Targetting your application four windows getVersionEx

Started by TouEnMasm, October 30, 2015, 07:22:58 PM

Previous topic - Next topic

jj2007

Quote from: ToutEnMasm on November 02, 2015, 12:49:54 AM
For your re-posted sample it is always in dos mode.

Did you know what is a Windows program?????

I repeat the problem.
The problem is to have the same results using the c++ or masm in Windows mode.

Never heard of such crap ::)

You mean Windoze, ehm, "fenetres"? And they follow different rules, really?
:dazzled:

dedndave

it is correct for my XP SP3 (although it does not say media center edition - not expected)
it reports 5.1.2600, SP3

Jochen - do you see how RtlGetNtVersionNumbers gets the build number ?
is it also in the TEB ?

jj2007

Quote from: dedndave on November 02, 2015, 05:08:21 AMJochen - do you see how RtlGetNtVersionNumbers gets the build number ?
is it also in the TEB ?

No, it's not the TEB - it's hardcoded in ntdll.dll :P

77456CEE   ³.  8B45 08       mov eax, [ebp+8]
77456CF1   ³.  85C0          test eax, eax
77456CF3   ³. 74 06         jz short 77456CFB
77456CF5   ³.  C700 06000000 mov dword ptr [eax], 6
77456CFB   ³>  8B45 0C       mov eax, [ebp+0C]
77456CFE   ³.  85C0          test eax, eax
77456D00   ³. 74 06         jz short 77456D08
77456D02   ³.  C700 01000000 mov dword ptr [eax], 1


That is why you get the true OS version. The TEB has what Windows pokes there - and this depends on manifest crap and/or "compatibility modes". Although, sometimes this may actually be what you need ::)

dedndave

thanks - not that the build number helps that much - lol

TouEnMasm

very interesting also is how WMI do to find all the needed iformations
Fa is a musical note to play with CL