16,472
社区成员
发帖
与我相关
我的任务
分享请发表友善的回复…
发表回复
lansefeng 2003-10-16
- 打赏
- 举报
up
kxyes 2003-10-16
- 打赏
- 举报
要是用的是磁盘阵列怎么办??
cjg325 2003-10-15
- 打赏
- 举报
我的是BA008VF 我怎么知道读出来的对不对?
我使用另外一个程序还读出来是什么型号的。我怎么验证这个数字是不是我硬盘的系列号?
我使用另外一个程序还读出来是什么型号的。我怎么验证这个数字是不是我硬盘的系列号?
dreamchild 2003-10-15
- 打赏
- 举报
int CHardDiskInfo::ReadPhysicalDriveInNT(void)
{
int done = FALSE;
int drive = 0;
for (drive = 0; drive < MAX_IDE_DRIVES; drive++)
{
HANDLE hPhysicalDriveIOCTL = 0;
// Try to get a handle to PhysicalDrive IOCTL, report failure
// and exit if can't.
char driveName [256];
sprintf (driveName, "\\\\.\\PhysicalDrive%d", drive);
// Windows NT, Windows 2000, must have admin rights
hPhysicalDriveIOCTL = CreateFile (driveName,
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, 0, NULL);
// if (hPhysicalDriveIOCTL == INVALID_HANDLE_VALUE)
// printf ("Unable to open physical drive %d, error code: 0x%lX\n",
// drive, GetLastError ());
if (hPhysicalDriveIOCTL != INVALID_HANDLE_VALUE)
{
GETVERSIONOUTPARAMS VersionParams;
DWORD cbBytesReturned = 0;
// Get the version, etc of PhysicalDrive IOCTL
memset ((void*) &VersionParams, 0, sizeof(VersionParams));
if ( ! DeviceIoControl (hPhysicalDriveIOCTL, DFP_GET_VERSION,
NULL,
0,
&VersionParams,
sizeof(VersionParams),
&cbBytesReturned, NULL) )
{
// printf ("DFP_GET_VERSION failed for drive %d\n", i);
// continue;
}
// If there is a IDE device at number "i" issue commands
// to the device
if (VersionParams.bIDEDeviceMap > 0)
{
BYTE bIDCmd = 0; // IDE or ATAPI IDENTIFY cmd
SENDCMDINPARAMS scip;
//SENDCMDOUTPARAMS OutCmd;
BYTE IdOutCmd [sizeof (SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE - 1];
// Now, get the ID sector for all IDE devices in the system.
// If the device is ATAPI use the IDE_ATAPI_IDENTIFY command,
// otherwise use the IDE_ATA_IDENTIFY command
bIDCmd = (VersionParams.bIDEDeviceMap >> drive & 0x10) ? \
IDE_ATAPI_IDENTIFY : IDE_ATA_IDENTIFY;
memset (&scip, 0, sizeof(scip));
memset (IdOutCmd, 0, sizeof(IdOutCmd));
if ( DoIDENTIFY (hPhysicalDriveIOCTL,
&scip,
(PSENDCMDOUTPARAMS)&IdOutCmd,
(BYTE) bIDCmd,
(BYTE) drive,
&cbBytesReturned))
{
DWORD diskdata [256];
int ijk = 0;
USHORT *pIdSector = (USHORT *)
((PSENDCMDOUTPARAMS) IdOutCmd) -> bBuffer;
for (ijk = 0; ijk < 256; ijk++)
diskdata [ijk] = pIdSector [ijk];
ReturnInfo (drive, diskdata);
done = TRUE;
}
}
CloseHandle (hPhysicalDriveIOCTL);
}
}
return done;
}
//
int CHardDiskInfo::ReadDrivePortsInWin9X(void)
{
int done = FALSE;
HANDLE VxDHandle = 0;
pt_IdeDInfo pOutBufVxD = 0;
DWORD lpBytesReturned = 0;
// set the thread priority high so that we get exclusive access to the disk
SetPriorityClass (GetCurrentProcess (), REALTIME_PRIORITY_CLASS);
// 1. Make an output buffer for the VxD
rt_IdeDInfo info;
pOutBufVxD = &info;
// *****************
// KLUDGE WARNING!!!
// HAVE to zero out the buffer space for the IDE information!
// If this is NOT done then garbage could be in the memory
// locations indicating if a disk exists or not.
ZeroMemory (&info, sizeof(info));
// 1. Try to load the VxD
// must use the short file name path to open a VXD file
//char StartupDirectory [2048];
//char shortFileNamePath [2048];
//char *p = NULL;
//char vxd [2048];
// get the directory that the exe was started from
//GetModuleFileName (hInst, (LPSTR) StartupDirectory, sizeof (StartupDirectory));
// cut the exe name from string
//p = &(StartupDirectory [strlen (StartupDirectory) - 1]);
//while (p >= StartupDirectory && *p && '\\' != *p) p--;
//*p = '\0';
//GetShortPathName (StartupDirectory, shortFileNamePath, 2048);
//sprintf (vxd, "\\\\.\\%s\\IDE21201.VXD", shortFileNamePath);
//VxDHandle = CreateFile (vxd, 0, 0, 0,
// 0, FILE_FLAG_DELETE_ON_CLOSE, 0);
VxDHandle = CreateFile ("\\\\.\\IDE21201.VXD", 0, 0, 0,
0, FILE_FLAG_DELETE_ON_CLOSE, 0);
if (VxDHandle != INVALID_HANDLE_VALUE)
{
// 2. Run VxD function
DeviceIoControl (VxDHandle, m_cVxDFunctionIdesDInfo,
0, 0, pOutBufVxD, sizeof(pt_IdeDInfo), &lpBytesReturned, 0);
// 3. Unload VxD
CloseHandle (VxDHandle);
}
else
MessageBox (NULL, "ERROR: Could not open IDE21201.VXD file",
TITLE, MB_ICONSTOP);
// 4. Translate and store data
unsigned long int i = 0;
for (i=0; i<8; i++)
{
if((pOutBufVxD->DiskExists[i]) && (pOutBufVxD->IDEExists[i/2]))
{
DWORD diskinfo [256];
for (int j = 0; j < 256; j++)
diskinfo [j] = pOutBufVxD -> DisksRawInfo [i * 256 + j];
// process the information for this buffer
ReturnInfo (i, diskinfo);
done = TRUE;
}
}
// reset the thread priority back to normal
// SetThreadPriority (GetCurrentThread(), THREAD_PRIORITY_NORMAL);
SetPriorityClass (GetCurrentProcess (), NORMAL_PRIORITY_CLASS);
return done;
}
{
int done = FALSE;
int drive = 0;
for (drive = 0; drive < MAX_IDE_DRIVES; drive++)
{
HANDLE hPhysicalDriveIOCTL = 0;
// Try to get a handle to PhysicalDrive IOCTL, report failure
// and exit if can't.
char driveName [256];
sprintf (driveName, "\\\\.\\PhysicalDrive%d", drive);
// Windows NT, Windows 2000, must have admin rights
hPhysicalDriveIOCTL = CreateFile (driveName,
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, 0, NULL);
// if (hPhysicalDriveIOCTL == INVALID_HANDLE_VALUE)
// printf ("Unable to open physical drive %d, error code: 0x%lX\n",
// drive, GetLastError ());
if (hPhysicalDriveIOCTL != INVALID_HANDLE_VALUE)
{
GETVERSIONOUTPARAMS VersionParams;
DWORD cbBytesReturned = 0;
// Get the version, etc of PhysicalDrive IOCTL
memset ((void*) &VersionParams, 0, sizeof(VersionParams));
if ( ! DeviceIoControl (hPhysicalDriveIOCTL, DFP_GET_VERSION,
NULL,
0,
&VersionParams,
sizeof(VersionParams),
&cbBytesReturned, NULL) )
{
// printf ("DFP_GET_VERSION failed for drive %d\n", i);
// continue;
}
// If there is a IDE device at number "i" issue commands
// to the device
if (VersionParams.bIDEDeviceMap > 0)
{
BYTE bIDCmd = 0; // IDE or ATAPI IDENTIFY cmd
SENDCMDINPARAMS scip;
//SENDCMDOUTPARAMS OutCmd;
BYTE IdOutCmd [sizeof (SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE - 1];
// Now, get the ID sector for all IDE devices in the system.
// If the device is ATAPI use the IDE_ATAPI_IDENTIFY command,
// otherwise use the IDE_ATA_IDENTIFY command
bIDCmd = (VersionParams.bIDEDeviceMap >> drive & 0x10) ? \
IDE_ATAPI_IDENTIFY : IDE_ATA_IDENTIFY;
memset (&scip, 0, sizeof(scip));
memset (IdOutCmd, 0, sizeof(IdOutCmd));
if ( DoIDENTIFY (hPhysicalDriveIOCTL,
&scip,
(PSENDCMDOUTPARAMS)&IdOutCmd,
(BYTE) bIDCmd,
(BYTE) drive,
&cbBytesReturned))
{
DWORD diskdata [256];
int ijk = 0;
USHORT *pIdSector = (USHORT *)
((PSENDCMDOUTPARAMS) IdOutCmd) -> bBuffer;
for (ijk = 0; ijk < 256; ijk++)
diskdata [ijk] = pIdSector [ijk];
ReturnInfo (drive, diskdata);
done = TRUE;
}
}
CloseHandle (hPhysicalDriveIOCTL);
}
}
return done;
}
//
int CHardDiskInfo::ReadDrivePortsInWin9X(void)
{
int done = FALSE;
HANDLE VxDHandle = 0;
pt_IdeDInfo pOutBufVxD = 0;
DWORD lpBytesReturned = 0;
// set the thread priority high so that we get exclusive access to the disk
SetPriorityClass (GetCurrentProcess (), REALTIME_PRIORITY_CLASS);
// 1. Make an output buffer for the VxD
rt_IdeDInfo info;
pOutBufVxD = &info;
// *****************
// KLUDGE WARNING!!!
// HAVE to zero out the buffer space for the IDE information!
// If this is NOT done then garbage could be in the memory
// locations indicating if a disk exists or not.
ZeroMemory (&info, sizeof(info));
// 1. Try to load the VxD
// must use the short file name path to open a VXD file
//char StartupDirectory [2048];
//char shortFileNamePath [2048];
//char *p = NULL;
//char vxd [2048];
// get the directory that the exe was started from
//GetModuleFileName (hInst, (LPSTR) StartupDirectory, sizeof (StartupDirectory));
// cut the exe name from string
//p = &(StartupDirectory [strlen (StartupDirectory) - 1]);
//while (p >= StartupDirectory && *p && '\\' != *p) p--;
//*p = '\0';
//GetShortPathName (StartupDirectory, shortFileNamePath, 2048);
//sprintf (vxd, "\\\\.\\%s\\IDE21201.VXD", shortFileNamePath);
//VxDHandle = CreateFile (vxd, 0, 0, 0,
// 0, FILE_FLAG_DELETE_ON_CLOSE, 0);
VxDHandle = CreateFile ("\\\\.\\IDE21201.VXD", 0, 0, 0,
0, FILE_FLAG_DELETE_ON_CLOSE, 0);
if (VxDHandle != INVALID_HANDLE_VALUE)
{
// 2. Run VxD function
DeviceIoControl (VxDHandle, m_cVxDFunctionIdesDInfo,
0, 0, pOutBufVxD, sizeof(pt_IdeDInfo), &lpBytesReturned, 0);
// 3. Unload VxD
CloseHandle (VxDHandle);
}
else
MessageBox (NULL, "ERROR: Could not open IDE21201.VXD file",
TITLE, MB_ICONSTOP);
// 4. Translate and store data
unsigned long int i = 0;
for (i=0; i<8; i++)
{
if((pOutBufVxD->DiskExists[i]) && (pOutBufVxD->IDEExists[i/2]))
{
DWORD diskinfo [256];
for (int j = 0; j < 256; j++)
diskinfo [j] = pOutBufVxD -> DisksRawInfo [i * 256 + j];
// process the information for this buffer
ReturnInfo (i, diskinfo);
done = TRUE;
}
}
// reset the thread priority back to normal
// SetThreadPriority (GetCurrentThread(), THREAD_PRIORITY_NORMAL);
SetPriorityClass (GetCurrentProcess (), NORMAL_PRIORITY_CLASS);
return done;
}
dreamchild 2003-10-15
- 打赏
- 举报
.cpp文件:
////----------------------------------------------
// File : HardDiskInfo.cpp
//
// Content : for displaying the details of hard drives in
//
// Author : 06/11/2000 Lynn McGuire written with many contributions from others,
// IDE drives only under Windows NT/2K and 9X,
// maybe SCSI drives later
//
// Fix Bug : 06/06/2003 NieHuawen(nie173@sohu.com)
//
// Content : Replant to Class
//
//-------------------------------------------------
#include "stdafx.h"
#include "HardDiskInfo.h"
CHardDiskInfo::CHardDiskInfo(void)
{
OSVERSIONINFO version;
memset (&version, 0, sizeof (version));
version.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);
GetVersionEx (&version);
if (version.dwPlatformId == VER_PLATFORM_WIN32_NT)//nt
{
ReadPhysicalDriveInNT();
}
if(version.dwPlatformId==VER_PLATFORM_WIN32_WINDOWS)//9x
{
ReadDrivePortsInWin9X();
}
}
BOOL CHardDiskInfo::ReturnInfo(int drive, DWORD diskdata [256])
{
char string1 [1024];
__int64 sectors = 0;
__int64 bytes = 0;
// copy the hard drive serial number to the buffer
strcpy (string1, ConvertToString (diskdata, 10, 19));
if (0 == HardDriveSerialNumber [0] &&
// serial number must be alphanumeric
// (but there can be leading spaces on IBM drives)
(isalnum (string1 [0]) || isalnum (string1 [19])))
strcpy (HardDriveSerialNumber, string1);
//#ifdef PRINTING_TO_CONSOLE_ALLOWED
switch (drive / 2)
{
case 0: str_HardDesk_Form ="Primary Controller";
break;
case 1: str_HardDesk_Form ="Secondary Controller";
break;
case 2: str_HardDesk_Form ="Tertiary Controller";
break;
case 3: str_HardDesk_Form ="Quaternary Controller";
break;
}
//MessageBox(NULL,str_HardDesk_Form,NULL,NULL);
switch (drive % 2)
{
case 0: str_Controller ="Master drive";
break;
case 1: str_Controller ="Slave drive";
break;
}
str_DN_Modol =CString(ConvertToString (diskdata, 27, 46));
str_DN_Serial =CString(ConvertToString (diskdata, 10, 19));
str_DN_ControllerRevision =CString(ConvertToString (diskdata, 23, 26));
str_HardDeskBufferSize.Format("%u", diskdata [21] * 512);
printf ("Drive Type________________________: ");
if (diskdata [0] & 0x0080)
str_HardDeskType ="Removable";
else if (diskdata [0] & 0x0040)
str_HardDeskType ="Fixed";
else str_HardDeskType ="Unknown";
// calculate size based on 28 bit or 48 bit addressing
// 48 bit addressing is reflected by bit 10 of word 83
if (diskdata [83] & 0x400)
sectors = diskdata [103] * 65536I64 * 65536I64 * 65536I64 +
diskdata [102] * 65536I64 * 65536I64 +
diskdata [101] * 65536I64 +
diskdata [100];
else
sectors = diskdata [61] * 65536 + diskdata [60];
// there are 512 bytes in a sector
bytes = sectors * 512;
str_HardDeskSize.Format("%I64d",bytes);
return 1;
}
//conversion to char
char *CHardDiskInfo::ConvertToString(DWORD diskdata [256], int firstIndex, int lastIndex)
{
static char string [1024];
int index = 0;
int position = 0;
// each integer has two characters stored in it backwards
for (index = firstIndex; index <= lastIndex; index++)
{
// get high byte for 1st character
string [position] = (char) (diskdata [index] / 256);
position++;
// get low byte for 2nd character
string [position] = (char) (diskdata [index] % 256);
position++;
}
// end the string
string [position] = '\0';
// cut off the trailing blanks
for (index = position - 1; index > 0 && ' ' == string [index]; index--)
string [index] = '\0';
return string;
}
//
CHardDiskInfo::DoIDENTIFY(HANDLE hPhysicalDriveIOCTL, PSENDCMDINPARAMS pSCIP,
PSENDCMDOUTPARAMS pSCOP, BYTE bIDCmd, BYTE bDriveNum,
PDWORD lpcbBytesReturned)
{
// Set up data structures for IDENTIFY command.
pSCIP -> cBufferSize = IDENTIFY_BUFFER_SIZE;
pSCIP -> irDriveRegs.bFeaturesReg = 0;
pSCIP -> irDriveRegs.bSectorCountReg = 1;
pSCIP -> irDriveRegs.bSectorNumberReg = 1;
pSCIP -> irDriveRegs.bCylLowReg = 0;
pSCIP -> irDriveRegs.bCylHighReg = 0;
// Compute the drive number.
pSCIP -> irDriveRegs.bDriveHeadReg = 0xA0 | ((bDriveNum & 1) << 4);
// The command can either be IDE identify or ATAPI identify.
pSCIP -> irDriveRegs.bCommandReg = bIDCmd;
pSCIP -> bDriveNumber = bDriveNum;
pSCIP -> cBufferSize = IDENTIFY_BUFFER_SIZE;
return( DeviceIoControl (hPhysicalDriveIOCTL, DFP_RECEIVE_DRIVE_DATA,
(LPVOID) pSCIP,
sizeof(SENDCMDINPARAMS) - 1,
(LPVOID) pSCOP,
sizeof(SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE - 1,
lpcbBytesReturned, NULL) );
}
//
////----------------------------------------------
// File : HardDiskInfo.cpp
//
// Content : for displaying the details of hard drives in
//
// Author : 06/11/2000 Lynn McGuire written with many contributions from others,
// IDE drives only under Windows NT/2K and 9X,
// maybe SCSI drives later
//
// Fix Bug : 06/06/2003 NieHuawen(nie173@sohu.com)
//
// Content : Replant to Class
//
//-------------------------------------------------
#include "stdafx.h"
#include "HardDiskInfo.h"
CHardDiskInfo::CHardDiskInfo(void)
{
OSVERSIONINFO version;
memset (&version, 0, sizeof (version));
version.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);
GetVersionEx (&version);
if (version.dwPlatformId == VER_PLATFORM_WIN32_NT)//nt
{
ReadPhysicalDriveInNT();
}
if(version.dwPlatformId==VER_PLATFORM_WIN32_WINDOWS)//9x
{
ReadDrivePortsInWin9X();
}
}
BOOL CHardDiskInfo::ReturnInfo(int drive, DWORD diskdata [256])
{
char string1 [1024];
__int64 sectors = 0;
__int64 bytes = 0;
// copy the hard drive serial number to the buffer
strcpy (string1, ConvertToString (diskdata, 10, 19));
if (0 == HardDriveSerialNumber [0] &&
// serial number must be alphanumeric
// (but there can be leading spaces on IBM drives)
(isalnum (string1 [0]) || isalnum (string1 [19])))
strcpy (HardDriveSerialNumber, string1);
//#ifdef PRINTING_TO_CONSOLE_ALLOWED
switch (drive / 2)
{
case 0: str_HardDesk_Form ="Primary Controller";
break;
case 1: str_HardDesk_Form ="Secondary Controller";
break;
case 2: str_HardDesk_Form ="Tertiary Controller";
break;
case 3: str_HardDesk_Form ="Quaternary Controller";
break;
}
//MessageBox(NULL,str_HardDesk_Form,NULL,NULL);
switch (drive % 2)
{
case 0: str_Controller ="Master drive";
break;
case 1: str_Controller ="Slave drive";
break;
}
str_DN_Modol =CString(ConvertToString (diskdata, 27, 46));
str_DN_Serial =CString(ConvertToString (diskdata, 10, 19));
str_DN_ControllerRevision =CString(ConvertToString (diskdata, 23, 26));
str_HardDeskBufferSize.Format("%u", diskdata [21] * 512);
printf ("Drive Type________________________: ");
if (diskdata [0] & 0x0080)
str_HardDeskType ="Removable";
else if (diskdata [0] & 0x0040)
str_HardDeskType ="Fixed";
else str_HardDeskType ="Unknown";
// calculate size based on 28 bit or 48 bit addressing
// 48 bit addressing is reflected by bit 10 of word 83
if (diskdata [83] & 0x400)
sectors = diskdata [103] * 65536I64 * 65536I64 * 65536I64 +
diskdata [102] * 65536I64 * 65536I64 +
diskdata [101] * 65536I64 +
diskdata [100];
else
sectors = diskdata [61] * 65536 + diskdata [60];
// there are 512 bytes in a sector
bytes = sectors * 512;
str_HardDeskSize.Format("%I64d",bytes);
return 1;
}
//conversion to char
char *CHardDiskInfo::ConvertToString(DWORD diskdata [256], int firstIndex, int lastIndex)
{
static char string [1024];
int index = 0;
int position = 0;
// each integer has two characters stored in it backwards
for (index = firstIndex; index <= lastIndex; index++)
{
// get high byte for 1st character
string [position] = (char) (diskdata [index] / 256);
position++;
// get low byte for 2nd character
string [position] = (char) (diskdata [index] % 256);
position++;
}
// end the string
string [position] = '\0';
// cut off the trailing blanks
for (index = position - 1; index > 0 && ' ' == string [index]; index--)
string [index] = '\0';
return string;
}
//
CHardDiskInfo::DoIDENTIFY(HANDLE hPhysicalDriveIOCTL, PSENDCMDINPARAMS pSCIP,
PSENDCMDOUTPARAMS pSCOP, BYTE bIDCmd, BYTE bDriveNum,
PDWORD lpcbBytesReturned)
{
// Set up data structures for IDENTIFY command.
pSCIP -> cBufferSize = IDENTIFY_BUFFER_SIZE;
pSCIP -> irDriveRegs.bFeaturesReg = 0;
pSCIP -> irDriveRegs.bSectorCountReg = 1;
pSCIP -> irDriveRegs.bSectorNumberReg = 1;
pSCIP -> irDriveRegs.bCylLowReg = 0;
pSCIP -> irDriveRegs.bCylHighReg = 0;
// Compute the drive number.
pSCIP -> irDriveRegs.bDriveHeadReg = 0xA0 | ((bDriveNum & 1) << 4);
// The command can either be IDE identify or ATAPI identify.
pSCIP -> irDriveRegs.bCommandReg = bIDCmd;
pSCIP -> bDriveNumber = bDriveNum;
pSCIP -> cBufferSize = IDENTIFY_BUFFER_SIZE;
return( DeviceIoControl (hPhysicalDriveIOCTL, DFP_RECEIVE_DRIVE_DATA,
(LPVOID) pSCIP,
sizeof(SENDCMDINPARAMS) - 1,
(LPVOID) pSCOP,
sizeof(SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE - 1,
lpcbBytesReturned, NULL) );
}
//
dreamchild 2003-10-15
- 打赏
- 举报
HardDiskInfo.h文件:
//调用例子:
// 在工作区FileView标签页加入"HardDiskInfo.h"及"HardDiskInfo.cpp"两个文件.
//在要调用的CPP文件适当处加入#include "HardDiskInfo.h"
//CHardDiskInfo HD;
//TRACE(HD.str_DN_Serial);
#define TITLE "DiskId32"
// Required to ensure correct PhysicalDrive IOCTL structure setup
#pragma pack(1)
// Max number of drives assuming primary/secondary, master/slave topology
#define MAX_IDE_DRIVES 4
#define IDENTIFY_BUFFER_SIZE 512
//
#define m_cVxDFunctionIdesDInfo 1
#define SENDIDLENGTH sizeof (SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE
// IOCTL commands
#define DFP_GET_VERSION 0x00074080
#define DFP_SEND_DRIVE_COMMAND 0x0007c084
#define DFP_RECEIVE_DRIVE_DATA 0x0007c088
#define FILE_DEVICE_SCSI 0x0000001b
#define IOCTL_SCSI_MINIPORT_IDENTIFY ((FILE_DEVICE_SCSI << 16) + 0x0501)
#define IOCTL_SCSI_MINIPORT 0x0004D008 // see NTDDSCSI.H for definition
// GETVERSIONOUTPARAMS contains the data returned from the
// Get Driver Version function.
typedef struct _GETVERSIONOUTPARAMS
{
BYTE bVersion; // Binary driver version.
BYTE bRevision; // Binary driver revision.
BYTE bReserved; // Not used.
BYTE bIDEDeviceMap; // Bit map of IDE devices.
DWORD fCapabilities; // Bit mask of driver capabilities.
DWORD dwReserved[4]; // For future use.
} GETVERSIONOUTPARAMS, *PGETVERSIONOUTPARAMS, *LPGETVERSIONOUTPARAMS;
// Bits returned in the fCapabilities member of GETVERSIONOUTPARAMS
#define CAP_IDE_ID_FUNCTION 1 // ATA ID command supported
#define CAP_IDE_ATAPI_ID 2 // ATAPI ID command supported
#define CAP_IDE_EXECUTE_SMART_FUNCTION 4 // SMART commannds supported
// IDE registers
typedef struct _IDEREGS
{
BYTE bFeaturesReg; // Used for specifying SMART "commands".
BYTE bSectorCountReg; // IDE sector count register
BYTE bSectorNumberReg; // IDE sector number register
BYTE bCylLowReg; // IDE low order cylinder value
BYTE bCylHighReg; // IDE high order cylinder value
BYTE bDriveHeadReg; // IDE drive/head register
BYTE bCommandReg; // Actual IDE command.
BYTE bReserved; // reserved for future use. Must be zero.
} IDEREGS, *PIDEREGS, *LPIDEREGS;
// SENDCMDINPARAMS contains the input parameters for the
// Send Command to Drive function.
typedef struct _SENDCMDINPARAMS
{
DWORD cBufferSize; // Buffer size in bytes
IDEREGS irDriveRegs; // Structure with drive register values.
BYTE bDriveNumber; // Physical drive number to send
// command to (0,1,2,3).
BYTE bReserved[3]; // Reserved for future expansion.
DWORD dwReserved[4]; // For future use.
BYTE bBuffer[1]; // Input buffer.
} SENDCMDINPARAMS, *PSENDCMDINPARAMS, *LPSENDCMDINPARAMS;
// Valid values for the bCommandReg member of IDEREGS.
#define IDE_ATAPI_IDENTIFY 0xA1 // Returns ID sector for ATAPI.
#define IDE_ATA_IDENTIFY 0xEC // Returns ID sector for ATA.
// Status returned from driver
typedef struct _DRIVERSTATUS
{
BYTE bDriverError; // Error code from driver, or 0 if no error.
BYTE bIDEStatus; // Contents of IDE Error register.
// Only valid when bDriverError is SMART_IDE_ERROR.
BYTE bReserved[2]; // Reserved for future expansion.
DWORD dwReserved[2]; // Reserved for future expansion.
} DRIVERSTATUS, *PDRIVERSTATUS, *LPDRIVERSTATUS;
// Structure returned by PhysicalDrive IOCTL for several commands
typedef struct _SENDCMDOUTPARAMS
{
DWORD cBufferSize; // Size of bBuffer in bytes
DRIVERSTATUS DriverStatus; // Driver status structure.
BYTE bBuffer[1]; // Buffer of arbitrary length in which to store the data read from the // drive.
} SENDCMDOUTPARAMS, *PSENDCMDOUTPARAMS, *LPSENDCMDOUTPARAMS;
// The following struct defines the interesting part of the IDENTIFY
// buffer:
typedef struct _IDSECTOR
{
USHORT wGenConfig;
USHORT wNumCyls;
USHORT wReserved;
USHORT wNumHeads;
USHORT wBytesPerTrack;
USHORT wBytesPerSector;
USHORT wSectorsPerTrack;
USHORT wVendorUnique[3];
CHAR sSerialNumber[20];
USHORT wBufferType;
USHORT wBufferSize;
USHORT wECCSize;
CHAR sFirmwareRev[8];
CHAR sModelNumber[40];
USHORT wMoreVendorUnique;
USHORT wDoubleWordIO;
USHORT wCapabilities;
USHORT wReserved1;
USHORT wPIOTiming;
USHORT wDMATiming;
USHORT wBS;
USHORT wNumCurrentCyls;
USHORT wNumCurrentHeads;
USHORT wNumCurrentSectorsPerTrack;
ULONG ulCurrentSectorCapacity;
USHORT wMultSectorStuff;
ULONG ulTotalAddressableSectors;
USHORT wSingleWordDMA;
USHORT wMultiWordDMA;
BYTE bReserved[128];
} IDSECTOR, *PIDSECTOR;
typedef struct _SRB_IO_CONTROL
{
ULONG HeaderLength;
UCHAR Signature[8];
ULONG Timeout;
ULONG ControlCode;
ULONG ReturnCode;
ULONG Length;
} SRB_IO_CONTROL, *PSRB_IO_CONTROL;
// ---------------------------------------------------
// (* Output Bbuffer for the VxD (rt_IdeDinfo record) *)
typedef struct _rt_IdeDInfo_
{
BYTE IDEExists[4];
BYTE DiskExists[8];
WORD DisksRawInfo[8*256];
} rt_IdeDInfo, *pt_IdeDInfo;
// (* IdeDinfo "data fields" *)
typedef struct _rt_DiskInfo_
{
BOOL DiskExists;
BOOL ATAdevice;
BOOL RemovableDevice;
WORD TotLogCyl;
WORD TotLogHeads;
WORD TotLogSPT;
char SerialNumber[20];
char FirmwareRevision[8];
char ModelNumber[40];
WORD CurLogCyl;
WORD CurLogHeads;
WORD CurLogSPT;
} rt_DiskInfo;
class CHardDiskInfo
{
// Construction
public:
//Creat Function
CHardDiskInfo(void);
protected:
//conversion to char string
char *ConvertToString (DWORD diskdata [256], int firstIndex, int lastIndex);
BOOL DoIDENTIFY (HANDLE hPhysicalDriveIOCTL, PSENDCMDINPARAMS pSCIP,
PSENDCMDOUTPARAMS pSCOP, BYTE bIDCmd, BYTE bDriveNum,
PDWORD lpcbBytesReturned);
int ReadPhysicalDriveInNT (void);
int ReadDrivePortsInWin9X (void);
int ReadIdeDriveAsScsiDriveInNT (void);
BOOL ReturnInfo(int drive, DWORD diskdata [256]);
public:
char HardDriveSerialNumber [1024];
CString str_DN_Modol;
CString str_DN_Serial;
CString str_DN_ControllerRevision;
CString str_HardDeskSize;
CString str_HardDeskBufferSize;
CString str_HardDeskType;
CString str_HardDesk_Form;
CString str_Controller;
};
//调用例子:
// 在工作区FileView标签页加入"HardDiskInfo.h"及"HardDiskInfo.cpp"两个文件.
//在要调用的CPP文件适当处加入#include "HardDiskInfo.h"
//CHardDiskInfo HD;
//TRACE(HD.str_DN_Serial);
#define TITLE "DiskId32"
// Required to ensure correct PhysicalDrive IOCTL structure setup
#pragma pack(1)
// Max number of drives assuming primary/secondary, master/slave topology
#define MAX_IDE_DRIVES 4
#define IDENTIFY_BUFFER_SIZE 512
//
#define m_cVxDFunctionIdesDInfo 1
#define SENDIDLENGTH sizeof (SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE
// IOCTL commands
#define DFP_GET_VERSION 0x00074080
#define DFP_SEND_DRIVE_COMMAND 0x0007c084
#define DFP_RECEIVE_DRIVE_DATA 0x0007c088
#define FILE_DEVICE_SCSI 0x0000001b
#define IOCTL_SCSI_MINIPORT_IDENTIFY ((FILE_DEVICE_SCSI << 16) + 0x0501)
#define IOCTL_SCSI_MINIPORT 0x0004D008 // see NTDDSCSI.H for definition
// GETVERSIONOUTPARAMS contains the data returned from the
// Get Driver Version function.
typedef struct _GETVERSIONOUTPARAMS
{
BYTE bVersion; // Binary driver version.
BYTE bRevision; // Binary driver revision.
BYTE bReserved; // Not used.
BYTE bIDEDeviceMap; // Bit map of IDE devices.
DWORD fCapabilities; // Bit mask of driver capabilities.
DWORD dwReserved[4]; // For future use.
} GETVERSIONOUTPARAMS, *PGETVERSIONOUTPARAMS, *LPGETVERSIONOUTPARAMS;
// Bits returned in the fCapabilities member of GETVERSIONOUTPARAMS
#define CAP_IDE_ID_FUNCTION 1 // ATA ID command supported
#define CAP_IDE_ATAPI_ID 2 // ATAPI ID command supported
#define CAP_IDE_EXECUTE_SMART_FUNCTION 4 // SMART commannds supported
// IDE registers
typedef struct _IDEREGS
{
BYTE bFeaturesReg; // Used for specifying SMART "commands".
BYTE bSectorCountReg; // IDE sector count register
BYTE bSectorNumberReg; // IDE sector number register
BYTE bCylLowReg; // IDE low order cylinder value
BYTE bCylHighReg; // IDE high order cylinder value
BYTE bDriveHeadReg; // IDE drive/head register
BYTE bCommandReg; // Actual IDE command.
BYTE bReserved; // reserved for future use. Must be zero.
} IDEREGS, *PIDEREGS, *LPIDEREGS;
// SENDCMDINPARAMS contains the input parameters for the
// Send Command to Drive function.
typedef struct _SENDCMDINPARAMS
{
DWORD cBufferSize; // Buffer size in bytes
IDEREGS irDriveRegs; // Structure with drive register values.
BYTE bDriveNumber; // Physical drive number to send
// command to (0,1,2,3).
BYTE bReserved[3]; // Reserved for future expansion.
DWORD dwReserved[4]; // For future use.
BYTE bBuffer[1]; // Input buffer.
} SENDCMDINPARAMS, *PSENDCMDINPARAMS, *LPSENDCMDINPARAMS;
// Valid values for the bCommandReg member of IDEREGS.
#define IDE_ATAPI_IDENTIFY 0xA1 // Returns ID sector for ATAPI.
#define IDE_ATA_IDENTIFY 0xEC // Returns ID sector for ATA.
// Status returned from driver
typedef struct _DRIVERSTATUS
{
BYTE bDriverError; // Error code from driver, or 0 if no error.
BYTE bIDEStatus; // Contents of IDE Error register.
// Only valid when bDriverError is SMART_IDE_ERROR.
BYTE bReserved[2]; // Reserved for future expansion.
DWORD dwReserved[2]; // Reserved for future expansion.
} DRIVERSTATUS, *PDRIVERSTATUS, *LPDRIVERSTATUS;
// Structure returned by PhysicalDrive IOCTL for several commands
typedef struct _SENDCMDOUTPARAMS
{
DWORD cBufferSize; // Size of bBuffer in bytes
DRIVERSTATUS DriverStatus; // Driver status structure.
BYTE bBuffer[1]; // Buffer of arbitrary length in which to store the data read from the // drive.
} SENDCMDOUTPARAMS, *PSENDCMDOUTPARAMS, *LPSENDCMDOUTPARAMS;
// The following struct defines the interesting part of the IDENTIFY
// buffer:
typedef struct _IDSECTOR
{
USHORT wGenConfig;
USHORT wNumCyls;
USHORT wReserved;
USHORT wNumHeads;
USHORT wBytesPerTrack;
USHORT wBytesPerSector;
USHORT wSectorsPerTrack;
USHORT wVendorUnique[3];
CHAR sSerialNumber[20];
USHORT wBufferType;
USHORT wBufferSize;
USHORT wECCSize;
CHAR sFirmwareRev[8];
CHAR sModelNumber[40];
USHORT wMoreVendorUnique;
USHORT wDoubleWordIO;
USHORT wCapabilities;
USHORT wReserved1;
USHORT wPIOTiming;
USHORT wDMATiming;
USHORT wBS;
USHORT wNumCurrentCyls;
USHORT wNumCurrentHeads;
USHORT wNumCurrentSectorsPerTrack;
ULONG ulCurrentSectorCapacity;
USHORT wMultSectorStuff;
ULONG ulTotalAddressableSectors;
USHORT wSingleWordDMA;
USHORT wMultiWordDMA;
BYTE bReserved[128];
} IDSECTOR, *PIDSECTOR;
typedef struct _SRB_IO_CONTROL
{
ULONG HeaderLength;
UCHAR Signature[8];
ULONG Timeout;
ULONG ControlCode;
ULONG ReturnCode;
ULONG Length;
} SRB_IO_CONTROL, *PSRB_IO_CONTROL;
// ---------------------------------------------------
// (* Output Bbuffer for the VxD (rt_IdeDinfo record) *)
typedef struct _rt_IdeDInfo_
{
BYTE IDEExists[4];
BYTE DiskExists[8];
WORD DisksRawInfo[8*256];
} rt_IdeDInfo, *pt_IdeDInfo;
// (* IdeDinfo "data fields" *)
typedef struct _rt_DiskInfo_
{
BOOL DiskExists;
BOOL ATAdevice;
BOOL RemovableDevice;
WORD TotLogCyl;
WORD TotLogHeads;
WORD TotLogSPT;
char SerialNumber[20];
char FirmwareRevision[8];
char ModelNumber[40];
WORD CurLogCyl;
WORD CurLogHeads;
WORD CurLogSPT;
} rt_DiskInfo;
class CHardDiskInfo
{
// Construction
public:
//Creat Function
CHardDiskInfo(void);
protected:
//conversion to char string
char *ConvertToString (DWORD diskdata [256], int firstIndex, int lastIndex);
BOOL DoIDENTIFY (HANDLE hPhysicalDriveIOCTL, PSENDCMDINPARAMS pSCIP,
PSENDCMDOUTPARAMS pSCOP, BYTE bIDCmd, BYTE bDriveNum,
PDWORD lpcbBytesReturned);
int ReadPhysicalDriveInNT (void);
int ReadDrivePortsInWin9X (void);
int ReadIdeDriveAsScsiDriveInNT (void);
BOOL ReturnInfo(int drive, DWORD diskdata [256]);
public:
char HardDriveSerialNumber [1024];
CString str_DN_Modol;
CString str_DN_Serial;
CString str_DN_ControllerRevision;
CString str_HardDeskSize;
CString str_HardDeskBufferSize;
CString str_HardDeskType;
CString str_HardDesk_Form;
CString str_Controller;
};
ghyd 2003-10-15
- 打赏
- 举报
very good ,store!
chut 2003-10-15
- 打赏
- 举报
如何读取硬盘的序列号
---- 硬盘的序列号只能采用对硬盘控制器直接操作的方式进行读取,也就是说只能采用
CPU的I/O指令操作硬盘控制器,读取的方法如下面的C语言程序所示:
static int WaitIde()
{
int al;
while ((al=inp(0x1F7)) >=0x80) ;
return al;
}
static void ReadIDE()
{
int al;
int i;
WORD pw[256];
WaitIde();
outp(0x1F6,0xA0);
al = WaitIde();
if ((al&0x50)!=0x50) return;
outp(0x1F6,0xA0);
outp(0x1F7,0xEC);
al = WaitIde();
if ((al&0x58)!=0x58) return;
for (i=0;i< 256;i++)
pw[i] = inpw(0x1F0);
}
---- 上面的程序实际上读取了保存在硬盘控制器内的全部信息,而序列号只是其中的一
部分,位于上面提到的 pw[] 数组的 10 至 20 元素内,即从 &pw[10] 开始的10个
WORD内,每个WORD占两个字节,共占用了20个字节。由于该序列号保存时每个WORD的
高、低字节是非Intel顺序,也就是说它的高字节在前,低字节在后,所以在使用时需要
将高、低字节颠倒一下,这样就能得到完整的序列号。
四、上面所说的读取方法为什么不能在Windows 95下用
---- 以前,在DOS时代,用这种方法完全可以读到硬盘的序列号并利用它进行软件防拷
贝保护,即使在Windows 3.x下也没有问题,但随着Windows 95(及Windows 98,下简称
Windows 9x)的普及,这种方法的局限性也显露出来,因为在Windows 9x下用这种方法根
本就读不到任何信息。
---- 原因是在Windows 9x下,上面代码所用的I/O指令被作为特权指令限制起来了。那
么,什么是特权指令呢?
---- 首先,简单回顾一下Intel 80386以上CPU的保护机制,从80386以后,CPU分为四
个特权级别(即Ring 0-3),供操作系统使用,其中Ring 0的级别最高,Ring 3的级别最
低。所允许的CPU指令集从0到3有所减少。那些仅在Ring 0级别上使用的指令即为特别指
令。在其它级别上执行特权指令会导致CPU异常的产生。
---- 现在回到Windows 9x中,Windows 95/98在设计时只使用了CPU的两个特权级别,即
Ring 0和Ring 3。在这两个级别中,Windows的虚拟机管理、各种驱动程序(VxD)运行在
Ring 0级,其它应用程序,甚至包括KERNEL、GDI、USER三个主要模块在内都运行在
Ring 3级, 这个级别的程序通过CPU的异常从Ring 0模块中取得所需要的服务。而
Windows 9x自己提供了异常处理程序,所以可以提供相应的服务。
---- 在Ring 3级别上,操作硬盘控制器的I/O指令是不可使用的,所以第三节中所列出
的代码在执行到 WaitIde()时会陷到死循环中,原因就是Windows 9x的异常处理程序总
是让 IN 0x1F7返回 0xFF(事实上,即使跳过这个等待也不行)。
五、在Windows 9x下应该如何读
---- 那么,应该如何在Windows 9x下绕过这层保护来操作硬盘控制器从而达到读取序列
号的目的呢?容易想到的解决办法是写一个虚拟设备驱动程序,即VxD,因为VxD是运行
在CPU的Ring 0最高特权级别上的。在该级别,所有的指令都是可用的。采用这种方法是
可以直接读取的。事实上我已经写了这样的 VxD,效果与在DOS下是一样的。
---- 然而,这种方法存在三个问题(或称为缺点):
---- 第一, 写VxD要比写普通的Windows 9x程序要复杂得多,所需要的操作系统知识也
多得多。需要编程人员熟悉Windows 9x的DDK及相关的内核技术。在可视化编程风行一时
的今天,许多VB、Delphi的程序员几乎连Windows 9x的SDK都有些生疏,就更别提用DDK
进行编程了,从这个角度看,用编写VxD的方法确实平空增加了许多难度。(实在有兴趣
的读者可以参阅拙作“VxD入门教程”)
---- 第二, 由于VxD运行在CPU的Ring 0级,实际上也运行在Windows 9x操作系统的核
心级,所以任何一个小小的疏忽都足以让Windows 9x崩溃,毫无疑问,这将会增加系统
的不稳定性,特别是经验不足的程序员编写的VxD,更容易出现问题。
---- 第三, 读硬盘序列号的主要目的是为了保护软件,也就是防止非法拷贝,如果带
上一个VxD,很明显会提示别人应该如何破解。
---- 其实,我们完全可以在普通应用程序中采用VxD技术进行操作,这将会涉及到如何
在应用程序级(Ring 3)执行Ring 0级代码的技术。
六、如何从应用程序中执行特权0级代码
---- 采用这种方法唯一的一个技术难点就是利用 CPU 的异常从 Ring 3 直接切换到
Ring 0。如果解决了这个问题,那么剩下的工作就非常简单了。值得一提的是,由于该
技术将CPU切换到 Ring 0 级别运行,所以,可以进行的操作就不仅仅是读取硬盘序列
号这么简单了。
---- 为了解决这个问题,我们还需要再回头看看CPU的保护模式和中断处理方式。
---- 在实模式下,中断向量表位于内存地址的0:0处,每当中断发生时,无论是硬中断
还是软中断,CPU都会从该表中查找中断的入口位置,并执行相应的中断处理程序。
---- 在保护模式下(包括V86方式),中断向量表不是必须放在物理内存0000:0000处,事
实上,象“0000:0000”这种表示方式也发生了根本变化,原来意义上的的段址已经不复
存在了,代之以段选择器。相应地,中断向量表也用中断描述符表(IDT)取代了,这意味
着当发生中断或异常时(异常只在保护模式下存在,可以简单地把它当作中断看待),
CPU查找的是IDT,然后再根据查到的入口地址执行相应的处理程序。
---- 关于这部分内容的详细情况请参阅80386 (及以上) CPU的技术手册。
---- 从上面可以看出,虽然查找的内容及方法发生了变化,但原理并没有变,如果要修
改中断入口,所需要修改的地方无非是变成了IDT而已。更妙的是,中断(或异常)处理程
序是运行在CPU最高特权级Ring 0上,仅有这点还不够,我们还需要对IDT具有写的权限,
幸运的是,在Windows 95/98下,IDT位于内存的0C0000000以上的共享区域,而这部分区
域是对所有进程都可见的,其中的IDT则对所有进程都是可写的,这就使得我们从
Ring 3执行Ring 0级别的代码成为可能。
七、如何利用Ring 0代码读取硬盘的序列号
---- 根据以上的分析,可以将具体的方法归结如下:
---- 首先,需要取得系统 IDT,这可用 SIDT 指令一步到位,该指令不受特权级3的限
制;
---- 然后,选定一个中断(异常),修改其在 IDT 中的入口(修改的方法请参阅IDT的
格式),使其指向我们自己的处理程序;虽然IDT表中的所有的项都可以使用,但我建议
使用中断 3, 这个中断是给调试器用的,平常没用。
---- 最后,通常执行该中断产生异常。方法是直接执行代码 INT 3,当然,在 Ring 3
上执行该指令必然地导致CPU异常的发生,于是,我们的处理程序就这样轻易而举地得到
了控制权。
---- 一旦得到CPU最高特权级的控制权,中断处理程序就可以进行任何平常在 Ring 3
级别上不能够进行的操作了,包括读取硬盘序列号。
---- 说得再具体一些,就是将本文前面第三节中列出的程序代码放到中断处理程序中即
可全部搞定了。
---- 硬盘的序列号只能采用对硬盘控制器直接操作的方式进行读取,也就是说只能采用
CPU的I/O指令操作硬盘控制器,读取的方法如下面的C语言程序所示:
static int WaitIde()
{
int al;
while ((al=inp(0x1F7)) >=0x80) ;
return al;
}
static void ReadIDE()
{
int al;
int i;
WORD pw[256];
WaitIde();
outp(0x1F6,0xA0);
al = WaitIde();
if ((al&0x50)!=0x50) return;
outp(0x1F6,0xA0);
outp(0x1F7,0xEC);
al = WaitIde();
if ((al&0x58)!=0x58) return;
for (i=0;i< 256;i++)
pw[i] = inpw(0x1F0);
}
---- 上面的程序实际上读取了保存在硬盘控制器内的全部信息,而序列号只是其中的一
部分,位于上面提到的 pw[] 数组的 10 至 20 元素内,即从 &pw[10] 开始的10个
WORD内,每个WORD占两个字节,共占用了20个字节。由于该序列号保存时每个WORD的
高、低字节是非Intel顺序,也就是说它的高字节在前,低字节在后,所以在使用时需要
将高、低字节颠倒一下,这样就能得到完整的序列号。
四、上面所说的读取方法为什么不能在Windows 95下用
---- 以前,在DOS时代,用这种方法完全可以读到硬盘的序列号并利用它进行软件防拷
贝保护,即使在Windows 3.x下也没有问题,但随着Windows 95(及Windows 98,下简称
Windows 9x)的普及,这种方法的局限性也显露出来,因为在Windows 9x下用这种方法根
本就读不到任何信息。
---- 原因是在Windows 9x下,上面代码所用的I/O指令被作为特权指令限制起来了。那
么,什么是特权指令呢?
---- 首先,简单回顾一下Intel 80386以上CPU的保护机制,从80386以后,CPU分为四
个特权级别(即Ring 0-3),供操作系统使用,其中Ring 0的级别最高,Ring 3的级别最
低。所允许的CPU指令集从0到3有所减少。那些仅在Ring 0级别上使用的指令即为特别指
令。在其它级别上执行特权指令会导致CPU异常的产生。
---- 现在回到Windows 9x中,Windows 95/98在设计时只使用了CPU的两个特权级别,即
Ring 0和Ring 3。在这两个级别中,Windows的虚拟机管理、各种驱动程序(VxD)运行在
Ring 0级,其它应用程序,甚至包括KERNEL、GDI、USER三个主要模块在内都运行在
Ring 3级, 这个级别的程序通过CPU的异常从Ring 0模块中取得所需要的服务。而
Windows 9x自己提供了异常处理程序,所以可以提供相应的服务。
---- 在Ring 3级别上,操作硬盘控制器的I/O指令是不可使用的,所以第三节中所列出
的代码在执行到 WaitIde()时会陷到死循环中,原因就是Windows 9x的异常处理程序总
是让 IN 0x1F7返回 0xFF(事实上,即使跳过这个等待也不行)。
五、在Windows 9x下应该如何读
---- 那么,应该如何在Windows 9x下绕过这层保护来操作硬盘控制器从而达到读取序列
号的目的呢?容易想到的解决办法是写一个虚拟设备驱动程序,即VxD,因为VxD是运行
在CPU的Ring 0最高特权级别上的。在该级别,所有的指令都是可用的。采用这种方法是
可以直接读取的。事实上我已经写了这样的 VxD,效果与在DOS下是一样的。
---- 然而,这种方法存在三个问题(或称为缺点):
---- 第一, 写VxD要比写普通的Windows 9x程序要复杂得多,所需要的操作系统知识也
多得多。需要编程人员熟悉Windows 9x的DDK及相关的内核技术。在可视化编程风行一时
的今天,许多VB、Delphi的程序员几乎连Windows 9x的SDK都有些生疏,就更别提用DDK
进行编程了,从这个角度看,用编写VxD的方法确实平空增加了许多难度。(实在有兴趣
的读者可以参阅拙作“VxD入门教程”)
---- 第二, 由于VxD运行在CPU的Ring 0级,实际上也运行在Windows 9x操作系统的核
心级,所以任何一个小小的疏忽都足以让Windows 9x崩溃,毫无疑问,这将会增加系统
的不稳定性,特别是经验不足的程序员编写的VxD,更容易出现问题。
---- 第三, 读硬盘序列号的主要目的是为了保护软件,也就是防止非法拷贝,如果带
上一个VxD,很明显会提示别人应该如何破解。
---- 其实,我们完全可以在普通应用程序中采用VxD技术进行操作,这将会涉及到如何
在应用程序级(Ring 3)执行Ring 0级代码的技术。
六、如何从应用程序中执行特权0级代码
---- 采用这种方法唯一的一个技术难点就是利用 CPU 的异常从 Ring 3 直接切换到
Ring 0。如果解决了这个问题,那么剩下的工作就非常简单了。值得一提的是,由于该
技术将CPU切换到 Ring 0 级别运行,所以,可以进行的操作就不仅仅是读取硬盘序列
号这么简单了。
---- 为了解决这个问题,我们还需要再回头看看CPU的保护模式和中断处理方式。
---- 在实模式下,中断向量表位于内存地址的0:0处,每当中断发生时,无论是硬中断
还是软中断,CPU都会从该表中查找中断的入口位置,并执行相应的中断处理程序。
---- 在保护模式下(包括V86方式),中断向量表不是必须放在物理内存0000:0000处,事
实上,象“0000:0000”这种表示方式也发生了根本变化,原来意义上的的段址已经不复
存在了,代之以段选择器。相应地,中断向量表也用中断描述符表(IDT)取代了,这意味
着当发生中断或异常时(异常只在保护模式下存在,可以简单地把它当作中断看待),
CPU查找的是IDT,然后再根据查到的入口地址执行相应的处理程序。
---- 关于这部分内容的详细情况请参阅80386 (及以上) CPU的技术手册。
---- 从上面可以看出,虽然查找的内容及方法发生了变化,但原理并没有变,如果要修
改中断入口,所需要修改的地方无非是变成了IDT而已。更妙的是,中断(或异常)处理程
序是运行在CPU最高特权级Ring 0上,仅有这点还不够,我们还需要对IDT具有写的权限,
幸运的是,在Windows 95/98下,IDT位于内存的0C0000000以上的共享区域,而这部分区
域是对所有进程都可见的,其中的IDT则对所有进程都是可写的,这就使得我们从
Ring 3执行Ring 0级别的代码成为可能。
七、如何利用Ring 0代码读取硬盘的序列号
---- 根据以上的分析,可以将具体的方法归结如下:
---- 首先,需要取得系统 IDT,这可用 SIDT 指令一步到位,该指令不受特权级3的限
制;
---- 然后,选定一个中断(异常),修改其在 IDT 中的入口(修改的方法请参阅IDT的
格式),使其指向我们自己的处理程序;虽然IDT表中的所有的项都可以使用,但我建议
使用中断 3, 这个中断是给调试器用的,平常没用。
---- 最后,通常执行该中断产生异常。方法是直接执行代码 INT 3,当然,在 Ring 3
上执行该指令必然地导致CPU异常的发生,于是,我们的处理程序就这样轻易而举地得到
了控制权。
---- 一旦得到CPU最高特权级的控制权,中断处理程序就可以进行任何平常在 Ring 3
级别上不能够进行的操作了,包括读取硬盘序列号。
---- 说得再具体一些,就是将本文前面第三节中列出的程序代码放到中断处理程序中即
可全部搞定了。
cjg325 2003-10-15
- 打赏
- 举报
恐怕这个不是系列号吧
flyidd 2003-10-15
- 打赏
- 举报
DWORD dwIDESerial;
CString str;
GetVolumeInformation("C:\\",NULL,NULL,&dwIDESerial,NULL,NULL,NULL,NULL);
str.Format( "硬盘序列号: %X - %X",HIWORD(dwIDESerial),LOWORD(dwIDESerial));
AfxMessageBox(str);
CString str;
GetVolumeInformation("C:\\",NULL,NULL,&dwIDESerial,NULL,NULL,NULL,NULL);
str.Format( "硬盘序列号: %X - %X",HIWORD(dwIDESerial),LOWORD(dwIDESerial));
AfxMessageBox(str);
