在Win9x/NT下获取硬盘物理序列号

本文代码在Win2k下试验成功.

#include <WinIOCtl.h>
#include <stdio.h>
#pragma inline
//---------------------------------------------------------------------------
// IDE NT/2000/XP专用变量
#define GETVERSIONOUTPARAMS   GETVERSIONINPARAMS
#define DFP_GET_VERSION     SMART_GET_VERSION
#define DFP_SEND_DRIVE_COMMAND SMART_SEND_DRIVE_COMMAND
#define DFP_RCV_DRIVE_DATA   SMART_RCV_DRIVE_DATA
const WORD IDE_ATAPI_IDENTIFY = 0xA1;  // 读取ATAPI设备的命令
const WORD IDE_ATA_IDENTIFY  = 0xEC;  // 读取ATA设备的命令
const int MAX_IDE_DRIVES = 4;
// SCSI专用变量
const DWORD FILE_DEVICE_SCSI       = 0x0000001B;
const DWORD IOCTL_SCSI_MINIPORT_IDENTIFY = ((FILE_DEVICE_SCSI << 16) + 0x0501);
const DWORD IOCTL_SCSI_MINIPORT     = 0x0004D008; // see NTDDSCSI.H for definition
const DWORD SENDIDLENGTH = sizeof(SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE;
typedef struct _SRB_IO_CONTROL
{
   ULONG HeaderLength;
   UCHAR Signature[8];
   ULONG Timeout;
   ULONG ControlCode;
   ULONG ReturnCode;
   ULONG Length;
}SRB_IO_CONTROL, *PSRB_IO_CONTROL;
// 读取的主函数
void __fastcall ReadPhysicalDrive(TStrings *pSerList, TStrings *pModeList);
// 辅助函数
char *__fastcall ConvertToString(DWORD dwDiskData[256], int nFirstIndex, int nLastIndex);
// NT/2000/XP函数
void __fastcall ReadPhysicalDriveOnNT(TStrings *pSerList, TStrings *pModeList);
bool __fastcall DoIdentify(HANDLE hPhysicalDriveIOCTL, PSENDCMDINPARAMS pSCIP,
     PSENDCMDOUTPARAMS pSCOP, BYTE btIDCmd,
     BYTE btDriveNum, PDWORD lpcbBYTEsReturned);
// Windows 9X函数
void __fastcall ReadPhysicalDriveOnW9X(TStrings *pSerList, TStrings *pModeList);
void __fastcall ReadPhysicalDriveOnW9X_Ring0(bool IsFirst, WORD BaseAddress,
     BYTE MoS, bool &IsIDEExist, bool &IsDiskExist, WORD *OutData);
// SCSI读取函数(for NT/2000/XP)
String __fastcall ReadIDEDriveAsScsiDriveOnNT();
//---------------------------------------------------------------------------
// ReadPhysicalDrive
void __fastcall ReadPhysicalDrive(TStrings *pSerList, TStrings *pModeList)
{
   switch(Win32Platform)
   {
     case VER_PLATFORM_WIN32_WINDOWS:
       ReadPhysicalDriveOnW9X(pSerList, pModeList);
       break;
     case VER_PLATFORM_WIN32_NT:
       ReadPhysicalDriveOnNT(pSerList, pModeList);
       break;
     default:
       break;
   }
}
//---------------------------------------------------------------------------
// ConvertToString
char *__fastcall ConvertToString(DWORD dwDiskData[256], int nFirstIndex, int nLastIndex)
{
   static char szResBuf[1024];
   int nIndex = 0;
   int nPosition = 0;
   // Each integer has two characters stored in it backwards
   for(nIndex = nFirstIndex; nIndex <= nLastIndex; nIndex++)
   {
     // Get high BYTE for 1st character
     szResBuf[nPosition] = (char)(dwDiskData[nIndex] / 256);
     nPosition++;
     // Get low BYTE for 2nd character
     szResBuf[nPosition] = (char)(dwDiskData[nIndex] % 256);
     nPosition++;
   }
   // End the string
   szResBuf[nPosition] = '\0';
   // Cut off the trailing blanks
   for(nIndex = nPosition - 1; nIndex > 0 && ' ' == szResBuf[nIndex]; nIndex--)
     szResBuf[nIndex] = '\0';
   return szResBuf;
}
//---------------------------------------------------------------------------
// Winndows NT4/2000/XP 代码
//---------------------------------------------------------------------------
// ReadPhysicalDriveOnNT
void __fastcall ReadPhysicalDriveOnNT(TStrings *pSerList, TStrings *pModeList)
{
   // 输出参数
   BYTE btIDOutCmd[sizeof(SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE - 1];
   for(int nDrive=0; nDrive < MAX_IDE_DRIVES; nDrive++)
   {
     HANDLE hPhysicalDriveIOCTL;
     char szDriveName[32];
     sprintf(szDriveName, "\\\\.\\PhysicalDrive%d", nDrive);
     hPhysicalDriveIOCTL = CreateFile(szDriveName,
             GENERIC_READ | GENERIC_WRITE,
             FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
             OPEN_EXISTING, 0, NULL);
     if(hPhysicalDriveIOCTL != INVALID_HANDLE_VALUE)
     {
       DWORD dwBytesReturned = 0;
       GETVERSIONOUTPARAMS gvopVersionParams;
       // Get the version, etc of PhysicalDrive IOCTL
       ZeroMemory(&gvopVersionParams, sizeof(GETVERSIONOUTPARAMS));
       if(!DeviceIoControl(hPhysicalDriveIOCTL, DFP_GET_VERSION,
           NULL, 0, &gvopVersionParams, sizeof(gvopVersionParams),
           &dwBytesReturned, NULL))
       {
         continue;
       }
       if(gvopVersionParams.bIDEDeviceMap > 0)
       {
         // IDE or ATAPI IDENTIFY cmd
         BYTE btIDCmd = 0;
         SENDCMDINPARAMS InParams;
         // Now, get the ID sector for all IDE devices in the system.
         // If the device is ATAPI use the IDE_ATAPI_IDENTIFY command,
         // otherwise use the IDE_ATA_IDENTIFY command
         // 具体所得结果请参考头文件中的说明
         btIDCmd = (gvopVersionParams.bIDEDeviceMap >> nDrive & 0x10) ?
             IDE_ATAPI_IDENTIFY : IDE_ATA_IDENTIFY;
         ZeroMemory(&InParams, sizeof(SENDCMDINPARAMS));
         ZeroMemory(btIDOutCmd, sizeof(btIDOutCmd));
         if(DoIdentify(hPhysicalDriveIOCTL,
            &InParams, (PSENDCMDOUTPARAMS)btIDOutCmd,
            (BYTE)btIDCmd, (BYTE)nDrive, &dwBytesReturned))
         {
           DWORD dwDiskData[256];
           USHORT *pIDSector; // 对应结构IDSECTOR,见头文件
           char szSerialNumber[21];
           char szModelNumber[41];
           pIDSector = (USHORT*)((SENDCMDOUTPARAMS*)btIDOutCmd)->bBuffer;
           for(int i=0; i < 256; i++)
             dwDiskData[i] = pIDSector[i];
           // 取系列号
           ZeroMemory(szSerialNumber, sizeof(szSerialNumber));
           strcpy(szSerialNumber, ConvertToString(dwDiskData, 10, 19));
           // 取模型号
           ZeroMemory(szModelNumber, sizeof(szModelNumber));
           strcpy(szModelNumber, ConvertToString(dwDiskData, 27, 46));
           pSerList->Add(szSerialNumber);
           pModeList->Add(szModelNumber);
         }
       }
       CloseHandle (hPhysicalDriveIOCTL);
     }
   }
}
//---------------------------------------------------------------------------
// DoIdentify
bool __fastcall DoIdentify(HANDLE hPhysicalDriveIOCTL, PSENDCMDINPARAMS pSCIP,
        PSENDCMDOUTPARAMS pSCOP, BYTE btIDCmd, BYTE btDriveNum,
        PDWORD pdwBytesReturned)
{
   // Set up data structures for IDENTIFY command.
   pSCIP->cBufferSize = IDENTIFY_BUFFER_SIZE;
   pSCIP->irDriveRegs.bFeaturesReg = 0;
   pSCIP->irDriveRegs.bSectorCountReg = 1;
   pSCIP->irDriveRegs.bSectorNumberReg = 1;
   pSCIP->irDriveRegs.bCylLowReg = 0;
   pSCIP->irDriveRegs.bCylHighReg = 0;
   // Compute the drive number.(主盘和从盘所对应的值是不一样的)
   pSCIP->irDriveRegs.bDriveHeadReg = (btDriveNum & 1) ? 0xB0 : 0xA0;
   // The command can either be IDE identify or ATAPI identify.
   pSCIP->irDriveRegs.bCommandReg = btIDCmd;
   pSCIP->bDriveNumber = btDriveNum;
   pSCIP->cBufferSize = IDENTIFY_BUFFER_SIZE;
   return DeviceIoControl(hPhysicalDriveIOCTL, DFP_RCV_DRIVE_DATA,
       (LPVOID)pSCIP,
       sizeof(SENDCMDINPARAMS) - 1,
       (LPVOID)pSCOP,
       sizeof(SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE - 1,
       pdwBytesReturned, NULL);
}
//---------------------------------------------------------------------------
// Windows 95/98/ME 代码
//---------------------------------------------------------------------------
// ReadPhysicalDriveOnW9X
void __fastcall ReadPhysicalDriveOnW9X(TStrings *pSerList, TStrings *pModeList)
{
   WORD wOutData[256];
   SetPriorityClass(GetCurrentProcess(), REALTIME_PRIORITY_CLASS);
   // 经过测试,发现第一次调用而且Drive >= 2时会在Ring0代码中出现错误,导致蓝屏。
   // 经过N(N > 15)次的蓝屏后仍找不到原因:(,不得不在这里增加一段无用代码以
   // 避免蓝屏的出现。(期待高人能指出原因)
   for(int nDrive = 0; nDrive < 8; nDrive++)
   {
     WORD dwBaseAddress;
     BYTE btMasterSlave;     // Master Or Slave
     bool bIsIDEExist;
     bool IsDiskExist;
     switch(nDrive / 2)
     {
       case 0: dwBaseAddress = 0x01F0; break;
       case 1: dwBaseAddress = 0x0170; break;
       case 2: dwBaseAddress = 0x01E8; break;
       case 3: dwBaseAddress = 0x0168; break;
     }
     btMasterSlave = (BYTE)(((nDrive % 2) == 0) ? 0xA0 : 0xB0);
     // 进入Ring0
     ReadPhysicalDriveOnW9X_Ring0(true, dwBaseAddress, btMasterSlave,
         bIsIDEExist, IsDiskExist, wOutData);
   }
   // 开始读取
   for(int nDrive = 0; nDrive < 8; nDrive++)
   {
     WORD dwBaseAddress;
     BYTE btMasterSlave;     // Master Or Slave
     bool bIsIDEExist;
     bool bIsDiskExist;
     switch(nDrive / 2)
     {
       case 0: dwBaseAddress = 0x01F0; break;
       case 1: dwBaseAddress = 0x0170; break;
       case 2: dwBaseAddress = 0x01E8; break;
       case 3: dwBaseAddress = 0x0168; break;
     }
     btMasterSlave = (BYTE)(((nDrive % 2) == 0) ? 0xA0 : 0xB0);
     // 进入Ring0
     bIsIDEExist = false;
     bIsDiskExist = false;
     ZeroMemory(wOutData, sizeof(wOutData));
     ReadPhysicalDriveOnW9X_Ring0(false, dwBaseAddress, btMasterSlave,
         bIsIDEExist, bIsDiskExist, wOutData);
     if(bIsIDEExist && bIsDiskExist)
     {
       DWORD dwDiskData[256];
       char szSerialNumber[21];
       char szModelNumber[41];
       for(int k=0; k < 256; k++)
         dwDiskData[k] = wOutData[k];
       // 取系列号
       ZeroMemory(szSerialNumber, sizeof(szSerialNumber));
       strcpy(szSerialNumber, ConvertToString(dwDiskData, 10, 19));
       // 取模型号
       ZeroMemory(szModelNumber, sizeof(szModelNumber));
       strcpy(szModelNumber, ConvertToString(dwDiskData, 27, 46));
       pSerList->Add(szSerialNumber);
       pModeList->Add(szModelNumber);
     }
   }
   SetPriorityClass(GetCurrentProcess(), NORMAL_PRIORITY_CLASS);
}
//---------------------------------------------------------------------------
// 为防止不负责任的转载者,在此注明原出处信息,请见谅。
// 资料收集整理:ccrun(老妖),欢迎光临C++Builder研究: http://www.ccrun.com
//---------------------------------------------------------------------------
// ReadPhysicalDriveOnW9X_Ring0()
//
// dwBaseAddress = IDE(0,1,2,3) : 1F0h, 170h, 1E8h, 168h
// btMasterSlave = Master(0xA0) Or Slave(0xB0)
//---------------------------------------------------------------------------
void __fastcall ReadPhysicalDriveOnW9X_Ring0(bool bIsFirst, WORD dwBaseAddress,
     BYTE btMasterSlave, bool &bIsIDEExist, bool &bIsDiskExist, WORD *pOutData)
{
   BYTE btIDTR1[6];
   DWORD dwOldExceptionHook;
   const int nHookExceptionNo = 5;
   BYTE btIsIDEExist = 0;
   BYTE btIsDiskExist = 0;
   WORD wOutDataBuf[256];
   BYTE btIsFirst = (BYTE)bIsFirst;
   const BYTE btBit00 = 0x01;
   // const BYTE btBit02 = 0x04;
   const BYTE btBit06 = 0x40;
   const BYTE btBit07 = 0x80;
   // const BYTE btERR = btBit00;
   const BYTE btBusy = btBit07;
   const BYTE btAtaCmd  = 0xEC;
   const BYTE btAtapiCmd = 0xA1;
   __asm
   {
     // 必须先执行这条语句
     JMP EnterRing0
     // 定义过程
     // 等待IDE设备直到其不为忙为止
     WaitWhileBusy proc
     MOV EBX, 100000
     MOV DX, dwBaseAddress
     ADD DX, 7
     LoopWhileBusy:
     DEC EBX
     CMP EBX, 0
     JZ  Timeout
     in  AL, DX
     TEST AL, btBusy
     JNZ LoopWhileBusy
     JMP DriveReady
     // 超时,直接退出
     Timeout:
     JMP LeaveRing0
     DriveReady:
     RET
     ENDP  // End of WaitWhileBusy Procedure
     // 设置主盘和从盘标志
     SelectDevice proc
     MOV DX, dwBaseAddress
     ADD DX, 6
     MOV AL, btMasterSlave
     out DX, AL
     RET
     ENDP // End of SelectDevice Procedure
     // 向IDE设备发送存取指令
     SendCmd proc
     MOV DX, dwBaseAddress
     ADD DX, 7
     MOV AL, BL // BL是主从盘标识,在过程外设置
     out DX, AL
     RET
     ENDP // End of SendCmd Procedure
     // Ring0代码
     Ring0Proc:
     PUSHAD
     // 查询IDE设备是否存在
     MOV DX, dwBaseAddress
     ADD DX, 7
     in AL,DX
     // 当AL的值是0xFF或者0x7F时,IDE设备不存在,这时候直接返回
     CMP AL,0xFF
     JZ LeaveRing0
     CMP AL, 0x7F
     JZ LeaveRing0
     // 设置IDE设备存在标志
     MOV btIsIDEExist, 1
     // 查询IDE设备上的驱动器是否存在(有IDE插槽在主板上,但是却不一定有硬盘插在上面)
     CALL WaitWhileBusy
     CALL SelectDevice
     // 如果是第一次调用,则直接返回,否则执行下行语句时会出现蓝屏
     CMP btIsFirst, 1
     JZ  LeaveRing0
     // 第一次调用时,如果执行这行语句会导致蓝屏,Why???
     CALL WaitWhileBusy
     // AL的值等于cBit06时,不存在驱动器,直接返回
     TEST AL, btBit06
     JZ  LeaveRing0
     // 设置驱动器存在标志
     MOV btIsDiskExist, 1
     // 发送存取端口命令
     // 无法像NT/2000/XP那样可以通过查询VERSION的值得到驱动器的类型,
     // 所以只能一步一步地测试,如果不是ATA设备,再尝试使用ATAPI设备命令
     CALL WaitWhileBusy
     CALL SelectDevice  // 设置主从盘标识
     MOV BL, btAtaCmd   // 发送读取命令
     CALL SendCmd
     CALL WaitWhileBusy
     // 检查是否出错
     MOV DX, dwBaseAddress
     ADD DX, 7
     in  AL, DX
     TEST AL, btBit00
     JZ  RetrieveInfo  // 没有错误时则读数据
     // 如果出错,则进一步尝试使用ATAPI设备命令
     CALL WaitWhileBusy
     CALL SelectDevice
     MOV BL, btAtapiCmd
     CALL SendCmd
     CALL WaitWhileBusy
     // 检查是否还出错
     MOV DX, dwBaseAddress
     ADD DX, 7
     in  AL, DX
     TEST AL, btBit00
     JZ  RetrieveInfo  // 没有错误时则读数据
     JMP LeaveRing0   // 如果还是出错,直接返回
     // 读取数据
     RetrieveInfo:
     LEA EDI, wOutDataBuf
     MOV ECX, 256
     MOV DX, dwBaseAddress
     CLD
     REP INSW
     // 退出Ring0代码
     LeaveRing0:
     POPAD
     IRETD
     // 激活Ring0代码
     EnterRing0:
     // 修改中断门
     SIDT FWORD PTR btIDTR1
     MOV EAX, DWORD PTR btIDTR1 + 02h
     ADD EAX, nHookExceptionNo * 08h + 04h
     CLI
     // 保存原异常处理例程入口
     MOV ECX, DWORD PTR [EAX]
     MOV CX, WORD PTR [EAX-04h]
     MOV dwOldExceptionHook, ECX
     // 指定新入口
     LEA EBX, Ring0Proc
     MOV WORD PTR [EAX-04h],BX
     SHR EBX, 10h
     MOV WORD PTR[EAX+02h], BX
     // 激活Ring0代码
     INT nHookExceptionNo
     // 复原入口
     MOV ECX,dwOldExceptionHook
     MOV WORD PTR[EAX-04h], CX
     SHR ECX,10h
     MOV WORD PTR[EAX+02h], CX
     STI
   }
   if(!bIsFirst)
   {
     bIsIDEExist = (bool)btIsIDEExist;
     bIsDiskExist = (bool)btIsDiskExist;
     CopyMemory(pOutData, wOutDataBuf, sizeof(wOutDataBuf));
   }
}
//---------------------------------------------------------------------------
// 调用方法:
void __fastcall TForm1::Button1Click(TObject *Sender)
{
   ReadPhysicalDrive(Memo1->Lines, Memo2->Lines);
}

时间: 2024-11-08 21:56:49

在Win9x/NT下获取硬盘物理序列号的相关文章

在.NET下获取硬盘序列号的问题

问题|硬盘 一般软件的注册机制可以通过获取硬件序列号,然后用非对称加密算法生成相应的公钥和私钥.但是用Managed Code写获取硬盘序列号的代码不能解决所有的问题,比如不能在非管理员的权限下使用,前几天Sunmast在他的Blog上发布了<如何得到硬盘序列号?.NET版本[C#]>,就是没有解决这个问题,用WMI也有很多问题. 要想顺利获取硬盘的序列号,目前只能依靠非托管代码了.DiskId32是一个源码公开的C++程序,可以解决上述问题.由于代码比较底层,我对VC和DDK不熟悉,没有能力

如何在NT下获取进程的路径

一:获取NT下进程路径的方法 在Win9X系统中,利用ToolHelp API中的相关函数可以很方便得得到进程的名称及其路径.但这种方法在NT系统中就不能奏效了,szExeFile仅仅得到的是进程的名称,并没有包含进程的路径. 如何在NT下获取进程的路径呢?(由于WIN9X系统不在我们讨论的范围之内,所以我们选用PSAPI中的相关函数进行说明,这仅仅适用于NT系统.)其实也很简单--用OpenProcess()函数将进程打开后,再利用EnumProcessModules()函数枚举该进程的模块,

如何在NT下获取进程的路径(增补)

一.程序说明 最近整理文档,发现以前写的<如何在NT下获取进程的路径>一文中还有个问题没有解决:原文中的程序无法获取系统进程的路径,如:csrss.exe.记得VCKBASE上有位网友说过一个方法:"给枚举的进程增加SE_DEBUG_NAME权限即可",于是在网上找了些资料,解决了原文中的问题.这里要特别感谢那位名叫rovershen的网友! 我自定义了一个函数,用来赋予进程指定的权限(本例为SE_DEBUG_NAME): BOOL EnablePrivilege(HAND

VB.NET下获取硬盘信息的几种方法

硬盘 1.用API函数GetDiskFreeSpaceEx获取磁盘空间     Private Declare Function GetDiskFreeSpaceEx Lib "kernel32" Alias "GetDiskFreeSpaceExA" _        (ByVal lpDirectoryName As String, ByRef lpFreeBytesAvailableToCaller As Long, _        ByRef lpTota

linux下获取硬盘使用情况[总结]

1.前言 在嵌入式设备中,硬盘空间非常有限,在涉及到经常写日志的进程时候,需要考虑日志的大小和删除,不然很快就硬盘写满,导致日志程序崩溃.为了捕获硬盘写满的异常场景,我们需要在写日志过程中判断硬盘空间的使用情况,根据硬盘的使用情况,就可以判断是否写满了.如果将要写满了,就给出警告.这样就可以避免程序崩溃.首先看一下linux获取硬盘和目录大小的命令,最后总结一下statfs结构和函数. 2.df命令 Linux下可以用df命令获取硬盘的使用情况,通过man可以获取df命令的详细情况.df命令经常

VB.net获取CPU与硬盘物理序列号与容量的实例

首先,引用System.Management:然后在代码中Imports System.Management: 以下功能主要依靠wmi实现 获得硬盘序列号  代码如下 复制代码 Dim cmicWmi As New System.Management.ManagementObjectSearcher("SELECT * FROM Win32_DiskDrive") Dim Uint32 As UInt32 For Each cmicWmiObj As ManagementObject

win7中vc++如何获取硬盘序列号

问题描述 win7中vc++如何获取硬盘序列号 我想获取win7下计算机硬盘的序列号,用来做软件加密,求各位大神帮帮忙啊!!!!!!! 解决方案 http://blog.163.com/jinfd@126/blog/static/6233227720133218314327/

VB.NET获取硬盘信息的几种方法

硬盘 VB.NET下获取硬盘信息的几种方法 1.用API函数GetDiskFreeSpaceEx获取磁盘空间 Private Declare Function GetDiskFreeSpaceEx Lib "kernel32" Alias "GetDiskFreeSpaceExA" _ (ByVal lpDirectoryName As String, ByRef lpFreeBytesAvailableToCaller As Long, _ ByRef lpTot

.net如何获取硬盘的物理ID,硬盘格式化或重新分区后也不会变.

问题描述 .net如何获取硬盘的物理ID,硬盘格式化或重新分区后也不会变.用下面的方法取得的ID,发现硬盘重新分区后,ID就变了.DimcmicWmiAsNewSystem.Management.ManagementObjectSearcher("SELECT*FROMWin32_DiskDrive")DimUint32AsUInt32ForEachcmicWmiObjAsManagementObjectIncmicWmi.GetUint32=cmicWmiObj("sign