How to implement three ways to modify the physical address of the network card
Also thank Hu Shrimp
1, buy a piece of modification network card address by writing EEPROM, this card is now
Many, not you can't buy. Modify the MAC address if the application is required in the environment.
Make the two cards of the MAC address, then the network can still work.
2, find a NE2K or EEPRO100 network card, I believe in any electronic market
Have these two network cards, then find its driver in the Sample of DDK
Source code, find the driver read physical port or PCI map memory get the physical address
The code that allows functions to return to the physical address you need. This method may
It is the easiest to implement. In 1998, 17 used this method D version of $ 100,000.
Software. If you need to apply the network environment, you also modify the MAC address. These two cards
Source supports modifying the MAC address by modifying the registry. Please pay attention to not all
The card driver supports. The principle of this method can be read by reading EEPRO100 Source
obtain. EEPRO100 will read the registry while Load, and then if you don't read it,
Just use the physical address, otherwise you will use the address in the registry. This function seems to
No enforcement. So if you don't want to modify the registry, you can still modify it.
NIC Driver method implementation. This method is suitable for all pacific supporting NDIS Driver
station.
3, this method is that I have not specifically tried, but the principle is feasible. All network cards
The address method, whether it is a MAC address or a physical address, the root is passed
Send NDISREQUEST implementation to NIC DRIVER. But please pay attention, unfortunately,
W2K NDISREQUEST is a macro, this macro actually calls MiniPortHandler
-> RequestHandler function To hoo miniport this function does not seem to find
To a suitable timing, it is also difficult to give a general solution. But the method is always
It is what people think, as long as there is rice, it is like a paradise inside the swordfish action "1024
Bit RSA, That's Impossible "" Give you 10,000,000 $ ...
"Nothing is iMpossible", you can still hook in many places.
If it is a Win9x platform, a simple call hook_device_service,
You can hook ndisRequest, I will give the VPN Source through the Hook this function.
Modify the MTU, and you can also modify the network card physical address. If it is NT4.0, then
You can still hook ndisRequest, because this is a function, not a macro.
You can directly modify the entry implementation of NDIS's PE output function. This method is not
Try it, I heard that Rising is to achieve their virus firewall with this method.
These three methods, I strongly recommend the second method, simple and easy, and
It can be bracus pirated, EEPRO100 and NE2K network cards are anywhere.
Buy, and cheap
-------------------------------------------------- ----------------------------
Here is a method of modifying Mac comparative benzene
Win2000 modification method:
1, in HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / CONTROL /
Class {4D36E972-E325-11CE-BFC1-08002BE10318} / 0000,000,000 ,0001,0002, etc.
Looking for DriverDesc content for the description of the NIC to modify, such as 0000. The following method and Rifter
As mentioned in "Modifying the MAC Address", I will move (the place where the annotation is "^^").
2, under it, add a string, the name is networkaddress, the value is set to the Mac you want (refer to 0000 primary key)
Site, to write continuously. To 004040404040.
3, then add a networkaddress's primary key to NDI / params, add a string named Default, and write the MAC address to be set, such as 004040404040. (In fact, this is just the ** initial value ** in the advanced properties mentioned later. The actually used MAC address still depends on the NetWorkadDress parameters mentioned in Point 2, and once it is set, advanced attributes in later properties The value is the value given by NetworkAddress and is not default.)
4. Continue to add a string called paramdesc under the primary key of NetworkAddress, which acts to specify the description of the NetworkAddress primary key, which can be "mac address", so that the property of the network neighbor will be opened, double-click the corresponding network card item will find a Advanced settings, under the options of Mac address, are the new NetWorkAddress you add in the registry, so you can modify the MAC address here later.
5, turn off the registry, restart, your network card address has been changed. Open the properties of the network neighbor, double-click the corresponding NIC item to find a high-level setting item with a Mac Address. Used to directly modify the MAC address.
××××××××××××××××××××××××××
Get a remote network card MAC address.
××××××××××××××××××××××××××
First add to the header file definition to #include "nb30.h"
#pragma comment (Lib, "Netapi32.lib")
Typedef struct_astat_
{
Adapter_Status Adapt;
Name_Buffer NameBuff [30];
} ASTAT, * PASTAT;
You can call this to get the remote network card MAC address:
CString getMacadDress (CString SNetbiosName)
{
ASTAT Adapter;
NCB NCB;
Uchar uretcode;
MEMSET (& NCB, 0, SIZEOF (NCB));
Ncb.ncb_command = ncbreset;
Ncb.ncb_lana_num = 0;
URETCODE = NetBIOS (& NCB);
MEMSET (& NCB, 0, SIZEOF (NCB));
Ncb.ncb_command = ncbastat;
Ncb.ncb_lana_num = 0;
SneetbiosName.makeupper ();
Fillmemory (ncb.ncb_callname, ncbnamsz - 1, 0x20);
STRCPY ((char *) ncb.ncb_callname, (lpctstr) snetbiosName);
Ncb.ncb_callname [SNetbiosName.getLength ()] = 0x20;
Ncb.ncb_callname [ncbnamsz] = 0x0;
Ncb.ncb_buffer = (unsigned char *) & adapter;
ncb.ncb_length = sizeof (adapter);
URETCODE = NetBIOS (& NCB);
CString Smacaddress; if (uretcode == 0)
{
Smacaddress.format (_t ("% 02x% 02x% 02x% 02x% 02x% 02x"),
Adapter.Adapt.adapter_address [0],
Adapter.Adapt.adapter_address [1],
Adapter.adapt.adapter_address [2],
Adapter.Adapt.adapter_address [3],
Adapter.Adapt.adapter_address [4],
Adapter.adapt.adapter_address [5]);
}
Return smacaddress;
}
××××××××××××××××××××××××××××××××××××
Modify Windows 2000 Mac Address
××××××××××××××××××××××××××××××××××××××
Pigs are taken from http://www.driverdevelop.com/ because they don't understand compilation, no debugging, do not guarantee effective ^ _ ^
2 Mac Address Type:
OID_802_3_Permanent_Address
OID_802_3_Current_Address
Modify Registry CAN CHANGE: OID_802_3_Current_Address
But Oid_802_3_permanent_address, You Must Modify Driver
Use Following Apis, You Can Get Permanent_Address.
CreateFile: Opened The Driver
Deviceiocontrol: Send Query to Driver
Use software to track where the OID_802_3_Permanent_Address is processed:
Find the location:
.................
: 0001ACB6 8D B3 EA 00 00 00 LEA ESI, DWORD PTR [EBX 000000EA]
: 0001ACBC 8D7DDC LEA EDI, DWORD PTR [EBP-24]
: 0001ACBF A5 MOVSD // CYM: Move: Move Out The Mac Address
: 0001ACC0
66A
5 MOVSW
0001ACC
2 c
745F
406000000 MOV [EBP
-0c
], 00000006
: 0001ACC9 8D75DC LEA ESI, DWORD PTR [EBP-24]
: 0001ACCC E926070000 JMP 0001B
3F
Seduce
..........
Change to:
: 0001ACB6 8D75DC LEA ESI, DWORD PTR [EBP-24]
: 0001ACB
9 C
70600002003 MOV DWORD PTR [ESI], 03200000 // CYM
: 0001ACBF
66C
746041224 MOV [ESI 04], 2412
0001ACC
5 c
745F
406000000 MOV [EBP
-0c
], 00000006
: 0001ACCC E926070000 JMP 0001B
3F
Seduce
..... Dasm Driver .sys File, Find NdisreadNetworkAddRess
......
: 000109B9 50 Push EAX
* Reference to: ndis.ndisreadNetworkAddress, ORD: 00EAH
|
: 000109BA FF1538040100 CALL DWORD PTR [00010438]
:
000109C
0 837DF400 CMP DWORD PTR [EBP
-0c
], 00000000
:
000109C
4 7516 JNE 000109dc // is set mac addr in registry, use it. Others Jump
:
000109C
6 8B45E8 MOV EAX, DWORD PTR [EBP-18]
:
000109C
9 8B08 MOV ECX, DWORD PTR [EAX]
: 000109CB 898EE4000000 MOV DWORD PTR [ESI 000000E4], ECX
: 000109D1 668B4004 MOV AX, Word PTR [EAX 04]
: 000109D5 668986E8000000 MOV Word PTR [ESI 000000E8], AX
......
Set W Memory BREAL POINT AT ESI 000000E4, Find Location:
......
// mac addr 2nd byte
: 000124D6
8A
83E5000000 MOV Al, Byte Ptr [EBX 000000E5]
// Mac Addr 3rd Byte
: 000124DC
0A
83E6000000 OR Al, Byte Ptr [EBX 000000E6]
: 000124E2
0A
83E7000000 or Al, Byte Ptr [EBX 000000E7]
...
: 000124E8
0A
83E8000000 OR Al, Byte Ptr [EBX 000000E8]
// Mac Addr 6th byte
: 000124EE
0A
83E9000000 OR Al, Byte Ptr [EBX 000000E9]
:
000124F
4
0A
07 or Al, Byte PTR [EDI]
:
000124F
6 7503 JNE 000124FB
:
000124F
8 a
5 MOVSD
:
000124F
9
66A
5 MOVSW
// if no station addr use permanent address as mac addr
.....
Change to
: 000124D
6 c
683E500000000 MOV BYTE PTR [EBX 000000E5], 00 // CYM
: 000124DD C683E600000020 MOV BYTE PTR [EBX 000000E6], 20
: 000124E4 C
683E700000003 MOV BYTE PTR [EBX 000000E7], 03
: 000124EB C683E800000012 MOV BYTE PTR [EBX 000000E8], 12
:
000124F
2 c
683E900000024 MOV BYTE PTR [EBX 000000E9], 24
:
000124F
9 90 NOP
: 000124FA 90 NOP
IT Seems That The Driver Can Work Now.
Testing: disable nic, enable nic. Jump 0xc0000221 Error, Checksum Error
Before Windows Load .sys File, It Will Check The CHECKSUM
The checksum can be get by checksummappedfile.
Build A Small Tools To Reset The Checksum in .sys file.
Test again, ok.
Related EXE downloads
http://www.driverdevelop.com/Article/chengyu_checksum.zip
×××××××××××××××××××××××××××××××××××
Get NIC MAC addresses with NetBIOS API
×××××××××××××××××××××××××××××××××××
#include "nb30.h"
#pragma comment (Lib, "Netapi32.lib")
Typedef struct tagmac_address
{
BYTE B1, B2, B3, B4, B5, B6;
} Mac_address, * lpmac_address;
Typedef struct tagastat
{
Adapter_Status Adapt;
Name_Buffer NameBuff [30];
} ASTAT, * LPASTAT;
Uchar getaddressbyindex (int LANA_NUM, ASTAT & Adapter)
{
NCB NCB;
Uchar uretcode;
MEMSET (& NCB, 0, SIZEOF (NCB));
Ncb.ncb_command = ncbreset;
Ncb.ncb_lana_num = lana_num;
/ / Specify the NIC number, first send an ncbreset command to the selected network card for initialization
URETCODE = NetBIOS (& NCB);
MEMSET (& NCB, 0, SIZEOF (NCB));
Ncb.ncb_command = ncbastat;
ncb.ncb_lana_num = lana_num; // Specify the NIC number
STRCPY ((char *) ncb.ncb_callname, "*");
Ncb.ncb_buffer = (unsigned char *) & adapter;
/ / Specify the variable stored in the returned information
ncb.ncb_length = sizeof (adapter);
/ / Next, you can send the ncbastat command to get information about the NIC.
URETCODE = NetBIOS (& NCB);
Return uretcode;
}
INT getMac (LPMAC_ADDRESS PMACADDR)
{
NCB NCB;
Uchar uretcode;
INT NUM = 0;
LANA_ENUM LANA_ENUM; MEMSET (& NCB, 0, SIZEOF (NCB));
Ncb.ncb_command = ncbenum;
Ncb.ncb_buffer = (unsigned char *) & lana_enum;
Ncb.ncb_length = sizeof (lana_enum);
/ / Send the ncbenum command to the network card to get the network card information of the current machine, if there is a network card
/ / Each network card number, etc.
URETCODE = NetBIOS (& NCB);
IF (uretcode == 0)
{
Num = lana_enum.length;
/ / Get its MAC address with each NIC
For (int i = 0; i { ASTAT Adapter; IF (GetDressByindex (LANA_ENUM.LANA [I], Adapter) == 0) { Pmacaddr [i] .b1 = adapter.adapt.adapter_address [0]; PMACADDR [I] .b2 = adapter.adapt.adapter_address [1]; PMACADDR [I] .b3 = adapter.adapt.adapter_address [2]; PMACADDR [i] .b4 = adapter.adapt.adapter_address [3]; PMACADDR [I] .b5 = adapter.adapt.adapter_address [4]; PMACADDR [I] .b6 = adapter.adapt.adapter_address [5]; } } } Return Num; } ======= Call: Mac_address m_macaddr [10]; //, such as up to 10 network cards INT n = getMac (m_macaddr); // get the number of network cards TCHAR SZADDR [128]; WSPrintf (Szaddr, _T ("% 02x-% 02x-% 02x-% 02x-% 02x-% 02x"), m_macaddr [0] .b1, m_macaddr [0] .b2, M_macaddr [0] .b3, m_macaddr [0] .b4, M_macaddr [0] .b5, m_macaddr [0] .b6); _TCSUPR (SZADDR); // This can obtain a MAC address string such as 00-E0-AA-AA-AA-AA. ××××××××××××××××××××××××××××××××××× Use the IP Helper API to get the NIC address ××××××××××××××××××××××××××××××××××× Oh, the most common way is in the final GetAdaptersInfo function Here is most of the information of a network card, and the brothers can choose ^ _ ^ as appropriate. #include #pragma comment (lib, "iphlpapi.lib") Typedef struct tagadapterinfo { Char szdevicename [128]; // Char szipaddrstr [16]; // ip Char Szhwaddrstr [18]; // Mac DWORD DWINDEX; // Number } Info_adapter, * pinfo_adapter; info_adapter adapterlist [10]; // network card list, such as ten / ************************************************** ********************* * Name & params :: * FormatMactostr * * LPSTR LPHWADDRSTR: Mac string of "-" displayed * Unsigned char * hwaddr: Inferred Mac string *) * Purpose: * Transfer the MAC address characters entered into the corresponding format *********************************************************** ******************* / Void Formatmactostr (LPST UNSIGNED CHAR * HWADDR) { INT I; Short Temp; Char Szstr [3]; STRCPY (LPHWADDRSTR, "" "); For (i = 0; i <6; i) { TEMP = (Short) (* (hwaddr i)); _itoa (Temp, Szstr, 16); IF (Strlen (SZSTR) == 1) STRCAT (LPHWADDRSTR, "0"); STRCAT (LPHWADDRSTR, SZSTR); IF (i <5) strcat (lphwaddrstr, "-"); // plus- } } // Fill structure void getadapterinfo () { CHAR TEMPCHAR; Ulong ulistsize = 1; PIP_ADAPTER_INFO PADAPTER; / / Define PIP_ADAPTER_INFO Structure Storage Net Card Information INT NADADAPTERINDEX = 0; DWORD dwret = getAdaptersInfo (pip_adapter_info) & tempchar, & ULISTSIZE); // Key function IF (dwret == error_buffer_overflow) { PIP_ADAPTER_INFO PADAPTERLISTBUFFER = (Pip_adapter_info) new (char [ulistsize]); DWRET = GetAdaptersInfo (PadapterListBuffer, & ULISTSIZE); IF (dwret == error_success) { Padapter = padapterlistbuffer; While (padapter) // enumerate NIC { CString Strtemp = Padapter-> AdapterName; // NIC name Strtemp = "// device // NPF_" strTemp; // plus prefix STRCPY (AdapterList [NADAPTERINDEX] .szdeviceName, Strtemp); STRCPY (AdapterList [NADAPTERINDEX] .szipaddrStr, Padapter-> ipaddresslist.ipaddress.string; // ip FormatMactostr (Adapterlist [NadapterIndex] .szhwaddrstr, Padapter-> Address); // Mac !!!!!!!!!!!!!!!!! Adapterlist [NadapterIndex] .dwindex = Padapter-> index; // number Padapter = padapter-> next; NADAPTERINDEX ; } Delete PadapterlistBuffer; } } }
