Author Topic: Retrieving Windows OS Version  (Read 13989 times)

AW

  • Member
  • *****
  • Posts: 2514
  • Let's Make ASM Great Again!
Re: Retrieving Windows OS Version
« Reply #15 on: June 08, 2017, 03:57:03 AM »
This in turn makes it rather (intensionally) difficult to get the true version of Win64 from inside a Win32 application.
I don't think so, RtlGetVersion  will give the correct answer. GetVersionEx will require an appropriate  manifest to give the correct answer.
These are APIs, the C runtime does not use any detour hook (till now  :lol:)

nidud

  • Member
  • *****
  • Posts: 1824
    • https://github.com/nidud/asmc
Re: Retrieving Windows OS Version
« Reply #16 on: June 08, 2017, 05:44:16 AM »
 :biggrin:

Well, API functions are located inside dll files loaded at runtime depending on the applications needs. RtlGetVersion is the kernel-mode equivalent of the user-mode GetVersionEx function in the Windows SDK. So, application (exe) and dll loaded.

32-bit exe:
Code: [Select]
include stdio.inc
include tchar.inc
include winbase.inc

    .code

main proc
    .if GetModuleHandle("kernel32.dll")
        .if GetProcAddress(eax,"RtlUnwindEx")
            printf("RtlUnwindEx found..\n")
        .else
            printf("RtlUnwindEx not found..\n")
        .endif
    .else
        printf("DLL not found..\n")
    .endif
    xor eax,eax
    ret
main endp

    end _tstart
output:
RtlUnwindEx not found..

64-bit exe:
Code: [Select]
include stdio.inc
include tchar.inc
include winbase.inc

    .code

main proc
    .if GetModuleHandle("kernel32.dll")
.if GetProcAddress(rax,"RtlUnwindEx")
            printf("RtlUnwindEx found..\n")
        .else
            printf("RtlUnwindEx not found..\n")
        .endif
    .else
        printf("DLL not found..\n")
    .endif
    xor eax,eax
    ret
main endp

    end _tstart
output:
RtlUnwindEx found..

AW

  • Member
  • *****
  • Posts: 2514
  • Let's Make ASM Great Again!
Re: Retrieving Windows OS Version
« Reply #17 on: June 08, 2017, 06:00:14 AM »
:biggrin:
RtlUnwindEx found..
Good. But what this has to do with the discussion about how to find the OS service pack? You said it depends, I said it is always possible.  :badgrin:
« Last Edit: June 08, 2017, 03:19:25 PM by aw27 »

rsala

  • Member
  • ***
  • Posts: 305
    • Easy Code
Re: Retrieving Windows OS Version
« Reply #18 on: June 08, 2017, 06:20:01 AM »
The following code works perfectly well in all 64-bit Windows systems (including Windows 10):

.Data

dwMajorVersion   DD   0
dwMinorVersion   DD   0

szMsvcrtDll      DB   "msvcrt.dll", 0
szMajorVersion   DB    "_get_winmajor", 0
szMinorVersion   DB    "_get_winminor", 0

.Code

   Invoke LoadLibrary, Addr szMsvcrtDll
   .If Rax
      Mov Rdi, Rax
      Invoke GetProcAddress, Rdi, Addr szMajorVersion
      .If Rax
         Lea Rcx, dwMajorVersion
         Push Rcx
         Call Rax
         Pop Rax
      .EndIf
      Invoke GetProcAddress, Rdi, szMinorVersion
      .If Rax
         Lea Rcx, dwMinorVersion
         Push Rcx
         Call Rax
         Pop Rax
      .EndIf
      Invoke FreeLibrary, Rdi

      ;Major version in dwMajorVersion
      ;Minor version in dwMinorVersion

   .EndIf

Regards!
EC coder

AW

  • Member
  • *****
  • Posts: 2514
  • Let's Make ASM Great Again!
Re: Retrieving Windows OS Version
« Reply #19 on: June 08, 2017, 07:05:05 AM »
szMsvcrtDll      DB   "msvcrt.dll", 0
There is more World outside the C runtime - it simply wraps the API calls to find the OS version.  :P

jj2007

  • Member
  • *****
  • Posts: 9923
  • Assembler is fun ;-)
    • MasmBasic
Re: Retrieving Windows OS Version
« Reply #20 on: June 08, 2017, 08:06:39 AM »
Win10 has no service pack right at the moment.

But you can get a build number:
Code: [Select]
This is Windows version 10.0, build 14393
Compare to Windows 10 current versions by servicing option

See reply #3.

Vortex

  • Member
  • *****
  • Posts: 2061
Re: Retrieving Windows OS Version
« Reply #21 on: June 09, 2017, 04:59:41 AM »
Reading the Windows OS version from the registry :

Code: [Select]
include     GetOSver64.inc

.data

buffsize    dd 32
subKey      db 'SOFTWARE\Microsoft\Windows NT\CurrentVersion',0
valName     db 'CurrentVersion',0

.data?

hKey        dq ?
buffer      db 32 dup(?)

.code

start PROC

    sub     rsp,6*8+8

    invoke  RegOpenKeyEx,HKEY_LOCAL_MACHINE,ADDR subKey,0,\
            KEY_ALL_ACCESS,ADDR hKey

    xor     r8,r8
    invoke  RegQueryValueEx,hKey,ADDR valName,r8,\
            r8,ADDR buffer,ADDR buffsize

    invoke  StdOut,ADDR buffer
    invoke  RegCloseKey,hKey

    invoke  ExitProcess,0

start ENDP

StdOut PROC lpszText:QWORD

LOCAL hOutPut:QWORD
LOCAL bWritten:QWORD
LOCAL sl:QWORD
LOCAL _lpszText:QWORD

    sub     rsp,5*8+8

    mov     _lpszText,rcx
    invoke  GetStdHandle,STD_OUTPUT_HANDLE
    mov     hOutPut,rax

    invoke  lstrlen,_lpszText
    mov     sl,rax

    invoke  WriteFile,hOutPut,_lpszText,sl,ADDR bWritten,0
    mov     rax,bWritten
    ret

StdOut ENDP

END

jj2007

  • Member
  • *****
  • Posts: 9923
  • Assembler is fun ;-)
    • MasmBasic
Re: Retrieving Windows OS Version
« Reply #22 on: June 09, 2017, 06:24:43 AM »
Nice example :t

include \masm32\MasmBasic\MasmBasic.inc      ; download
  Init
  GetRegArray "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion", cv$(), val$()
  For_ ecx=0 To eax-1
      PrintLine cv$(ecx), Tb$, val$(ecx)      ; print names and values
  Next
  Inkey "ok?"
EndOfCode


Output:
Code: [Select]
CurrentVersion  6.1
CurrentBuild    7601
SoftwareType    System
CurrentType     Multiprocessor Free
InstallDate     0
RegisteredOrganization
RegisteredOwner Jochen
SystemRoot      C:\Windows
InstallationType        Client
EditionID       HomePremium
ProductName     Windows 7 Home Premium
CurrentBuildNumber      7601
BuildLab        7601.win7sp1_ldr.170427-1518

rsala

  • Member
  • ***
  • Posts: 305
    • Easy Code
Re: Retrieving Windows OS Version
« Reply #23 on: June 09, 2017, 07:05:04 AM »
My Windows 10 PRO shows v6.3, which is the version for Windows 8.1, if running GetOSver64.exe and the same happens with GetVersionEx API function. Using msvcrt.dll, in the example above, works fine.
EC coder

jj2007

  • Member
  • *****
  • Posts: 9923
  • Assembler is fun ;-)
    • MasmBasic
Re: Retrieving Windows OS Version
« Reply #24 on: June 09, 2017, 08:00:16 AM »
On Win10, I get the wrong version 6.3 on one of the registry entries (CurrentVersion), see below. Erol's 64-bit version doesn't do anything on both my Win7-64 and Win10 machines, except if I run it as admin; the 32-bit version works fine as normal user.

Code: [Select]
include \masm32\MasmBasic\MasmBasic.inc
  Init
  Print Str$("This is Windows version %i", MbWinVersion()), Str$(".%i", ecx)
  void MbWinVersion()
  Inkey Str$(", build %i", dx)
EndOfCode

On Win10:
This is Windows version 10.0, build 14393

********************************************************************************************

include \masm32\MasmBasic\MasmBasic.inc
  Init
  SetReg64 ; get the values that a 64-bit application would get
  GetRegArray "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion", cv$(), val$()
  For_ ecx=0 To eax-1
      PrintLine cv$(ecx), Tb$, val$(ecx)      ; print names and values
  Next
  Inkey "ok?"
EndOfCode

On Win10:
SystemRoot      C:\WINDOWS
BuildBranch     rs1_release
BuildGUID       ffffffff-ffff-ffff-ffff-ffffffffffff
BuildLab        14393.rs1_release_sec.170427-1353
BuildLabEx      14393.1198.amd64fre.rs1_release_sec.170427-1353
CompositionEditionID    Core
CurrentBuild    14393
CurrentBuildNumber      14393
CurrentMajorVersionNumber       10
CurrentMinorVersionNumber       0
CurrentType     Multiprocessor Free
CurrentVersion  6.3
EditionID       Core
InstallationType        Client
InstallDate     1474513890
ProductName     Windows 10 Home
ReleaseId       1607
SoftwareType    System
UBR     1198
PathName        C:\WINDOWS
Customizations  ModernApps

blue_devil

  • Member
  • **
  • Posts: 112
    • SCTZine
Re: Retrieving Windows OS Version
« Reply #25 on: June 12, 2017, 05:08:28 PM »
When we get into Registry [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] on Win10, it still says version "6.3" even if "ProductName: Windows 10 Pro".  Why and isnt this stupid? What does m$ want to do?

EDIT:
OK under same place there are 2 new keys for Win10 ppl:
CurrentMajorVersionNumber
CurrentMinorVersionNumber
these 2 keys retrieve win10 version number
..Dreams make the future
But the past never lies..
BlueDeviL // SCT
My Code Site:
SCTZine Assembly

jj2007

  • Member
  • *****
  • Posts: 9923
  • Assembler is fun ;-)
    • MasmBasic
Re: Retrieving Windows OS Version
« Reply #26 on: June 12, 2017, 05:55:34 PM »
OK under same place there are 2 new keys for Win10 ppl:

Exactly. And you are somehow supposed to guess which is the right one. You find that confusing? That's harmless. Windows is a giant pile of micro-s**t. Gigabytes of s**t, in the registry and on your harddisk.

TWell

  • Member
  • ****
  • Posts: 748
Re: Retrieving Windows OS Version
« Reply #27 on: June 12, 2017, 06:07:23 PM »
Windows 10 uses RtlGetVersion in over 250 programs in system32 folder.
Quite safe to use it ?

jj2007

  • Member
  • *****
  • Posts: 9923
  • Assembler is fun ;-)
    • MasmBasic
Re: Retrieving Windows OS Version
« Reply #28 on: June 12, 2017, 06:49:38 PM »
Quite safe to use it ?

"Safe" is everything that has been used more than once in Windows. Remember the Redmond folks accumulate their shyte. And if you are worried about "exotic functions" used in drivers, have a look at the simple task "play a video". It's an incredible mess of many dozens of mostly incompatible drivers written by dozens of more or less competent teams all over the world. Do you really think they could abandon any function that has ever been used somewhere without getting a s**tstorm from users whose "toddler learns walking" videos don't play any more?

blue_devil

  • Member
  • **
  • Posts: 112
    • SCTZine
Re: Retrieving Windows OS Version
« Reply #29 on: June 12, 2017, 08:53:19 PM »
Actually a little out of this topic:
This from MSDN:
Code: [Select]
typedef struct _OSVERSIONINFOEXW {
  ULONG  dwOSVersionInfoSize;
  ULONG  dwMajorVersion;
  ULONG  dwMinorVersion;
  ULONG  dwBuildNumber;
  ULONG  dwPlatformId;
  WCHAR  szCSDVersion[128];
  USHORT wServicePackMajor;
  USHORT wServicePackMinor;
  USHORT wSuiteMask;
  UCHAR  wProductType;
  UCHAR  wReserved;
} RTL_OSVERSIONINFOEXW, *PRTL_OSVERSIONINFOEXW;

szCSDVersion is WCHAR, i port this to my asm code:
Code: [Select]
RTL_OSVERSIONINFOEXW STRUCT
  dwOSVersionInfoSize DWORD ?
  dwMajorVersion DWORD ?
  dwMinorVersion DWORD ?
  dwBuildNumber DWORD ?
  dwPlatformId DWORD ?
  szCSDVersion BYTE  128  dup (?)------------------->should this be BYTE or WORD or something else?
  wServicePackMajor WORD ?
  wServicePackMinor WORD ?
  wSuiteMask WORD ?   
  wProductType BYTE ?
  wReserved BYTE ?
RTL_OSVERSIONINFOEXW ENDS

and also i cannot print szCSDVersion beause it is unicode?
i use this from GetVersionExA and it works:
Code: [Select]
print           "Service Pack String.......:",9
print addr osvxa.szCSDVersion
But this from RtlGetVersion doesnt work because of Unicode?
Code: [Select]
print           "Service Pack String.......:",9
print addr rtlOsvx.szCSDVersion

i search the forum but no proper answers.

What is in my mind:
I want to declare the variable as wide char,
then print it on the console.
Isnt this simplicity possible?
..Dreams make the future
But the past never lies..
BlueDeviL // SCT
My Code Site:
SCTZine Assembly