Get Windows Version from PEB
Posted: Thu Mar 18, 2010 8:13 pm
i know OSVersion() is the best Windows detector but maybe this code for some body come in handy, i find it on one vb site.
Enjoy
Use NtCurrentTeb API (Not Worked With PB x64 executable) :
Use RtlGetVersion API (Worked With both PB x86 & x64 executable) :
Enjoy
Use NtCurrentTeb API (Not Worked With PB x64 executable) :
Code: Select all
Procedure.s PEBGetWinVersion()
Protected lPEB.i ;Pointer to PEB
Protected lOSMa.i ;OSMajorVersion [PEB+0xA4]
Protected lOSMi.i ;OSMinorVersion [PEB+0xA8]
Protected lOSPlat.i ;OSPlatformId [PEB+0xB0]
lPEB = PeekI(NtCurrentTeb_() + $30)
lOSMa = PeekI(lPEB + $A4)
lOSMi = PeekI(lPEB + $A8)
lOSPlat = PeekI(lPEB + $B0)
ProcedureReturn Str(lOSPlat) + "." + Str(lOSMa) + "." + Str(lOSMi)
EndProcedure
Procedure.s VersionToName(sVersion.s)
Select sVersion
Case "1.0.0": ProcedureReturn "Windows 95"
Case "1.1.0": ProcedureReturn "Windows 98"
Case "1.9.0": ProcedureReturn "Windows Millenium"
Case "2.3.0": ProcedureReturn "Windows NT 3.51"
Case "2.4.0": ProcedureReturn "Windows NT 4.0"
Case "2.5.0": ProcedureReturn "Windows 2000"
Case "2.5.1": ProcedureReturn "Windows XP"
Case "2.5.3": ProcedureReturn "Windows 2003 (SERVER)"
Case "2.6.0": ProcedureReturn "Windows Vista"
Case "2.6.1": ProcedureReturn "Windows 7"
Default: ProcedureReturn "Unknown"
EndSelect
EndProcedure
Debug PEBGetWinVersion()
Debug VersionToName(PEBGetWinVersion())Code: Select all
Procedure.s NativeGetVersion()
Protected Dim tOSVw.l($54)
lib = LoadLibrary_("ntdll.dll")
proc = GetProcAddress_(lib, "RtlGetVersion")
tOSVw(0) = $54 * $4
CallFunctionFast(proc, @tOSVw())
FreeLibrary_(lib)
ProcedureReturn Str(tOSVw(4)) + "." + Str(tOSVw(1)) + "." + Str(tOSVw(2))
EndProcedure
Procedure.s VersionToName(sVersion.s)
Select sVersion
Case "1.0.0": ProcedureReturn "Windows 95"
Case "1.1.0": ProcedureReturn "Windows 98"
Case "1.9.0": ProcedureReturn "Windows Millenium"
Case "2.3.0": ProcedureReturn "Windows NT 3.51"
Case "2.4.0": ProcedureReturn "Windows NT 4.0"
Case "2.5.0": ProcedureReturn "Windows 2000"
Case "2.5.1": ProcedureReturn "Windows XP"
Case "2.5.3": ProcedureReturn "Windows 2003 (SERVER)"
Case "2.6.0": ProcedureReturn "Windows Vista"
Case "2.6.1": ProcedureReturn "Windows 7"
Default: ProcedureReturn "Unknown"
EndSelect
EndProcedure
Debug NativeGetVersion()
Debug VersionToName(NativeGetVersion())