Menu
Related to my other question, please help me debug "An unhandled exception of type 'System.AccessViolationException' occurred in Unknown Module. Additional information: Attempted to read or write protected memory. This is often an indication that other memory is corrupt." Stepping through the code, everything works up until the actual call to del() and fails in that line.
This code is based on this article's sample and this python code which works in python. I can't get the code example as-is to work either (same exception), but I'm hopeful that it's just a little outdated or something.
EDIT: See the edit history if you care about how we got here, which is uninteresting.
public static class CpuID { public static byte[] Invoke(int level) { IntPtr codePointer = IntPtr.Zero; try { // compile byte[] codeBytes; if (IntPtr.Size == 4) { codeBytes = x86CodeBytes; } else { codeBytes = x64CodeBytes; } codePointer = VirtualAlloc( IntPtr.Zero, new UIntPtr((uint)codeBytes.Length), AllocationType.COMMIT | AllocationType.RESERVE, MemoryProtection.EXECUTE_READWRITE ); Marshal.Copy(codeBytes, 0, codePointer, codeBytes.Length); CpuIDDelegate cpuIdDelg = (CpuIDDelegate)Marshal.GetDelegateForFunctionPointer(codePointer, typeof(CpuIDDelegate)); // invoke GCHandle handle = default(GCHandle); var buffer = new byte[16]; try { handle = GCHandle.Alloc(buffer, GCHandleType.Pinned); cpuIdDelg(level, buffer); } finally { if (handle != default(GCHandle)) { handle.Free(); } } return buffer; } finally { if (codePointer != IntPtr.Zero) { VirtualFree(codePointer, 0, 0x8000); codePointer = IntPtr.Zero; } } } [UnmanagedFunctionPointerAttribute(CallingConvention.Cdecl)] private delegate void CpuIDDelegate(int level, byte[] buffer); [DllImport("kernel32.dll", SetLastError = true)] private static extern IntPtr VirtualAlloc(IntPtr lpAddress, UIntPtr dwSize, AllocationType flAllocationType, MemoryProtection flProtect); [DllImport("kernel32")] private static extern bool VirtualFree(IntPtr lpAddress, UInt32 dwSize, UInt32 dwFreeType); [Flags()] private enum AllocationType : uint { COMMIT = 0x1000, RESERVE = 0x2000, RESET = 0x80000, LARGE_PAGES = 0x20000000, PHYSICAL = 0x400000, TOP_DOWN = 0x100000, WRITE_WATCH = 0x200000 } [Flags()] private enum MemoryProtection : uint { EXECUTE = 0x10, EXECUTE_READ = 0x20, EXECUTE_READWRITE = 0x40, EXECUTE_WRITECOPY = 0x80, NOACCESS = 0x01, READONLY = 0x02, READWRITE = 0x04, WRITECOPY = 0x08, GUARD_Modifierflag = 0x100, NOCACHE_Modifierflag = 0x200, WRITECOMBINE_Modifierflag = 0x400 } // Basic ASM strategy -- // void x86CpuId(int level, byte* buffer) // { // eax = level // cpuid // buffer[0] = eax // buffer[4] = ebx // buffer[8] = ecx // buffer[12] = edx // } private readonly static byte[] x86CodeBytes = { 0x55, // push ebp 0x8B, 0xEC, // mov ebp,esp 0x53, // push ebx 0x57, // push edi 0x8B, 0x45, 0x08, // mov eax, dword ptr [ebp+8] (move level into eax) 0x0F, 0xA2, // cpuid 0x8B, 0x7D, 0x0C, // mov edi, dword ptr [ebp+12] (move address of buffer into edi) 0x89, 0x07, // mov dword ptr [edi+0], eax (write eax, ... to buffer) 0x89, 0x5F, 0x04, // mov dword ptr [edi+4], ebx 0x89, 0x4F, 0x08, // mov dword ptr [edi+8], ecx 0x89, 0x57, 0x0C, // mov dword ptr [edi+12],edx 0x5F, // pop edi 0x5B, // pop ebx 0x8B, 0xE5, // mov esp,ebp 0x5D, // pop ebp 0xc3 // ret }; private readonly static byte[] x64CodeBytes = { 0x53, // push rbx this gets clobbered by cpuid // rcx is level // rdx is buffer. // Need to save buffer elsewhere, cpuid overwrites rdx // Put buffer in r8, use r8 to reference buffer later. // Save rdx (buffer addy) to r8 0x49, 0x89, 0xd0, // mov r8, rdx // Move ecx (level) to eax to call cpuid, call cpuid 0x89, 0xc8, // mov eax, ecx 0x0F, 0xA2, // cpuid // Write eax et al to buffer 0x41, 0x89, 0x40, 0x00, // mov dword ptr [r8+0], eax 0x41, 0x89, 0x58, 0x04, // mov dword ptr [r8+4], ebx 0x41, 0x89, 0x48, 0x08, // mov dword ptr [r8+8], ecx 0x41, 0x89, 0x50, 0x0c, // mov dword ptr [r8+12], edx 0x5b, // pop rbx 0xc3 // ret }; } Note that CPUID0 needs to be read in the right order:
//a twelve character ASCII string stored in EBX, EDX, ECX - in that order var cpuid0s = new string(ASCIIEncoding.ASCII.GetChars( cpuid0.Skip(4).Take(4).Concat( cpuid0.Skip(12).Take(4)).Concat( cpuid0.Skip(8).Take(4)).ToArray())); 
376
In the x86 architecture, the CPUID instruction (identified by a CPUID opcode) is a processor supplementary instruction (its name derived from CPU IDentification) allowing software to discover details of the processor. It was introduced by Intel in 1993 with the launch of the Pentium and SL-enhanced 486 processors.
Resolving The Problem. Highlight the "My Computer" desktop icon and right mouse click, select "Properties", then select "Network Identification" and your cpuid is located there.
Returns processor identification and feature information to the EAX, EBX, ECX, and EDX registers, as determined by input entered in EAX (in some cases, ECX as well).
The CPUID instruction is a non-privileged instruction, and can be called in user space. It nominally takes in the EAX register a code that tells what information should be returned, and returns values in the EAX, EBX, ECX and EDX registers.
I'm fairly certain you're being blocked by DEP. The x_CPUIDy_INSNS byte arrays are in a segment of memory marked as data and non-executable.
EDIT:
That being said, I've gotten a version that compiles and runs, but I don't think gets the right values. Perhaps this will get you along your way.
EDIT 2:
I think I have the right values coming back now. Feel free to validate.
namespace CPUID { using System; using System.Globalization; using System.Linq; using System.Reflection; using System.Runtime.InteropServices; using System.Text; internal static class Program { [Flags] private enum AllocationTypes : uint { Commit = 0x1000, Reserve = 0x2000, Reset = 0x80000, LargePages = 0x20000000, Physical = 0x400000, TopDown = 0x100000, WriteWatch = 0x200000 } [Flags] private enum MemoryProtections : uint { Execute = 0x10, ExecuteRead = 0x20, ExecuteReadWrite = 0x40, ExecuteWriteCopy = 0x80, NoAccess = 0x01, ReadOnly = 0x02, ReadWrite = 0x04, WriteCopy = 0x08, GuartModifierflag = 0x100, NoCacheModifierflag = 0x200, WriteCombineModifierflag = 0x400 } [Flags] private enum FreeTypes : uint { Decommit = 0x4000, Release = 0x8000 } [UnmanagedFunctionPointerAttribute(CallingConvention.Cdecl)] private unsafe delegate void CPUID0Delegate(byte* buffer); [UnmanagedFunctionPointerAttribute(CallingConvention.Cdecl)] private unsafe delegate void CPUID1Delegate(byte* buffer); private static void Main() { Console.WriteLine("CPUID0: {0}", string.Join(", ", CPUID0().Select(x => x.ToString("X2", CultureInfo.InvariantCulture)))); Console.WriteLine("CPUID0: {0}", new string(ASCIIEncoding.ASCII.GetChars(CPUID0()))); Console.WriteLine("CPUID1: {0}", string.Join(", ", CPUID1().Select(x => x.ToString("X2", CultureInfo.InvariantCulture)))); Console.ReadLine(); } private static unsafe byte[] CPUID0() { byte[] buffer = new byte[12]; if (IntPtr.Size == 4) { IntPtr p = NativeMethods.VirtualAlloc( IntPtr.Zero, new UIntPtr((uint)x86_CPUID0_INSNS.Length), AllocationTypes.Commit | AllocationTypes.Reserve, MemoryProtections.ExecuteReadWrite); try { Marshal.Copy(x86_CPUID0_INSNS, 0, p, x86_CPUID0_INSNS.Length); CPUID0Delegate del = (CPUID0Delegate)Marshal.GetDelegateForFunctionPointer(p, typeof(CPUID0Delegate)); fixed (byte* newBuffer = &buffer[0]) { del(newBuffer); } } finally { NativeMethods.VirtualFree(p, 0, FreeTypes.Release); } } else if (IntPtr.Size == 8) { IntPtr p = NativeMethods.VirtualAlloc( IntPtr.Zero, new UIntPtr((uint)x64_CPUID0_INSNS.Length), AllocationTypes.Commit | AllocationTypes.Reserve, MemoryProtections.ExecuteReadWrite); try { Marshal.Copy(x64_CPUID0_INSNS, 0, p, x64_CPUID0_INSNS.Length); CPUID0Delegate del = (CPUID0Delegate)Marshal.GetDelegateForFunctionPointer(p, typeof(CPUID0Delegate)); fixed (byte* newBuffer = &buffer[0]) { del(newBuffer); } } finally { NativeMethods.VirtualFree(p, 0, FreeTypes.Release); } } return buffer; } private static unsafe byte[] CPUID1() { byte[] buffer = new byte[12]; if (IntPtr.Size == 4) { IntPtr p = NativeMethods.VirtualAlloc( IntPtr.Zero, new UIntPtr((uint)x86_CPUID1_INSNS.Length), AllocationTypes.Commit | AllocationTypes.Reserve, MemoryProtections.ExecuteReadWrite); try { Marshal.Copy(x86_CPUID1_INSNS, 0, p, x86_CPUID1_INSNS.Length); CPUID1Delegate del = (CPUID1Delegate)Marshal.GetDelegateForFunctionPointer(p, typeof(CPUID1Delegate)); fixed (byte* newBuffer = &buffer[0]) { del(newBuffer); } } finally { NativeMethods.VirtualFree(p, 0, FreeTypes.Release); } } else if (IntPtr.Size == 8) { IntPtr p = NativeMethods.VirtualAlloc( IntPtr.Zero, new UIntPtr((uint)x64_CPUID1_INSNS.Length), AllocationTypes.Commit | AllocationTypes.Reserve, MemoryProtections.ExecuteReadWrite); try { Marshal.Copy(x64_CPUID1_INSNS, 0, p, x64_CPUID1_INSNS.Length); CPUID1Delegate del = (CPUID1Delegate)Marshal.GetDelegateForFunctionPointer(p, typeof(CPUID1Delegate)); fixed (byte* newBuffer = &buffer[0]) { del(newBuffer); } } finally { NativeMethods.VirtualFree(p, 0, FreeTypes.Release); } } return buffer; } private static class NativeMethods { [DllImport("kernel32.dll", SetLastError = true)] internal static extern IntPtr VirtualAlloc( IntPtr lpAddress, UIntPtr dwSize, AllocationTypes flAllocationType, MemoryProtections flProtect); [DllImport("kernel32")] [return: MarshalAs(UnmanagedType.Bool)] internal static extern bool VirtualFree( IntPtr lpAddress, uint dwSize, FreeTypes flFreeType); } #region ASM private static readonly byte[] x86_CPUID0_INSNS = new byte[] { 0x53, // push %ebx 0x31, 0xc0, // xor %eax,%eax 0x0f, 0xa2, // cpuid 0x8b, 0x44, 0x24, 0x08, // mov 0x8(%esp),%eax 0x89, 0x18, // mov %ebx,0x0(%eax) 0x89, 0x50, 0x04, // mov %edx,0x4(%eax) 0x89, 0x48, 0x08, // mov %ecx,0x8(%eax) 0x5b, // pop %ebx 0xc3 // ret }; private static readonly byte[] x86_CPUID1_INSNS = new byte[] { 0x53, // push %ebx 0x31, 0xc0, // xor %eax,%eax 0x40, // inc %eax 0x0f, 0xa2, // cpuid 0x5b, // pop %ebx 0xc3 // ret }; private static readonly byte[] x64_CPUID0_INSNS = new byte[] { 0x49, 0x89, 0xd8, // mov %rbx,%r8 0x49, 0x89, 0xc9, // mov %rcx,%r9 0x48, 0x31, 0xc0, // xor %rax,%rax 0x0f, 0xa2, // cpuid 0x4c, 0x89, 0xc8, // mov %r9,%rax 0x89, 0x18, // mov %ebx,0x0(%rax) 0x89, 0x50, 0x04, // mov %edx,0x4(%rax) 0x89, 0x48, 0x08, // mov %ecx,0x8(%rax) 0x4c, 0x89, 0xc3, // mov %r8,%rbx 0xc3 // retq }; private static readonly byte[] x64_CPUID1_INSNS = new byte[] { 0x53, // push %rbx 0x48, 0x31, 0xc0, // xor %rax,%rax 0x48, 0xff, 0xc0, // inc %rax 0x0f, 0xa2, // cpuid 0x5b, // pop %rbx 0xc3 // retq }; #endregion } } If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
