I've been working on UEFI and GPT recently. I want to get the UEFI boot item under WIndows, but I looked at MSDN and found no suitable API. Please ask me how to query the UEFI boot item under Windows
It just likes this below:
You can use the GetFirmwareEnvironmentVariableA function to get the BootOrder variable first and then the single boot options (Boot####).
You need the SE_SYSTEM_ENVIRONMENT_NAME privilege to call GetFirmwareEnvironmentVariableA.
The structures and names of the required variables are defined in the uefi specification, starting at chapter 3.
DWORD BootOrderContentLength;
DWORD Error;
BYTE BootOrderContent[256];
BootOrderContentLength = GetFirmwareEnvironmentVariableA(
"BootOrder",
"{8BE4DF61-93CA-11D2-AA0D-00E098032B8C}",
(VOID*)BootOrderContent,
(DWORD)sizeof(BootOrderContent));
if (BootOrderContentLength == 0) {
Error = GetLastError();
//...
}
Related
I found this C# and I want to improve on it in Go: https://github.com/roachadam/MinerKiller/blob/master/MinerKiller/MinerKiller.cs
My first question, is how do I detect if a process window is hidden. ie this code:
if (p.MainWindowHandle == IntPtr.Zero )
My Second question is how to get the command line of a process. ie this C# code
private string GetCommandLine(Process process)
{
string cmdLine = null;
using (var searcher = new ManagementObjectSearcher("SELECT CommandLine FROM Win32_Process WHERE ProcessId = " + process.Id))
{
var matchEnum = searcher.Get().GetEnumerator();
if (matchEnum.MoveNext())
{
cmdLine = matchEnum.Current["CommandLine"]?.ToString();
}
}
return cmdLine;
}
While the go standard library's os package provides a lot of nice utilities for interfacing with operating system functionality, they are much "lower level" then what you are referencing from the .NET System.Management classes. You will most likely have to implement the behavior of these classes yourself to achieve the desired outcome (using the tool from Go's os package as your primary "building blocks")
That said, there is a psutil port in Go (gopsutil - https://github.com/shirou/gopsutil/) that provides utilities for retrieving info on running processes as well as system utilization. This will most likely provide the higher level abstraction you can use to implement your program.
If gopsutil is too opinionated or high level for you needs, I would also check out the operating system specific packages in the golang subrepositories.
Documented here: https://godoc.org/golang.org/x/sys
Source here: https://github.com/golang/sys/
(Note: IMO the question is mainly about WinAPI and DACL and not about CNG, so please read on!)
I'm currently trying to modify the sample CNG key storage provider of Microsoft's Cryptographic Provider Development Kit in such a way that it does not store the keys in single files. However, I'm in trouble with the security descriptors that can be assigned to the private keys.
In the Certificates Snap-in of the Windows Server Management Console, private keys of certificates can be managed, i.e. the owner, DACL and SACL of a key can be changed, which results in a NCryptSetProperty call with a security descriptor as parameter. For the DACL, the snap-in only allows to allow/deny "full control" or "read", which results in the GENERIC_ALL or GENERIC_READ bit to be set in the access mask of the ACE.
As I have learnt, these generic bits need to be mapped to application specific rights - otherwise AccessCheck will not work. But do I really need to do this by hand???
CreatePrivateObjectSecurity+SetPrivateObjectSecurity does not always work since CreatePrivateObjectSecurity is very picky about the owner and group in the input security descriptor. Moreover, when the mapping is applied, the generic bits are cleared in the access mask, which results in the snap-in showing wrong settings (as I said, the snap-in only considers the GA and GR bits when displaying current permissions).
Seems I'm missing some pieces here...
in your CPSetProvParam implementation for PP_KEYSET_SEC_DESCR you got address of a SECURITY_DESCRIPTOR, which you need somehow apply to your private key storage. if your storage based on file(s) or registry key(s) ( in principle any kernel object type, but what more can be used here ?) you need call SetKernelObjectSecurity with file or key HANDLE (which must have WRITE_DAC access) (may be multiple time if you say have multiple files for store single key). in kernel GENERIC access to object will be auto converted to object specific rights.
if your implementation of storage not direct based on some kernel object, but custom - you need yourself at this point convert GENERIC access (0xF0000000 mask) to specific access rights (0x0000FFFF mask)
__________________ EDIT ____________________
after more check i found that provider must not only convert generic to specific access in CPSetProvParam but also convert specific to generic in CPGetProvParam despite this not directly point in documentation.
this is how MS_ENHANCED_PROV (implemented in rsaenh.dll) approximately do this:
void CheckAndChangeAccessMask(PSECURITY_DESCRIPTOR SecurityDescriptor)
{
BOOL bDaclPresent, bDaclDefaulted;
PACL Dacl;
ACL_SIZE_INFORMATION asi;
if (
GetSecurityDescriptorDacl(SecurityDescriptor, &bDaclPresent, &Dacl, &bDaclDefaulted)
&&
bDaclPresent
&&
Dacl
&&
GetAclInformation(Dacl, &asi, sizeof(asi), AclSizeInformation)
&&
asi.AceCount
)
{
union{
PVOID pAce;
PACE_HEADER pah;
PACCESS_ALLOWED_ACE paa;
};
do
{
if (GetAce(Dacl, --asi.AceCount, &pAce))
{
switch (pah->AceType)
{
case ACCESS_ALLOWED_ACE_TYPE:
case ACCESS_DENIED_ACE_TYPE:
ACCESS_MASK Mask = paa->Mask, Gen_Mask = 0;
if (Mask & FILE_READ_DATA)
{
Gen_Mask |= GENERIC_READ;
}
if (Mask & FILE_WRITE_DATA)
{
Gen_Mask |= GENERIC_ALL;
}
paa->Mask = Gen_Mask;
break;
}
}
} while (asi.AceCount);
}
}
so FILE_READ_DATA converted to GENERIC_READ and FILE_WRITE_DATA to GENERIC_ALL (this is exactly algorithm) - however you can look yourself code of rsaenh.CheckAndChangeAccessMask (name from pdb symbols)
rsaenh first get SD from file by GetNamedSecurityInfoW (SE_FILE_OBJECT) and then convert it specific to generic access.
here the call graph and modified DACL (in the top-right, modified ACCESS_MASK in red color)
As illustrated in the picture bellow, by tweaking the registry in windows 10 I was able to change the bios version but not the SMBIOSVersion, which is what i want. Is there any way to alter it? Not necessarily permanently. I don't care if the value is restored after a reboot, i just want the win32_bios containing an SMBIOSVersion that i have specified until shutdown so calls to it will return my specified version.
It's coming from WMI, and the Win32_BIOS provider is defined in c:\Windows\System32\wbem\cimwin32.mof as a dynamic provider calling from cimwin32.dll.
But it does seem to be possible to override it; create a new file somewhere, e.g. c:\user\spkone\test.mof and put this in it:
#pragma namespace ("\\\\.\\root\\CIMv2")
class Win32_BIOS
{
[key]
string SMBIOSBIOSVersion;
};
[DYNPROPS]
instance of Win32_BIOS
{
SMBIOSBIOSVersion = "wow";
};
Run an administrator command prompt or PowerShell, and run mofcomp test.mof.
Before:
After:
I got this far and then stopped, I don't know how far the change reaches, or what the implications are. It does show in another PowerShell process, anyway. I'll leave it to you to fill in the other details ;)
Quoting from the documentation (emphasis mine):
SMBIOSBIOSVersion
Data type: string
Access type: Read-only
Qualifiers: MappingStrings ("SMBIOS|Type 0|BIOS Version")
BIOS version as reported by SMBIOS.
This value comes from the BIOS Version member of the BIOS Information structure in the SMBIOS information.
Basically, this value reports information obtained from the BIOS. To modify the value you'd need to modify the BIOS, i.e. flash the chip with a new firmware.
I am developing a windows application which gives the field details --> X.
Where X is -->
Right Click My Computer >
Properties >
Device Manager > (select any Item - Say KeyBoard) >
Click it > standard PS/2 KeyBoard >
double Click standard PS/2 KeyBoard >
click the Details Tab >
Under the Property there are various fields like Display Name , Problem Code,Parent Siblings, etc , etc?
I want to get their values .
Which Windows API I can use for this.
I am doing this for windows 7 as well as windows 8.I hope the API will remain the same.Also i am having 64 bit machine.
This has to be true for any device whose details I wanted to know from the Device Manager.
ALso I just want to all operations - Reading and No Set (writing) so I think I will not be having any problem with violating the Admin Rights.PLease suggest.! I have added Snapshots for reference!Say for example I want to know the current State of the HID USB Complaint Mouse(D0(Active) or D2(Sleep)).
I need to Get this Power State D0.
The question is tagged with C#, though the actual question asks for any Window API. With the Win32 API the information can be retrieved with SetupDiGetDeviceRegistryProperty(). The steps would be:
Get a device info set for the devices you're interested in via SetupDiGetClassDevs().
Iterate through the device infos via SetupDiEnumDeviceInfo().
Get the properties via calls to SetupDiGetDeviceRegistryProperty().
Destroy the device info set via SetupDiDestroyDeviceInfoList().
According to the documentation the API is available on Windows 2000 and later.
It's quite easy to get the hardware information using ManagementObjectCollection.
For instance to get all properties and values from the PC processor
var win32DeviceClassName = "win32_processor";
var query = string.Format("select * from {0}", win32DeviceClassName);
using (var searcher = new ManagementObjectSearcher(query))
{
ManagementObjectCollection objectCollection = searcher.Get();
foreach (ManagementBaseObject managementBaseObject in objectCollection)
{
foreach (PropertyData propertyData in managementBaseObject.Properties)
{
Console.WriteLine("Property: {0}, Value: {1}", propertyData.Name, propertyData.Value);
}
}
}
The full list of WIN32 class name is available at http://msdn.microsoft.com/en-us/library/aa394084%28v=VS.85%29.aspx
Cheers.
You're going to have the easiest time (I think) doing this with PowerShell. If you are writing some C# code you can execute a PS script using types in the System.Management.Automation namespace, such as PowerShell (link: http://msdn.microsoft.com/en-us/library/system.management.automation.powershell(v=vs.85).aspx) but I would begin your testing using the PS Console.
You should first (using PowerShell) explore the WMI objects in your environments using this command
Get-WmiObject -List -namespace root\CIMV2
Then once you identify with class you are looking for you can retrieve details on that class using this command:
Get-WmiObject -namespace root\CIMV2 -class Win32_USBControllerDevice
Once you have that content you'd have to parse the text.
UPDATE: Try using this command to get the "State", "Status", and "Started" attributes of mouse drivers on your PC:
gwmi Win32_SystemDriver | where {$_.DisplayName -like "*Mouse*"}
I'm looking to integrate the Barcode2 class in the EDMK 2.6 library into our existing Barcode scanning interface.
I've wired the example code up to our interface method StartScan() and always get E_SCN_READTIMEOUT as the result even though the code seems to be responding to the scan. (the breakpoint at if (scan.Result == Results.SUCCESS) is hit in response to the scan
public void StartScan()
{
if (!barcode.IsScanPending)
{
ScanData scan = barcode.ScanWait(2000); // 2 second timeout
if (scan.Result == Results.SUCCESS)
{
if (scan.IsText)
{
textbox1.Text = scan.Text;
}
}
}
}
The result is always E_SCN_READTIMEOUT, I suspect this may be a conflict with DataWedge 3.4 running on the device, but the functionality of the scanner and triggers seem to be dependent on it.
Getting barcode scans to the clipboard using DataWedge is not an option for us, is there a way to get the library to function despite DataWedge(assuming that is causing the read timeouts)?
The DataWedge application did need to be disabled, (this can be done programmatically via the datawedge API from Motorola, Thanks Abdel for the hint here!).
https://docs.symbol.com/ReleaseNotes/Release%20Notes%20-%20DataWedge_3.3.htm
A little background on our Windows Mobile application for reference, we have a hardware singleton that contains interfaces for all hardware components and loads related types and assemblies via reflection. If we referenced types directly the code above worked.
The end solution ended up being to use the Symbol.Barcode library instead of Symbol.Barcode2.