匯編語言通過WMI獲取BIOS、主板、硬盤、CPU、網卡的信息


前幾天在網上看見某大牛使用匯編語言寫的通過WMI獲取BIOS,主板,硬盤,CPU,網卡的信息的一篇文章,發現真是寫的太棒了,最近正好想要用匯編寫點東西,就拿着作者的源碼修改了點東西,來實現自己的需求,我是在RadASM下編譯使用的,大牛的解決方法正好給我提供了許多思路,也讓我學到了很多,下面就是我修改后的源代碼:

.586

.MODEL FLAT,STDCALL

OPTION CASEMAP:NONE
INCLUDE windows.inc

INCLUDE kernel32.inc
INCLUDELIB kernel32.lib

INCLUDE ole32.inc
INCLUDELIB ole32.lib

INCLUDE user32.inc
INCLUDELIB user32.lib

INCLUDE masm32.inc
INCLUDELIB masm32.lib

GetWmiInfo proto :LPWSTR, :LPSTR, :LPSTR

g_debug equ 0

; located in ObjIdl.h

EOAC_NONE EQU 0
COINIT_MULTITHREADED equ 00h

; located in RpcDce.h

RPC_C_AUTHN_LEVEL_DEFAULT EQU 0
RPC_C_IMP_LEVEL_DEFAULT EQU 0
RPC_C_IMP_LEVEL_IMPERSONATE EQU 3

GUID2 STRUCT
dd1 DWORD ?
dw1 WORD ?
dw2 WORD ?
db1 BYTE ?
db2 BYTE ?
db3 BYTE ?
db4 BYTE ?
db5 BYTE ?
db6 BYTE ?
db7 BYTE ?
db8 BYTE ?
GUID2 ENDS

IWbemLocator STRUCT
lpVtbl DWORD ?
IWbemLocator ENDS


IWbemLocatorVtbl STRUCT

QueryInterface DWORD ?
AddRef DWORD ?
Release DWORD ?
ConnectServer DWORD ?
IWbemLocatorVtbl ENDS

IWbemServices STRUCT
lpVtbl DWORD ?
IWbemServices ENDS

IWbemServicesVtbl STRUCT

QueryInterface DWORD ?
AddRef DWORD ?
Release DWORD ?
OpenNamespace DWORD ?
CancelAsyncCall DWORD ?
QueryObjectSink DWORD ?
GetObject DWORD ?
GetObjectAsync DWORD ?
PutClass DWORD ?
PutClassAsync DWORD ?
DeleteClass DWORD ?
DeleteClassAsync DWORD ?
CreateClassEnum DWORD ?
CreateClassEnumAsync DWORD ?
PutInstance DWORD ?
PutInstanceAsync DWORD ?
DeleteInstance DWORD ?
DeleteInstanceAsync DWORD ?
CreateInstanceEnum DWORD ?
CreateInstanceEnumAsync DWORD ?
ExecQuery DWORD ?
ExecQueryAsync DWORD ?
ExecNotificationQuery DWORD ?
ExecNotificationQueryAsync DWORD ?
ExecMethod DWORD ?
ExecMethodAsync DWORD ?

IWbemServicesVtbl ENDS



IEnumWbemClassObject STRUCT
lpVtbl DWORD ?
IEnumWbemClassObject ENDS

IEnumWbemClassObjectVtbl STRUCT

QueryInterface DWORD ?
AddRef DWORD ?
Release DWORD ?
Reset DWORD ?
Next DWORD ?
NextAsync DWORD ?
Clone DWORD ?
Skip DWORD ?
IEnumWbemClassObjectVtbl ENDS

IWbemClassObject STRUCT
lpVtbl DWORD ?
IWbemClassObject ENDS

IWbemClassObjectVtbl STRUCT
QueryInterface DWORD ?
AddRef DWORD ?
Release DWORD ?
GetQualifierSet DWORD ?
Get DWORD ?
Put DWORD ?
Delete DWORD ?
GetNames DWORD ?
BeginEnumeration DWORD ?
Next DWORD ?
EndEnumeration DWORD ?
GetPropertyQualifierSet DWORD ?
GetObjectText DWORD ?
SpawnDerivedClass DWORD ?
SpawnInstance DWORD ?
CompareTo DWORD ?
GetPropertyOrigin DWORD ?
InheritsFrom DWORD ?
GetMethod DWORD ?
PutMethod DWORD ?
DeleteMethod DWORD ?
BeginMethodEnumeration DWORD ?
NextMethod DWORD ?
EndMethodEnumeration DWORD ?
GetMethodQualifierSet DWORD ?
GetMethodOrigin DWORD ?
IWbemClassObjectVtbl ENDS


SAFEARRAYBOUND struct

cElements dd ? ;這一維有多少個元素?
lLbound dd ? ;它的索引從幾開始?
SAFEARRAYBOUND ends


SAFEARRAY struct

cDims dw ? ;Count of dimensions in this array.這個數組有幾維?
fFeatures dw ? ;Flags used by the SafeArray routines documented below. 數組有什么特性?
cbElements dd ? ;Size of an element of the array. Does not include size of pointed-to data.
;數組的每個元素有多大?
cLocks dd ? ;Number of times the array has been locked without corresponding unlock.
;這個數組被鎖定過幾次?
pvData dd ? ;Pointer to the data. 數組里的數據放在什么地方?
rgsabound SAFEARRAYBOUND <> ;One bound for each dimension.真數組
SAFEARRAY ends

;ssssssssssssssssssssssss

.DATA

;ssssssssssssssssssssssss
g_wszSelect WORD "S","E","L","E","C","T"," ","*"," ","F","R","O","M"," ", 0
g_szBiosVerion db 0dh, 0ah, "BIOS版本信息:", 0
g_wszWin32_BIOS word "W", "i", "n", "3", "2", "_", "B", "I", "O", "S", 0
g_wszBIOSVerstion word "B", "I", "O", "S", "V", "e", "r", "s", "i", "o", "n", 0
g_szBiosSerialNumber db 0dh, 0ah, "BIOS序列號:", 0
g_szHDDSerialNum db 0dh, 0ah, "硬盤序列號:", 0
g_wszWin32_PhysicalMedia word "W", "i", "n", "3", "2", "_"
WORD "P", "h", "y", "s", "i", "c", "a", "l", "M", "e", "d", "i", "a", 0
g_wszSerialNumber word "S", "e", "r", "i", "a", "l", "N", "u", "m", "b", "e", "r", 0
g_szBaseBoardSerialNum db 0dh, 0ah, "主板序列號:", 0
g_wszWin32_BaseBoard word "W", "i", "n", "3", "2", "_", "B", "a", "s", "e", "B", "o", "a", "r", "d", 0
g_szCpuId db 0dh, 0ah, "CPU ID:", 0
g_wszWin32_Processor word "W", "i", "n", "3", "2", "_", "P", "r", "o", "c", "e", "s", "s", "o", "r", 0
g_wszProcessorId word "P", "r", "o", "c", "e", "s", "s", "o", "r", "I", "d", 0
g_szNidMac db 0dh, 0ah, "網卡 MAC:", 0
g_wszWin32_NetworkAdapter word "W", "i", "n", "3", "2", "_"

WORD "N", "e", "t", "w", "o", "r", "k", "A", "d", "a", "p", "t", "e", "r", 0
g_wszMACAddress word "M", "A", "C", "A", "d", "d", "r", "e", "s", "s", 0
g_wszNameSpace word "r", "o", "o", "t", "\", "c", "i", "m", "v", "2", 0
g_wszQueryLanguage word "W", "Q", "L", 0
g_szAppInfo db "通過WMI獲取硬件信息", 0dh ,0ah
db "小哈龍", 0dh ,0ah, 0
g_szPerSCr db "%S"
g_szCrLf db 0dh, 0ah, 0
g_szFail db "Fail", 0
szone db "我的測試",0
szoption db "標題",0

; located in WbemCli.h

WBEM_FLAG_CONNECT_USE_MAX_WAIT EQU 80h
WBEM_FLAG_FORWARD_ONLY EQU 20h
WBEM_INFINITE EQU -1
WBEM_E_INVALID_QUERY EQU 80041017h
WBEM_E_INVALID_QUERY_TYPE EQU 80041018h

IID_IWbemLocator GUID2 <0dc12a687h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h>
IID_IEnumWbemClassObject GUID2 <027947e1h,0d731h,011ceh,0a3h,057h,000h,000h,000h,000h,000h,001h>
IID_IWbemClassObject GUID2 <0dc12a681h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h>

; located in WbemProv.h

CLSID_WbemAdministrativeLocator GUID2 <0cb8555cch,09128h,011d1h,0adh,09bh,000h,0c0h,04fh,0d8h,0fdh,0ffh>

locator IWbemLocator <>
service IWbemServices <>
enumerator IEnumWbemClassObject <>
processor IWbemClassObject <>

retCount DWORD ?

var_val DWORD ?
DWORD ?
DWORD ?
DWORD ?
wszQuery WORD 256 dup(?)
g_szBuf512 byte 512 dup(?)
;ssssssssssssssssssssssss
.CODE
;ssssssssssssssssssssssss

start:
invoke CoInitializeEx, NULL, COINIT_MULTITHREADED
invoke CoInitializeSecurity, NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_DEFAULT,\
RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL
invoke CoCreateInstance, ADDR CLSID_WbemAdministrativeLocator, NULL,\
CLSCTX_INPROC_SERVER, ADDR IID_IWbemLocator, ADDR locator
invoke StdOut, ADDR g_szAppInfo
invoke StdOut, ADDR g_szBiosVerion
mov byte ptr g_szBuf512, NULL
invoke GetWmiInfo, ADDR g_wszWin32_BIOS, ADDR g_wszBIOSVerstion, ADDR g_szBuf512
.if byte ptr g_szBuf512 != NULL
invoke StdOut, ADDR g_szBuf512
invoke MessageBox,NULL,addr g_szBuf512,offset g_szBiosVerion,MB_OK
.else
invoke StdOut, ADDR g_szFail
.endif
invoke StdOut, ADDR g_szBiosSerialNumber
mov byte ptr g_szBuf512, NULL
invoke GetWmiInfo, ADDR g_wszWin32_BIOS, ADDR g_wszSerialNumber, ADDR g_szBuf512
.if byte ptr g_szBuf512 != NULL

invoke StdOut, ADDR g_szBuf512
.else
invoke StdOut, ADDR g_szFail
.endif
invoke StdOut, ADDR g_szHDDSerialNum
mov byte ptr g_szBuf512, NULL
invoke GetWmiInfo, ADDR g_wszWin32_PhysicalMedia, ADDR g_wszSerialNumber, ADDR g_szBuf512
.if byte ptr g_szBuf512 != NULL
invoke StdOut, ADDR g_szBuf512
invoke MessageBox,NULL,offset g_szBuf512,offset g_szHDDSerialNum,MB_OK
.else
invoke StdOut, ADDR g_szFail
.endif
invoke StdOut, ADDR g_szBaseBoardSerialNum
mov byte ptr g_szBuf512, NULL
invoke GetWmiInfo, ADDR g_wszWin32_BaseBoard, ADDR g_wszSerialNumber, ADDR g_szBuf512
.if byte ptr g_szBuf512 != NULL
invoke MessageBox,NULL,addr g_szBuf512,offset g_szBaseBoardSerialNum,MB_OK
invoke StdOut, ADDR g_szBuf512
.else
invoke StdOut, ADDR g_szFail
.endif
invoke StdOut, ADDR g_szCpuId
mov byte ptr g_szBuf512, NULL
invoke GetWmiInfo, ADDR g_wszWin32_Processor, ADDR g_wszProcessorId, ADDR g_szBuf512
.if byte ptr g_szBuf512 != NULL
invoke StdOut, ADDR g_szBuf512
invoke MessageBox,NULL,offset g_szBuf512,offset g_szCpuId,MB_OK
.else
invoke StdOut, ADDR g_szFail
.endif
invoke StdOut, ADDR g_szNidMac
mov byte ptr g_szBuf512, NULL
invoke GetWmiInfo, ADDR g_wszWin32_NetworkAdapter, ADDR g_wszMACAddress, ADDR g_szBuf512
.if byte ptr g_szBuf512 != NULL
invoke StdOut, ADDR g_szBuf512
invoke MessageBox,NULL,offset g_szBuf512,offset g_szNidMac,MB_OK
.else
invoke StdOut, ADDR g_szFail
.endif
invoke CoUninitialize
invoke ExitProcess, 0

GetWmiInfo proc lpwszType: LPWSTR, lpwszItem: LPSTR, lpszBuf: LPSTR

LOCAL wszbuf[256]: word
invoke lstrcpyW, ADDR wszQuery, ADDR g_wszSelect
invoke lstrcatW, ADDR wszQuery, lpwszType
mov esi, locator
lodsd
push OFFSET service
push NULL
push NULL
push WBEM_FLAG_CONNECT_USE_MAX_WAIT
push NULL
push NULL
push NULL
push OFFSET g_wszNameSpace
push DWORD PTR [locator]
call DWORD PTR [eax][IWbemLocatorVtbl.ConnectServer]
mov esi, service
lodsd
push OFFSET enumerator
push NULL
push WBEM_FLAG_FORWARD_ONLY
push OFFSET wszQuery
push OFFSET g_wszQueryLanguage
push DWORD PTR [service]
call DWORD PTR [eax][IWbemServicesVtbl.ExecQuery]
mov esi, enumerator
lodsd
push OFFSET retCount
push OFFSET processor
push TRUE
push WBEM_INFINITE
push DWORD PTR [enumerator]
call DWORD PTR [eax][IEnumWbemClassObjectVtbl.Next]
mov esi, processor
lodsd
push NULL
push NULL
push OFFSET var_val
push 0
push lpwszItem
push DWORD PTR [processor]
call DWORD PTR [eax][IWbemClassObjectVtbl.Get]
if g_debug eq 1
jmp @F
g_sz1 db 0dh, 0ah, "eax=%d, ecx=%x, esi=%x, edi=%x", 0dh, 0ah, 0
@@:
mov esi, [var_val]
mov edi, [var_val + 4]
mov ecx, [var_val + 8]0
mov eax, [var_val + 12]
pushad
invoke wsprintf, ADDR wszbuf, ADDR g_sz1, eax, ecx, esi, edi
invoke StdOut, ADDR wszbuf
popad
endif ;g_debug eq 1
mov eax, [var_val]
test eax, VT_BSTR
.if !ZERO?
test eax, VT_ARRAY
.IF !ZERO?
mov ecx, [var_val + 8]
mov esi,[ecx].SAFEARRAY.pvData
mov edi,[ecx].SAFEARRAY.rgsabound.cElements
if g_debug eq 1
movzx eax, [ecx].SAFEARRAY.cDims
mov ecx,[ecx].SAFEARRAY.rgsabound.lLbound
pushad
invoke wsprintf, ADDR wszbuf, ADDR g_sz1, eax, ecx, esi, edi
invoke StdOut, ADDR wszbuf
popad
endif ;g_debug eq 1
.repeat ; while edi
push esi
push edi
mov ecx, [esi]
invoke wsprintf, ADDR wszbuf, ADDR g_szPerSCr, ecx
invoke lstrcat, lpszBuf, ADDR wszbuf
pop edi
pop esi
dec edi
add esi,4
.until edi==0 ;endw
.ELSE
invoke wsprintf, ADDR wszbuf, ADDR g_szPerSCr, [var_val + 8]
invoke lstrcat, lpszBuf, ADDR wszbuf
.ENDIF
.endif
ret
GetWmiInfo endp
;======================================================
END start


注意!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系我们删除。



 
粤ICP备14056181号  © 2014-2021 ITdaan.com