I found this strange description using Ollydbg.
A search says there is no word such as Entifier.
Doing a set command brings part of this string up.
Almost looks like an undocumented way of getting the processor type.
Andy
Can someone see if this brings up your processor type ?
.code
start:
push 66666 ; UNICODE "Entifier=x86 Family 6 Model 23 Stepping 10, GenuineIntel"
;push 66665
pop ebx
Quote from: Magnum on April 21, 2013, 08:07:19 AMAlmost looks like an undocumented way of getting the processor type.
yes, I can confirm that!
Also I've found that there are much more of these undocumented IDs, which can be obtained by testing for all possible IDs (you need some time for that):
; search all undocumented "IDs"
xor eax,eax
.while eax < -1
push eax
pop ebx
; test for undocumented stuff here ...
inc eax
.endw
i thought april fool's day was 3 weeks ago - lol
what if i really need to push the value 66666 ? :icon_eek:
If you took a second to examine what was actually happening, you'd realise that offset just happens to be pointing to the middle of the environment variables.
If you go back two characters, you get "identifier"
The correct way to get that string is...
.586
.model flat, stdcall
option casemap:none
include windows.inc
include kernel32.inc
includelib kernel32.lib
include user32.inc
includelib user32.lib
.const
envVar db "PROCESSOR_IDENTIFIER",0
.data?
buff db 256 dup(?)
.code
start:
invoke GetEnvironmentVariable, ADDR envVar,ADDR buff,SIZEOF buff
invoke MessageBox, NULL,ADDR buff,ADDR envVar,MB_OK
invoke ExitProcess, NULL
end start
Now go and stand in the corner and wonder why no-one can take you seriously.
I don't see how putting a value on the stack is related to an environmental string.
Andy