes some time I code drivers, and I want now to identify the computer on which it is installed.
    I found the BIOS int 11, which returns in AX a lot of info about the system. It would be perfect, but I don't know how to run a BIOS interrupt with my driver : it always crashes. I have probably forgotten something...
    Or if you could help me by giving a method to identify the motherboard, for example, it would be great.
    Thanks, with regards,
    Syn[NGEN]

  2. #2
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    What kind of driver are you writing? VXD, WDM, DOS? How does your current code snippet to call the interrupts look? Always try to give as much details as possible to increase the probability of getting help.

  3. #3
    the Lamer ? it's ME ! Yes SynApsus's Avatar
    Join Date
    Feb 2004
    Location
    France
    Posts
    30
    I am writing a WDM.
    I tried to run my interruption with 3 methods, but no one functions.
    First, a direct call to the int 11. ( --> reboot )
    Second, I had put cli ant sti instructions before & after the int 11 ( ---> reboot )
    Third time, I tried to call Hal!HalEnableSystemInterrupt() undocumented function. It fails, and the reboot follows...
    Is there a protection in the eflags register ? in the control registers ?
    Dunno at the moment, even after a little reading of the Intel's software developer manual.
    If you have a beginning of answer ...

  4. #4
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,157
    Blog Entries
    5
    Hi

    What information are you trying to retrieve exactly? Much can be found out about the basic system architecture from regular Win32 APIs such as GetSystemInfo, or from using NtQuerySystemInformation with the SystemProcessorInformation class (or ZwQuerySystemInformation if you want to do it from within your driver).

    Other info could probably be found out from the Registry itself. If you need a way to find a certain bit of info that the System Properties control panel app displays for example, try disassembling sysdm.cpl and see if you can isolate how it does it. (Likely we're back to accessing the Registry and using NtQuerySystemInformation plus a few assorted other APIs).

    With a little more info about what you want, I'm sure a solution is at hand.

    Kayaker

  5. #5
    the Lamer ? it's ME ! Yes SynApsus's Avatar
    Join Date
    Feb 2004
    Location
    France
    Posts
    30
    I want to retrieve some info, which identifies a computer and only one; this info has to stay the same even if the processor is changed.
    Of course if I wanted to have only info about the processor I had used cpuid or GetSystemInfo...
    But the aim is different, I want to have very "hard" information like, dunno, the version number of the CMOS for example
    Ant NtQuerySystemInfo doesn't return any value interesting to do this.
    I know a lot of these values are in the registry, but I prefer ( for protection reasons, and to be sure ) get this info without it : too simple to add or delete registry info and to cheat with it. Am I clear now ?
    I want to know, in priority, if it is possible to run a BIOS interruption in my device driver. It's a difficult question, I suppose it is simply because we are not anymore in real mode, but there is the moment to find a way to bypass it And I hope somebody knows how to help me !

  6. #6
    Quote Originally Posted by SynApsus
    I want to know, in priority, if it is possible to run a BIOS interruption in my device driver. It's a difficult question, I suppose it is simply because we are not anymore in real mode, but there is the moment to find a way to bypass it And I hope somebody knows how to help me !
    No, I donīt believe that its possible to use BIOS interrupts in to protected-mode using WDM programming.
    Using SoftICE, you will see that all interrupts are redirected to ntoskrnl.exe.
    Disassembly this file and you will don't see any call to BIOS, neither in to the HAL.
    You will need to direct programming in hardware, the only complete book
    that I recommend to you is:
    "The indispensable PC hardware book" of Hans-Peter Messmer.
    You don't need BIOS to get what you want !

    Regards,
    Opcode

  7. #7
    Use the "The Operating Systems Resource Center".
    It's very useful.
    At www.nondot.org/sabre/os/articles.

  8. #8
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Quote Originally Posted by SynApsus
    I want to have very "hard" information like, dunno, the version number of the CMOS for example
    what about when people update their cmos? their system is still the same, but this version number would change

  9. #9
    the Lamer ? it's ME ! Yes SynApsus's Avatar
    Join Date
    Feb 2004
    Location
    France
    Posts
    30
    Thanks fo r your answers to all. And for disavowed, I'll answer no problem : if I sell a program, in this case I'll send a new key, that's all. Updating the CMOS is a lot more rare than changing the CPU...

  10. #10
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    uh oh.. if i've updated my cmos more than i've updated my cpu, does that make me weird?

  11. #11
    uh oh.. if i've updated my cmos more than i've updated my cpu, does that make me weird?
    No your not weird, I update my CPU every week

    -cbo-

  12. #12
    Quote Originally Posted by Woodmann
    No your not weird, I update my CPU every week

    -cbo-

    aha, that'd be round about the same time you update the site then too? ;pp

  13. #13
    the Lamer ? it's ME ! Yes SynApsus's Avatar
    Join Date
    Feb 2004
    Location
    France
    Posts
    30
    hmm... no one of you appears to be able to help me... I'll one more time have to find the solution by myself.
    I'm sure it IS possible, just because under NT when I compile .com executables, I can call this int 11h without any problem ...
    Thank you anyway.

    Syn- Following his lonely way

    and a note for disavowed : yes it does make you weird
    Last edited by SynApsus; March 10th, 2004 at 14:04.

Similar Threads

  1. Push local variable address
    By Iwarez in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: August 21st, 2010, 06:16
  2. Unlocking Windows XP System (local policies etc)
    By peterg70 in forum Mini Project Area
    Replies: 13
    Last Post: November 6th, 2005, 21:15
  3. Marx CryptoBox infos
    By nasty in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: October 30th, 2004, 14:07
  4. NE1 :: Got a local copy of CrackZ site b4 it went down????
    By gadget in forum Tools of Our Trade (TOT) Messageboard
    Replies: 18
    Last Post: November 29th, 2001, 14:03
  5. Greetings for all of you, infos on this place
    By tsehp in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: October 30th, 2000, 17:03

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •