OldNoob

Help with DLLCALL - Kernel32.dll

11 posts in this topic

 I'm attempting to call the winapi function EnumSystemFirmwareTables using DllCall "Kernel32.dll" without success. I am a total noob when it comes to this and could use some direction. Based on the documentation "Dealing with Dlls in AutoIt" by Andreas Karlsson, I have tried using the following code to obtain the buffersize of the Firmware Table Buffer.

Thanks in advance for any help

#include <WinAPI.au3>

MsgBox(0, "ESFT BufferSize", "BufferSize = " & _EnumSystemFirmwareTables())

Func _EnumSystemFirmwareTables()
    $aRet = DllCall ("Kernel32.dll", "UINT", "EnumSystemFirmwareTables", "DWORD", "ACPI", "PVOID" ,Null , "DWORD" ,Null)
    if @error Then
        MsgBox (0,"Error","An error ocurred with the DLLCALL, error returned = " & @error &@CRLF & "GetLastError =  " & _WinAPI_GetLastError ( ),0)
        Exit
    else
    Return $aRet
    endif
EndFunc

 

Share this post


Link to post
Share on other sites



Hello. You need to convert the str to dword. and get the requiered size before get the firewaretable dword array.

 

Saludos

Share this post


Link to post
Share on other sites

Thanks for the response I am still not understanding though. The following is from Microsoft's documentation

UINT WINAPI EnumSystemFirmwareTables(
  _In_  DWORD FirmwareTableProviderSignature,
  _Out_ PVOID pFirmwareTableBuffer,
  _In_  DWORD BufferSize
);

Parameters

FirmwareTableProviderSignature [in]

The identifier of the firmware table provider to which the query is to be directed. This parameter can be one of the following values.

Value Meaning
'ACPI' The ACPI firmware table provider.
'FIRM' The raw firmware table provider. Not supported for UEFI systems; use 'RSMB' instead.
'RSMB' The raw SMBIOS firmware table provider.

pFirmwareTableBuffer [out]

A pointer to a buffer that receives the list of firmware tables. If this parameter is NULL, the return value is the required buffer size.

 

Can you elaborate more on what 'str' I need to first convert?

 

Thanks

 

 

 

 

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

5 hours ago, Danyfirex said:

Hello. You need to convert the str to dword. and get the requiered size before get the firewaretable dword array.

That is true, but also the type "PVOID" need to be converted i think it's "ptr"

here's an example that works.

$aRet = DllCall ("Kernel32.dll", "UINT", "EnumSystemFirmwareTables", "DWORD", Dec(_StringToHex("ACPI")), "PTR", Null, "DWORD", Null)

Edit:

#include <Array.au3>
#include <String.au3>
#include <WinAPIDiag.au3>

$aRet = DllCall ("Kernel32.dll", "UINT", "EnumSystemFirmwareTables", "DWORD", Dec(_StringToHex("ACPI")), "PTR", Null, "DWORD", Null)
$tDWORD = DllStructCreate("DWORD["&($aRet[0]/4)&"]")
$aRet = DllCall ("Kernel32.dll", "UINT", "EnumSystemFirmwareTables", "DWORD", Dec(_StringToHex("ACPI")), "STRUCT*", $tDWORD, "DWORD", DllStructGetSize($tDWORD))
_ArrayDisplay($aRet)
_WinAPI_DisplayStruct($tDWORD, "DWORD["&($aRet[0]/4)&"]")

This is a more helpful snippet i would say. Looked into using the identifiers with "GetSystemFirmwareTable" but i had trouble finding the struct to use with "ACPI". Closest thing i found was this: FADT structure, but i am not even going to try with that unless I'm certain.

Edited by genius257

Share this post


Link to post
Share on other sites

You're right @genius257

You can do something like this.

#include <Array.au3>

Local $aTables = _EnumSystemFirmwareTables("ACPI")
_ArrayDisplay($aTables)

Func _EnumSystemFirmwareTables($sSignature)
    Local $aTables[1] = [0]
    Local $aRet = DllCall("Kernel32.dll", "uint", "EnumSystemFirmwareTables", "dword", _Signature($sSignature), "ptr", Null, "dword", 0)
    If @error Or Not $aRet[0] Then Return SetError(@error, @extended, $aTables)
    Local $iSize = $aRet[0]
    Local $iBound = $iSize / 4
    Local $tFirewareTable = DllStructCreate("dword[" & $iBound & "]")
    $aRet = DllCall("Kernel32.dll", "uint", "EnumSystemFirmwareTables", "dword", _Signature($sSignature), "ptr", DllStructGetPtr($tFirewareTable), "dword", $iSize)
    If @error Or Not $aRet[0] Then Return SetError(@error, @extended, $aTables)
    ReDim $aTables[$iBound + 1]
    $aTables[0] = UBound($aTables) - 1
    For $i = 1 To UBound($aTables) - 1
        $aTables[$i] = DllStructGetData($tFirewareTable, 1, $i)
    Next

    Return $aTables
EndFunc   ;==>_EnumSystemFirmwareTables



Func _Signature($sString)
    Return "0x" & Hex(Binary($sString))
EndFunc   ;==>_Signature

Saludos

Share this post


Link to post
Share on other sites

Thank you for those working examples, I'll study the code to get a better understanding of the results they return.

Share this post


Link to post
Share on other sites

So I confirmed the results returned are a list of the Signatures present by converting the returned data using BinaryToString ($aTables[$i]). My goal is to extract the digital product key stored in the MSDM firmware table. I followed the example to get the buffersize and then  set up a structure to match Microsoft's spec.  I'm reasonably certain I've got the buffersize but I haven't quite figured out how to extract the product key. 

 

Thanks

 

#include <Array.au3>
#include <MsgBoxConstants.au3>
#include <StringConstants.au3>
#include <WinAPIDiag.au3>

Local $aTables = _EnumSystemFirmwareTables("ACPI")
_ArrayDisplay($aTables)

Func _EnumSystemFirmwareTables($sSignature)
    Local $MSDM_FirmwareTable = "struct;CHAR Signature[4];UINT Length;BYTE Revision;BYTE Checksum;CHAR OemId[6];CHAR OemTableId[8];UINT OemRevision;CHAR CreatorId[4];UINT CreatorRevision;CHAR ProductKey[49];endstruct"
    Local $bTables[1] = [0]
    Local $bRet = 0
    Local $aTables[1] = [0]
    Local $aRet = DllCall("Kernel32.dll", "uint", "EnumSystemFirmwareTables", "dword", _Signature($sSignature), "ptr", Null, "dword", 0)
    If @error Or Not $aRet[0] Then Return SetError(@error, @extended, $aTables)
    Local $iSize = $aRet[0]
    Local $iBound = $iSize / 4
    Local $tFirewareTable = DllStructCreate("dword[" & $iBound & "]")
    $aRet = DllCall("Kernel32.dll", "uint", "EnumSystemFirmwareTables", "dword", _Signature($sSignature), "ptr", DllStructGetPtr($tFirewareTable), "dword", $iSize)
    If @error Or Not $aRet[0] Then Return SetError(@error, @extended, $aTables)
    ReDim $aTables[$iBound + 1]
    $aTables[0] = UBound($aTables) - 1
    For $i = 1 To UBound($aTables) - 1
        $aTables[$i] = DllStructGetData($tFirewareTable, 1, $i)
        $k = BinaryToString ($aTables[$i])
        msgbox (0,"", Hex($aTables[$i]) & " : " & $k ,1)
        if $k = "MSDM" Then
            $bRet = DllCall("Kernel32.dll", "uint","GetSystemFirmwareTable", "dword", _Signature($sSignature), "dword", _Signature(StringReverse($k)), "ptr", Null, "dword", 0)
            if @error or Not $bRet[0] Then Return SetError(@error, @extended, $aTables)
            Local $jsize = $bRet[0]
            Local $jBound = $jsize / 4
            Local $tFirmwareTable = DllStructCreate($MSDM_FirmwareTable)
            $bTables = DllCall("Kernel32.dll", "uint","GetSystemFirmwareTable", "dword", _Signature($sSignature), "dword", _Signature(StringReverse($k)), "ptr",DllStructGetptr ($tFirmwareTable), "dword", $jBound)
            $ProductKey = DllStructGetData ($tFirmwareTable, "ProductKey")
            MsgBox (0,"", $ProductKey,0)
            $tFirmwareTable = 0
            Return ($bTables)
        endif
    Next

    Return $aTables
EndFunc   ;==>_EnumSystemFirmwareTables



Func _Signature($sString)
    Return "0x" & Hex(Binary($sString))
EndFunc   ;==>_Signature

 

Share this post


Link to post
Share on other sites

I'm not sure if you're topic is breaking the rules, so I will not post  code till  moderator's judgment.

But you can check MSDN resource. https://msdn.microsoft.com/en-us/Library/Windows/Hardware/dn653305(v=vs.85).aspx

 

Saludos

Share this post


Link to post
Share on other sites

Thanks for the link however I get a file not found message when trying to download the whitepaper.

Are there any other resources you can suggest that would help me better understand the DLLStructCreate as well as pulling data from the structure? I do have a legitimate reason for extracting the data however if I'm in violation of breaking the rules then I'll 'cease and desist'.

 

Thanks

 

 

Share this post


Link to post
Share on other sites

I now have a working version that needs to be cleaned up, when and if the moderators give the ok I will post what I have for discussion

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • ogloed
      By ogloed
      Again, I'm struggling with DllCall(). So I have this MS C++ 6.0 compiled DLL and a manual for it. There's a function:
       
      Get information of disk arrays Declaration: VINT vr_get_array_info (VINT array_index, vr_array_info_t* pinfo); Description: Application can fetch the information of one specific disk array, which is located by index of all disk arrays in current system. Input parameters: VINT array_index : Index to all disk arrays in system, specify which disk array. vr_array_info_t *pinfo : 14 Pointer to a vr_array_info_t data structure to get the information Return value: VR_SUCCESS : Get the information successfully. VR_ERR_NOT_INITED : Raid lib hasn’t been initialized. VR_ERR_INVALID_INDEX : The input index is invalid. VR_ERR_INVALID_PARAM : Input parameter is invalid: the pointer is NULL. Here's what DLL Export Viewer says:
       
      Function Name     : int __cdecl vr_get_array_info(int,struct _vr_array_info *)
      Here's what is this _vr_array_info:
       
      typedef struct _vr_array_info { VWORD status; // current status of disk array VBYTE raidType;// same as Disk_Array.raidType, but value 0xFF means // a stand-alone disk. When it's a stand-alone disk, // only arDevices[0] and diskNum has meaning, and diskNum should // always be 1 . VBYTE diskNum;// count of valid arDevices[] members. // Note: disk array maybe incomplete, i.e. , some disk in the array maybe missing, // corresponding device ptr arDevices[i]->pRealDevice should be NULL. VDWORD capacityLow;// (Unit: sector) VDWORD capacityHigh;// (Unit: sector) // following 8 bytes define the real-capcity (in sector) of every disk in array VDWORD realCapacityLow; // (Unit: sector) VDWORD realCapacityHigh; // (Unit: sector) VDWORD stripeSize; // valid when raid is raid0, raid5 or raid01, in Kbytes VDWORD blockSize; // valid when raid is RAID5, in Kbytes VBOOL bNeedMigration; // the raid need migration // only valid when raid0/raid5/matrixRaid VBOOL bNeedInit; // the raid need initialization, only valid for RAID5 VBOOL bOptimized; // only for RAID5, this RAID5 access was optimized VBYTE systemDisk; /* does the devices within this disk array contain system files of current running OS ? the probably value are: VR_DEVICE_NOT_SYS_DISK VR_DEVICE_MAYBE_SYS_DISK VR_DEVICE_SYS_DISK they are defined in this file */ VWORD raid_index;// only raid index, no meaning with stand-alone disk VINT index; // all device index, including all raid and stand-alone disk } vr_array_info_t;

      Here's my code (function names are actually decorated, so):
       
      Local $pTest $hDLL = DllOpen(@ScriptDir & "\drvInterface.dll") ;~ VINT vr_init (void); ConsoleWrite("vr_init..." & @CRLF) $sTest = DllCall($hDLL, "int:cdecl", "?vr_init@@YAHXZ") ;~ VINT vr_get_controller_num (VINT *pnumber); ConsoleWrite("vr_get_controller_num..." & @CRLF) $sTest = DllCall($hDLL, "int:cdecl", "?vr_get_controller_num@@YAHPAH@Z", "int*", "$pTest") $iControllerNumber = $sTest[1] ConsoleWrite("$iControllerNumber = " & $iControllerNumber & @CRLF) ;~ VINT vr_get_device_num (VINT *pnumber); ConsoleWrite("vr_get_device_num..." & @CRLF) $sTest = DllCall($hDLL, "int:cdecl", "?vr_get_device_num@@YAHPAH@Z", "int*", "$pTest") $iDeviceNumber = $sTest[1] ConsoleWrite("$iDeviceNumber = " & $iDeviceNumber & @CRLF) ;~ VINT vr_get_array_num (VINT only_raid, VINT *pnumber); ConsoleWrite("vr_get_array_num..." & @CRLF) $sTest = DllCall($hDLL, "int:cdecl", "?vr_get_array_num@@YAHHPAH@Z", "int", 0, "int*", "$pTest") $iArrayNumber = $sTest[2] ConsoleWrite("$iArrayNumber = " & $iArrayNumber & @CRLF) $vr_array_info = DllStructCreate("ushort status;byte raidType;byte diskNum;dword capacityLow;dword capacityHigh;dword stripeSize;dword blockSize;boolean bNeedMigration;boolean bNeedInit;boolean bOptimized;byte systemDisk;byte raid_index;int index") ;~ VINT vr_get_array_info (VINT array_index, vr_array_info_t* pinfo); ConsoleWrite("vr_get_array_info..." & @CRLF) $sTest = DllCall($hDLL, "int:cdecl", "?vr_get_array_info@@YAHHPAU_vr_array_info@@@Z", "int", 0, "struct*", $vr_array_info) ;~ void vr_exit (void); ConsoleWrite("vr_exit..." & @CRLF) $sTest = DllCall($hDLL, "none", "?vr_exit@@YAXXZ") DllClose($hDLL) Exit Everything works fine up to vr_get_array_info part. This is where I get a "memory cannot be 'read'" Windows error ("Instruction at 0x7c93a514 referenced memory at 0x00000000").

      What am I doing wrong? Please help.
      drvInterface.dll
      ProgGuide.pdf
    • ogloed
      By ogloed
      Hello!
      There's a DLL, which I want to use in my script. There's the manual for that DLL. I'm trying to use any function from the manual in DllCall() and I get @error=3 ("function" not found in the DLL file). Why is that? How do I fix it?
      PEiD says that DLL is "Microsoft Visual C++ 6.0 DLL". Is that compatible with AutoIt? How do I use it? Please help.
       
      ProgGuide.pdf
      drvInterface.dll
    • Hammerfist
      By Hammerfist
      Hi guys.
      I try to choose an algorithm to compress some string data in-memory, without file medium to store in sqlite as blob. I plan to store about 100k blobs each 80k symbols (uncompressed). First opinion was LZMA udf by Ward, but udf file doesn't exist.
      Then i tried to use BZIP2 dll in DllCall, but it simply doesn't work and throws @error = 1.
       
      Here is an example:
       
      What should I do with this error? Where am I wrong?
      Thanks.
    • PoojaKrishna
      By PoojaKrishna
      Hi friends,
      I'm working on a licensing project and we are using LexActicvator of Cryptlex.
      I'm trying to call a function of a DLL using DLLCall method. I'm calling the method 'SetProductFile' of DLL 'LexActivator_64.dll'. The parameter to the method is path to the product file and the method should return 1 on successful execution. But the method always returns 7 in my test run.
      #define LA_E_PFILE ((HRESULT)0x00000007L)   /*     CODE: LA_E_FPATH       MESSAGE: Invalid product file path. */   The DLL and the product file I use are attached, please save to the script folder to test the script. Can anyone please help? I'm stuck for many days. Link to the documentation  https://cryptlex.com/help/using-lexactivator   #RequireAdmin #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_UseX64=y #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** #include <WinAPIReg.au3> #include <WinAPI.au3> #include<array.au3> #include <WinAPISys.au3> $sDLLPath = @ScriptDir& "\LexActivator_64.dll" ;Path to DLL file $sDataFilePath = @ScriptDir& "\Product.dat" ;Path to product data file $hDLL = DllOpen ( $sDLLPath) ;Opening DLL If $hDLL = -1 Then ;If error Msgbox(0,"Error", "Couldn't open the DLL file.") exit EndIf If Not FileExists($sDataFilePath) Then ;Checking product file Msgbox(0,"Error", "Product file does not exist.") exit EndIf $aArray = DllCall ( $hDLL , "int:cdecl", "SetProductFile", "STR", $sDataFilePath ) ;calling SetProductFile method If @error Then ;If error MsgBox(0, "Error","Error occured while calling DLL method: " & @error) Else Msgbox(0,"Result","Result received: " & $aArray[0]) ;result EndIF DllClose ( $hDLL )  
      LexActivator_64.dll
      Product.dat
    • DHL
      By DHL
      Hi, 
      I'm trying to compare two bitmaps (screenshots of the desktop) that I create using BitBlt. The bitmaps can be successfully saved to disk, but when I run the two bitmaps through a CompareBitmaps()-function I found in this thread, which calls memcmp, the script crashes with "Exit code: -1073741819". 
      This crash only happens when I try to compare bitmaps that I got by using BitBlt. If I use the CompareBitmaps()-function on bitmaps created by _GDIPlus_ImageLoadFromFile, everything works fine. (I'm using AutoIT 3.3.6.1)
      I'll attach my script that crashes, and the  CompareBitmaps() example script that works (which I got from the thread previosly mentioned)
      My script, that for some reason crashes : 
      #include <ScreenCapture.au3> #include <GDIPlus.au3> #include <WinAPI.au3> _GDIPlus_Startup() Local $hDesktop = _WinAPI_GetDesktopWindow() $clientS = WinGetClientSize($hDesktop) Local $Width = $clientS[0] Local $Height = $clientS[1] Local $hDC = _WinAPI_GetDC($hDesktop) Local $memDC = _WinAPI_CreateCompatibleDC($hDC) Local $memBmp = _WinAPI_CreateCompatibleBitmap($hDC, $Width, $Height) _WinAPI_SelectObject ($memDC, $memBmp) _WinAPI_BitBlt($memDC, 0, 0, $Width, $Height, $hDC, 0,0, $__SCREENCAPTURECONSTANT_SRCCOPY) _WinAPI_DeleteDC($memDC) _WinAPI_ReleaseDC($hDesktop, $hDC) Local $hImage1 = _GDIPlus_BitmapCreateFromHBITMAP($memBmp) _WinAPI_DeleteObject($memBmp) _GDIPlus_ImageSaveToFile($hImage1, @ScriptDir & "\GDIPlus_Image1.jpg") MsgBox(0, "Debug", "Screenshot taken & saved to disk. Ready to take new screenshot" ) Local $hDC2 = _WinAPI_GetDC($hDesktop) Local $memDC2 = _WinAPI_CreateCompatibleDC($hDC2) Local $memBmp2 = _WinAPI_CreateCompatibleBitmap($hDC2, $Width, $Height) _WinAPI_SelectObject ($memDC2, $memBmp2) _WinAPI_BitBlt($memDC2, 0, 0, $Width, $Height, $hDC2, 0,0, $__SCREENCAPTURECONSTANT_SRCCOPY) _WinAPI_DeleteDC($memDC2) _WinAPI_ReleaseDC($hDesktop, $hDC2) Local $hImage2 =_GDIPlus_BitmapCreateFromHBITMAP($memBmp2) _WinAPI_DeleteObject($memBmp2) _GDIPlus_ImageSaveToFile($hImage2, @ScriptDir & "\GDIPlus_Image2.jpg") MsgBox(0, "Debug", "Screenshot2 taken & saved to disk. Ready to compare images (from memory)" ) MsgBox(0, "bm1==bm2", CompareBitmaps($hImage1, $hImage2) ) ; Clean up resources _GDIPlus_ImageDispose($hImage1) _GDIPlus_ImageDispose($hImage2) ; Shut down GDI+ library _GDIPlus_ShutDown () Func CompareBitmaps($bm1, $bm2) $Bm1W = _GDIPlus_ImageGetWidth($bm1) $Bm1H = _GDIPlus_ImageGetHeight($bm1) $BitmapData1 = _GDIPlus_BitmapLockBits($bm1, 0, 0, $Bm1W, $Bm1H, $GDIP_ILMREAD, $GDIP_PXF32RGB) $Stride = DllStructGetData($BitmapData1, "Stride") $Scan0 = DllStructGetData($BitmapData1, "Scan0") $ptr1 = $Scan0 $size1 = ($Bm1H - 1) * $Stride + ($Bm1W - 1) * 4 $Bm2W = _GDIPlus_ImageGetWidth($bm2) $Bm2H = _GDIPlus_ImageGetHeight($bm2) $BitmapData2 = _GDIPlus_BitmapLockBits($bm2, 0, 0, $Bm2W, $Bm2H, $GDIP_ILMREAD, $GDIP_PXF32RGB) $Stride = DllStructGetData($BitmapData2, "Stride") $Scan0 = DllStructGetData($BitmapData2, "Scan0") $ptr2 = $Scan0 $size2 = ($Bm2H - 1) * $Stride + ($Bm2W - 1) * 4 $smallest = $size1 If $size2 < $smallest Then $smallest = $size2 $call = DllCall("msvcrt.dll", "int:cdecl", "memcmp", "ptr", $ptr1, "ptr", $ptr2, "int", $smallest) _GDIPlus_BitmapUnlockBits($bm1, $BitmapData1) _GDIPlus_BitmapUnlockBits($bm2, $BitmapData2) Return ($call[0]=0) EndFunc ;==>CompareBitmaps  
      Example Script (that basically does the same thing, but works fine)
      #include <GDIPlus.au3> _GDIPlus_Startup() $fname1=FileOpenDialog("First image","","All images(*.bmp;*.jpg;*.png;)") If $fname1="" Then Exit $fname2=FileOpenDialog("Second image image","","All images(*.bmp;*.jpg;*.png;)") If $fname2="" Then Exit $bm1 = _GDIPlus_ImageLoadFromFile($fname1) $bm2 = _GDIPlus_ImageLoadFromFile($fname2) MsgBox(0, "bm1==bm2", CompareBitmaps($bm1, $bm2)) _GDIPlus_ImageDispose($bm1) _GDIPlus_ImageDispose($bm2) _GDIPlus_Shutdown() Func CompareBitmaps($bm1, $bm2) $Bm1W = _GDIPlus_ImageGetWidth($bm1) $Bm1H = _GDIPlus_ImageGetHeight($bm1) $BitmapData1 = _GDIPlus_BitmapLockBits($bm1, 0, 0, $Bm1W, $Bm1H, $GDIP_ILMREAD, $GDIP_PXF32RGB) $Stride = DllStructGetData($BitmapData1, "Stride") $Scan0 = DllStructGetData($BitmapData1, "Scan0") $ptr1 = $Scan0 $size1 = ($Bm1H - 1) * $Stride + ($Bm1W - 1) * 4 $Bm2W = _GDIPlus_ImageGetWidth($bm2) $Bm2H = _GDIPlus_ImageGetHeight($bm2) $BitmapData2 = _GDIPlus_BitmapLockBits($bm2, 0, 0, $Bm2W, $Bm2H, $GDIP_ILMREAD, $GDIP_PXF32RGB) $Stride = DllStructGetData($BitmapData2, "Stride") $Scan0 = DllStructGetData($BitmapData2, "Scan0") $ptr2 = $Scan0 $size2 = ($Bm2H - 1) * $Stride + ($Bm2W - 1) * 4 $smallest = $size1 If $size2 < $smallest Then $smallest = $size2 $call = DllCall("msvcrt.dll", "int:cdecl", "memcmp", "ptr", $ptr1, "ptr", $ptr2, "int", $smallest) _GDIPlus_BitmapUnlockBits($bm1, $BitmapData1) _GDIPlus_BitmapUnlockBits($bm2, $BitmapData2) Return ($call[0]=0) EndFunc ;==>CompareBitmaps  
      Any one got a clue why my script crashes?