Is there any way to get the boot order programmatically, on Windows ?
On Windows 98 it was possible to read CMOS data (BIOS settings) by using the CPU ports.
If I'm not mistaken, Windows XP doesn't allow that anymore.
Motherboard manufacturers usually provide a utility for storing BIOS settings in a file.
Even with that information you'll probably need the specifications of the BIOS version so you can locate the right offset of "BOOT order" byte (assuming that it is stored in a single byte).
Update: I haven't tested it but check out SMBIOS Support in Windows.
And more specifically the GetSystemFirmwareTable Function.
If I understood correctly, with the above function you'll be able to get the BIOS data stored in the lowest 1MB of physical memory. Still, you must know where the boot order information is stored.
Yes, use Kernel Booting apis (internal, ordinal dynamic call)
Related
I wonder how windows distinguishes between diferrent drives and memory modules, I mean how can windows writte somethig specificaly to disc C or disc D.
In every programming language when you declare variable it gets saved into to the memory, and when you need to store something to hdd, you have to use some library.
So, how does windows handle it?
Does it treat all discs and memory modules as a single line of data, and does it only save each mediums beginning adress? - like 0x00000 is where the disc C begins, 0x15616 is where the disc D begins.
Like #MSalters said,
C: is a symlink to something like Device\HarddiskVolume1.
What it means is that disk drivers on Windows are implemented as virtual filesystems a bit like on Linux. I'll explain for Linux since there's much more documentation but the answer is quite similar for Windows even though both OSes do things differently.
Basically, on Linux everything is a file. Linux ships with disk drivers as these are at the basis of every computer. Linux exposes a driver model like every OS. The Linux driver model for files (including hard disks) exposes functions that will be called by the kernel to read/write to disk. There are open, read and write functions that the kernel expects to be present for a file driver.
If you wanted, you could write a disk driver and replace the existing one. You write drivers as modules that you can then load in the kernel using certain utilities that ship with Linux. I won't share more details as I'm not that much aware. Once your code is loaded in the kernel, it has access to all kernel code and all hardware since it runs in kernel mode.
Today, disk drivers probably use PCI DMA which is a controller connected to the PCI bus which allows to do disk operations which ignore the CPU and load disk data to RAM directly. The PCI convention says that all compatible devices (like PCI DMA controllers) must expose a certain interface to the computer. This interface is mostly some memory mapped registers that can be used to send commands to the controller. The OS will write data in these registers to tell the DMA controller to do disk operations. Then the DMA controller will trigger an interrupt once it is done. The OS will then know that the data is readily loaded into RAM and ready for use. The same applies for writing
The OS knows the location of these registers by looking in the ACPI tables at boot.
In modern Windows (2000 or later) C: is a symlink to something like Device\HarddiskVolume1. The number there can vary. Typically, \Device\Bootpartition is also a symlink to the same HarddiskVolume.
Windows doesn't use libraries to write to disk. Instead, it uses drivers. The chief difference is that drivers run as part of the OS kernel, while libraries run as part of applications.
Never develop any driver before.
Anyway I'm now writing 2 simple windows kernel mode drivers, and the 2 drivers will be installed onto 2 different devices which connect to 2 different buses(ISA bus / PCI bus), and somehow the 2 drivers need to talk to each other and data exchange is also expected, is there any efficient way to achieve that??
Kernel event might be able to enable the synchronization, but how about the data exchange?
In user mode, pipe/socket might be an option, but in kernel mode, is there a counterpart of named pipe or something? Google said that there's no documented API for kernel mode pipe usage...
I'm not quite familiar with windows driver framework, hope I'm making sense..
thanks!
There is IRP_MJ_INTERNAL_DEVICE_CONTROL for communication between kernel-mode components. Driver #1 opens Driver #2 by its name and sends internal IOCTLs with input or/and output data.
#Harry Johnston: You do need to be careful about writing to a shared memory location. I presume you were responding with the context of implementing a serial buffer between the two devices (only one device can write, and the other can only read), but it should obviously be added that you should approach shared memory locations between devices with caution, especially if there is going to be frequent writes to that location by both devices and cause undefined behavior or lock-ups from interrupts being serviced seemingly unexpectedly.
Is it possible to access the EFI System Table from the OS? I would like to know where the Runtime Services are mapped. The reason for this is that the Windows API only exposes the variable services to user mode (Get/SetFirmwareEnvironmentVariable), but I was wondering if it would be possible to use the rest of the services by accessing them directly in a custom driver. I know that the Windows loader is mapping the table containing the virtual addresses of the services into the kernel memory, but I have not found a way to locate and read it. Can somebody provide suggestions or directions on how to accomplish this goal?
A year old question but I will answer it and maybe it would help somebody else.
Long story short. No it's not possible. It's entirely Windows internals and if Microsoft doesn't expose it there is no way to access UEFI Run-time Services. As for the UEFI variables they are stored in a non-volatile RAM and only the UEFI firmware (BIOS) knows where all the variables are stored and how. So there are 2 possibilities either BIOS provides a way for Windows to get a pointer to UEFI Run-time Services or Microsoft has an agreement with BIOS vendors, like: - ok guys, if you want your systems to be compatible with Windows here it is the memory location where you must store the pointer to your UEFI Run-time Services period.
I saw programs writing to NVRAM using SetFirmwareEnvironmentVariable.
I need to read the HBA memory registers of the AHCI controller sitting on the PCI bus of the system. I have a driver using which I can read the config space of all the PCI devices in the system (using ReadConfig and WriteConfig). Through this I'm able to get the ABAR content which is the last BAR in AHCI device's config space. Now, I need to read the values of these memory registers. Does anybody has any idea how to do this? PCITree is able to do this, so I know that this is possible.
I'm new to driver development, so any help would be greatly appreciated... :)
AFAIK you can use winio to access memory under Windows NT/2000/XP/2003/Vista/7 and 2008. Please reference the link and click "winio" to download and use. There are samples and sources within it and you can easily transfer to your application.
As an exercise in OS X IO/Kit manipulation, I am looking to return a different UUID, Serial, Boot ROM version, perhaps even number of cores and processor type (just any value) to the System Profiler as well as any other program that asks.
From my understanding, this information about the system is stored in the IO/Kit registry which is stored in memory after being compiled at boot time.
How would one go about either over-writing these values in the I/O Kit registry in memory, or intercepting the IO/Kit library calls and returning different values than what is in memory? Would doing it via interception require a custom kernel extension, or some kind of library modification?
Is there anyway to reliably do this at all? Just curious.
Thank you!