📄 hdisksn.cpp
字号:
chFileName, sizeof(chFileName))) // 读取磁盘卷信息
{
sprintf(chInfo, "%s%X%X%X%s", chVolName, dwVolumeSN, dwMaxComLen,
dwFileFlags, chFileName); // 生成信息字符串
return lstrlen(chInfo);
}
return 0; // 返回得到的字串长度
}
// 提取原字串中的数字、字母字符到新的串(先调换奇偶位置)
static int AdjustStringFormat(char *pDes, char *pSrc, int nLen)
{
if(!pDes || !pSrc || nLen < 1) return 0;
int i = 0, j = 0; char chTemp;
for(i=0; i<nLen; i+=2) // 奇偶位置互相调换
{
chTemp = pSrc[i];
pSrc[i] = pSrc[i + 1];
pSrc[i + 1] = chTemp;
}
for(i=0; i<nLen; i++) // 仅提取数字和字母
{
if((pSrc[i] >= '0' && pSrc[i] <='9') ||
(pSrc[i] >= 'A' && pSrc[i] <='Z') ||
(pSrc[i] >= 'a' && pSrc[i] <='z'))
pDes[j++] = pSrc[i];
}
pDes[j] = '\0'; return j; // 结束得到的字符串
}
/////////////////////////////////////////////////////////////////////////////
// 从CPU获取序列号等信息:目前只处理Intel CPU的Intel486以上处理器
HDISKSN_API BSTR GetCPUnitSN(void)
{
char chInfo[1024] = ""; // 要返回的信息字符串
GetCPUnitInforString(chInfo);
return SysAllocString((BSTR)chInfo); // 返回给用户字符串格式的信息
}
// 从硬盘(由第1, 2的IDE控制器按主从顺序查找)获取标识信息,找到一个就即刻返回
HDISKSN_API BSTR GetHDiskSN(void)
{
IDSECTOR *pHdInfo = (IDSECTOR *)SCK_HD_INFO; // 硬盘数据区的结构首指针
char chInfo[1024] = ""; int nLen = 0; // 要返回的字符串及长度
BOOL bSuccess = FALSE; // 提取数据是否成功标志
FROM_HDNO = 0; TO_HDNO = 3; END_HDNO = -1; // 设置读取硬盘序号起止位
if(IsWindowsNT() == FALSE) // Ver Win95 OSR2, Win98, Win98 SE
{
bSuccess = ReadWin9xHardDiskInfoVxd();
if(!bSuccess) bSuccess = ReadWin9xHardDiskInfoAsm();
}
else // Ver WinNT, Win2000, WindowsXP
{
bSuccess = ReadWinNTHardDiskInfoPhysic();
if(!bSuccess) bSuccess = ReadWinNTHardDiskInfoAsScsi();
}
if(bSuccess == FALSE) bSuccess = ReadHardDiskInfoFromWinIo();
if(bSuccess == TRUE) // 提取内部型号和硬盘序列号
{
nLen = AdjustStringFormat(chInfo, pHdInfo->sModelNumber, HD_MN_LEN);
nLen += AdjustStringFormat(&chInfo[nLen], pHdInfo->sSerialNumber, HD_SN_LEN);
if(nLen < 1) bSuccess = FALSE;
}
if(bSuccess == FALSE) // 实在不行就采用CPU处理序列号
{
nLen = GetCPUnitInforString(chInfo);
if(nLen > 0 && chInfo[0] != 'G') bSuccess = TRUE;
}
if(bSuccess == FALSE) // 实在不行就直接用磁盘的卷标
{
nLen = GetVolumeInforString(chInfo);
if(nLen > 0) bSuccess = TRUE;
}
if(!bSuccess) chInfo[0] = '\0';
return SysAllocString((BSTR)chInfo); // 返回给用户字符串格式的信息
}
// 获取指定物理硬盘(0,1,...3)的IDSECTOR(512字节)的二进制数据
HDISKSN_API LONG GetHDiskInfor(LONG nWhich, LONG pHdInfo)
{
if(nWhich < 0 || nWhich > 3 || !pHdInfo) return 0L;
BOOL bSuccess = FALSE; // 提取数据是否成功标志
FROM_HDNO = TO_HDNO = nWhich; END_HDNO = -1; // 设置读取硬盘序号起止位
if(IsWindowsNT() == FALSE) // Ver Win95 OSR2, Win98, Win98 SE
{
bSuccess = ReadWin9xHardDiskInfoAsm();
if(!bSuccess) bSuccess = ReadWin9xHardDiskInfoVxd();
}
else // Ver WinNT, Win2000, WindowsXP
{
bSuccess = ReadWinNTHardDiskInfoPhysic();
if(!bSuccess) bSuccess = ReadWinNTHardDiskInfoAsScsi();
}
if(bSuccess) memcpy((BYTE *)pHdInfo, SCK_HD_INFO, sizeof(SCK_HD_INFO));
return (bSuccess ? 1L : 0L); // 返回提取是否成功的标志
}
// 读0写1逻辑0或物理1磁盘扇区(0: 1: 2: 3:...),扇区大小为DISK_SECTOR_SIZE字节
HDISKSN_API LONG DiskSectorIO(LONG bLogPhy, LONG nWhichDisk, DWORD dwStartSector,
DWORD dwSumSectors, LONG lpBuffer, LONG bOperation)
{
if(dwSumSectors < 1 || !lpBuffer || nWhichDisk < 0 || nWhichDisk > 0x19)
return 0L; // Check parameters if valid
BOOL bSuccess = FALSE;
if(IsWindowsNT() == FALSE) // :=Ver Win95 OSR2, Win98, Win98 SE
{
if(bLogPhy == 0) // =>Read or Write Logical Disk Sector
{
nWhichDisk += 0x01;
bSuccess = Win9xLogicalDiskSectorIO((BYTE)nWhichDisk, dwStartSector,
dwSumSectors, (BYTE *)lpBuffer, (BOOL)bOperation);
}
else // =>Read or Write Physical Disk Sector
{
nWhichDisk += 0x80;
bSuccess = Win9xPhysicalDiskSectorIO((BYTE)nWhichDisk, dwStartSector,
dwSumSectors, (BYTE *)lpBuffer, (BOOL)bOperation);
}
}
else // :=Ver WinNT, Win2000, WindowsXP
{
char chDevFile[MAX_PATH] = ""; // The device file name
SCK_LARGE_INTEGER ddOffset; // File Pointer Offset
ddOffset.Quad = (LONGLONG)dwStartSector * DISK_SECTOR_SIZE;
if(bLogPhy == 0) // =>Read or Write Logical Disk Sector
{
sprintf(chDevFile, "\\\\.\\%c:", 'A' + (BYTE)nWhichDisk);
bSuccess = WinNTHandleDiskSectorIO(chDevFile, ddOffset,
dwSumSectors, (BYTE *)lpBuffer, (BOOL)bOperation);
}
else // =>Read or Write Physical Disk Sector
{
sprintf(chDevFile, "\\\\.\\PhysicalDrive%d", nWhichDisk);
bSuccess = WinNTHandleDiskSectorIO(chDevFile, ddOffset,
dwSumSectors, (BYTE *)lpBuffer, (BOOL)bOperation);
}
}
return (bSuccess ? 1L : 0L); // 返回提取是否成功的标志
}
// 获取CMOS的信息数据
HDISKSN_API LONG GetCmosData(LONG lpBuffer, LONG nBuffSize)
{
if(lpBuffer == 0 || nBuffSize < 1) return 0; // 校验入口参数
HMODULE hWinIoDLL = StartWinIoDriver(); // 启动端口驱动
if(hWinIoDLL == NULL) return 0L;
BYTE *pBuffer = (BYTE *)lpBuffer; // 转换存储指针
for(BYTE i=0; i<(BYTE)nBuffSize; i++)
{
if(outportb(0x70, i) == FALSE) break; // 发送CMOS地址
pBuffer[i] = inportb(0x71); // 读取对应数据
}
StopWinIoDriver(hWinIoDLL); // 关闭端口驱动
return ((i >= nBuffSize) ? 1L : 0L); // 返回提取结果
}
// 获取本身加载到内存中的.text代码段的CRC校验码
HDISKSN_API BOOL VerifySector(HMODULE hMoudle, LONG pdwVerify)
{
if(!hMoudle || !pdwVerify) return FALSE; // 入口参数检查
IMAGE_DOS_HEADER *pDosHeader = NULL; // 各结构的指针
IMAGE_NT_HEADERS *pPEHeader = NULL;
IMAGE_SECTION_HEADER *pSectHeader = NULL;
DWORD *pDwVerify = (DWORD *)pdwVerify; // 转换入口指针
DWORD dwCRC = *pDwVerify, i = 0; // 记录原来的值
*pDwVerify = 0L; // 默认返回为零
pDosHeader = (IMAGE_DOS_HEADER *)hMoudle;
if(pDosHeader == NULL) return FALSE; // 取段表首指针
if(pDosHeader->e_magic != IMAGE_DOS_SIGNATURE) return FALSE;
pPEHeader = (IMAGE_NT_HEADERS *)((BYTE *)pDosHeader + pDosHeader->e_lfanew);
if(pPEHeader->Signature != IMAGE_NT_SIGNATURE) return FALSE;
pSectHeader = (IMAGE_SECTION_HEADER *)((BYTE *)pPEHeader + sizeof(IMAGE_NT_HEADERS));
for(i=0; i<pPEHeader->FileHeader.NumberOfSections; i++)
{ // 搜索其代码段
if((pSectHeader[i].VirtualAddress <= pPEHeader->OptionalHeader.AddressOfEntryPoint) &&
(pSectHeader[i].VirtualAddress + pSectHeader[i].SizeOfRawData > \
pPEHeader->OptionalHeader.AddressOfEntryPoint))
{
*pDwVerify = GenerateCRC32((BYTE *)pDosHeader + pSectHeader[i].VirtualAddress,
pSectHeader[i].Misc.VirtualSize); // 求得其校验值
return (*pDwVerify == dwCRC); // 校验此代码段
}
}
return FALSE; // 返回验证结果
}
// 检查是否有人在旁边监视,如:RegMon、FileMon...等等
HDISKSN_API BOOL IsAnybodyNear(LONG pbSomeOne)
{
if(!pbSomeOne) return TRUE; // 入口参数检查
LONG *pBSomeOne = (LONG *)pbSomeOne;
*pBSomeOne = 1L; int i = 0;
const char *chFile[] = // 侦察对象定义
{
"SICE", "SIWDEBUG", "NTICE", "SIWVID", "FILEMON",
"REGMON", "TRW", "TRWDEBUG", "ICEDUMP"
};
int nSumFile = sizeof(chFile) / sizeof(char *); // 求对象总计数
HANDLE hHandle = INVALID_HANDLE_VALUE;
char chName[MAX_PATH] = "";
for(i=0; i<nSumFile; i++) // 遍历所有对象
{
sprintf(chName, "\\\\.\\%s", chFile[i]);
if((hHandle = CreateFile(chName, GENERIC_READ, FILE_SHARE_READ |
FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_ARCHIVE,
NULL)) != INVALID_HANDLE_VALUE) {CloseHandle(hHandle); break;}
}
if(i >= nSumFile) *pBSomeOne = 0L; // 写入到入口量
return (i < nSumFile); // 返回给父用户
}
// 软件注册管理和记录的统一入口(介质:扇区、文件)
HDISKSN_API LONG CallSecretEntry(LONG nFunc, LONG nBuffPtr, LONG nBuffLen)
{
static BOOL bWorking = FALSE; if(bWorking == TRUE) return 0L;
bWorking = TRUE; // 标记正在工作
BOOL bSuccess = FALSE; // 返回错误代码
switch(nFunc) // 分发功能号码
{
case TCSY_GETITEMCOUNT://------------------------// 获取单元总数
if(!nBuffPtr) break;
bSuccess = TRUE;
*((LONG *)nBuffPtr) = TcsyList.GetItemCount();
break;
case TCSY_GETTCSYHEAD://-------------------------// 获取链表标头
if(!nBuffPtr) break;
bSuccess = TRUE;
TcsyList.GetTcsyHead((STcsyRegistHead *)nBuffPtr);
break;
case TCSY_FINDLISTHEAD://------------------------// 搜索链表标头
bSuccess = TcsyList.FindListHeadInDisk((STcsyRegistHead *)nBuffPtr);
break;
case TCSY_LOADLIST://----------------------------// 装载信息链表
bSuccess = TcsyList.LoadListFromDisk((STcsyRegistHead *)nBuffPtr, \
(BOOL)nBuffLen);
break;
case TCSY_ADDEND://------------------------------// 尾部追加数据
if(!nBuffPtr) break;
bSuccess = TcsyList.AddEnd((STcsyRegistData *)nBuffPtr);
break;
case TCSY_READCURR://----------------------------// 读取当前节点
if(!nBuffPtr) break;
bSuccess = TcsyList.ReadCurr((STcsyRegistData *)nBuffPtr);
break;
case TCSY_WRITECURR://---------------------------// 写入当前节点
if(!nBuffPtr) break;
bSuccess = TcsyList.WriteCurr((STcsyRegistData *)nBuffPtr);
break;
case TCSY_DELETECURR://--------------------------// 删除当前节点
bSuccess = (TcsyList.RemoveCurr(TRUE) == DEL_SUCCESS);
break;
case TCSY_REWINDCURR://--------------------------// 当前到首或尾
bSuccess = TRUE;
TcsyList.ToRewind((BOOL)nBuffPtr);
break;
case TCSY_CURRTOPRIOR://-------------------------// 当前到上一点
bSuccess = TcsyList.ToPrior();
break;
case TCSY_CURRTONEXT://--------------------------// 当前到下一点
bSuccess = TcsyList.ToNext();
break;
case TCSY_DIRECTDELETE://------------------------// 直接删除单元
bSuccess = TcsyList.DirectRemove((DWORD)nBuffPtr, nBuffLen);
break;
case TCSY_REMOVELISTALL://-----------------------// 卸载链表全部
bSuccess = TcsyList.DestroyList((BOOL)nBuffPtr, (BOOL)nBuffLen);
break;
case TCSY_SETDETECTFREQ://-----------------------// 设置监视频率
bSuccess = TRUE;
break;
case TCSY_SETFIRSTREGIST://----------------------// 首次是否注册
bSuccess = TRUE;
TcsyList.SetFirstRunRegist((BOOL)nBuffPtr);
break;
case TCSY_REGISTPRODUCT://-----------------------// 注册软件产品
if(!nBuffPtr) break;
bSuccess = TcsyList.RegistUserProduct((SckRegistOrder *)nBuffPtr);
break;
case TCSY_DIYREGISTSOFT://-----------------------// 自定唯一标识
if(!nBuffPtr) break;
bSuccess = TcsyList.RegistUserProduct((SckRegistOrder *)nBuffPtr, TRUE);
break;
default: break;//--------------------------------// 入口参数错误
}
bWorking = FALSE; // 工作已经结束
return bSuccess ? 1L : 0L; // 返回错误标志
}
/////////////////////////////////////////////////////////////////////////////
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -