NO

Author Topic: Retrieving the operating system version  (Read 3324 times)

Offline Vortex

  • Member
  • *
  • Posts: 903
    • http://www.vortex.masmcode.com
Retrieving the operating system version
« on: January 14, 2024, 06:15:32 PM »
Retrieving the operating system version by reading data from kernel32 :

Code: [Select]
include     GetOSvers64.inc

.data

kernel32    db 'kernel32.dll',0
str1        db 'Major Operating System Version = %u',13,10
            db 'Minor Operating System Version = %u',13,10,0

.data?

buffer      db 128 dup(?)

.code

start PROC PARMAREA=4*QWORD
   
    invoke  GetModuleHandle,ADDR kernel32
    test    rax,rax
    jz      @f

    xor     rcx,rcx   
    mov     ecx,IMAGE_DOS_HEADER.e_lfanew[rax]
    add     rax,rcx

    movzx   r8,IMAGE_NT_HEADERS.OptionalHeader.MajorOperatingSystemVersion[rax]
           
    movzx   r9,IMAGE_NT_HEADERS.OptionalHeader.MinorOperatingSystemVersion[rax]

    invoke  wsprintf,ADDR buffer,ADDR str1,r8,r9
    invoke  StdOut,ADDR buffer
@@:
    invoke  ExitProcess,0

start ENDP

StdOut PROC uses r14 r15 string:QWORD PARMAREA=5*QWORD

; Function from the Masm64 package

    ; rcx = text address

LOCAL bwrt:QWORD

    mov     r14,rcx                        ; store address in r14
    mov     rax,r14
    sub     rax,1
@@:
    add     rax,1
    cmp     BYTE PTR [rax],0               ; get the text length
    jne     @B
    sub     rax,r14                        ; sub original address from RAX
    mov     r15,rax                        ; save string length into r15

    invoke  GetStdHandle,STD_OUTPUT_HANDLE
    mov     rcx,rax
    lea     r9,bwrt
    xor     r10,r10
    invoke  WriteFile,rcx,r14,r15,r9,r10

    mov     rax,bwrt                       ; return value is bytes written

    ret

StdOut ENDP

END start
Code it... That's all...

Offline TimoVJL

  • Global Moderator
  • Member
  • *****
  • Posts: 2152
Re: Retrieving the operating system version
« Reply #1 on: January 15, 2024, 08:28:14 PM »
With C:
Code: [Select]
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <stdio.h>

int __cdecl main(void)
{
HMODULE hMod = GetModuleHandle(TEXT("kernel32.dll"));
IMAGE_NT_HEADERS *pNtHdr = (IMAGE_NT_HEADERS*)(((LONGLONG)hMod)+((IMAGE_DOS_HEADER*)hMod)->e_lfanew);
printf("%u.%u\n", pNtHdr->OptionalHeader.MajorOperatingSystemVersion,  pNtHdr->OptionalHeader.MinorOperatingSystemVersion);
return 0;
}
May the source be with you

Offline Robert

  • Member
  • *
  • Posts: 247
Re: Retrieving the operating system version
« Reply #2 on: January 15, 2024, 08:39:58 PM »
With C:
Code: [Select]
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <stdio.h>

int __cdecl main(void)
{
HMODULE hMod = GetModuleHandle(TEXT("kernel32.dll"));
IMAGE_NT_HEADERS *pNtHdr = (IMAGE_NT_HEADERS*)(((LONGLONG)hMod)+((IMAGE_DOS_HEADER*)hMod)->e_lfanew);
printf("%u.%u\n", pNtHdr->OptionalHeader.MajorOperatingSystemVersion,  pNtHdr->OptionalHeader.MinorOperatingSystemVersion);
return 0;
}

When the above code is compiled and run on my machine the output is

Code: [Select]
10
This command line snippet

Code: [Select]
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
outputs

Code: [Select]
OS Name:                   Microsoft Windows 11 Pro
OS Version:                10.0.22631 N/A Build 22631

Offline TimoVJL

  • Global Moderator
  • Member
  • *****
  • Posts: 2152
Re: Retrieving the operating system version
« Reply #3 on: January 15, 2024, 09:29:45 PM »
Check kernel32.dll header.
Many of us might want to know, how dll was linked.
Also version info of that dll is interesting.
« Last Edit: January 16, 2024, 11:58:05 AM by TimoVJL »
May the source be with you

Offline Vortex

  • Member
  • *
  • Posts: 903
    • http://www.vortex.masmcode.com
Re: Retrieving the operating system version
« Reply #4 on: January 16, 2024, 06:25:44 PM »
Hi Timo,

Thanks for the C code.
Code it... That's all...

Offline Robert

  • Member
  • *
  • Posts: 247
Re: Retrieving the operating system version
« Reply #5 on: January 16, 2024, 08:42:46 PM »
Check kernel32.dll header.
Many of us might want to know, how dll was linked.
Also version info of that dll is interesting.

Hi Timo:

I am not sure what you are asking here "Check kernel32.dll header." ???

The kernel32.dll Product version is 10.0.22621.2506

It is different from the OS version: 10.0.22631

I linked your program with Pelles 12
polink.exe /release /MACHINE:X64 /SUBSYSTEM:CONSOLE /STACK:10485760


Offline Vortex

  • Member
  • *
  • Posts: 903
    • http://www.vortex.masmcode.com
Re: Retrieving the operating system version
« Reply #6 on: January 16, 2024, 09:07:51 PM »
Quote
Windows 8.1 and later pretend to be Windows 8 (legacy/trac#28096 (moved)).
If we want to display the real Windows version, we can use GetFileVersionInfo() to check the version of Kernel32.dll:
https://docs.microsoft.com/en-au/windows/desktop/SysInfo/getting-the-system-version

https://gitlab.torproject.org/tpo/core/tor/-/issues/28097

Quote
Note, that Microsoft doesn't make things easy with their internal version numbering. One would assume that Windows 11 would have a major version number set as 11. But this doesn't seem to be the case. They still consider Windows 11 to have a major version number of 10. So, to distinguish between Windows 10 and 11 you need to rely on the BuildNumber. Anything greater or equal to 20000 will indicate Windows 11. Anything from [10000 to 20000), Windows 10.

https://dennisbabkin.com/blog/?t=how-to-tell-the-real-version-of-windows-your-app-is-running-on
Code it... That's all...