NIC MAC address related information
The concept of the NIC address is a bit confusing. Because there are two addresses, MAC addresses, and physical addresses, I usually say the network card address, I refer to the physical address, I don't know how others see? The physical address refers to the address of the ROM of the storage address on the NIC. The MAC address is this. The address used when the block card works, in general, the two addresses are the same, so many people are mixed, and even if they don't know when they are -_- # network cards, an Ethernet frame 60 to 1514 (no Including CRCs), the Crc of the frame is automatically added, and the preamble is automatically added. The NIC destination address and source address are driver added. So what address is used when the NIC work is used as a working address is determined by the driver :) Therefore, we can use it without changing the physical address of the NIC. The software method changes the work address of the specific NIC. The MAC address is typically saved in the registry, which can be modified, so there is a question: 1st, can be illegitized, IP, 2, can break some garbage encryption Software ... Many software is encrypted through the NIC address, there are two different. Some of the better than the physical address is encrypted. Some are encrypted by work addresses. The address obtained by working address encryption is a MAC address. This method can generally be cracked. It is a bit difficult to encrypt through physical address, but it is not no way.
The first method of obtaining the three methods of the network card MAC address is the first method using Microsoft's NetBIOS API. This is a set of commands that provide underlying networks through Winsock. The biggest disadvantage using NetBIOS is that you must have a NetBIOS service in your system (if you enable file sharing in your Windows network, this is not a problem). In addition, this method is fast and accurate. The NetBIOS API only includes a function, just called NetBIOS. This function uses the Network Control Block structure as a parameter, which tells the function to do. Definition structure follows: typedef struct _NCB {UCHAR ncb_command; UCHAR ncb_retcode; UCHAR ncb_lsn; UCHAR ncb_num; PUCHAR ncb_buffer; WORD ncb_length; UCHAR ncb_callname [NCBNAMSZ]; UCHAR ncb_name [NCBNAMSZ]; UCHAR ncb_rto; UCHAR ncb_sto; void (CALLBACK * ncb_post (struct _ncb *); uchar ncb_lana_num; uchar ncb_cmd_cplt; #ifdef _win64 uchar ncb_reserve [18]; #ELSE uchar ncb_reserve [10]; #ENDIF HANDLE NCB_EVENT;} NCB, * PNCB; focus on NCB_COMMAND member. This member tells NetBIOS what should I do. We use three commands to detect the MAC address. They are defined in MSDN as follows: Command Description: NcBenum Windows NT / 2000: Enumerally listing the number of network cards in the system. After using this command, the NCB_BUFFER member points to the buffer filled by the LANA_ENUM structure. Ncbenum is not a standard NetBIOS 3.0 command. Ncbreset reset the network card. The NIC must reset before accepting the new NCB command. NCBastat accepts the status of the local or remote interface card. After using this command, the NCB_Buffer member points to the buffer filled by the Adapter_status structure, followed by an array of Name_Buffer structures. Here is to get the steps of your system MAC address: 1 "list all interface cards. 2 "Reset each card to obtain its correct information. 3 "Query the interface card, get the MAC address and generate a standard colonial separation format. Here is an example source program.
Netbios.cpp #include
IF (NetBIOS (& NCB) == 0) {Char Acmac [18]; Sprintf (acmac, "% 02x:% 02x:% 02x:% 02x:% 02x:% 02x", int (adapter.adapt.adapter_address [0 ]), int (adapter.adapt.adapter_address [1]), int (adapter.adapt.adapter_address [2]), int (adapter.adapt.adapter_address [3]), int (adapter.adapt.adapter_address [4]) , int (adapter.adapt.adapter_address [5]))); mac_addr = acmac; return true;} else {mac_addr = ") (ncbastat):"; mac_addr = string (ncb.ncb_retcode); return false;}}}} int@af main () {// acquired card list LANA_ENUM AdapterList; NCB Ncb; memset (& Ncb, 0, sizeof (NCB)); Ncb.ncb_command = NCBENUM; Ncb.ncb_buffer = (unsigned char *) & AdapterList; Ncb.ncb_length = sizeof ( AdapterList); NetBIOS (& NCB); // Get the address of the local Ethernet card string mac_addr; for (int i = 0; i The second method - uses the COM GUID API to create a GUID (globally unique identifier) and inherit the MAC address from there. GUID is usually used to identify COM components and other objects in the system. They are calculated from the MAC address (combined with other things), and the MAC address on the surface is included there. I said that the surface is because it doesn't contain it. I provide this approach to more than a brock. You may use this method to get the MAC address, but sometimes you only get a random hexadecimal value. The following example is very simple, there is no need to talk more. We use CocreateGuid to create a GUID and place the last six bytes in a string. They may be a MAC address, but it is not necessarily. UUID.cpp #include snmp.cpp #include / * Load and get SNMP DLL instance handle * / m_hInst = LoadLibrary ( "inetmib1.dll"); if (m_hInst <(HINSTANCE) HINSTANCE_ERROR) {m_hInst = NULL; return;} m_Init = (pSnmpExtensionInit) GetProcAddress (m_hInst, " SnmpExtensionInit "); m_InitEx = (pSnmpExtensionInitEx) GetProcAddress (m_hInst," SnmpExtensionInitEx "); m_Query = (pSnmpExtensionQuery) GetProcAddress (m_hInst," SnmpExtensionQuery "); m_Trap = (pSnmpExtensionTrap) GetProcAddress (m_hInst," SnmpExtensionTrap "); m_Init (GetTickCount ( ), & Pointfortrapevent, & support); / * Initialization used to receive M_Query query results Variable list * / varbindlist.list = varbind; varbind [0] .name = mib_null; varbind [1] .name = mib_null; / * in OID copy and find the number of entries in the interface table * / varBindList.len = 1; / * Only retrieving one item * / SNMP_oidcpy (& varBind [0] .name, & MIB_ifEntryNum); ret = m_Query (ASN_RFC1157_GETNEXTREQUEST, & varBindList, & errorStatus, & errorIndex); Printf ("# of adapters in this system:% in", varbind [0] .value.asnvalue.number); varbindlist.len = 2; / * Copy OID IFTYPE-Interface Type * / SNMP_oidcpy (& Varbind [0]. Name, & Mib_IFENTRY TYPE); / * Copy OID's ifphysaddress- Physical Address * / SNMP_OIDCPY (& Varbind [1] .Name, & MIB_IFMACENTDR); DO {/ * Submit query, the result will be loaded into VarbindList. It can be expected that the number of cyclic calls and the number of interface cards in the system are equal * / RET = M_Query (asn_rfc1157_getnextrequest, & varbindlist, & errorstatus, & errorindex); if (! RET) RET = 1; Else / * confirm the correct return type * / Ret = SNMP_OIDNCMP (& varbind [0] .name, & mib_ifenTrytype, MIB_IB_IFENTRYTYPE.IDLENGTH); if (! RET) {J ; DTMP = varbind [0] .value.asnvalue.Number; Printf ("interface #% i type:% in" , J, DTMP); / * TYPE 6 Describes Ethernet interfaces * / if (DTMP == 6) {/ * Confirm that we already get the address * / RET = snmp_oidncmp (& varbind [1] .name, & mib_ifmacentaddr, mib_ifmaceaddr.idlength ); if ((! RET) && (varbind [1] .value.asnvalue.address.Stream! = null) {if ((varbind [1] .Value.asnvalue.address.Stream [0] == 0x44) && (VARBIND [1] .Value.asnvalue.address.Stream [1] == 0x45) && (varbind [1] .value.asnvalue.address.stream [2] == 0x53) && (varbind [1] .value .asnvalue.address.Stream [3] == 0x54) && (varbind [1] .value.asnvalue.address.Stream [4] == 0x00)) {/ * ignore all dial-up network interface card * / printf (" Interface #% i is a dun adaptern ", J); Continue;} IF ((varbind [1] .value.asnvalue.address.Stream [0] == 0x00) && (VA RBIND [1] .Value.asnvalue.address.Stream [1] == 0x00) && (varbind [1] .value.asnvalue.address.Stream [2] == 0x00) && (varbind [1] .value.asnvalue .address.Stream [3] == 0x00) && (varbind [1] .value.asnvalue.address.Stream [4] == 0x00) && (varbind [1] .Value.asnvalue.address.Stream [5] = = 0x00)) {/ * ignores NULL addresses returned by other network interface cards * / printf ("Interface #% I is a null addressn, j), joint;} sprintf (TemPethernet,"% 02x% 02x% 02X % 02x% 02x% 02X " Varbind [1] .value.asnvalue.address.Stream [0], Varbind [1] .value.asnvalue.address.Stream [1], Varbind [1] .Value.asnvalue.address.Stream [2], varbind [1] .value.asnvalue.address.Stream [3], Varbind [1] .Value.asnvalue.address.Stream [4], Varbind [1] .Value.asnvalue.address.Stream [5]); Printf "Mac Address of Interface #% i:% SN", J, Tempethernet);}}}} while (! RET); / * Error termination occurs. * / getch (); freelibrary (m_hinst); / * Release binding * / snmp_freevarbind (& varbind [0]); snmp_freevarbind (& varbind [1]);} The method of getting a physical address is different for different network cards, but it is to operate the IO port, the specific address of the port should see the specification of the specific chip. Encryption software should get a physical address and cannot use this method. In general, it is obtained by NDISREQUEST in the core state. A method of applying a layer is provided here. To pull NDisRequest, you have to be far away, or stop ... NDIS specification, the NDIS specification supports the ioctl_ndis_query_stats interface: OID_802_3_Permanent_address: physical address OID_802_3_current_address: MAC address is already our method. First, look at the registry, find a few pieces of network card, what equipment name is it. The specific location is related to the OS, 2000 under HLM / Software / Microsoft / Windows NT / Current Version / NetworkCards. Then createfile (devicename, ...) Note that the use linkname, therefore plus ".//device//". Then deviceiocontrol (hmac, IOCTL_NDIS_QUERY_STATS, OID_802_3_PERMANENT_ADDRESS / OID_802_3_CURRENT_ADDRESS ...) can be found in the specific circumstances under ddk OID_802_3_current_address entry. So we got the MAC address and physical address. -------------------------------------------------- ------------------------------ Jzyhummel (blade [fellet]) said: About how to modify the MAC address, there is not much The necessary, anyway, and the registry, how to modify the network card physical address, you can read or modify directly from EEPROM (such as: 8029as, 93C46 chip), but the network card is different, and the reading method is different. If you read the offset 0001h of the 8029AS EEPROM; actual Address I / O 01MAC is stored in the Address 1H, 2H, 3H of EEPROM; if you read the EEPROM (93C46) of 8139C (L), the actual I / O 0x50mac is stored in EEPROM, am ADDRESS 7H, 8H, 9H; the system actually used MAC is placed in the REGISTER of 8139chin, how the offset address is 0000H, 0001H, 0002H, 0003H, 0004H, 0005H how to implement a modification network card Three ways to physical address, I also thank Hu Shrimp :) 1, buy a piece of this card can be made by writing EEPROM physics, this card is now much now, not to buy. If you need to apply the network in the environment, modify the MAC address so that the MAC address of the two cards is different, then the network is still working. 2, find a NE2K or EEPRO100 network card, I believe that any electronic market has two network cards, then find its driver source code in the DDK Sample, find the driver read physical port or PCI mapping memory get the physical address The code that allows functions to return to the physical address you need. This method may be the most easy to implement. In 1998, 17 had a $ 100,000 software with this method D version. If you need to apply the network environment, you also modify the MAC address. Both of these two cards support to modify the MAC address by modifying the registry. Please note that not all card drivers are supported. The principle of this method can be obtained by reading the Source of EEPRO100. The EEPRO100 will read the registry when Load, and then use the physical address if not read, otherwise the address in the registry will be used. This function does not seem to be enforced. So if you don't want to modify the registry, you can still be implemented by modifying the NIC DRIVER. This method applies to all platforms that support NDIS Driver. 3, this method is that I have not specifically tried, but the principle is feasible. All methods for obtaining a NIC address, whether it is a MAC address or a physical address, the root finish is implemented by sending NDisRequest to the NDS DRIVER. But please note that W2K NDISREQUEST is a macro. This macro actually calls the miniporthandler-> RequestHandler function To hoo miniport's function does not seem to find a suitable timing, it is also difficult to give a general solution. However, the method is always thinking, as long as there is rice, it is like a paradise "1024bit RSA, That's Impossible" "Give You 10,000,000 $ ..." "Nothing is iMpossible", you can still be in many places Hook. If it is a Win9X platform, simply call hook_device_service, you can Hook NDisRequest, I will modify the MTU through the Hook this function, or you can also modify the network card physical address. If it is NT4.0, you can also hook ndisRequest, because this is a function, not a macro, you can directly modify the NDIS PE output function portfolio implementation. The method is that I have not tried it. I heard that Rising is to achieve their virus firewall with this method. These three ways, I strong suggestions, the second method, simple and easy, and can bought the piracy, EEPRO100 and NE2K network cards are bought, and the price is cheap ---------- -------------------------------------------------- ---------------- The following describes the modification of the comparative benzene Win2000 modification: 1, in hkey_local_machine / system / currentcontrolset / control / class {4D36E972-E325-11CE-BFC1- 08002BE10318} / 0000,000,000,000, etc. Under the primary key, find the DriverDesc content to describe the description of the NIC to modify, such as 0000. The following method and Rifter "modify the modification of the MAC address", I will move (the place where the annotation is indicated by "^^"). "----> 2, below, add a string, name is networkAddress, the value is set to your Mac ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 00 3, then go to the primary key of NDI / params in the NDI / params, under this primary key ^^^^^ 【^^^^^ 【^ 下 下 主 主 主】】】】 主】 主 主 主 主 主 主 下 下 下 下 下 下 下 下To write, such as 004040404040. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ *, The actual MAC address still depends on the NetWorkAddress parameters mentioned in Point 2, and once the settings are set, the inward advanced attribute is the value given by NetworkAddress and is given by default. 】 4, continue to add a string called paramdesc under the primary key of NetworkAddress, which acts for specifying the description of the NetworkAddress primary key, which can be "Mac Address", so that the property of the network neighbor will be opened, and the corresponding network card will find it. A advanced setting, under the Mac Address option, is the new NetWorkAddress you add in the registry, so you can modify the MAC address here later. 5, turn off the registry, restart, your network card address has been changed. Open the properties of the network neighbor, double-click the corresponding NIC item to find a high-level setting item with a Mac Address. Used to directly modify the MAC address. ××××××××××××××××××××××××× Get a remote network card MAC address. ××××××××××××××××××××××××× First, add #include "nb30.h" #pragma Comment (LIB, "Netapi32.lib, first in the header file definition. ") typedef struct _ASTAT_ {ADAPTER_STATUS adapt; NAME_BUFFER NameBuff [30];} ASTAT, * PASTAT; you can call to get the remote MAC address of: CString getMacAddress (CString sNetBiosName) {ASTAT Adapter; NCB ncb; UCHAR uRetCode; memset (& NCB, 0, SIZEOF (NCB)); ncb.ncb_command = ncbreset; ncb.ncb_lana_num = 0; uretcode = netbios (& NCB); MEMSET (& NCB, 0, SIZEOF (NCB)); ncb.ncb_command = ncbast; ncb. ncb_lana_num = 0; sNetBiosName.MakeUpper (); FillMemory (ncb.ncb_callname, NCBNAMSZ - 1, 0x20); strcpy ((char *) ncb.ncb_callname, (LPCTSTR) sNetBiosName); ncb.ncb_callname [sNetBiosName.GetLength ()] = 0x20; ncb.ncb_callname [NCBNAMSZ] = 0x0; ncb.ncb_buffer = (unsigned char *) & Adapter; ncb.ncb_length = sizeof (Adapter); uRetCode = Netbios (& ncb); CString sMacAddress; if (uRetCode == 0) {sMacAddress .Format (_T ("% 02x% 02x% 02x% 02x% 02x% 02x"), adapter.adapt.ad apter_address [0], Adapter.adapt.adapter_address [1], Adapter.adapt.adapter_address [2], Adapter.adapt.adapter_address [3], Adapter.adapt.adapter_address [4], Adapter.adapt.adapter_address [5]) } Returnix smacaddress;} ×××××××××××××××××××××××××××××××××××××× Modify Windows 2000 Mac address full power (modified OID_802_3_current_address ^ _ ^) ×××××××××××××××××××××××××××××××××××××××× × × piggyxp is taken from http://www.driverdevelop.com/ because you don't understand compilation, no debugging, Is not guaranteed ^ _ ^ 2 MAC address type: OID_802_3_PERMANENT_ADDRESS OID_802_3_CURRENT_ADDRESS modify registry can change: OID_802_3_CURRENT_ADDRESS but OID_802_3_PERMANENT_ADDRESS, you must modify driver Use following APIs, you can get PERMANENT_ADDRESS CreateFile:. Opened the driver DeviceIoControl: send query to driver Use softice to track where the OID_802_3_PERMANENT_ADDRESS is processed: Find the location: .................: 0001ACB6 8D B3 EA 00 00 00 lea esi, dword ptr [ebx 000000EA]: 0001ACBC 8D7DDC lea edi , DWORD PTR [EBP-24]: 0001ACBF A5 MOVSD // CYM: Move Out the Mac Address: 0001ACC2 C745MOVSW: 0001ACC2 C745F406000000 MOV [EBP-0C] 00000006: 0001ACC9 8D75DC LEA ESI, DWORD PTR [EBP-24]: 0001ACCC E926070000 JMP 0001B3F7 ............ Change to:: 0001ACB6 8D75DC Lea ESI, DWORD PTR [EBP-24]: 0001ACB9 C70600002003 MOV DWORD PTR [ESI], 0 3200000 // CYM: 0001ACBF 66C746041224 MOV [ESI 04], 2412: 0001ACC5 C745F406000000 MOV [EBP-0C], 00000006: 0001ACCC E926070000 JMP 0001B3F7 ..... Dasm driver .sys file, find ndisreadnetworkaddress ...: 000109B9 50 Push Eax * Reference to: NDIS. NdisReadNetworkAddress, Ord: 00EAh |: 000109BA FF1538040100 Call dword ptr [00010438]: 000109C0 837DF400 cmp dword ptr [ebp-0C], 00000000: 000109C4 7516 jne 000109DC // is set mac addr in registry, use it others jump: 000109C6 8B45E8. mov eax, dword ptr [ebp-18]: 000109C9 8B08 mov ecx, dword ptr [eax]: 000109CB 898EE4000000 mov dword ptr [esi 000000E4], ecx: 000109D1 668B4004 mov ax, word ptr [eax 04]: 000109D5 668986E8000000 MOV Word PTR [ESI 000000E8], AX ... SET W MEMORY BREAL POINT AT ESI 000000E4, Find location: ...: 000124D6 8A83E5000000 MOV Al, Byte PTR [EBX 000000E5] // Mac Addr 2nd Byte: 000124DC 0A83E6000000 000124DC 0A83E6000000 OR Al, Byte PTR [EBX 000000E6] // Mac Addr 3rd Byte: 000124E2 0A83E7000000 OR Al, Byte PTR [EBX 000000E7] .. .: 000124E8 0A83E8000000 OR Al, Byte Ptr [EBX 000000E8]: 000124EE 0A83E900000000 OR Al, Byte PTR [EBX 000000E9] // mac addr 6th byte: 000124F4 0A07 or al, byte ptr [edi] //: 000124F6 7503 jne 000124FB //: 000124F8 A5 movsd //: 000124F9 66A5 movsw // if no station addr use permanent address as mac addr ..... change to: 000124D6 C683E500000000 mov byte ptr [ebx 000000E5], 00 // CYM: 000124DD C683E600000020 mov byte ptr [ebx 000000E6], 20: 000124E4 C683E700000003 mov byte ptr [ebx 000000E7], 03: 000124EB C683E800000012 mov byte ptr [ebx 000000E8], 12: 000124F2 C683E900000024 mov byte ptr [ebx 000000E9], 24: 000124F9 90 nop: 000124FA 90 nop It seems that the driver can work now Testing:. disable nic, enable nic. Jump 0xc0000221 ERR .. Or, checksum error Before windows load .sys file, it will check the checksum The checksum can be get by CheckSumMappedFile Build a small tools to reset the checksum in .sys file Test again, OK relevant exe download http:. // www .driverDevelop.com / Article / Chengyu_Checksum.zip ××××××××××××××××××××××××××××××××××××× NetBIOS API gets network card MAC address × × ×××××××××××××××××××××××××××××××××××× #include "nb30.h" #pragma comment (lib) , "netapi32.lib") typedef struct tagMAC_ADDRESS {BYTE b1, b2, b3, b4, b5, b6;} MAC_ADDRESS, * LPMAC_ADDRESS; typedef struct tagASTAT {ADAPTER_STATUS adapt; NAME_BUFFER NameBuff [30];} ASTAT, * LPASTAT; UCHAR GetDressbyIndex (int LANA_NUM, ASTAT & Adapter) {NCB NCB; Uchar Uretcode; Memset (& NCB, 0, SIZEOF (NCB)); ncb.ncb_command = ncbreset; ncb.ncb_lana_num = lana_num; // Specify the NIC number, first of all The network card sends an ncbreset command for initialization uretcode = netbios (& NCB); MEMSET (& NCB, 0, SIZEOF (NCB)); ncb.ncb_command = ncbastatat; ncb.ncb_lana_num = lana_num; // Specify NIC STRCPY ((char *) NCB.ncb_callname, "*"); ncb.ncb_buffer = (unsigned char *) & adapter; // Specify the returned information stored NCB.NCB_LENGTH = SIZEOF (Adapter); / / Next, you can send NCBastat command to get the NCBASTAT command Information URETCODE = NetBIOS (& NCB); Return URetcode;} INT getMac (LPMAC_ADDRESS PMACADDR) {ncb ncb; uchar uretcode; int Num = 0; LANA_ENUM LANA_ENUM; MEM Set (& NCB, 0, SIZEOF (NCB)); ncb.ncb_command = ncbbenum; ncb.ncb_buffer = (unsigned char *) & lana_enum; ncb.ncb_length = sizeof (LANA_ENUM); send NCBenum command to the network card to get the current machine network card Information Get its MAC address for (int i = 0; i Adapter.adapt.adapter_address [3]; pmacaddr [i] .b5 = adapter.adapt.adapter_address [4]; pmacaddr [i] .b6 = adapter.adapt.adapter_address [5];}}} return num;}}}} Return Num ===== Call: mac_address m_macaddr [10]; //, for example, up to 10 network card INT n = getMac (m_macaddr); // get the number of network cards TCHAR SZADDR [128]; WSPrintf (Szaddr, _t ("% 02x-% 02x-% 02x-% 02x "), m_macaddr [0] .b1, m_macaddr [0] .b2, m_macaddr [0] .b3, m_macaddr [0] .b4, m_macaddr [0] .b5 , m_macaddr [0] .b6); _TCSUPR (SZADDR); // can get MAC addresses such as 00-E0-AA-AA-AA-AA ××××××××××××× ××××××××××××××××××××××××××× use IP helper API to get network card address ×××××××××××××× ×××××××××××××××××××××××× huh, the most common method is placed in the final use of the GetAdaptersinfo function here. Most of the information, friends We can use ^ _ ^ #include
