biosdump ...

bingo · Beitrag von **bingo** » 24.11.2005 14:43

angelehnt an Physmem http://www.sysinternals.com ein beispiel unter pb ...

vorteil ist eben , dass keine gerätetreiber (winio...) benötigt werden , um ein memorymapping zu machen .

Code: Alles auswählen

;biosdump $F0000-$FFFFF To c:\biosimage.tmp 
;tested on xp/sp2 

Procedure.l Ansi2Uni(ansi.s) 
SHStrDup_(@ansi,@memziel) 
ProcedureReturn memziel 
EndProcedure 

#OBJ_CASE_INSENSITIVE = $40 

#SECTION_MAP_READ = $4 

#PAGE_READONLY = 2 

#VIEW_SHARE = 1 

Structure UNICODE_lSTRING 
  usLength.w 
  usMaximumLength.w 
  usBuffer.l 
EndStructure 

Structure OBJECT_ATTRIBUTES 
    Length.l 
    RootDirectory.l 
    ObjectName.l 
    Attributes.l 
    SecurityDescriptor.l 
    SecurityQualityOfService.l 
EndStructure 

Structure PHYSICAL_ADDRESS 
    lowpart.l 
    highpart.l 
EndStructure 

status.l 
ia.OBJECT_ATTRIBUTES 
hdlPhysMem.l 
    
mydevice.s="\device\physicalmemory" 

usDevName.UNICODE_lSTRING 
usDevName\usBuffer = Ansi2Uni(mydevice)  
usDevName\usMaximumLength = (Len(mydevice) * 2) + 2 
usDevName\usLength = Len(mydevice) * 2 

ia\Length = SizeOf(OBJECT_ATTRIBUTES) 
ia\ObjectName = @usDevName 
ia\Attributes  = #OBJ_CASE_INSENSITIVE 
ia\SecurityDescriptor = 0 
ia\RootDirectory = 0 
ia\SecurityQualityOfService = 0 
  
status = NtOpenSection_(@hdlPhysMem, #SECTION_MAP_READ, @ia) 
    
If status<>0 
Debug "error" 
End 
EndIf 
    
memVirtualAddress.l 
memLen.l 
    
viewBase.PHYSICAL_ADDRESS 
viewBase\highpart = 0 
viewBase\lowpart = $F0000 
memLen = $FFFF 
    
status = NtMapViewOfSection_(hdlPhysMem, -1, @memVirtualAddress,0, memLen, @viewbase, @memLen, #VIEW_SHARE, 0, #PAGE_READONLY) 
    
If status<>0 
Debug "error" 
End 
EndIf 
    
OpenFile(1,"c:\biosimage.tmp") 
For i=0 To memLen-1 
WriteByte(PeekB(memVirtualAddress + i)) 
Next 
CloseFile(1) 

status = NtUnmapViewOfSection_(-1, memVirtualAddress) 
status = CloseHandle_(hdlPhysMem) 
End

!nachtrag! 29.11.05
dieser code funzt nur bis xp/sp2 ! ab server2003 bzw. longhorn/vista NICHT mehr . dafür gibt es aber neue "bequeme" apis für dieses problem . http://msdn.microsoft.com/library/defau ... tables.asp