Get Windows Version from PEB

[Peyman]

i know OSVersion() is the best Windows detector but maybe this code for some body come in handy, i find it on one vb site.

Enjoy

Use NtCurrentTeb API (Not Worked With PB x64 executable) :

Code: Select all

Procedure.s PEBGetWinVersion()
    Protected lPEB.i    ;Pointer to PEB
    Protected lOSMa.i   ;OSMajorVersion     [PEB+0xA4]
    Protected lOSMi.i   ;OSMinorVersion     [PEB+0xA8]
    Protected lOSPlat.i ;OSPlatformId       [PEB+0xB0]
 
    lPEB = PeekI(NtCurrentTeb_() + $30)
    lOSMa = PeekI(lPEB + $A4)
    lOSMi = PeekI(lPEB + $A8)
    lOSPlat = PeekI(lPEB + $B0)
 
    ProcedureReturn Str(lOSPlat) + "." + Str(lOSMa) + "." + Str(lOSMi)
EndProcedure
 
Procedure.s VersionToName(sVersion.s)
    Select sVersion
        Case "1.0.0":     ProcedureReturn "Windows 95"
        Case "1.1.0":     ProcedureReturn "Windows 98"
        Case "1.9.0":     ProcedureReturn "Windows Millenium"
        Case "2.3.0":     ProcedureReturn "Windows NT 3.51"
        Case "2.4.0":     ProcedureReturn "Windows NT 4.0"
        Case "2.5.0":     ProcedureReturn "Windows 2000"
        Case "2.5.1":     ProcedureReturn "Windows XP"
        Case "2.5.3":     ProcedureReturn "Windows 2003 (SERVER)"
        Case "2.6.0":     ProcedureReturn "Windows Vista"
        Case "2.6.1":     ProcedureReturn "Windows 7"
        Default:          ProcedureReturn "Unknown"
    EndSelect
EndProcedure

Debug PEBGetWinVersion()
Debug VersionToName(PEBGetWinVersion())

Use RtlGetVersion API (Worked With both PB x86 & x64 executable) :

Code: Select all

Procedure.s NativeGetVersion()
    Protected Dim tOSVw.l($54)
    
    lib = LoadLibrary_("ntdll.dll")
    proc = GetProcAddress_(lib, "RtlGetVersion")
    tOSVw(0) = $54 * $4
    CallFunctionFast(proc, @tOSVw())
    FreeLibrary_(lib)
 
    ProcedureReturn Str(tOSVw(4)) + "." + Str(tOSVw(1)) + "." + Str(tOSVw(2))
EndProcedure
 
Procedure.s VersionToName(sVersion.s)
    Select sVersion
        Case "1.0.0":     ProcedureReturn "Windows 95"
        Case "1.1.0":     ProcedureReturn "Windows 98"
        Case "1.9.0":     ProcedureReturn "Windows Millenium"
        Case "2.3.0":     ProcedureReturn "Windows NT 3.51"
        Case "2.4.0":     ProcedureReturn "Windows NT 4.0"
        Case "2.5.0":     ProcedureReturn "Windows 2000"
        Case "2.5.1":     ProcedureReturn "Windows XP"
        Case "2.5.3":     ProcedureReturn "Windows 2003 (SERVER)"
        Case "2.6.0":     ProcedureReturn "Windows Vista"
        Case "2.6.1":     ProcedureReturn "Windows 7"
        Default:        ProcedureReturn "Unknown"
    EndSelect
EndProcedure

Debug NativeGetVersion()
Debug VersionToName(NativeGetVersion())

[Joakim Christiansen]

Nice one!

[ts-soft]

Doesn't work with x64 executable, NtCurrentTeb_() is not available in DLL.

greetings
Thomas

[Peyman]

Doesn't work with x64 executable, NtCurrentTeb_() is not available in DLL.

greetings
Thomas

yea i now test and its not work with x64 executable i dont know why because it worked with 32 bit executable in x64 windows (my windows is 7 x64 and it work with 32 bit PB compiler in my windows) somebody have any idea ?
anyway i add another way that works fine with both executable.

edit:
somebody can say what numbers these examples returns on win 2008 server, please.

[ts-soft]

I think, you can use this simple API

Code: Select all

Procedure.s GetVersion()
  Protected ver.OSVERSIONINFO
  ver\dwOSVersionInfoSize = SizeOf(OSVERSIONINFO)
  If GetVersionEx_(@ver)
    ProcedureReturn Str(ver\dwPlatformId) + "." + Str(ver\dwMajorVersion) + "." + Str(ver\dwMinorVersion)
  EndIf
EndProcedure

[Peyman]

@ts-soft : yea this is the exactly way that PB Team do, i think. but anyway this is another way

[UserOfPure]

Why do it that way, with more code, than just using OSVersion?

[Rings]

playing with NtCurrentTeb_()

NtCurrentTeb means
get the current Thread-ExecutionBlock.
a lot of information about your thread...
a x64 implementation can be found here