1、讀取主板序列號
2、AWard BiOS密碼讀取
3、讀取BiOS信息
4、獲取BiOS日期信息
=========================================
1、讀取主板序列號
uses SHA1, Base64;
function GetHashedBiOSInfo: string;
var
SHA1Context: TSHA1Context;
SHA1Digest: TSHA1Digest;
begin
// Get the BiOS data
SetString(Result, PChar(Ptr($F0000)), $10000);
// Hash the string
SHA1Init(SHA1Context);
SHA1Update(SHA1Context, PChar(Result), Length(Result));
SHA1Final(SHA1Context, SHA1Digest);
SetString(Result, PChar(@SHA1Digest), sizeof(SHA1Digest));
// Return the hash string encoded in printable characters
Result := B64Encode(Result);
end;
function GetBiOSInfoAsText: string;
var
p, q: pchar;
begin
q := nil;
p := PChar(Ptr($FE000));
repeat
if q <> nil then begin
if not (p^ in [#10, #13, #32..#126, #169, #184]) then begin
if (p^ = #0) and (p - q >= 8) then begin
Result := Result + TrimRight(String(q)) + #13#10;
end;
q := nil;
end;
end else
if p^ in [#33..#126, #169, #184] then
q := p;
inc(p);
until p > PChar(Ptr($FFFFF));
Result := TrimRight(Result);
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
Memo1.Lines.Text := GetBiOSInfoAsText;
end;
==========================================
2、AWard BiOS密碼讀取(應該是jingtao的文章,但是ID沒有記錄)
Unit AwardBiOSPas;
//Write by lovejingtao
//http://www.138soft.com
interface
uses Windows,SysUtils;
function My_GetBiOSPassWord:String;
implementation
function CalcPossiblePassword(PasswordValue: Word): string;
var
I: BYTE;
C: CHAR;
S: string[8];
begin
I := 0;
while PassWordValue <> 0 do
begin
Inc(I);
if $263 > PassWordValue then
begin
if $80 > PassWordValue then
S[I] := CHAR(PassWordValue)
else if $B0 > PassWordValue then
S[I] := CHAR(PassWordValue and $77)
else if $11D > PassWordValue then
S[I] := CHAR($30 or (PassWordValue and $0F))
else if $114 > PassWordValue then
begin
S[I] := CHAR($64 or (PassWordValue and $0F));
if '0' > S[I] then
S[I] := CHAR(BYTE(S[I]) + 8);
end
else if $1C2 > PassWordValue then
S[I] := CHAR($70 or (PassWordValue and $03))
else if $1E4 > PassWordValue then
S[I] := CHAR($30 or (PassWordValue and $03))
else
begin
S[I] := CHAR($70 or (PassWordValue and $0F));
if 'z' < S[I] then
S[I] := CHAR(BYTE(S[I]) - 8);
end;
end
else
S[I] := CHAR($30 or (PassWordValue and $3));
PasswordValue := (PassWordValue - BYTE(S[I])) shr 2;
end;
S[0] := CHAR(I);
PassWordValue := I shr 1;
while PassWordValue < I do
begin {this is to do because award starts calculating with the last letter}
C := S[BYTE(S[0]) - I + 1];
S[BYTE(S[0]) - I + 1] := S[I];
S[I] := C;
Dec(I);
end;
CalcPossiblePassWord := S;
end;
function readcmos(off: byte): byte;
var
value: byte;
begin
asm
xor ax, ax
mov al, off
out 70h, al
in al, 71h
mov value, al
end;
readcmos := value;
end;
function My_GetBiOSPassWord:String;
var
superpw, userpw: Word;
S:String;
begin
if Win32Platform <> VER_PLATFORM_WIN32_NT then //不是NT
begin
pchar(@superpw)[0] := char(readcmos($1C));
pchar(@superpw)[1] := char(readcmos($1D));
pchar(@userpw)[0] := char(readcmos($64));
pchar(@userpw)[1] := char(readcmos($65));
S:='超級用戶密碼為:'+CalcPossiblePassword(superpw)+#13+'用戶密碼為:'+CalcPossiblePassWord(userpw);
Result:=S;
end
else
Result:='用戶系統為NT,無法獲取BISO密碼!';
end;
end.
==========================================
3、讀取BiOS信息
{程序使用Windows 95/2000平台,自動檢測系統類型,然後進行不同調用}
uses BiOSHelp;
procedure TForm1.Button1Click(Sender: TObject);
var
Dump: TRomBiOSDump;
i: Integer;
begin
ReadRomBiOS(Dump, rrbmAutomatic);
for i := 1 to $000FFFFF - $000F0000 - 1 do
Memo1.Lines.Add(IntToHex(Dump[i + $000FFFFF], 2));
end;
(*******************************************************************************
* *
* BIOS Help - read ROM BiOS on Windows 95/98/SE/ME/NT/2K/XP *
* *
* Copyright (C) 2001, Nico Bendlin ([email protected]) *
* *
* Compiler: Delphi 4.03/5.01/6.00 *
* Version: 1.03, 2001-09-02 *
* *
*******************************************************************************)
{ postum scriptum: sorry for the bad english, i wrote it in a hurry }
unit BiOSHelp;
{$ALIGN ON}
{$MINENUMSIZE 4}
interface
uses
Windows;
type
PRomBiosDump = ^TRomBiOSDump;
TRomBiOSDump = array[$000F0000..$000FFFFF] of Byte;
type
TReadRomBiOSMethod = (
rrbmAutomatic, { Autodetect OS type and use proper method }
rrbmGeneric, { Use 16-bit COM program to dump the BiOS }
rrbmMemory, { Read from memory (Win9x) }
rrbmPhysical { Read from physical memory object (WinNT) }
);
function ReadRomBios(var Dump: TRomBiosDump; Method: TReadRomBiOSMethod;
Timeout: DWord = INFINITE): Boolean;
function GetRomBiosBuffer(const Dump: TRomBiOSDump; Address: Pointer;
var Buffer; BufferSize: Cardinal): Cardinal;
function GetRomBiosString(const Dump: TRomBiOSDump; Address: Pointer): string;
function GetRomBiosLongLong(const Dump: TRomBiOSDump; Address: Pointer): LONGLONG;
function GetRomBiosDWord(const Dump: TRomBiOSDump; Address: Pointer): DWord;
function GetRomBiosWord(const Dump: TRomBiOSDump; Address: Pointer): Word;
function GetRomBiosByte(const Dump: TRomBiOSDump; Address: Pointer): Byte;
implementation
{###############################################################################
# #
# GENERIC METHOD #
# #
# Create an temporary folder, save an 16bit COM program (RomDump.com) into it, #
# execute program redirected to an file (Rom.dmp, RomDump.com simply dumps the #
# memory range F000:0000-F000:FFFF to STDOUT), read dump file into the buffer, #
# and finally cleanup all temporary files and directorIEs. #
# #
# (the function RomDumpCode is x86 specific, which i wrote to generate 16-bit #
# code with the help of the 23-bit Delphi compiler, never try to execute the #
# pseudo-code in your program! it will not work in 32-bit protected mode) #
# #
###############################################################################}
{ *INTERNAL* - Pseudo 16-bit code }
type
PRomDumpCodeInfo = ^TRomDumpCodeInfo;
TRomDumpCodeInfo = (rdciStart, rdcIEnd, rdciSize);
function _RomDumpCode(Info: TRomDumpCodeInfo): Pointer;
var
CodeStart: Pointer;
CodeEnd: Pointer;
begin
asm
JMP @@End
{ *BEGIN* 16-bit code }
{ -- never use it in your program! -- }
{ COM which writes ROM-BiOS to StdOut }
@@Start:
{ Dump F000:0000-F000:FFFE }
XOR eDX, eDX // DS = 0xF000 ; Data segment
MOV DH, 0F0h
MOV DS, eDX
XOR eDX, eDX // DX = 0x0000 ; Data offset
XOR eCX, eCX // CX = 0xFFFF ; Data length
DEC eCX
XOR eBX, eBX // BX = 0x0001 ; STDOUT (file handle)
INC eBX
MOV AH, 40h // DosCall(0x40) ; INT21, DOS_WRITE_TO_HANDLE
INT 21h
JC @@Exit // On error exit ; AL = Error code
{ Dump F000:FFFF }
XOR eDX, eDX // DS = 0xF000 ; Data segment
MOV DH, 0F0h
MOV DS, eDX
XOR eDX, eDX // DX = 0xFFFF ; Data offset
DEC eDX
XOR eCX, eCX // CX = 0x0001 ; Data length
INC eCX
MOV eBX, eCX // BX = 0x0001 ; STDOUT (file handle)
MOV AH, 40h // DosCall(0x40) ; INT21, DOS_WRITE_TO_HANDLE
INT 21h
JC @@Exit // On error exit ; AL = Error code
MOV AL, 0 // no error ; AL = 0
@@Exit:
MOV AH, 4Ch // DosCall(0x4C) ; INT21, DOS_TERMINATE_EXE
INT 21h
@@End:
{ *END* 16-bit code }
MOV CodeStart, OFFSET @@Start
MOV CodeEnd, OFFSET @@End
end;
case Info of
rdciStart:
Result := CodeStart;
rdcIEnd:
Result := CodeEnd;
rdciSize:
Result := Pointer(Cardinal(CodeEnd) - Cardinal(CodeStart));
else
Result := nil;
end;
end;
{ *INTERNAL* - Save 16-bit code to file }
function _RomDumpCodeToFile(const Filename: string): Boolean;
var
ComFile: THandle;
Size: Cardinal;
begin
Result := False;
ComFile := CreateFile(PChar(Filename), GENERIC_WRITE, FILE_SHARE_READ, nil,
CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
if ComFile <> INVALID_HANDLE_VALUE then
try
Result := WriteFile(ComFile, _RomDumpCode(rdciStart)^,
Cardinal(_RomDumpCode(rdciSize)), Size, nil) and
(Size = Cardinal(_RomDumpCode(rdciSize)));
if not Result then
DeleteFile(PChar(Filename));
finally
CloseHandle(ComFile);
end;
end;
{ *INTERNAL* - Execute 16-bit code redirected to file }
function _RomDumpCodeExecute(const Com, Dmp: string; Timeout: DWord): Boolean;
var
ComSpec: string;
si: TStartupInfo;
pi: TProcessInformation;
begin
Result := False;
SetLength(ComSpec, MAX_PATH);
SetLength(ComSpec,
GetEnvironmentVariable('ComSpec', PChar(@ComSpec[1]), MAX_PATH));
if Length(ComSpec) > 0 then
begin
FillChar(si, SizeOf(TStartupInfo), 0);
si.cb := SizeOf(TStartupInfo);
si.dwFlags := STARTF_USESHOWWINDOW;
si.wShowWindow := SW_HIDE;
if CreateProcess(nil, PChar(ComSpec + ' /C ' + Com + ' > ' + Dmp),
nil, nil, False, CREATE_NEW_CONSOLE or CREATE_NEW_PROCESS_GROUP, nil,
nil, si, pi) then
try
Result := WaitForSingleObject(pi.hProcess, Timeout) <> WAIT_TIMEOUT;
finally
CloseHandle(pi.hProcess);
CloseHandle(pi.hThread);
end;
end;
end;
function DirectoryExists(const Dir: string): Boolean;
var
Attr: DWord;
begin
Attr := GetFileAttributes(PChar(Dir));
Result := (Attr <> $FFFFFFFF) and
(Attr and FILE_ATTRIBUTE_DIRECTORY = FILE_ATTRIBUTE_DIRECTORY);
end;
{ Get BiOS dump the generic way }
function ReadRomBios16(var Buffer: TRomBiOSDump; Timeout: DWord): Boolean;
const
TempSub = '~RomDmp';
ComName = 'RomDump.com';
DmpName = 'Rom.dmp';
var
TempPath: string;
TempDir: string;
TempIdx: Integer;
TempIdxStr: string;
ComFile: string;
DmpFile: string;
DmpHandle: THandle;
Written: DWord;
begin
Result := False;
SetLength(TempPath, MAX_PATH);
SetLength(TempPath, GetTempPath(MAX_PATH, PChar(@TempPath[1])));
if Length(TempPath) > 0 then
begin
if (TempPath[Length(TempPath)] <> '') then
TempPath := TempPath + '';
TempIdx := 0;
repeat
Inc(TempIdx);
Str(TempIdx, TempIdxStr);
TempDir := TempPath + TempSub + TempIdxStr;
until not DirectoryExists(TempDir);
if CreateDirectory(PChar(TempDir), nil) then
try
TempDir := TempDir + '';
ComFile := TempDir + ComName;
DmpFile := TempDir + DmpName;
if _RomDumpCodeToFile(ComFile) then
try
if _RomDumpCodeExecute(ComFile, DmpFile, Timeout) then
begin
DmpHandle := CreateFile(PChar(DmpFile), GENERIC_READ,
FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING, 0, 0);
if DmpHandle <> INVALID_HANDLE_VALUE then
try
FillChar(Buffer, SizeOf(TRomBiOSDump), 0);
Result := ReadFile(DmpHandle, Buffer, SizeOf(TRomBiOSDump),
Written, nil) and (Written = SizeOf(TRomBiOSDump));
finally
CloseHandle(DmpHandle);
end;
end;
finally
DeleteFile(PChar(DmpFile));
DeleteFile(PChar(ComFile));
end;
finally
RemoveDirectory(PChar(TempDir));
end;
end;
end;
{###############################################################################
# #
# DIRECT METHOD (Win9x) #
# #
# Due to the fact that Windows 95/98/ME maps the BiOS into every Win32 process #
# for read Access it is very simple to fill the buffer from memory. #
# #
###############################################################################}
function ReadRomBios9x(var Buffer: TRomBiOSDump): Boolean;
begin
Result := False;
try
FillChar(Buffer, SizeOf(TRomBiOSDump), 0);
Move(Pointer(Low(TRomBiosDump))^, Buffer, SizeOf(TRomBiOSDump));
Result := True;
except
// ignore exceptions
end
end;
{###############################################################################
# #
# PHYSICAL MEMORY METHOD (WinNT) #
# #
# On Windows NT the ROM BiOS is only available through the named kernel object #
# 'DevicePhysicalMemory'. Because it is impossible to open kernel objects in #
# user mode with standard Win32 API functions we make use of NT's nativeAPI in #
# NtDll.dll ("NT-Layer") namely ZwOpenSection. #
# #
# (note: mostly there are two versions of every function ZwXxx and NtXxx. The #
# only difference in kernel mode is that the NtXxx version works in conside- #
# ration to security while ZwXxx not. But in user mode both work like NtXxx.) #
# #
# At first the section is opened with ZwOpenSection. Normally we would proceed #
# ZwMapViewOfSection, ZwUnmapVIEwOfSection, and NtClose. But the functions are #
# more complex and there is no needing for it. With the handle (because we are #
# in the "very simple" user mode =) we now use MapViewOfFile, UnmapVIEwOfFile, #
# and CloseHandle to map an memory window (the ROM BiOS) into our process. #
# #
# Due to the fact that ZwOpenSection returns NT error-codes in case of failure #
# we have to translate it to an Win32 error-code (RtlNtStatusToDOSError). #
# All NT specific functions are dynamically loaded -- because the applications #
# should start on Win9x systems =) #
# #
###############################################################################}
{ For more information see Windows 2000/XP DDK }
{ It works on Windows NT 4.0 too, use NtDll.dll }
type
NTSTATUS = Integer;
const
STATUS_SUCCESS = NTSTATUS(0);
STATUS_INVALID_HANDLE = NTSTATUS($C0000008);
STATUS_Access_DENIED = NTSTATUS($C0000022);
type
PUnicodeString = ^TUnicodeString;
TUnicodeString = packed record
Length: Word;
MaximUMLength: Word;
Buffer: PWideChar;
end;
const
OBJ_INHERIT = $00000002;
OBJ_PERMANENT = $00000010;
OBJ_EXCLUSIVE = $00000020;
OBJ_CASE_INSENSITIVE = $00000040;
OBJ_OPENIF = $00000080;
OBJ_OPENLINK = $00000100;
OBJ_KERNEL_HANDLE = $00000200;
OBJ_VALID_ATTRIBUTES = $000003F2;
type
PObjectAttributes = ^TObjectAttributes;
TObjectAttributes = record
Length: ULONG;
RootDirectory: THandle;
ObjectName: PUnicodeString;
Attributes: ULONG;
SecurityDescriptor: PSecurityDescriptor;
SecurityQualityOfService: PSecurityQualityOfService;
end;
const
ObjectPhysicalMemoryDeviceName = 'DevicePhysicalMemory';
ObjectPhysicalMemoryName: TUnicodeString = (
Length: Length(ObjectPhysicalMemoryDeviceName) * 2;
MaximUMLength: Length(ObjectPhysicalMemoryDeviceName) * 2 + 2;
Buffer: ObjectPhysicalMemoryDeviceName;
);
ObjectPhysicalMemoryAccessMask: Access_MASK = SECTION_MAP_READ;
ObjectPhysicalMemoryAttributes: TObjectAttributes = (
Length: SizeOf(TObjectAttributes);
RootDirectory: 0;
ObjectName: @ObjectPhysicalMemoryName;
Attributes: OBJ_CASE_INSENSITIVE;
SecurityDescriptor: nil;
SecurityQualityOfService: nil;
);
type
TFNZwOpenSection = function(out SectionHandle: THandle;
DesiredAccess: Access_MASK; ObjectAttributes: PObjectAttributes): NTSTATUS;
stdcall;
TFNRtlNtStatusToDOSError = function(Status: NTSTATUS): DWord; stdcall;
const
ntdll = 'ntdll.dll';
var
ZwOpenSection: TFNZwOpenSection;
RtlNtStatusToDosError: TFNRtlNtStatusToDOSError;
function ReadRomBiosNt(var Buffer: TRomBiOSDump; Timeout: DWord): Boolean;
var
NtLayer: HMODULE;
Status: NTSTATUS;
Section: THandle;
VIEw: Pointer;
begin
Result := False;
NtLayer := GetModuleHandle(ntdll);
if NtLayer = 0 then
SetLastError(ERROR_CALL_NOT_IMPLEMENTED)
else
begin
if not Assigned(ZwOpenSection) then
ZwOpenSection := GetProcAddress(NtLayer, 'ZwOpenSection');
if not Assigned(RtlNtStatusToDOSError) then
RtlNtStatusToDosError := GetProcAddress(NtLayer, 'RtlNtStatusToDOSError');
if not (Assigned(ZwOpenSection) and Assigned(RtlNtStatusToDOSError)) then
SetLastError(ERROR_CALL_NOT_IMPLEMENTED)
else
begin
Status := ZwOpenSection(Section, ObjectPhysicalMemoryAccessMask,
@ObjectPhysicalMemoryAttributes);
case Status of
STATUS_SUCCESS:
try
View := MapVIEwOfFile(Section, ObjectPhysicalMemoryAccessMask, 0,
Low(TRomBiosDump), SizeOf(TRomBiOSDump));
if Assigned(VIEw) then
try
FillChar(Buffer, SizeOf(TRomBiOSDump), 0);
Move(VIEw^, Buffer, SizeOf(TRomBiOSDump));
Result := True;
finally
UnmapViewOfFile(VIEw);
end;
finally
CloseHandle(Section);
end;
STATUS_Access_DENIED:
Result := ReadRomBiOS16(Buffer, Timeout);
else
SetLastError(RtlNtStatusToDOSError(Status))
end;
end;
end;
end;
{###############################################################################
# #
# ReadRomBiOS #
# #
###############################################################################}
function ReadRomBios(var Dump: TRomBiosDump; Method: TReadRomBiOSMethod;
Timeout: DWord = INFINITE): Boolean;
begin
Result := False;
case Method of
rrbmAutomatic:
if (Integer(GetVersion) < 0) then
try
Result := ReadRomBiOS9x(Dump);
except
Result := ReadRomBiOS16(Dump, Timeout);
end
else
Result := ReadRomBiOSNt(Dump, Timeout);
rrbmGeneric:
Result := ReadRomBiOS16(Dump, Timeout);
rrbmMemory:
Result := ReadRomBiOS9x(Dump);
rrbmPhysical:
Result := ReadRomBiOSNt(Dump, Timeout);
else
SetLastError(ERROR_INVALID_PARAMETER);
end;
end;
{###############################################################################
# #
# UtilitIEs to simplify the Access to data as generic standard types #
# #
###############################################################################}
function GetRomBiosBuffer(const Dump: TRomBiOSDump; Address: Pointer;
var Buffer; BufferSize: Cardinal): Cardinal;
begin
Result := 0;
if (Cardinal(Address) >= Low(TRomBiOSDump)) and
(Cardinal(Address) <= High(TRomBiOSDump)) then
begin
Result := BufferSize;
if (Cardinal(Address) + BufferSize > High(TRomBiOSDump)) then
Result := High(TRomBiOSDump) - Cardinal(Address) + 1;
Move(Dump[Cardinal(Address)], Buffer, Result);
end;
end;
function GetRomBiosString(const Dump: TRomBiOSDump; Address: Pointer): string;
begin
Result := '';
if (Cardinal(Address) >= Low(TRomBiOSDump)) and
(Cardinal(Address) <= High(TRomBiOSDump)) then
Result := string(PChar(@Dump[Cardinal(Address)]));
end;
function GetRomBiosLongLong(const Dump: TRomBiOSDump; Address: Pointer): LONGLONG;
type
PLongLong = ^LONGLONG;
begin
Result := 0;
if (Cardinal(Address) >= Low(TRomBiOSDump)) and
(Cardinal(Address) <= High(TRomBiOSDump) - SizeOf(LONGLONG) + 1) then
Result := PLongLong(@Dump[Cardinal(Address)])^;
end;
function GetRomBiosDWord(const Dump: TRomBiOSDump; Address: Pointer): DWord;
begin
Result := 0;
if (Cardinal(Address) >= Low(TRomBiOSDump)) and
(Cardinal(Address) <= High(TRomBiOSDump) - SizeOf(DWord) + 1) then
Result := PDWord(@Dump[Cardinal(Address)])^;
end;
function GetRomBiosWord(const Dump: TRomBiOSDump; Address: Pointer): Word;
begin
Result := 0;
if (Cardinal(Address) >= Low(TRomBiOSDump)) and
(Cardinal(Address) <= High(TRomBiOSDump) - SizeOf(Word) + 1) then
Result := PWord(@Dump[Cardinal(Address)])^;
end;
function GetRomBiosByte(const Dump: TRomBiOSDump; Address: Pointer): Byte;
begin
Result := 0;
if (Cardinal(Address) >= Low(TRomBiOSDump)) and
(Cardinal(Address) <= High(TRomBiOSDump) - SizeOf(Byte) + 1) then
Result := PByte(@Dump[Cardinal(Address)])^;
end;
end.
==========================================
4、獲取BiOS日期信息
{--------------------------------------------------------------------------}
{獲取BiOS的日期信息,估計可能在2000下適用,但是可能需要獲取權限}
function GetBiOSDate1: String;
var
Buffer: Array[0..8] Of Char;
N: DWord;
begin
ReadProcessMemory(GetCurrentProcess,
Ptr($FFFF5),
@Buffer,
8,
N);
Buffer[8] := #0;
result := StrPas(Buffer)
end;
function GetBiOSDate2: String;
begin
result := string(pchar(ptr($FFFF5)));
end;