OldNoob Posted October 7, 2016 Posted October 7, 2016 I'm attempting to call the winapi function EnumSystemFirmwareTables using DllCall "Kernel32.dll" without success. I am a total noob when it comes to this and could use some direction. Based on the documentation "Dealing with Dlls in AutoIt" by Andreas Karlsson, I have tried using the following code to obtain the buffersize of the Firmware Table Buffer. Thanks in advance for any help #include <WinAPI.au3> MsgBox(0, "ESFT BufferSize", "BufferSize = " & _EnumSystemFirmwareTables()) Func _EnumSystemFirmwareTables() $aRet = DllCall ("Kernel32.dll", "UINT", "EnumSystemFirmwareTables", "DWORD", "ACPI", "PVOID" ,Null , "DWORD" ,Null) if @error Then MsgBox (0,"Error","An error ocurred with the DLLCALL, error returned = " & @error &@CRLF & "GetLastError = " & _WinAPI_GetLastError ( ),0) Exit else Return $aRet endif EndFunc
Danyfirex Posted October 7, 2016 Posted October 7, 2016 Hello. You need to convert the str to dword. and get the requiered size before get the firewaretable dword array. Saludos Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut
OldNoob Posted October 7, 2016 Author Posted October 7, 2016 Thanks for the response I am still not understanding though. The following is from Microsoft's documentation UINT WINAPI EnumSystemFirmwareTables( _In_ DWORD FirmwareTableProviderSignature, _Out_ PVOID pFirmwareTableBuffer, _In_ DWORD BufferSize ); Parameters FirmwareTableProviderSignature [in] The identifier of the firmware table provider to which the query is to be directed. This parameter can be one of the following values. Value Meaning 'ACPI' The ACPI firmware table provider. 'FIRM' The raw firmware table provider. Not supported for UEFI systems; use 'RSMB' instead. 'RSMB' The raw SMBIOS firmware table provider. pFirmwareTableBuffer [out] A pointer to a buffer that receives the list of firmware tables. If this parameter is NULL, the return value is the required buffer size. Can you elaborate more on what 'str' I need to first convert? Thanks
genius257 Posted October 7, 2016 Posted October 7, 2016 (edited) 5 hours ago, Danyfirex said: Hello. You need to convert the str to dword. and get the requiered size before get the firewaretable dword array. That is true, but also the type "PVOID" need to be converted i think it's "ptr" here's an example that works. $aRet = DllCall ("Kernel32.dll", "UINT", "EnumSystemFirmwareTables", "DWORD", Dec(_StringToHex("ACPI")), "PTR", Null, "DWORD", Null) Edit: #include <Array.au3> #include <String.au3> #include <WinAPIDiag.au3> $aRet = DllCall ("Kernel32.dll", "UINT", "EnumSystemFirmwareTables", "DWORD", Dec(_StringToHex("ACPI")), "PTR", Null, "DWORD", Null) $tDWORD = DllStructCreate("DWORD["&($aRet[0]/4)&"]") $aRet = DllCall ("Kernel32.dll", "UINT", "EnumSystemFirmwareTables", "DWORD", Dec(_StringToHex("ACPI")), "STRUCT*", $tDWORD, "DWORD", DllStructGetSize($tDWORD)) _ArrayDisplay($aRet) _WinAPI_DisplayStruct($tDWORD, "DWORD["&($aRet[0]/4)&"]") This is a more helpful snippet i would say. Looked into using the identifiers with "GetSystemFirmwareTable" but i had trouble finding the struct to use with "ACPI". Closest thing i found was this: FADT structure, but i am not even going to try with that unless I'm certain. Edited October 7, 2016 by genius257 To show your appreciation My highlighted topics: AutoIt Package Manager, AutoItObject Pure AutoIt, AutoIt extension for Visual Studio Code Github: AutoIt HTTP Server, AutoIt HTML Parser
Danyfirex Posted October 7, 2016 Posted October 7, 2016 You're right @genius257 You can do something like this. #include <Array.au3> Local $aTables = _EnumSystemFirmwareTables("ACPI") _ArrayDisplay($aTables) Func _EnumSystemFirmwareTables($sSignature) Local $aTables[1] = [0] Local $aRet = DllCall("Kernel32.dll", "uint", "EnumSystemFirmwareTables", "dword", _Signature($sSignature), "ptr", Null, "dword", 0) If @error Or Not $aRet[0] Then Return SetError(@error, @extended, $aTables) Local $iSize = $aRet[0] Local $iBound = $iSize / 4 Local $tFirewareTable = DllStructCreate("dword[" & $iBound & "]") $aRet = DllCall("Kernel32.dll", "uint", "EnumSystemFirmwareTables", "dword", _Signature($sSignature), "ptr", DllStructGetPtr($tFirewareTable), "dword", $iSize) If @error Or Not $aRet[0] Then Return SetError(@error, @extended, $aTables) ReDim $aTables[$iBound + 1] $aTables[0] = UBound($aTables) - 1 For $i = 1 To UBound($aTables) - 1 $aTables[$i] = DllStructGetData($tFirewareTable, 1, $i) Next Return $aTables EndFunc ;==>_EnumSystemFirmwareTables Func _Signature($sString) Return "0x" & Hex(Binary($sString)) EndFunc ;==>_Signature Saludos Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut
OldNoob Posted October 8, 2016 Author Posted October 8, 2016 Thank you for those working examples, I'll study the code to get a better understanding of the results they return.
OldNoob Posted October 11, 2016 Author Posted October 11, 2016 So I confirmed the results returned are a list of the Signatures present by converting the returned data using BinaryToString ($aTables[$i]). My goal is to extract the digital product key stored in the MSDM firmware table. I followed the example to get the buffersize and then set up a structure to match Microsoft's spec. I'm reasonably certain I've got the buffersize but I haven't quite figured out how to extract the product key. Thanks expandcollapse popup#include <Array.au3> #include <MsgBoxConstants.au3> #include <StringConstants.au3> #include <WinAPIDiag.au3> Local $aTables = _EnumSystemFirmwareTables("ACPI") _ArrayDisplay($aTables) Func _EnumSystemFirmwareTables($sSignature) Local $MSDM_FirmwareTable = "struct;CHAR Signature[4];UINT Length;BYTE Revision;BYTE Checksum;CHAR OemId[6];CHAR OemTableId[8];UINT OemRevision;CHAR CreatorId[4];UINT CreatorRevision;CHAR ProductKey[49];endstruct" Local $bTables[1] = [0] Local $bRet = 0 Local $aTables[1] = [0] Local $aRet = DllCall("Kernel32.dll", "uint", "EnumSystemFirmwareTables", "dword", _Signature($sSignature), "ptr", Null, "dword", 0) If @error Or Not $aRet[0] Then Return SetError(@error, @extended, $aTables) Local $iSize = $aRet[0] Local $iBound = $iSize / 4 Local $tFirewareTable = DllStructCreate("dword[" & $iBound & "]") $aRet = DllCall("Kernel32.dll", "uint", "EnumSystemFirmwareTables", "dword", _Signature($sSignature), "ptr", DllStructGetPtr($tFirewareTable), "dword", $iSize) If @error Or Not $aRet[0] Then Return SetError(@error, @extended, $aTables) ReDim $aTables[$iBound + 1] $aTables[0] = UBound($aTables) - 1 For $i = 1 To UBound($aTables) - 1 $aTables[$i] = DllStructGetData($tFirewareTable, 1, $i) $k = BinaryToString ($aTables[$i]) msgbox (0,"", Hex($aTables[$i]) & " : " & $k ,1) if $k = "MSDM" Then $bRet = DllCall("Kernel32.dll", "uint","GetSystemFirmwareTable", "dword", _Signature($sSignature), "dword", _Signature(StringReverse($k)), "ptr", Null, "dword", 0) if @error or Not $bRet[0] Then Return SetError(@error, @extended, $aTables) Local $jsize = $bRet[0] Local $jBound = $jsize / 4 Local $tFirmwareTable = DllStructCreate($MSDM_FirmwareTable) $bTables = DllCall("Kernel32.dll", "uint","GetSystemFirmwareTable", "dword", _Signature($sSignature), "dword", _Signature(StringReverse($k)), "ptr",DllStructGetptr ($tFirmwareTable), "dword", $jBound) $ProductKey = DllStructGetData ($tFirmwareTable, "ProductKey") MsgBox (0,"", $ProductKey,0) $tFirmwareTable = 0 Return ($bTables) endif Next Return $aTables EndFunc ;==>_EnumSystemFirmwareTables Func _Signature($sString) Return "0x" & Hex(Binary($sString)) EndFunc ;==>_Signature
Danyfirex Posted October 11, 2016 Posted October 11, 2016 I'm not sure if you're topic is breaking the rules, so I will not post code till moderator's judgment. But you can check MSDN resource. https://msdn.microsoft.com/en-us/Library/Windows/Hardware/dn653305(v=vs.85).aspx Saludos Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut
OldNoob Posted October 12, 2016 Author Posted October 12, 2016 Thanks for the link however I get a file not found message when trying to download the whitepaper. Are there any other resources you can suggest that would help me better understand the DLLStructCreate as well as pulling data from the structure? I do have a legitimate reason for extracting the data however if I'm in violation of breaking the rules then I'll 'cease and desist'. Thanks
Danyfirex Posted October 12, 2016 Posted October 12, 2016 Here is the correct link http://feishare.com/attachments/article/265/microsoft-software-licensing-tables.pdf Saludos Danysys.com AutoIt... UDFs: VirusTotal API 2.0 UDF - libZPlay UDF - Apps: Guitar Tab Tester - VirusTotal Hash Checker Examples: Text-to-Speech ISpVoice Interface - Get installed applications - Enable/Disable Network connection PrintHookProc - WINTRUST - Mute Microphone Level - Get Connected NetWorks - Create NetWork Connection ShortCut
OldNoob Posted October 12, 2016 Author Posted October 12, 2016 I now have a working version that needs to be cleaned up, when and if the moderators give the ok I will post what I have for discussion
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now