Assembly language > Assembly discussions

Retrieving the operating system version

(1/2) > >>

Vortex:
Retrieving the operating system version by reading data from kernel32 :


--- Code: ---include     GetOSvers64.inc

.data

kernel32    db 'kernel32.dll',0
str1        db 'Major Operating System Version = %u',13,10
            db 'Minor Operating System Version = %u',13,10,0

.data?

buffer      db 128 dup(?)

.code

start PROC PARMAREA=4*QWORD
   
    invoke  GetModuleHandle,ADDR kernel32
    test    rax,rax
    jz      @f

    xor     rcx,rcx   
    mov     ecx,IMAGE_DOS_HEADER.e_lfanew[rax]
    add     rax,rcx

    movzx   r8,IMAGE_NT_HEADERS.OptionalHeader.MajorOperatingSystemVersion[rax]
           
    movzx   r9,IMAGE_NT_HEADERS.OptionalHeader.MinorOperatingSystemVersion[rax]

    invoke  wsprintf,ADDR buffer,ADDR str1,r8,r9
    invoke  StdOut,ADDR buffer
@@:
    invoke  ExitProcess,0

start ENDP

StdOut PROC uses r14 r15 string:QWORD PARMAREA=5*QWORD

; Function from the Masm64 package

    ; rcx = text address

LOCAL bwrt:QWORD

    mov     r14,rcx                        ; store address in r14
    mov     rax,r14
    sub     rax,1
@@:
    add     rax,1
    cmp     BYTE PTR [rax],0               ; get the text length
    jne     @B
    sub     rax,r14                        ; sub original address from RAX
    mov     r15,rax                        ; save string length into r15

    invoke  GetStdHandle,STD_OUTPUT_HANDLE
    mov     rcx,rax
    lea     r9,bwrt
    xor     r10,r10
    invoke  WriteFile,rcx,r14,r15,r9,r10

    mov     rax,bwrt                       ; return value is bytes written

    ret

StdOut ENDP

END start
--- End code ---

TimoVJL:
With C:
--- Code: ---#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <stdio.h>

int __cdecl main(void)
{
HMODULE hMod = GetModuleHandle(TEXT("kernel32.dll"));
IMAGE_NT_HEADERS *pNtHdr = (IMAGE_NT_HEADERS*)(((LONGLONG)hMod)+((IMAGE_DOS_HEADER*)hMod)->e_lfanew);
printf("%u.%u\n", pNtHdr->OptionalHeader.MajorOperatingSystemVersion,  pNtHdr->OptionalHeader.MinorOperatingSystemVersion);
return 0;
}

--- End code ---

Robert:

--- Quote from: TimoVJL on January 15, 2024, 08:28:14 PM ---With C:
--- Code: ---#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <stdio.h>

int __cdecl main(void)
{
HMODULE hMod = GetModuleHandle(TEXT("kernel32.dll"));
IMAGE_NT_HEADERS *pNtHdr = (IMAGE_NT_HEADERS*)(((LONGLONG)hMod)+((IMAGE_DOS_HEADER*)hMod)->e_lfanew);
printf("%u.%u\n", pNtHdr->OptionalHeader.MajorOperatingSystemVersion,  pNtHdr->OptionalHeader.MinorOperatingSystemVersion);
return 0;
}

--- End code ---

--- End quote ---

When the above code is compiled and run on my machine the output is


--- Code: ---10
--- End code ---

This command line snippet


--- Code: ---systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
--- End code ---

outputs


--- Code: ---OS Name:                   Microsoft Windows 11 Pro
OS Version:                10.0.22631 N/A Build 22631

--- End code ---

TimoVJL:
Check kernel32.dll header.
Many of us might want to know, how dll was linked.
Also version info of that dll is interesting.

Vortex:
Hi Timo,

Thanks for the C code.

Navigation

[0] Message Index

[#] Next page

Go to full version