首页
社区
课程
招聘
[旧帖] [求助]商业保护取硬件信息(唯一且变动小的) 赏金20kx 0.00雪花
发表于: 2010-8-27 11:47 2032

[旧帖] [求助]商业保护取硬件信息(唯一且变动小的) 赏金20kx 0.00雪花

2010-8-27 11:47
2032
[CODE][/CODE]
最近想搞一个加密方面,在网搜了一整天,找出来了点资料,但还是不理想,想请教高人能不能提点建议帮忙改进一下.
加密的思路是两个种算法共存,可逆(用个MM表,....)不可逆(MD5之类),可能的话加入网络验证,再加上对得要模块作壳处理.再高级点的就学WIN验证完整性,以上只是思路.
问题是现在取不到特征码,网卡MAC不错,但用户换的机率较大,而且很容易被休改,门槛低.
CPUID好像并不是唯一确定.网上说386后INTEL没有了ID不知道真假
硬盘换的机率更高点
BIOSID不唯一,只是各不同厂商不同版本的不同.只是各人理解.
以上可能存在很多错误,希望高人看了别笑,请加以指点.
我会贴上代码.

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

上传的附件:
收藏
免费 0
支持
分享
最新回复 (5)
雪    币: 341
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2

// cpuid.cpp : 定义控制台应用程序的入口点。
//

#include "stdafx.h"
#include<string.h>
#include<windows.h>
#include<winuser.h>
#include <stdlib.h>

int _tmain(int argc, _TCHAR* argv[])
{
char    OEMString[13];      
    int    iEAXValue,iEBXValue,iECXValue,iEDXValue;      
    _asm
    {      
        mov     eax,0      
            cpuid      
            mov     DWORD     PTR     OEMString,ebx      
            mov     DWORD     PTR     OEMString+4,edx      
            mov     DWORD     PTR     OEMString+8,ecx      
            mov     BYTE     PTR     OEMString+12,0      
    }      
   
   // SetDlgItemText(IDC_STATIC1,OEMString);  //CPU名称
        printf("\ncpuname:%s",OEMString);
   
    _asm     
    {      
        mov     eax,1      
            cpuid      
            mov     iEAXValue,eax      
            mov     iEBXValue,ebx      
            mov     iECXValue,ecx      
            mov     iEDXValue,edx      
    }      
   
    int iCPUFamily=(0xf00 & iEAXValue)>>8;      
    char Family[10]={0};
    itoa(iCPUFamily,Family,10);
    //SetDlgItemText(IDC_STATIC2,Family);    //CPU系列
        printf("\ncputype: %s",Family);
    _asm
    {      
        mov     eax,2      
            CPUID      
    }      
   
    char szCPUID[129]={NULL};      
    char szTmp[33]={NULL};      
    unsigned long s1 = 0,s2=0;  
    //要先判断edx的18位是否为1,为1则CPU有序列号,为没有。若有再执行下边
    _asm      
    {      
        mov     eax,01h      
            xor     edx,edx      
            cpuid      
            mov     s1,edx      
            mov     s2,eax      
    }      
    sprintf(szTmp, "%08X%08X", s1, s2);      
    strcpy(szCPUID, szTmp);
    printf("\nszCPUID:%s",szCPUID);
    _asm      
    {      
        mov     eax,03h      
            xor     ecx,ecx      
            xor     edx,edx      
            cpuid      
            mov     s1,edx      
            mov     s2,ecx      
    }      
    sprintf(szTmp, "%08X%08X", s1, s2);      
        strcat(szCPUID, szTmp);  
    //SetDlgItemText(IDC_STATIC3,szCPUID);   //CPUID号

        printf("\nszCPUID:%s",szCPUID);

        return 0;
}

BIOS
// 以下代码可以取得系统特征码
//(网卡MAC、硬盘序列号、CPU ID、BIOS编号)
#include <afx.h>
#include <stdio.h>
#include <iphlpapi.h>

#define FILE_DEVICE_SCSI 0x0000001b
#define IOCTL_SCSI_MINIPORT_IDENTIFY ( ( FILE_DEVICE_SCSI << 16 ) + 0x0501 )

#define IOCTL_SCSI_MINIPORT 0x0004D008 // see NTDDSCSI.H for definition

#define IDENTIFY_BUFFER_SIZE 512
#define SENDIDLENGTH ( sizeof( SENDCMDOUTPARAMS ) + IDENTIFY_BUFFER_SIZE )

#define IDE_ATAPI_IDENTIFY 0xA1 // Returns ID sector for ATAPI.
#define IDE_ATA_IDENTIFY 0xEC // Returns ID sector for ATA.
#define DFP_RECEIVE_DRIVE_DATA 0x0007c088

typedef struct _IDSECTOR
{
USHORT wGenConfig;
USHORT wNumCyls;
USHORT wReserved;
USHORT wNumHeads;
USHORT wBytesPerTrack;
USHORT wBytesPerSector;
USHORT wSectorsPerTrack;
USHORT wVendorUnique[3];
CHAR sSerialNumber[20];
USHORT wBufferType;
USHORT wBufferSize;
USHORT wECCSize;
CHAR sFirmwareRev[8];
CHAR sModelNumber[40];
USHORT wMoreVendorUnique;
USHORT wDoubleWordIO;
USHORT wCapabilities;
USHORT wReserved1;
USHORT wPIOTiming;
USHORT wDMATiming;
USHORT wBS;
USHORT wNumCurrentCyls;
USHORT wNumCurrentHeads;
USHORT wNumCurrentSectorsPerTrack;
ULONG ulCurrentSectorCapacity;
USHORT wMultSectorStuff;
ULONG ulTotalAddressableSectors;
USHORT wSingleWordDMA;
USHORT wMultiWordDMA;
BYTE bReserved[128];
} IDSECTOR, *PIDSECTOR;

typedef struct _DRIVERSTATUS

{
BYTE bDriverError; // Error code from driver, or 0 if no error.
BYTE bIDEStatus; // Contents of IDE Error register.
// Only valid when bDriverError is SMART_IDE_ERROR.
BYTE bReserved[2]; // Reserved for future expansion.
DWORD dwReserved[2]; // Reserved for future expansion.
} DRIVERSTATUS, *PDRIVERSTATUS, *LPDRIVERSTATUS;

typedef struct _SENDCMDOUTPARAMS
{
DWORD cBufferSize; // Size of bBuffer in bytes
DRIVERSTATUS DriverStatus; // Driver status structure.
BYTE bBuffer[1]; // Buffer of arbitrary length in which to store the data read from the // drive.
} SENDCMDOUTPARAMS, *PSENDCMDOUTPARAMS, *LPSENDCMDOUTPARAMS;

typedef struct _SRB_IO_CONTROL
{
ULONG HeaderLength;
UCHAR Signature[8];
ULONG Timeout;
ULONG ControlCode;
ULONG ReturnCode;
ULONG Length;
} SRB_IO_CONTROL, *PSRB_IO_CONTROL;

typedef struct _IDEREGS
{
BYTE bFeaturesReg; // Used for specifying SMART "commands".
BYTE bSectorCountReg; // IDE sector count register
BYTE bSectorNumberReg; // IDE sector number register
BYTE bCylLowReg; // IDE low order cylinder value
BYTE bCylHighReg; // IDE high order cylinder value
BYTE bDriveHeadReg; // IDE drive/head register
BYTE bCommandReg; // Actual IDE command.
BYTE bReserved; // reserved for future use. Must be zero.
} IDEREGS, *PIDEREGS, *LPIDEREGS;

typedef struct _SENDCMDINPARAMS
{
DWORD cBufferSize; // Buffer size in bytes
IDEREGS irDriveRegs; // Structure with drive register values.
BYTE bDriveNumber; // Physical drive number to send
// command to (0,1,2,3).
BYTE bReserved[3]; // Reserved for future expansion.
DWORD dwReserved[4]; // For future use.
BYTE bBuffer[1]; // Input buffer.
} SENDCMDINPARAMS, *PSENDCMDINPARAMS, *LPSENDCMDINPARAMS;

typedef struct _GETVERSIONOUTPARAMS
{
BYTE bVersion; // Binary driver version.
BYTE bRevision; // Binary driver revision.
BYTE bReserved; // Not used.
BYTE bIDEDeviceMap; // Bit map of IDE devices.
DWORD fCapabilities; // Bit mask of driver capabilities.
DWORD dwReserved[4]; // For future use.
} GETVERSIONOUTPARAMS, *PGETVERSIONOUTPARAMS, *LPGETVERSIONOUTPARAMS;

//////////////////////////////////////////////////////////////////////

//结构定义
typedef struct _UNICODE_STRING
{
USHORT Length;//长度
USHORT MaximumLength;//最大长度
PWSTR Buffer;//缓存指针
} UNICODE_STRING,*PUNICODE_STRING;

typedef struct _OBJECT_ATTRIBUTES
{
ULONG Length;//长度 18h
HANDLE RootDirectory;// 00000000
PUNICODE_STRING ObjectName;//指向对象名的指针
ULONG Attributes;//对象属性00000040h
PVOID SecurityDescriptor; // Points to type SECURITY_DESCRIPTOR,0
PVOID SecurityQualityOfService; // Points to type SECURITY_QUALITY_OF_SERVICE,0
} OBJECT_ATTRIBUTES;
typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;

//函数指针变量类型
typedef DWORD (__stdcall *ZWOS )( PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES);
typedef DWORD (__stdcall *ZWMV )( HANDLE,HANDLE,PVOID,ULONG,ULONG,PLARGE_INTEGER,PSIZE_T,DWORD,ULONG,ULONG);
typedef DWORD (__stdcall *ZWUMV )( HANDLE,PVOID);

BOOL WinNTHDSerialNumAsScsiRead( BYTE* dwSerial, UINT* puSerialLen, UINT uMaxSerialLen )
{
BOOL bInfoLoaded = FALSE;

for( int iController = 0; iController < 4; ++ iController )
{
HANDLE hScsiDriveIOCTL = 0;
char szDriveName[256];

// Try to get a handle to PhysicalDrive IOCTL, report failure
// and exit if can't.
sprintf( szDriveName, "\\\\.\\Scsi%d:", iController );

// Windows NT, Windows 2000, any rights should do
hScsiDriveIOCTL = CreateFile( szDriveName,
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, 0, NULL);

// if (hScsiDriveIOCTL == INVALID_HANDLE_VALUE)
// printf ("Unable to open SCSI controller %d, error code: 0x%lX\n",
// controller, GetLastError ());

if( hScsiDriveIOCTL != INVALID_HANDLE_VALUE )
{
int iDrive = 0;
for( iDrive = 0; iDrive < 16; ++ iDrive )
{
char szBuffer[sizeof( SRB_IO_CONTROL ) + SENDIDLENGTH] = { 0 };

SRB_IO_CONTROL* p = ( SRB_IO_CONTROL* )szBuffer;
SENDCMDINPARAMS* pin = ( SENDCMDINPARAMS* )( szBuffer + sizeof( SRB_IO_CONTROL ) );
DWORD dwResult;

p->HeaderLength = sizeof( SRB_IO_CONTROL );
p->Timeout = 10000;
p->Length = SENDIDLENGTH;
p->ControlCode = IOCTL_SCSI_MINIPORT_IDENTIFY;
strncpy( ( char* )p->Signature, "SCSIDISK", 8 );

pin->irDriveRegs.bCommandReg = IDE_ATA_IDENTIFY;
pin->bDriveNumber = iDrive;

if( DeviceIoControl( hScsiDriveIOCTL, IOCTL_SCSI_MINIPORT,
szBuffer,
sizeof( SRB_IO_CONTROL ) + sizeof( SENDCMDINPARAMS ) - 1,
szBuffer,
sizeof( SRB_IO_CONTROL ) + SENDIDLENGTH,
&dwResult, NULL ) )
{
SENDCMDOUTPARAMS* pOut = ( SENDCMDOUTPARAMS* )( szBuffer + sizeof( SRB_IO_CONTROL ) );
IDSECTOR* pId = ( IDSECTOR* )( pOut->bBuffer );
if( pId->sModelNumber[0] )
{
if( * puSerialLen + 20U <= uMaxSerialLen )
{
// 序列号
CopyMemory( dwSerial + * puSerialLen, ( ( USHORT* )pId ) + 10, 20 );

// Cut off the trailing blanks
for( UINT i = 20; i != 0U && ' ' == dwSerial[* puSerialLen + i - 1]; -- i )
{}
* puSerialLen += i;

// 型号
CopyMemory( dwSerial + * puSerialLen, ( ( USHORT* )pId ) + 27, 40 );
// Cut off the trailing blanks
for( i = 40; i != 0U && ' ' == dwSerial[* puSerialLen + i - 1]; -- i )
{}
* puSerialLen += i;

bInfoLoaded = TRUE;
}
else
{
::CloseHandle( hScsiDriveIOCTL );
return bInfoLoaded;
}
}
}
}
::CloseHandle( hScsiDriveIOCTL );
}
}
return bInfoLoaded;
}

BOOL DoIdentify( HANDLE hPhysicalDriveIOCTL, PSENDCMDINPARAMS pSCIP,
PSENDCMDOUTPARAMS pSCOP, BYTE bIDCmd, BYTE bDriveNum,
PDWORD lpcbBytesReturned )
{
// Set up data structures for IDENTIFY command.
pSCIP->cBufferSize = IDENTIFY_BUFFER_SIZE;
pSCIP->irDriveRegs.bFeaturesReg = 0;
pSCIP->irDriveRegs.bSectorCountReg = 1;
pSCIP->irDriveRegs.bSectorNumberReg = 1;
pSCIP->irDriveRegs.bCylLowReg = 0;
pSCIP->irDriveRegs.bCylHighReg = 0;

// calc the drive number.
pSCIP->irDriveRegs.bDriveHeadReg = 0xA0 | ( ( bDriveNum & 1 ) << 4 );

// The command can either be IDE identify or ATAPI identify.
pSCIP->irDriveRegs.bCommandReg = bIDCmd;
pSCIP->bDriveNumber = bDriveNum;
pSCIP->cBufferSize = IDENTIFY_BUFFER_SIZE;

return DeviceIoControl( hPhysicalDriveIOCTL, DFP_RECEIVE_DRIVE_DATA,
( LPVOID ) pSCIP,
sizeof( SENDCMDINPARAMS ) - 1,
( LPVOID ) pSCOP,
sizeof( SENDCMDOUTPARAMS ) + IDENTIFY_BUFFER_SIZE - 1,
lpcbBytesReturned, NULL );
}

BOOL WinNTHDSerialNumAsPhysicalRead( BYTE* dwSerial, UINT* puSerialLen, UINT uMaxSerialLen )
{
#define DFP_GET_VERSION 0x00074080
BOOL bInfoLoaded = FALSE;

for( UINT uDrive = 0; uDrive < 4; ++ uDrive )
{
HANDLE hPhysicalDriveIOCTL = 0;

// Try to get a handle to PhysicalDrive IOCTL, report failure
// and exit if can't.
char szDriveName [256];
sprintf( szDriveName, "\\\\.\\PhysicalDrive%d", uDrive );

// Windows NT, Windows 2000, must have admin rights
hPhysicalDriveIOCTL = CreateFile( szDriveName,
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, 0, NULL);

if( hPhysicalDriveIOCTL != INVALID_HANDLE_VALUE )
{
GETVERSIONOUTPARAMS VersionParams = { 0 };
DWORD cbBytesReturned = 0;

// Get the version, etc of PhysicalDrive IOCTL
if( DeviceIoControl( hPhysicalDriveIOCTL, DFP_GET_VERSION,
NULL,
0,
&VersionParams,
sizeof( GETVERSIONOUTPARAMS ),
&cbBytesReturned, NULL ) )
{
// If there is a IDE device at number "i" issue commands
// to the device
if( VersionParams.bIDEDeviceMap != 0 )
{
BYTE bIDCmd = 0; // IDE or ATAPI IDENTIFY cmd
SENDCMDINPARAMS scip = { 0 };

// Now, get the ID sector for all IDE devices in the system.
// If the device is ATAPI use the IDE_ATAPI_IDENTIFY command,
// otherwise use the IDE_ATA_IDENTIFY command
bIDCmd = ( VersionParams.bIDEDeviceMap >> uDrive & 0x10 ) ? IDE_ATAPI_IDENTIFY : IDE_ATA_IDENTIFY;
BYTE IdOutCmd[sizeof( SENDCMDOUTPARAMS ) + IDENTIFY_BUFFER_SIZE - 1] = { 0 };

if( DoIdentify( hPhysicalDriveIOCTL,
&scip,
( PSENDCMDOUTPARAMS )&IdOutCmd,
( BYTE )bIDCmd,
( BYTE )uDrive,
&cbBytesReturned ) )
{
if( * puSerialLen + 20U <= uMaxSerialLen )
{
CopyMemory( dwSerial + * puSerialLen, ( ( USHORT* )( ( ( PSENDCMDOUTPARAMS )IdOutCmd )->bBuffer ) ) + 10, 20 ); // 序列号

// Cut off the trailing blanks
for( UINT i = 20; i != 0U && ' ' == dwSerial[* puSerialLen + i - 1]; -- i ) {}
* puSerialLen += i;

CopyMemory( dwSerial + * puSerialLen, ( ( USHORT* )( ( ( PSENDCMDOUTPARAMS )IdOutCmd )->bBuffer ) ) + 27, 40 ); // 型号

// Cut off the trailing blanks
for( i = 40; i != 0U && ' ' == dwSerial[* puSerialLen + i - 1]; -- i ) {}
* puSerialLen += i;

bInfoLoaded = TRUE;
}
else
{
::CloseHandle( hPhysicalDriveIOCTL );
return bInfoLoaded;
}
}
}
}
CloseHandle( hPhysicalDriveIOCTL );
}
}
return bInfoLoaded;
}

UINT FindAwardBios( BYTE** ppBiosAddr )
{
BYTE* pBiosAddr = * ppBiosAddr + 0xEC71;

BYTE szBiosData[128];
CopyMemory( szBiosData, pBiosAddr, 127 );
szBiosData[127] = 0;

int iLen = lstrlen( ( char* )szBiosData );
if( iLen > 0 && iLen < 128 )
{
//AWard: 07/08/2002-i845G-ITE8712-JF69VD0CC-00
//Phoenix-Award: 03/12/2002-sis645-p4s333
if( szBiosData[2] == '/' && szBiosData[5] == '/' )
{
BYTE* p = szBiosData;
while( * p )
{
if( * p < ' ' || * p >= 127 )
{
break;
}
++ p;
}
if( * p == 0 )
{
* ppBiosAddr = pBiosAddr;
return ( UINT )iLen;
}
}
}
return 0;
}

UINT FindAmiBios( BYTE** ppBiosAddr )
{
BYTE* pBiosAddr = * ppBiosAddr + 0xF478;

BYTE szBiosData[128];
CopyMemory( szBiosData, pBiosAddr, 127 );
szBiosData[127] = 0;

int iLen = lstrlen( ( char* )szBiosData );
if( iLen > 0 && iLen < 128 )
{
// Example: "AMI: 51-2300-000000-00101111-030199-"
if( szBiosData[2] == '-' && szBiosData[7] == '-' )
{
BYTE* p = szBiosData;
while( * p )
{
if( * p < ' ' || * p >= 127 )
{
break;
}
++ p;
}
if( * p == 0 )
{
* ppBiosAddr = pBiosAddr;
return ( UINT )iLen;
}
}
}
return 0;
}

UINT FindPhoenixBios( BYTE** ppBiosAddr )
{
UINT uOffset[3] = { 0x6577, 0x7196, 0x7550 };
for( UINT i = 0; i < 3; ++ i )
{
BYTE* pBiosAddr = * ppBiosAddr + uOffset[i];

BYTE szBiosData[128];
CopyMemory( szBiosData, pBiosAddr, 127 );
szBiosData[127] = 0;

int iLen = lstrlen( ( char* )szBiosData );
if( iLen > 0 && iLen < 128 )
{
// Example: Phoenix "NITELT0.86B.0044.P11.9910111055"
if( szBiosData[7] == '.' && szBiosData[11] == '.' )
{
BYTE* p = szBiosData;
while( * p )
{
if( * p < ' ' || * p >= 127 )
{
break;
}
++ p;
}
if( * p == 0 )
{
* ppBiosAddr = pBiosAddr;
return ( UINT )iLen;
}
}
}
}
return 0;
}

/////////////////////////////////
BYTE szSystemInfo[4096]; // 在程序执行完毕后,此处存储取得的系统特征码
UINT uSystemInfoLen = 0; // 在程序执行完毕后,此处存储取得的系统特征码的长度

// 网卡 MAC 地址,注意: MAC 地址是可以在注册表中修改的
BOOL GetMAC()
{
UINT uErrorCode = 0;
IP_ADAPTER_INFO iai;
ULONG uSize = 0;
DWORD dwResult = GetAdaptersInfo( &iai, &uSize );
if( dwResult == ERROR_BUFFER_OVERFLOW )
{
IP_ADAPTER_INFO* piai = ( IP_ADAPTER_INFO* )HeapAlloc( GetProcessHeap( ), 0, uSize );
if( piai != NULL )
{
dwResult = GetAdaptersInfo( piai, &uSize );
if( ERROR_SUCCESS == dwResult )
{
IP_ADAPTER_INFO* piai2 = piai;
while( piai2 != NULL && ( uSystemInfoLen + piai2->AddressLength ) < 4096U )
{
CopyMemory( szSystemInfo + uSystemInfoLen, piai2->Address, piai2->AddressLength );
uSystemInfoLen += piai2->AddressLength;
piai2 = piai2->Next;
}
}
else
{
uErrorCode = 0xF0000000U + dwResult;
}
VERIFY( HeapFree( GetProcessHeap( ), 0, piai ) );
}
else
{
return FALSE;
}
}
else
{
uErrorCode = 0xE0000000U + dwResult;
}

return uErrorCode != 0U ? FALSE : TRUE;
}

// 硬盘序列号,注意:有的硬盘没有序列号
BOOL GetHdSn()
{
OSVERSIONINFO ovi = { 0 };
ovi.dwOSVersionInfoSize = sizeof( OSVERSIONINFO );
GetVersionEx( &ovi );

if( ovi.dwPlatformId != VER_PLATFORM_WIN32_NT )
{
// Only Windows 2000, Windows XP, Windows Server 2003...
return FALSE;
}
else
{
if( !WinNTHDSerialNumAsPhysicalRead( szSystemInfo, &uSystemInfoLen, 1024 ) )
{
return WinNTHDSerialNumAsScsiRead( szSystemInfo, &uSystemInfoLen, 1024 );
}
else
return TRUE;
}
}

// CPU ID
BOOL GetCpuId()
{
BOOL bException = FALSE;
BYTE szCpu[16] = { 0 };
UINT uCpuID = 0U;

__try
{
_asm
{
mov eax, 0
cpuid
mov dword ptr szCpu[0], ebx
mov dword ptr szCpu[4], edx
mov dword ptr szCpu[8], ecx
mov eax, 1
cpuid
mov uCpuID, edx
}
}
__except( EXCEPTION_EXECUTE_HANDLER )
{
bException = TRUE;
}

if( !bException )
{
CopyMemory( szSystemInfo + uSystemInfoLen, &uCpuID, sizeof( UINT ) );
uSystemInfoLen += sizeof( UINT );

uCpuID = strlen( ( char* )szCpu );
CopyMemory( szSystemInfo + uSystemInfoLen, szCpu, uCpuID );
uSystemInfoLen += uCpuID;

return TRUE;
}
else
return FALSE;
}

// BIOS 编号,支持 AMI, AWARD, PHOENIX
BOOL GetBiosSn()
{
BOOL ret = FALSE;

SIZE_T ssize;

LARGE_INTEGER so;
so.LowPart=0x000f0000;
so.HighPart=0x00000000;
ssize=0xffff;
wchar_t strPH[30]=L"\\device\\physicalmemory";

DWORD ba=0;

UNICODE_STRING struniph;
struniph.Buffer=strPH;
struniph.Length=0x2c;
struniph.MaximumLength =0x2e;

OBJECT_ATTRIBUTES obj_ar;
obj_ar.Attributes =64;
obj_ar.Length =24;
obj_ar.ObjectName=&struniph;
obj_ar.RootDirectory=0;
obj_ar.SecurityDescriptor=0;
obj_ar.SecurityQualityOfService =0;

HMODULE hinstLib = LoadLibrary("ntdll.dll");
ZWOS ZWopenS=(ZWOS)GetProcAddress(hinstLib,"ZwOpenSection");
ZWMV ZWmapV=(ZWMV)GetProcAddress(hinstLib,"ZwMapViewOfSection");
ZWUMV ZWunmapV=(ZWUMV)GetProcAddress(hinstLib,"ZwUnmapViewOfSection");

//调用函数,对物理内存进行映射
HANDLE hSection;
if( 0 == ZWopenS(&hSection,4,&obj_ar) &&
0 == ZWmapV(
( HANDLE )hSection, //打开Section时得到的句柄
( HANDLE )0xFFFFFFFF, //将要映射进程的句柄,
&ba, //映射的基址
0,
0xFFFF, //分配的大小
&so, //物理内存的地址
&ssize, //指向读取内存块大小的指针
1, //子进程的可继承性设定
0, //分配类型
2 //保护类型
) )
//执行后会在当前进程的空间开辟一段64k的空间,并把f000:0000到f000:ffff处的内容映射到这里
//映射的基址由ba返回,如果映射不再有用,应该用ZwUnmapViewOfSection断开映射
{
BYTE* pBiosSerial = ( BYTE* )ba;
UINT uBiosSerialLen = FindAwardBios( &pBiosSerial );
if( uBiosSerialLen == 0U )
{
uBiosSerialLen = FindAmiBios( &pBiosSerial );
if( uBiosSerialLen == 0U )
{
uBiosSerialLen = FindPhoenixBios( &pBiosSerial );
}
}

if( uBiosSerialLen != 0U )
{
CopyMemory( szSystemInfo + uSystemInfoLen, pBiosSerial, uBiosSerialLen );
uSystemInfoLen += uBiosSerialLen;

ret = TRUE;
}

ZWunmapV( ( HANDLE )0xFFFFFFFF, ( void* )ba );
}

return ret;
}

int main(int argc, char ** argv)
{
BOOL ret;
ret = GetMAC();
printf("\nGetMAC returned %d", ret);
ret = GetHdSn();
printf("\nGetHdSn returned %d", ret);
ret = GetCpuId();
printf("\nGetCpuId returned %d", ret);
ret = GetBiosSn();
printf("\nGetBiosSn returned %d", ret);

printf("\nChar:\n");
for(UINT i = 0; i < uSystemInfoLen; i++)
printf("%c", szSystemInfo[i], szSystemInfo[i]);

printf("\nHex:\n");
for(UINT i = 0; i < uSystemInfoLen; i++)
printf("%x ", szSystemInfo[i], szSystemInfo[i]);

return 0;
}
2010-8-27 11:57
0
雪    币: 28
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
不错.......
2010-8-27 12:09
0
雪    币: 5
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
这是公开的吧,来支持一下辛苦奉献!
2010-8-27 12:16
0
雪    币: 109
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
你这个代码,我以前也研究过的,好像在win7下面还有权限上面的问题呢。在xp下也不是100%OK。
2010-8-27 22:14
0
雪    币: 341
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
6
所以才來求助啊, 希望有高人指點下,看能不能完善它,樓上有沒有好的建议.
2010-8-28 11:30
0
游客
登录 | 注册 方可回帖
返回
//