Index
> Windows > Code for reading the SMBIOS tableGoto page Previous 1, 2 |
| Author |
|
|
Mat Qua sar 14 Jun 2025, 04:09
Or ATA=IDE?
|
|||
14 Jun 2025, 04:09 |
|
|
Core i7 14 Jun 2025, 05:33
SCSI is a separate parent interface - in Windows, both ATA and SATA obey it. The serial version of SCSI is called SAS (usually used on laptops). My "smbios_v13" expects the string specified in the "DeviceID" of the WMI logs:
Code: wmic diskdrive list scsi /format:list wmic diskdrive list brief /format:list For testing, you can explicitly specify it in the smbios.asm source, and if that doesn't help, then try an alternative: " Disk{c9d8e0ae-99be-a098-e321-714284af9a93} " see WinObj Code: align 8 dName db '\\.\PhysicalDrive0',0 dName db '\\.\Disk{c9d8e0ae-99be-a098-e321-714284af9a93}',0 ;<---- Second attempt.. ;dName db '\\.\PhysicalDrive' ;<-----Original drive db '0',0 hddCount du '0123456789' |
|||
|
14 Jun 2025, 05:33 |
|
|
Mat Qua sar 14 Jun 2025, 05:38
The output running the two command-lines:
Code: PS C:\Users\bookh> wmic diskdrive list scsi /format:list DeviceID=\\.\PHYSICALDRIVE0 Index=0 SCSIBus=0 SCSILogicalUnit=0 SCSIPort=0 SCSITargetId=0 PS C:\Users\bookh> wmic diskdrive list brief /format:list Caption=KINGSTON 128GB DeviceID=\\.\PHYSICALDRIVE0 Model=KINGSTON 128GB Partitions=2 Size=128034708480 But I still can't compile your code, now missing "setupapi.inc". (ADD: Maybe I can add the import myself, I'll let you know later) |
|||
|
14 Jun 2025, 05:38 |
|
|
Mat Qua sar 14 Jun 2025, 05:47
I added import for setupapi, but now "Illegal instruction" pointing to STORAGE_PROPERTY_QUERY, it is a struct.
|
|||
|
14 Jun 2025, 05:47 |
|
|
Mat Qua sar 14 Jun 2025, 06:04
I think your code already pointing to PhysicalDrive0.
Code: dName db '\\.\PhysicalDrive' drive db '0',0 It was null-terminated on second line only. |
|||
|
14 Jun 2025, 06:04 |
|
|
Core i7 14 Jun 2025, 06:06
didn't the first archive have "equates\storage.inc"?
here is this include from the title (near dxgi.inc) also try to simply change the original to capital letters "PHYSICALDRIVE" Mat Qua sar wrote: It was null-terminated on second line only. yes, the second line of the code changes dynamically in the loop
|
|||||||||||
|
14 Jun 2025, 06:06 |
|
|
Mat Qua sar 14 Jun 2025, 07:00
Core i7 wrote: didn't the first archive have "equates\storage.inc"? They are different file, the orginal storage.inc (I mean SMBIOS_v13.zip) doesn't contain STRUCT, I included storage.inc and storage2.inc. I made additional changes: * Added to GDI32.INC Code: D3DKMTOpenAdapterFromDeviceName,'D3DKMTOpenAdapterFromDeviceName',\ D3DKMTQueryAdapterInfo,'D3DKMTQueryAdapterInfo',\ * Renamed "DISPLAY_DEVICEA" to "DISPLAY_DEVICE" Code: struct DISPLAY_DEVICE ;//<--------- EnumDisplayDevicesA() ddSize dd sizeof.DISPLAY_DEVICEA * Removed the following styles because "undefined symbol" error Code:
CBS_NOTIFY
CBS_EDITBASELINE
I tested with all the paths you provided Code: dName db '\\.\Disk{c9d8e0ae-99be-a098-e321-714284af9a93}',0 ;Copied from ntobjx ;dName db '\\.\PHYSICALDRIVE0',0 ;dName db '\\.\PhysicalDrive' drive db '0',0 The STORAGE info still blank. I will test further later. |
|||
|
14 Jun 2025, 07:00 |
|
|
Core i7 14 Jun 2025, 07:30
Mat Qua sar wrote: The STORAGE info still blank. another option for scsi: Code: ;dName db '\\.\PhysicalDrive' ;drive db '0',0 dName db '\\.\Scsi' ;<-------- drive db '0:',0 ;<---- insert ":" after null symbol the last thing that comes to mind is not a problem with the disk name, but insufficient admin rights to open disk CreateFile(), although everything should be fine with this. |
|||
|
14 Jun 2025, 07:30 |
|
|
Mat Qua sar 14 Jun 2025, 08:03
Core i7 wrote:
Bingo, it was administrator's right issue. I used back original code: Code: dName db '\\.\PhysicalDrive' drive db '0',0 ...and enable "Run this program as an administrator", now it can shows drive 0.
|
||||||||||
|
14 Jun 2025, 08:03 |
|
|||||||||
|
Core i7 14 Jun 2025, 08:19
Thank you very much for the test!
so I need to insert the IsUserAnAdmin() api from shell32.dll, and based on the result, give the user a reminder. |
|||
|
14 Jun 2025, 08:19 |
|
|
Core i7 14 Jun 2025, 09:18
Another important point is the high entropy in the code section, which can cause the antivirus to quarantine the exe. This is because I have a lot of text lines in the code. Ideally, it should be removed to the data section, then the entropy will decrease a little. Currently, 14 out of 76 guards on VirusTotal consider the file a virus, although there is no code with critical threats in the source. Maybe someday I will find time to fix the debug version for the release.
|
||||||||||
|
14 Jun 2025, 09:18 |
|
|||||||||
|
Mat Qua sar 14 Jun 2025, 10:15
Entropy is new to me. Something not seen in other PE viewer.
Just wanted to say I try to edit the SMBIOS_v13.EXE binary directly as at one point I wasn't able to compile the source code. I ended up with using PE-bear and adding an additional R/W section (".data2") and paste the "\\.\Disk{.....}" string there, the VA was 0x409000. Then I used hex editor to look for 0x402000 (since dbName located at the beginning of '.data' section) and changed it to 0x409000, two locations in file, as I made sure they were before FF 15, which is supposedly "call [CreateFileA]". Thanks @Core i7 for giving me chance to experience this as an indirect result. First time editing a PE binary file.
|
|||||||||||||||||||
|
14 Jun 2025, 10:15 |
|
||||||||||||||||||
|
Mat Qua sar 14 Jun 2025, 10:22
Core i7 wrote: Thank you very much for the test! You're most welcomed. |
|||
|
14 Jun 2025, 10:22 |
|
|
Core i7 14 Jun 2025, 14:59
Mat Qua sar wrote: Just wanted to say I try to edit the SMBIOS_v13.EXE binary directly as at one point I wasn't able to compile the source code. Wow, respect - you did a hard job, and got the result! And why exactly couldn't you compile the source, was something missing? So I removed 2 includes from the header, and placed only what was necessary in one "struct". Maybe now you will be able to compile. I also corrected the sizes of some fields in the window, and other little things. Mat Qua sar wrote: Entropy is new to me. Something not seen in other PE viewer Here is an example of entropy calculation: https://board.asm32.info/entropy.423/
|
|||||||||||
|
14 Jun 2025, 14:59 |
|
|
Core i7 02 Jul 2025, 13:32
Final version v1.4 of the utility - added 97 correlations of codes "CPUID --> CPU_CodeName", for Intel and AMD processors. There may be more codes, but this is all that I could find.
|
|||||||||||
|
02 Jul 2025, 13:32 |
|
| Goto page Previous 1, 2 < Last Thread | Next Thread > |
Forum Rules:
|