Get the information of the motherboard BIOS 1, read the motherboard serial number 2, the Award BIOS password read 3, read the BIOS information 4, get the BIOS date information
=================================================================================== 1, read the motherboard serial number
Uses sha1, base64;
function GetHashedBiosInfo: string; var SHA1Context: TSHA1Context; SHA1Digest: TSHA1Digest; begin // Get the BIOS data SetString (Result, PChar (Ptr ($ F0000)), $ 10000); // Hash the string SHA1Init (SHA1Context); SHA1Update (SHA1Context , PChar (Result), Length (Result)); SHA1Final (SHA1Context, SHA1Digest); SetString (Result, PChar (@ SHA1Digest), sizeof (SHA1Digest)); // Return the hash string encoded in printable characters Result: = B64Encode ( Result;
Function getBiosinfoastext: string; var p, q: pchar; begin Q: = nil; p: = pchar (PTR ($ Fe000)); Repeat IF Q <> nil dam if not (p ^ in [# 10, # 13 , # 32 .. # 126, # 169, # 184]) THEN BEGIN IF (P ^ = # 0) and (p - q> = 8) THEN Begin Result: = Result Trimright (String (Q)) # 13 # 10; End; q: = nil; end; end else if p ^ in [# 33 .. # 126, # 169, # 184] THEN Q: = P; Inc (p); until p> pchar (Ptr ($ Fffff)); result: = trimright (result);
Procedure tform1.formcreate (sender: TOBJECT); begin memo1.lines.text: = getBiosInfoastext;
==================================================== 2, Award BIOS password read ( It should be an article of jingtao, but ID has not been recorded) Unit awardbiospas; // Write by lovejingtao // http://www.138soft.cominterface ingounces Windows, sysutils; function my_getbiospassword: string; importation
Function CalcpossiblePassword (PasswordValue: Word): String; var i: byte; c: char; s: string [8];
Begin i: = 0; While PasswordValue <> 0 Do Begin INC (i); if $ 263> PasswordValue The Begin IF $ 80> PasswordValue Then S [i]: = char (PasswordValue) Else IF $ B0> PasswordValue THEN S [i] : = CHAR (PasswordValue and $ 77) Else IF $ 11d> PasswordValue Then S [I]: = CHAR ($ 30 or (PasswordValue and $ 0F) ELSE IF $ 114> PasswordValue The Begin S [i]: = char ($ 64 OR) PasswordValue and $ 0f); if '0'> s [i] THEN S [i]: = char (Byte (s [i]) 8); ELSE IF $ 1C2> PasswordValue Then S [i]: = Char ($ 70 or $ 03)) Else IF $ 1E4> PasswordValue Then S [I]: = CHAR ($ 30 or (PasswordValue and $ 03)) Else Begin S [I]: = char ($ 70 or (PasswordValue and $ 0f) )); If 'z'
C: = S [Byte (s [0]) - i 1]; s [Byte (s [0]) - i 1]: = S [i]; s [i]: = C; DEC (i ); END; CALCPOSSIBLEPASSWORD: = S;
Function readcmos (off: byte): Byte; var value: Byte; Begin ASM XOR AX, AX MOV AL, OFF OUT 70H, Al IN AL, 71H MOV VALUE, Al End; ReadCMos: = Value; End; Function my_getbiospassword: string VAR SuperPW, Userpw: Word; S: String; Beginif Win32Platform <> Ver_Platform_Win32_NT THEN / / Not NTBEGIN PCHAR (@superpw) [0]: = CHAR (READCMOS ($ 1C)); Pchar (@superpw) [1]: = Char (READCMOS ($ 1D)); Pchar (@USERPW) [0]: = CHAR (READCMOS ($ 64)); Pchar (@userpw) [1]: = char (READCMOS ($ 65)); s: = ' Super User Password is: ' CalcpossiblePassword (SuperPW) # 13 ' User Password is: ' CalcpossiblePassword (Userpw); Result: = S; Else Result: =' User System is NT, unable to get BISO password! '; End; end. =========================================== 3, read The BIOS information {program uses the Windows 95/2000 platform, automatically detects the system type, and then performs different calls} Uses Bioshelp;
procedure TForm1.Button1Click (Sender: TObject); var Dump: TRomBiosDump; i: Integer; begin ReadRomBios (Dump, rrbmAutomatic); for i: = 1 to $ 000FFFFF - $ 000F0000 - 1 do Memo1.Lines.Add (IntToHex (Dump [i $ 000fffff], 2)); END; (****************************************** *************************************************** ** BIOS HELP - READ ROM BIOS On Windows 95/98 / SE / ME / NT / 2K / XP ** ** Copyright (C) 2001, Nico Bendlin (Nico@bendlin.de) ** ** Compiler: Delphi 4.03 / 5.01 / 6.00 ** Version: 1.03, 2001-09-02 ** ********************************************************* ******************** ********************) {Postum Scriptum: Sorry for the Bad English, I wrote it in a hurry}
Unit bioshelp;
{$ Already on} {$ minenumsize 4}
Interface
Uses windows;
Type Prombiosdump = ^ TROMBISDUMP; TROMBISDUMP = Array [$ 000f0000 .. $ 000ffff] of byte;
type TReadRomBiosMethod = (rrbmAutomatic, {Autodetect OS type and use proper method} rrbmGeneric, {Use 16-bit COM program to dump the BIOS} rrbmMemory, {Read from memory (Win9x)} rrbmPhysical {Read from physical memory object (WinNT)} );
function ReadRomBios (var Dump: TRomBiosDump; Method: TReadRomBiosMethod; Timeout: DWORD = INFINITE): Boolean; function GetRomBiosBuffer (const Dump: TRomBiosDump; Address: Pointer; var Buffer; BufferSize: Cardinal): Cardinal; function GetRomBiosString (const Dump: TRomBiosDump ; Address: Pointer): string; function GetRomBiosLongLong (const Dump: TRomBiosDump; Address: Pointer): LONGLONG; function GetRomBiosDWord (const Dump: TRomBiosDump; Address: Pointer): DWORD; function GetRomBiosWord (const Dump: TRomBiosDump; Address: Pointer) : Word; Function Gtrombiosbyte (const dump: TrombiosDump; address: pointer): byte;
IMPLEMENTATION
{############################################################################ ####################### ## generic method ## ## create an temporary folder, save an 16bit com program Romdump.com) INTO IT, ## execute program redirected to an file (rom.dmp, romdump.com simply dumps the ## Memory Range f000: 0000-f000: fff to stdout), Read dump file into the buffer, ## and finally cleanup all temporary files and directories. ## ## (the function RomDumpCode is x86 specific, which i wrote to generate 16-bit ## code with the help of the 23-bit Delphi compiler, never try to execute the ## Pseudo-code in your program! it will not work in 32-bit protected mode) ## ######################################################################################################################################################################################################################################################################################################## ######################}
{* Internal * - pseudo 16-bit code}
TYPE PROMDUMPCODEINFO = ^ TromDumpCodeInfo; TROMDUMPCODEINFO = (RDCIStart, RDCIEND, RDCISIZE);
Function _romdumpcodeinfo: Pointer; VAR CODESTART: POINTER; CODEEND: POINTER; begin asm jmp @@ End
{* Begin * 16-bit code} {- never us it in your program! -} {com which pen @@ start: {dump f000: 0000-f000: fffe} xor Edx, EDX // DS = 0xF000; Data Segment MOV DH, 0F0H MOV DS, EDX XOR EDX, EDX // DX = 0x0000; Data Offset XOR ECX, ECX // CX = 0xfff; Data Length Dec ECX XOR EBX, EBX / / BX = 0x0001; STDOUT (File Handle) Inc EBX MOV AH, 40H // Doscall (0x40); INT21, DOS_WRITE_TO_HANDLE INT 21H JC @@ EXIT // ON Error EXIT; Al = Error Code {Dump F000: fff} XOR EDX, EDX / / DS = 0xF000; Data Segment MOV DH, 0F0H MOV DS, EDX XOR EDX, EDX // DX = 0xfff; Data Offset Dec Edx XOR ECX, ECX // CX = 0x0001; Data Length Inc ECX MOV EBX, ECX // BX = 0x0001; STDOUT (File Handle) MOV AH, 40H // doscall (0x40); INT21, DOS_WRITE_TO_HANDLE INT 21H JC @@ EXIT // ORROR EXIT; Al = Error Code Mov Al, 0 // No Error; Al = 0 @@ EXIT: MOV AH, 4CH // doscall (0x4c); int21, dos_terminate_exe int 21h @@ End: {* end * 16-bit code}
MOV CodeStart, OFFSET @@ Start MOV CodeEnd, OFFSET @@ End end; case Info of rdciStart: Result: = CodeStart; rdciEnd: Result: = CodeEnd; rdciSize: Result: = Pointer (Cardinal (CodeEnd) - Cardinal (CodeStart)) Else Result: = nil; end; end; {* internal * - save 16-bit code to file}
function _RomDumpCodeToFile (const Filename: string): Boolean; var ComFile: THandle; Size: Cardinal; begin Result: = False; ComFile: = CreateFile (PChar (Filename), GENERIC_WRITE, FILE_SHARE_READ, nil, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0); if ComFile <> INVALID_HANDLE_VALUE then try Result: = WriteFile (ComFile, _RomDumpCode (rdciStart) ^, Cardinal (_RomDumpCode (rdciSize)), Size, nil) and (Size = Cardinal (_RomDumpCode (rdciSize))); if not Result then DeleteFile ( Pchar (filename); Finally CloseHandle (COMFILE); END;
{* INTERNAL * - Execute 16-bit code redirected to file} function _RomDumpCodeExecute (const Com, Dmp: string; Timeout: DWORD): Boolean; var ComSpec: string; si: TStartupInfo; pi: TProcessInformation; begin Result: = False; SetLength (ComSpec, MAX_PATH); SetLength (ComSpec, GetEnvironmentVariable ( 'ComSpec', PChar (@ComSpec [1]), MAX_PATH)); if Length (ComSpec)> 0 then begin FillChar (si, SizeOf (TStartupInfo), 0) Si.cb: = sizeof (tstartupinfo); si.dwflags: = startf_useshowwindow; si.wshowwindow: = sw_hide; if createprocess (nil, pchar (COMSPEC '/ C' COM " DMP), NIL, nil, False, CREATE_NEW_CONSOLE or CREATE_NEW_PROCESS_GROUP, nil, nil, si, pi) then try Result: = WaitForSingleObject (pi.hProcess, Timeout) <> WAIT_TIMEOUT; finally CloseHandle (pi.hProcess); CloseHandle (pi.hThread); end; End; End; Function Directoryexists (const route): boolean; var attr: dword; begin attr: = getFileAttributes; result: = (attr = $ fffffff) and (attr and f) ILE_ATTRIBUTE_DIRECTORY = file_attribute_directory;
{Get BIOS dump the generic way} function ReadRomBios16 (var Buffer: TRomBiosDump; Timeout: DWORD): Boolean; const TempSub = '~ RomDmp'; ComName = 'RomDump.com'; DmpName = 'Rom.dmp'; var TempPath: string; TempDir: string; TempIdx: Integer; TempIdxStr: string; ComFile: string; DmpFile: string; DmpHandle: THandle; Written: DWORD; begin Result: = False; SetLength (TempPath, MAX_PATH); SetLength (TempPath, GetTempPath (MAX_PATH , PCHAR (@temppath [1])))))))); if longth (temppath)> 0 THEN Begin if (Temppath [length (temppath)] <> '/') Tens: = Temppath '/'; tempidx: = 0 ; repeat Inc (TempIdx); Str (TempIdx, TempIdxStr); TempDir: = TempPath TempSub TempIdxStr; until not DirectoryExists (TempDir); if CreateDirectory (PChar (TempDir), nil) then try TempDir: = TempDir '/' COMFILE: = Tempdir Comname; Dmpfile: = Tempdir DmpName; if _RomDumpCodetofile (Comfile) THENTY _ROMDUMPCODEEXECUTE (COMFILE, DMPFILE, TIMEOUT) THEN BEGIN DMPH andle: = CreateFile (PChar (DmpFile), GENERIC_READ, FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING, 0, 0); if DmpHandle <> INVALID_HANDLE_VALUE then try FillChar (Buffer, SizeOf (TRomBiosDump), 0); Result: = ReadFile (DmpHandle , Buffer, SizeOf (TrombiosDump), Written, NIL); Finally CloseHandle; End; End; Finally Deletefile (Pchar (Dmpfile); deletefile (Pchar (Comfile); Finally Removedirectory (PCHAR (TEMPDIR)); End; end;
{############################################################################ ######################## ## Direct method (win9x) ## ## Due to the Fact That Windows 95 / 98 / Me Maps The BIOS INTO EVERY WIN32 Process ## for read access it is very Simple to fill the buffer from membrary. ## ################################################################################################################################################################################################################################# ######################################################################################################################################################################################################################################################################################################## ########} Function ReadromBIOS9X (var buffer: trombiosdump): Boolean; Begin Result: = FALSE; TRY FILLCHAR (BUFFER, SIZEOF (TROMBIOSDUMP), 0); Move (Pointer (Pointer ( Buffer, SizeOf (TROMBISDUMP); Result: = true; Except // Ignore Exceptions Endend;
{############################################################################ ####################### ## Physical Memory Method (WinNT) ## ## on Windows NT The Rom Bios IS only available through the named kernel object ## '/ Device / PhysicalMemory'. Because it is impossible to open kernel objects in ## user mode with standard Win32 API functions we make use of NT's nativeAPI in ## ntDll.dll ( "NT- Layer ") namely ZwOpenSection ## ## (note:.. mostly there are two versions of every function ZwXxx and NtXxx The ## only difference in kernel mode is that the NtXxx version works in conside- ## ration to security while ZwXxx not . But in user mode Both Work Like NTXXX.) ## ## At first the section is opened with ZwOpenSection. Normally we would proceed ## ZwMapViewOfSection, ZwUnmapViewOfSection, and NtClose. But the functions are ## more complex and there is no needing for it. With the handle (because we are ## in The "Very Simple" user mode =
) We now use MapViewOfFile, UnmapViewOfFile, ## and CloseHandle to map an memory window (the ROM BIOS) into our process. ## ## Due to the fact that ZwOpenSection returns NT error-codes in case of failure ## we have to Translate it to an an will (RTLNTSTATUSERROR). ## all nt specificial functions area Dynamically Loaded - Because The Applications ## Should Start On Win9x Systems = ## ####################################################################################################################################################################################################################################### ######################################################################################################################################################################################################################################################################################################## ###########} {for more information see windows 2000 / xp ddk} {it Works on Windows NT 4.0 Too, Use NTDLL.DLL}
TYPE NTSTATUS = INTEGER;
Const status_success = ntstatus (0); status_invalid_handle = ntstatus ($ C0000008); status_access_denied = ntstatus ($ C0000022);
TUNICODESTRING; TUNICODESTRING; TUNICODESTRING = Packed Record Length: Word; MaximumLength: Word; Buffer: PWIDECHAR;
const OBJ_INHERIT = $ 00000002; OBJ_PERMANENT = $ 00000010; OBJ_EXCLUSIVE = $ 00000020; OBJ_CASE_INSENSITIVE = $ 00000040; OBJ_OPENIF = $ 00000080; OBJ_OPENLINK = $ 00000100; OBJ_KERNEL_HANDLE = $ 00000200; OBJ_VALID_ATTRIBUTES = $ 000003F2;
type PObjectAttributes = ^ TObjectAttributes; TObjectAttributes = record Length: ULONG; RootDirectory: THandle; ObjectName: PUnicodeString; Attributes: ULONG; SecurityDescriptor: PSecurityDescriptor; SecurityQualityOfService: PSecurityQualityOfService; end;
const ObjectPhysicalMemoryDeviceName = '/ Device / PhysicalMemory'; ObjectPhysicalMemoryName: TUnicodeString = (Length: Length (ObjectPhysicalMemoryDeviceName) * 2; MaximumLength: Length (ObjectPhysicalMemoryDeviceName) * 2 2; Buffer: ObjectPhysicalMemoryDeviceName;); ObjectPhysicalMemoryAccessMask: ACCESS_MASK = SECTION_MAP_READ; ObjectPhysicalMemoryAttributes: TObjectAttributes = (Length: SizeOf (TObjectAttributes); RootDirectory: 0; ObjectName: @ObjectPhysicalMemoryName; Attributes: OBJ_CASE_INSENSITIVE; SecurityDescriptor: nil; SecurityQualityOfService: nil;); type TFNZwOpenSection = function (out SectionHandle: THandle; DesiredAccess: ACCESS_MASK; ObjectAttributes: PObjectAttributes) : Ntstatus; stdcall; tfnrtlntStatuSerror = function (status: ntstatus): dword; stdcall;
Const NTDLL = 'NTDLL.DLL';
Var Zwopense: TfnzWopense; RTLNTSTATUSETODOSERROR: TFNRTLNTSTATUSERROR;
function ReadRomBiosNt (var Buffer: TRomBiosDump; Timeout: DWORD): Boolean; var NtLayer: HMODULE; Status: NTSTATUS; Section: THandle; View: Pointer; begin Result: = False; NtLayer: = GetModuleHandle (ntdll); if NtLayer = 0 then SetLastError (ERROR_CALL_NOT_IMPLEMENTED) else begin if not Assigned (ZwOpenSection) then ZwOpenSection: = GetProcAddress (NtLayer, 'ZwOpenSection'); if not Assigned (RtlNtStatusToDosError) then RtlNtStatusToDosError: = GetProcAddress (NtLayer, 'RtlNtStatusToDosError'); if not (Assigned ( ZwOpenSection) and Assigned (RtlNtStatusToDosError)) then SetLastError (ERROR_CALL_NOT_IMPLEMENTED) else begin Status: = ZwOpenSection (Section, ObjectPhysicalMemoryAccessMask, @ObjectPhysicalMemoryAttributes); case Status of STATUS_SUCCESS: try View: = MapViewOfFile (Section, ObjectPhysicalMemoryAccessMask, 0, Low (TRomBiosDump), Sizeof (TrombiosDump); if assigned (view) THEN TRY FILLCHAR ( Buffer, SizeOf (TRomBiosDump), 0); Move (View ^, Buffer, SizeOf (TRomBiosDump)); Result: = True; finally UnmapViewOfFile (View); end; finally CloseHandle (Section); end; STATUS_ACCESS_DENIED: Result: = ReadRomBios16 (Buffer, timeout); Else SetLastError (RTLNTSTATUSTODOSERROR (STATUS)) end; end; end; end;
{############################################################################ ####################### ## ionrombios ## ############## ######################################################################################################################################################################################################################################################################################################## #############} Function Readrombios (var dump: TROMBIOSDUMP; Method: TreadRombiosMethod; timeout: dword = infinite): boolean; begin result: = false; case method of rrbmautomatic: IF (Integer (GetVersion) <0) then try Result: = ReadRomBios9x (Dump); except Result: = ReadRomBios16 (Dump, Timeout); end else Result: = ReadRomBiosNt (Dump, Timeout); rrbmGeneric: Result: = ReadRomBios16 (Dump, Timeout; rrbmmemory: result: = readrombios9x (dump); rrbmphysical: result: = readrombiosnt (dump, timeout); else setLastError (Error_INVALID_PARAMETER); end; end;
{############################################################################ ########################################################################################################################################################################################################################################################################################################## ######################################################################################################################################################################################################################################################################################################## ###################}
function GetRomBiosBuffer (const Dump: TRomBiosDump; Address: Pointer; var Buffer; BufferSize: Cardinal): Cardinal; begin Result: = 0; if (Cardinal (Address)> = Low (TRomBiosDump)) and (Cardinal (Address) <= High (TRomBiosDump)) then begin Result: = BufferSize; if (Cardinal (Address) BufferSize> High (TRomBiosDump)) then Result: = High (TRomBiosDump) - Cardinal (Address) 1; Move (Dump [Cardinal (Address)] , Buffer, result); end; function getromb; address: pointer: string; begin result: = '; if (cardinal (address)> = Low (TROMBISDUMP)) and (cardinal <= High (trombiosdump))..................... ..
function GetRomBiosLongLong (const Dump: TRomBiosDump; Address: Pointer): LONGLONG; type PLongLong = ^ LONGLONG; begin Result: = 0; if (Cardinal (Address)> = Low (TRomBiosDump)) and (Cardinal (Address) <= High ( TROMBISDUMP - SIZEOF (Longlong) 1) Then Result: = Plonglong (@dump [cardinal (address)]) ^;
function GetRomBiosDWord (const Dump: TRomBiosDump; Address: Pointer): DWORD; begin Result: = 0; if (Cardinal (Address)> = Low (TRomBiosDump)) and (Cardinal (Address) <= High (TRomBiosDump) - SizeOf (DWORD ) 1) Then Result: = PDWORD (@dump [cardinal (address)]) ^;
function GetRomBiosWord (const Dump: TRomBiosDump; Address: Pointer): Word; begin Result: = 0; if (Cardinal (Address)> = Low (TRomBiosDump)) and (Cardinal (Address) <= High (TRomBiosDump) - SizeOf (Word ) 1) THEN RESULT: = PWORD (@dump [cardinal (address)]) ^;
function GetRomBiosByte (const Dump: TRomBiosDump; Address: Pointer): Byte; begin Result: = 0; if (Cardinal (Address)> = Low (TRomBiosDump)) and (Cardinal (Address) <= High (TRomBiosDump) - SizeOf (Byte ) 1) Then Result: = pbyte (@dump [cardinal (address)]) ^; end;
=========================================== 4, get BIOS date information
{------------------------------------- ------------------------} {obtain date information of the BIOS, it is estimated that it may be applied in 2000, but may need to obtain permission} function getBiosDate1: String Var buffer: array [0..8] of char; N: DWORD; Begin ReadprocessMemory (GetCurrentProcess, PTR ($ fff5), @buffer, 8, n); buffer [8]: = # 0; Result: = StrPas Buffer end;
Function getBiosdate2: string; begin result: = string (PCHAR (Ptr ($ ffff5)));
