Deciphering the BIOS serial number

[Maser]

Hi every body
I want to write an assembly code and embedded it in VC++ 6 to retrieve BIOS information perticularly its serial number .I want to do the same for mother board . In fact I try to retrieve unique identifier of hardware.Up till now i obtained CPU serial no and its speed.
I try to write my code with win32.
I appriciate if any one u help me .
regards ,

Maser

[TNick]

 :eek
There is a subforum here, where you may find help.

Nick

[Maser]

Hi Nikle
where did u assign me is subForum about 16 bit assembly(Dos), ya in Dos there is a header file called as <bios.h> which we can retrieve all needed information but unfourtunatly bios.h does not exist in masm32 in 32 bits context.
thanks,

Maser

[BogdanOntanu]

In Windows you do not have direct access to hardware and BIOS ROM like in DOS ways.
You can search for some registry keys that might be holding this info.

In Windows the only acceptable way to get direct access to hardware is to use the API (if one exists) or to write a driver...and that later option is slightly complicated.

For a hardware ID you can also use the network card MAC address returned the Netbios API (or other API)...
You could also obtain the HDD serial number with a simple driver.

[u]

GetAdaptersInfo() is quite simple to use, and unlike Netbios-based approaches, works always... as long as there's a NIC.

[attachment deleted by admin]

[GregL]

You can use WMI to get BIOS Information. Although, on my system the Serial Number is blank. This code was originally written by Kernel_Gaddafi. You can use it as a template for WMI queries. Just change the class and property to what you want.

Code Select Expand


.586
.MODEL FLAT,STDCALL
OPTION CASEMAP:NONE

INCLUDE windows.inc

INCLUDE kernel32.inc
INCLUDE ole32.inc
INCLUDE msvcrt.inc
INCLUDE gel32.inc

INCLUDELIB kernel32.lib
INCLUDELIB ole32.lib
INCLUDELIB msvcrt.lib
INCLUDELIB gel32.lib

INCLUDE c:\masm32\macros\ucmacros.asm

; located in ObjIdl.h

EOAC_NONE   EQU 0

; located in RpcDce.h

RPC_C_AUTHN_LEVEL_DEFAULT   EQU 0
RPC_C_IMP_LEVEL_DEFAULT     EQU 0

RPC_C_IMP_LEVEL_IMPERSONATE EQU 3

GUID2 STRUC
     dd1 DWORD ?
     dw1 WORD ?
     dw2 WORD ?
     db1 BYTE ?
     db2 BYTE ?
     db3 BYTE ?
     db4 BYTE ?
     db5 BYTE ?
     db6 BYTE ?
     db7 BYTE ?
     db8 BYTE ?
GUID2 ENDS

IWbemLocator STRUCT
    lpVtbl DWORD   ?
IWbemLocator ENDS

IWbemLocatorVtbl STRUCT
    QueryInterface DWORD   ?
    AddRef         DWORD   ?
    Release        DWORD   ?
    ConnectServer  DWORD   ?
IWbemLocatorVtbl ENDS

IWbemServices STRUCT
    lpVtbl DWORD   ?
IWbemServices ENDS

IWbemServicesVtbl STRUCT
    QueryInterface             DWORD   ?
    AddRef                     DWORD   ?
    Release                    DWORD   ?
    OpenNamespace              DWORD   ?
    CancelAsyncCall            DWORD   ?
    QueryObjectSink            DWORD   ?
    GetObject                  DWORD   ?
    GetObjectAsync             DWORD   ?
    PutClass                   DWORD   ?
    PutClassAsync              DWORD   ?
    DeleteClass                DWORD   ?
    DeleteClassAsync           DWORD   ?
    CreateClassEnum            DWORD   ?
    CreateClassEnumAsync       DWORD   ?
    PutInstance                DWORD   ?
    PutInstanceAsync           DWORD   ?
    DeleteInstance             DWORD   ?
    DeleteInstanceAsync        DWORD   ?
    CreateInstanceEnum         DWORD   ?
    CreateInstanceEnumAsync    DWORD   ?
    ExecQuery                  DWORD   ?
    ExecQueryAsync             DWORD   ?
    ExecNotificationQuery      DWORD   ?
    ExecNotificationQueryAsync DWORD   ?
    ExecMethod                 DWORD   ?
    ExecMethodAsync            DWORD   ?
IWbemServicesVtbl ENDS

IEnumWbemClassObject STRUCT
    lpVtbl          DWORD   ?
IEnumWbemClassObject ENDS

IEnumWbemClassObjectVtbl STRUCT
    QueryInterface DWORD   ?
    AddRef         DWORD   ?
    Release        DWORD   ?
    Reset          DWORD   ?
    Next           DWORD   ?
    NextAsync      DWORD   ?
    Clone          DWORD   ?
    Skip           DWORD   ?
IEnumWbemClassObjectVtbl ENDS

IWbemClassObject STRUCT
    lpVtbl DWORD   ?
IWbemClassObject ENDS

IWbemClassObjectVtbl STRUCT
    QueryInterface          DWORD   ?
    AddRef                  DWORD   ?
    Release                 DWORD   ?
    GetQualifierSet         DWORD   ?
    Get                     DWORD   ?
    Put                     DWORD   ?
    Delete                  DWORD   ?
    GetNames                DWORD   ?
    BeginEnumeration        DWORD   ?
    Next                    DWORD   ?
    EndEnumeration          DWORD   ?
    GetPropertyQualifierSet DWORD   ?
    GetObjectText           DWORD   ?
    SpawnDerivedClass       DWORD   ?
    SpawnInstance           DWORD   ?
    CompareTo               DWORD   ?
    GetPropertyOrigin       DWORD   ?
    InheritsFrom            DWORD   ?
    GetMethod               DWORD   ?
    PutMethod               DWORD   ?
    DeleteMethod            DWORD   ?
    BeginMethodEnumeration  DWORD   ?
    NextMethod              DWORD   ?
    EndMethodEnumeration    DWORD   ?
    GetMethodQualifierSet   DWORD   ?
    GetMethodOrigin         DWORD   ?
IWbemClassObjectVtbl ENDS

.CONST
   
    wszSelect  WORD "S","E","L","E","C","T"," ","*"," ","F","R","O","M"," ",0  ; the WSTR macro can't handle the asterisk
    wszCrLf    WORD 13,10,0
       
    WSTR        wszClass,    "Win32_BIOS"    ;<<< Set class here
    WSTR        wszProperty, "SerialNumber"  ;<<< Set property here
   
    WSTR        wszNameSpace, "root\cimv2"
    WSTR        wszQueryLanguage, "WQL"
   
    WSTR        wszMsg, "Serial Number: %s"
   

.DATA

    ; located in WbemCli.h
   
    WBEM_FLAG_CONNECT_USE_MAX_WAIT  EQU     80h
    WBEM_FLAG_FORWARD_ONLY          EQU     20h
    WBEM_INFINITE                   EQU     -1
    WBEM_E_INVALID_QUERY            EQU     80041017h
    WBEM_E_INVALID_QUERY_TYPE       EQU     80041018h
   
    IID_IWbemLocator                GUID2   <0dc12a687h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h>
   
    IID_IEnumWbemClassObject        GUID2   <027947e1h,0d731h,011ceh,0a3h,057h,000h,000h,000h,000h,000h,001h>
   
    IID_IWbemClassObject            GUID2   <0dc12a681h,0737fh,011cfh,088h,04dh,000h,0aah,000h,04bh,02eh,024h>
   
    ; located in WbemProv.h
   
    CLSID_WbemAdministrativeLocator GUID2   <0cb8555cch,09128h,011d1h,0adh,09bh,000h,0c0h,04fh,0d8h,0fdh,0ffh>
   
    locator     IWbemLocator            <>
    service     IWbemServices           <>
    enumerator  IEnumWbemClassObject    <>
    processor   IWbemClassObject        <>
   
    retCount    DWORD   ?
   
    var_val     DWORD   ?
                DWORD   ?
                DWORD   ?
               
    pwszResult  PWORD   ?             
               
    wszQuery   WORD 256 dup(?)               

.CODE

  main:
   
    INVOKE CoInitializeEx, NULL, COINIT_MULTITHREADED
   
    INVOKE CoInitializeSecurity, NULL, -1, NULL, NULL, RPC_C_AUTHN_LEVEL_DEFAULT, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE, NULL
       
    INVOKE CoCreateInstance, ADDR CLSID_WbemAdministrativeLocator, NULL, CLSCTX_INPROC_SERVER, ADDR IID_IWbemLocator, ADDR locator

    INVOKE lstrcatW, ADDR wszQuery, ADDR wszSelect
    INVOKE lstrcatW, ADDR wszQuery, ADDR wszClass
   
    mov esi, locator
    lodsd
    push    OFFSET service
    push    NULL
    push    NULL
    push    WBEM_FLAG_CONNECT_USE_MAX_WAIT
    push    NULL
    push    NULL
    push    NULL
    push    OFFSET wszNameSpace
    push    DWORD PTR [locator]
    call    DWORD PTR [eax][IWbemLocatorVtbl.ConnectServer]

    mov esi, service
    lodsd
    push    OFFSET enumerator
    push    NULL
    push    WBEM_FLAG_FORWARD_ONLY
    push    OFFSET wszQuery
    push    OFFSET wszQueryLanguage
    push    DWORD PTR [service]
    call    DWORD PTR [eax][IWbemServicesVtbl.ExecQuery]

    mov esi, enumerator
    lodsd
    push    OFFSET retCount
    push    OFFSET processor
    push    TRUE
    push    WBEM_INFINITE
    push    DWORD PTR [enumerator]
    call    DWORD PTR [eax][IEnumWbemClassObjectVtbl.Next]
   
    mov esi, processor
    lodsd
    push    NULL
    push    NULL
    push    OFFSET var_val
    push    0
    push    OFFSET wszProperty
    push    DWORD PTR [processor]
    call    DWORD PTR [eax][IWbemClassObjectVtbl.Get]
   
    mov esi, [var_val]
    mov edi, [var_val + 4]
    mov ecx, [var_val + 8]
   
    mov pwszResult, ecx
   
    INVOKE crt_wprintf, ADDR wszCrLf
    INVOKE crt_wprintf, ADDR wszMsg, pwszResult
    INVOKE crt_wprintf, ADDR wszCrLf

    INVOKE CoUninitialize
   
    INVOKE WaitKeyW, uni$("Press any key to exit ...")
   
    INVOKE ExitProcess, 0
   
;======================================================
   
END main


[ecube]

Wow nice find Greg, thanks for sharing! also you made a slight typing mistake with gel32.inc/lib should be glu32.inc/lib I believe.

[Maser]

Hi and tanx to every body
unfortunately all above mentioned techniques (WMI or Registry) could not consider as trust able ways (because they are modifiable) to retrieve the information from system.
Have u got any idea about using System Management BIOS (SMBIOS)?

Maser. 

[GregL]

Regarding gel32.lib, that is my own personal library. It was included for WaitKeyW.  Sorry 'bout that.

FWIW, here is WaitKeyW:

Code Select Expand


.586
.MODEL FLAT, STDCALL
OPTION CASEMAP:NONE

INCLUDE msvcrt.inc
INCLUDE c:\masm32\macros\ucmacros.asm

IFNDEF NULL
    NULL EQU 0
ENDIF   

.CODE

WaitKeyW PROC pwszPrompt:PTR WORD
    .DATA
        IFNDEF wszCrLf
            wszCrLf WORD 13,10,0
        ENDIF
    .CODE   
    .IF pwszPrompt == NULL
        INVOKE crt_wprintf, ADDR wszCrLf
        INVOKE crt_wprintf, uni$("Press any key to continue ... ")
    .ELSE
        INVOKE crt_wprintf, ADDR wszCrLf
        INVOKE crt_wprintf, pwszPrompt
    .ENDIF   
    INVOKE crt__getch
    .IF (eax == 0) || (eax == 0E0h)
        INVOKE crt__getch
    .ENDIF
    INVOKE crt_wprintf, ADDR wszCrLf
    ret
WaitKeyW ENDP 

END


[Maser]

hi every body
Today i got disappointed to get needed information from BIOS so i decided to get them from windows registry.

Is there any body to know how can I retrieve System info from registry with win32?

Maser

[Mark_Larson]

you can write a Console APP to access the information.  I simply ran Debug with the appropriate Dump of the F block ( starts at F000:0000), and then looked through the info.  You can look it up in either ACPI tables, SMBIOS,  or the DMI tables.  Here is a cut and paste of a portion of my BIOS F block with the start of the ACPI stuff.  That is probably what you are looking for.  You can download either the ACPI or DMI spec and look at how to parse the tables.  They all begin with a "signature" that you look for, and then they have an offset to jump to to get to the tables.  This is an example of part of my F block that shows a portion of the tables.  The ACPI and DMI spec will tell you wihch name to search for for the name of the field you are looking for.  So this is the _SYSID_ field and _UUID_ subfield.

F000:0400  5F 53 59 53 49 44 5F 80-11 00 11 04 0F 00 01 00   _SYSID_.........
F000:0410  00 5F 55 55 49 44 5F E1-19 00 44 45 4C 4C 50 00   ._UUID_...DELLP.
F000:0420  10 4A 80 43 B2 C0 4F 59-38 31 00 00 00 00 00 00   .J.C..OY81......
F000:0430  5F 53 4D 5F 8A 1F 02 03-F4 00 00 00 00 00 00 00   _SM_............
F000:0440  5F 44 4D 49 5F E8 A9 09-50 04 0F 00 48 00 23 FF   _DMI_...P...H.#.
F000:0450  DA 35 00 DA B2 00 17 0B-0E 38 00 00 80 00 80 01   .5.......8......
F000:0460  00 02 80 02 80 01 00 00-A0 00 A0 01 00 58 00 58   .............X.X
F000:0470  00 01 00 59 00 59 00 01-00 05 80 05 80 01 00 FF   ...Y.Y..........
-d♪
F000:0480  FF 00 00 00 00 00 00 DA-23 01 DA B2 00 17 0B 0E   ........#.......
F000:0490  38 00 10 F5 10 F5 00 00-11 F5 11 F5 00 00 12 F5   8...............
F000:04A0  12 F5 00 00 FF FF 00 00-00 00 00 00 00 14 00 00   ................
F000:04B0  01 02 00 F0 03 07 80 9E-29 3C 00 00 1F 00 13 03   ........)<......
F000:04C0  44 65 6C 6C 20 49 6E 63-2E 20 20 20 20 20 20 20   Dell Inc.
F000:04D0  20 20 20 20 20 20 20 20-20 00 41 30 34 00 31 30            .A04.10
F000:04E0  2F 32 38 2F 32 30 30 35-00 00 01 19 00 01 01 02   /28/2005........
F000:04F0  00 03 44 45 4C 4C 50 00-10 4A 80 43 B2 C0 4F 59   ..DELLP..J.C..OY
-d♪
F000:0500  38 31 03 44 65 6C 6C 20-49 6E 63 2E 20 20 20 20   81.Dell Inc.
F000:0510  20 20 20 20 20 20 20 20-20 20 20 20 00 50 72 65               .Pre
F000:0520  63 69 73 69 6F 6E 20 57-6F 72 6B 53 74 61 74 69   cision WorkStati
F000:0530  6F 6E 20 33 38 30 20 20-20 20 00 32 50 4A 43 59   on 380    .2PJCY
F000:0540  38 31 00 00 02 08 00 02-01 02 03 04 44 65 6C 6C   81..........Dell
F000:0550  20 49 6E 63 2E 20 20 20-20 20 20 20 20 20 20 00    Inc.          .
F000:0560  30 47 39 33 32 32 00 20-20 20 00 2E 2E 43 4E 37   0G9322.   ...CN7
F000:0570  30 38 32 31 35 38 56 4A-30 51 44 2E 00 00 03 0D   082158VJ0QD.....
-d♪
F000:0580  00 03 01 07 00 02 03 03-03 03 03 44 65 6C 6C 20   ...........Dell
F000:0590  49 6E 63 2E 20 20 20 20-20 20 20 20 20 20 20 20   Inc.
F000:05A0  20 20 20 20 00 32 50 4A-43 59 38 31 00 20 20 20       .2PJCY81.
F000:05B0  20 20 20 20 20 20 20 00-20 00 00 04 20 00 04 01          . ... ...
F000:05C0  03 0F 02 43 0F 00 00 FF-FB EB BF 00 87 20 03 A0   ...C......... ..
F000:05D0  0F 80 0C 41 04 00 07 01-07 FF FF 4D 69 63 72 6F   ...A.......Micro
F000:05E0  70 72 6F 63 65 73 73 6F-72 00 49 6E 74 65 6C 00   processor.Intel.
F000:05F0  00 07 13 00 07 00 80 01-10 00 10 00 01 00 01 00   ................
-d♪
F000:0600  00 03 04 07 00 00 07 13-01 07 00 81 02 00 08 00   ................
F000:0610  08 01 00 01 00 00 05 05-07 00 00 7E 13 04 07 00   ...........~....
F000:0620  82 02 00 00 00 00 01 00-01 00 00 05 05 02 00 00   ................
F000:0630  08 09 00 08 01 00 00 05-02 50 41 52 41 4C 4C 45   .........PARALLE
F000:0640  4C 00 00 08 09 01 08 01-00 00 08 09 53 45 52 49   L...........SERI
F000:0650  41 4C 31 00 00 7E 09 02-08 01 00 00 08 09 53 45   AL1..~........SE
F000:0660  52 49 41 4C 32 00 00 08-09 03 08 01 00 00 0F 0D   RIAL2...........
F000:0670  4B 59 42 44 00 00 08 09-04 08 01 00 00 0F 0E 4D   KYBD...........M

I have an in.txt and an r.bat.  The r.bat pipes in.txt through r.bat and creates out.txt

I am incuding my out.txt so you can peruse it.



[attachment deleted by admin]

[OldTimer]

For an explanation of SMBIOS terms, try these links.
download.microsoft.com/download/5/D/6/5D6EAF2B-7DDF-476B-93DC-7CF0072878E6/SMBIOS.doc
http://www.dmtf.org/standards/smbios

[Sean1337]

Does anyone know why Greg's source code, when run on Windows 7, generates an entirely different bios version every time the code is executed?

Thanks,
-Sean

[redskull]

EnumSystemFirmwareTables()

OldTimers post has everything you need to make it happen

[MichaelW]

The SMBIOS BIOS Information (Type 0) structure, at least through version 2.4, contains no serial number field. And for the serial number field of the System Information (Type 1) structure, I have never tested a system where the field contained anything other than an obviously "dummy" value, SYS-1234567890 for example.