flat assembler
Message board for the users of flat assembler.

Index > Windows > Code for reading the SMBIOS table

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
Mat Qua sar



Joined: 13 Jun 2025
Posts: 35
Mat Qua sar 14 Jun 2025, 04:02
Core i7 wrote:

Here it is "Disk{xxx-xxx-xxx}". Probably it is the one in the active/connected state, and "PhyDrive#" remained empty from the previous connection. What interface do you say the disk has ATA/SATA/NVM?


Not ATA/SATA/NVM, I checked with "wmic" , it is SCSI, are they different?

The output of "wmic diskdrive list":

Code:
Availability  BytesPerSector  Capabilities  CapabilityDescriptions                 CompressionMethod  ConfigManagerErrorCode  ConfigManagerUserConfig  DefaultBlockSize  Description  DeviceID            ErrorCleared  ErrorDescription  ErrorMethodology  Index  InstallDate  InterfaceType  LastErrorCode  Manufacturer            MaxBlockSize  MaxMediaSize  MediaLoaded  MediaType              MinBlockSize  Model           Name                NeedsCleaning  NumberOfMediaSupported  Partitions  PNPDeviceID                                            PowerManagementCapabilities  PowerManagementSupported  SCSIBus  SCSILogicalUnit  SCSIPort  SCSITargetId  SectorsPerTrack  Signature   Size          Status  StatusInfo  SystemName       TotalCylinders  TotalHeads  TotalSectors  TotalTracks  TracksPerCylinder  

              512             {3, 4}        {"Random Access", "Supports Writing"}                     0                       FALSE                                      Disk drive   \\.\PHYSICALDRIVE0                                                    0                   IDE                           (Standard disk drives)                              TRUE         Fixed hard disk media                KINGSTON 128GB  \\.\PHYSICALDRIVE0                                         2           SCSI\DISK&VEN_&PROD_KINGSTON_128GB\4&609C0DA&0&000000                                                         0        0                0         0             63               3811355239  128034708480  OK                  DESKTOP-RNCNAG9  15566           255         250067790     3969330      255                

    
Post 14 Jun 2025, 04:02
View user's profile Send private message Reply with quote
Mat Qua sar



Joined: 13 Jun 2025
Posts: 35
Mat Qua sar 14 Jun 2025, 04:09
Or ATA=IDE?
Post 14 Jun 2025, 04:09
View user's profile Send private message Reply with quote
Core i7



Joined: 14 Nov 2024
Posts: 114
Location: Socket on motherboard
Core i7 14 Jun 2025, 05:33
SCSI is a separate parent interface - in Windows, both ATA and SATA obey it. The serial version of SCSI is called SAS (usually used on laptops). My "smbios_v13" expects the string specified in the "DeviceID" of the WMI logs:
Code:
wmic diskdrive list scsi /format:list
wmic diskdrive list brief /format:list    


For testing, you can explicitly specify it in the smbios.asm source, and if that doesn't help,
then try an alternative: " Disk{c9d8e0ae-99be-a098-e321-714284af9a93} " see WinObj

Code:
align 8
dName db '\\.\PhysicalDrive0',0
dName db '\\.\Disk{c9d8e0ae-99be-a098-e321-714284af9a93}',0 ;<---- Second attempt..

;dName db '\\.\PhysicalDrive' ;<-----Original
drive db '0',0
hddCount du '0123456789'    
Post 14 Jun 2025, 05:33
View user's profile Send private message Reply with quote
Mat Qua sar



Joined: 13 Jun 2025
Posts: 35
Mat Qua sar 14 Jun 2025, 05:38
The output running the two command-lines:
Code:
PS C:\Users\bookh> wmic diskdrive list scsi /format:list


DeviceID=\\.\PHYSICALDRIVE0
Index=0
SCSIBus=0
SCSILogicalUnit=0
SCSIPort=0
SCSITargetId=0



PS C:\Users\bookh> wmic diskdrive list brief /format:list


Caption=KINGSTON 128GB
DeviceID=\\.\PHYSICALDRIVE0
Model=KINGSTON 128GB
Partitions=2
Size=128034708480
    


But I still can't compile your code, now missing "setupapi.inc". (ADD: Maybe I can add the import myself, I'll let you know later)
Post 14 Jun 2025, 05:38
View user's profile Send private message Reply with quote
Mat Qua sar



Joined: 13 Jun 2025
Posts: 35
Mat Qua sar 14 Jun 2025, 05:47
I added import for setupapi, but now "Illegal instruction" pointing to STORAGE_PROPERTY_QUERY, it is a struct.
Post 14 Jun 2025, 05:47
View user's profile Send private message Reply with quote
Mat Qua sar



Joined: 13 Jun 2025
Posts: 35
Mat Qua sar 14 Jun 2025, 06:04
I think your code already pointing to PhysicalDrive0.

Code:
dName       db  '\\.\PhysicalDrive'
drive       db  '0',0           


It was null-terminated on second line only.
Post 14 Jun 2025, 06:04
View user's profile Send private message Reply with quote
Core i7



Joined: 14 Nov 2024
Posts: 114
Location: Socket on motherboard
Core i7 14 Jun 2025, 06:06
didn't the first archive have "equates\storage.inc"?
here is this include from the title (near dxgi.inc)
also try to simply change the original to capital letters "PHYSICALDRIVE"
Mat Qua sar wrote:
It was null-terminated on second line only.

yes, the second line of the code changes dynamically in the loop


Description:
Download
Filename: STORAGE.ZIP
Filesize: 9.36 KB
Downloaded: 36 Time(s)

Post 14 Jun 2025, 06:06
View user's profile Send private message Reply with quote
Mat Qua sar



Joined: 13 Jun 2025
Posts: 35
Mat Qua sar 14 Jun 2025, 07:00
Core i7 wrote:
didn't the first archive have "equates\storage.inc"?


They are different file, the orginal storage.inc (I mean SMBIOS_v13.zip) doesn't contain STRUCT, I included storage.inc and storage2.inc.

I made additional changes:

* Added to GDI32.INC
Code:
       D3DKMTOpenAdapterFromDeviceName,'D3DKMTOpenAdapterFromDeviceName',\
       D3DKMTQueryAdapterInfo,'D3DKMTQueryAdapterInfo',\ 
    


* Renamed "DISPLAY_DEVICEA" to "DISPLAY_DEVICE"
Code:
struct DISPLAY_DEVICE   ;//<--------- EnumDisplayDevicesA()
  ddSize            dd  sizeof.DISPLAY_DEVICEA
    


* Removed the following styles because "undefined symbol" error
Code:
CBS_NOTIFY
CBS_EDITBASELINE 
    


I tested with all the paths you provided
Code:
dName       db '\\.\Disk{c9d8e0ae-99be-a098-e321-714284af9a93}',0  ;Copied from ntobjx
;dName       db '\\.\PHYSICALDRIVE0',0
;dName       db  '\\.\PhysicalDrive'
drive       db  '0',0   
    


The STORAGE info still blank. I will test further later.
Post 14 Jun 2025, 07:00
View user's profile Send private message Reply with quote
Core i7



Joined: 14 Nov 2024
Posts: 114
Location: Socket on motherboard
Core i7 14 Jun 2025, 07:30
Mat Qua sar wrote:
The STORAGE info still blank.

another option for scsi:
Code:
;dName      db  '\\.\PhysicalDrive'
;drive      db  '0',0

dName       db  '\\.\Scsi'      ;<--------
drive       db  '0:',0          ;<---- insert ":" after null symbol
    

the last thing that comes to mind is not a problem with the disk name, but insufficient admin rights to open disk CreateFile(), although everything should be fine with this.
Post 14 Jun 2025, 07:30
View user's profile Send private message Reply with quote
Mat Qua sar



Joined: 13 Jun 2025
Posts: 35
Mat Qua sar 14 Jun 2025, 08:03
Core i7 wrote:

the last thing that comes to mind is not a problem with the disk name, but insufficient admin rights to open disk CreateFile(), although everything should be fine with this.


Bingo, it was administrator's right issue.

I used back original code:
Code:
dName       db  '\\.\PhysicalDrive'
drive       db  '0',0        


...and enable "Run this program as an administrator", now it can shows drive 0.


Description:
Filesize: 135.78 KB
Viewed: 933 Time(s)

Capture.PNG


Post 14 Jun 2025, 08:03
View user's profile Send private message Reply with quote
Core i7



Joined: 14 Nov 2024
Posts: 114
Location: Socket on motherboard
Core i7 14 Jun 2025, 08:19
Thank you very much for the test!
so I need to insert the IsUserAnAdmin() api from shell32.dll, and based on the result, give the user a reminder.
Post 14 Jun 2025, 08:19
View user's profile Send private message Reply with quote
Core i7



Joined: 14 Nov 2024
Posts: 114
Location: Socket on motherboard
Core i7 14 Jun 2025, 09:18
Another important point is the high entropy in the code section, which can cause the antivirus to quarantine the exe. This is because I have a lot of text lines in the code. Ideally, it should be removed to the data section, then the entropy will decrease a little. Currently, 14 out of 76 guards on VirusTotal consider the file a virus, although there is no code with critical threats in the source. Maybe someday I will find time to fix the debug version for the release.


Description:
Filesize: 13.73 KB
Viewed: 904 Time(s)

Entropy.png


Post 14 Jun 2025, 09:18
View user's profile Send private message Reply with quote
Mat Qua sar



Joined: 13 Jun 2025
Posts: 35
Mat Qua sar 14 Jun 2025, 10:15
Entropy is new to me. Something not seen in other PE viewer.

Just wanted to say I try to edit the SMBIOS_v13.EXE binary directly as at one point I wasn't able to compile the source code. I ended up with using PE-bear and adding an additional R/W section (".data2") and paste the "\\.\Disk{.....}" string there, the VA was 0x409000. Then I used hex editor to look for 0x402000 (since dbName located at the beginning of '.data' section) and changed it to 0x409000, two locations in file, as I made sure they were before FF 15, which is supposedly "call [CreateFileA]".

Thanks @Core i7 for giving me chance to experience this as an indirect result.

First time editing a PE binary file.


Description:
Filesize: 11.69 KB
Viewed: 870 Time(s)

1.PNG


Description:
Filesize: 21.14 KB
Viewed: 870 Time(s)

Capture.PNG


Post 14 Jun 2025, 10:15
View user's profile Send private message Reply with quote
Mat Qua sar



Joined: 13 Jun 2025
Posts: 35
Mat Qua sar 14 Jun 2025, 10:22
Core i7 wrote:
Thank you very much for the test!
so I need to insert the IsUserAnAdmin() api from shell32.dll, and based on the result, give the user a reminder.


You're most welcomed.
Post 14 Jun 2025, 10:22
View user's profile Send private message Reply with quote
Core i7



Joined: 14 Nov 2024
Posts: 114
Location: Socket on motherboard
Core i7 14 Jun 2025, 14:59
Mat Qua sar wrote:
Just wanted to say I try to edit the SMBIOS_v13.EXE binary directly as at one point I wasn't able to compile the source code.

Wow, respect - you did a hard job, and got the result!
And why exactly couldn't you compile the source, was something missing?
So I removed 2 includes from the header, and placed only what was necessary in one "struct". Maybe now you will be able to compile. I also corrected the sizes of some fields in the window, and other little things.
Mat Qua sar wrote:
Entropy is new to me. Something not seen in other PE viewer

Here is an example of entropy calculation: https://board.asm32.info/entropy.423/


Description:
Download
Filename: SMBIOS_v13.zip
Filesize: 20.12 KB
Downloaded: 31 Time(s)

Post 14 Jun 2025, 14:59
View user's profile Send private message Reply with quote
Core i7



Joined: 14 Nov 2024
Posts: 114
Location: Socket on motherboard
Core i7 02 Jul 2025, 13:32
Final version v1.4 of the utility - added 97 correlations of codes "CPUID --> CPU_CodeName", for Intel and AMD processors. There may be more codes, but this is all that I could find.


Description:
Download
Filename: SMBIOS_v14.zip
Filesize: 5.87 KB
Downloaded: 5 Time(s)

Post 02 Jul 2025, 13:32
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.