Inventorying RAMs Remotely on Windows - Shaping the Output
(Page 2 of 4 )
First of all, download the entire source code of the application from the CodeProject article. Executing the application lists pages of SMBIOS dump; the amount of information it is able to dump is overwhelming. But that’s way better than having too little and struggling to find what we really need.
In order to keep the application simple and not ruin its overall structure, we will rather extend the tool and not modify. This way we will add the ability to specify modes with arguments, something along the lines of adding “-m” in the end followed by a number. Let’s say “1” for Mode 1, the one that dumps out the information we need; and “2” for Mode 2, the original way the application works. We leave this untouched.
As mentioned earlier, this part is not compulsory so we won't get too involved with it. Anyone with intermediate experience in programming in C++ could simplify this application to suit his or her needs. If you don’t want to modify, then you can write simple scripts to parse the output dump to “extract” just the information you need. Either way, it works. The bottom line is that the application touches the SMBIOS and truly retrieves the data we need, along with much more.
On the other hand, if you want to follow our style and edit the source code by including these “two” available modes to run the tool, then here it goes. There are several approaches; the easiest is adding a global variable that stores which mode is currently chosen. It parses the arguments (_TCHAR* args[]), the value follows the “m.” Check this sample out. You can do something similar.
if (_wcsicmp(args[i],_T("-m"))==0) // -m option
{
if (++i > arg_count-1)
{
p(_T("You failed to specify a valid mode for the '-m' option.nn"));
return false;
}
else
{
global_mode = 2; // default, lists the entire dump
if (_wcsicmp(args[i],_T("1"))==0) // if 1, our style
global_mode = 1;
}
The above is to be found in the smbios_p.cpp file, within the parse_command_line function. This is the place where the author also originally checks the –f option when the output is about to be saved in a file. Once the above is expanded and the global mode is implemented, you can continue editing the _tmain() function.
Please find the following snippet and edit accordingly. As you can see, there’s an error-handling piece that checks whether the command line arguments are good; if so, then the program moves further, and tries to initialize the data. If this also succeeds, then it checks which mode the user has picked. If the second one, then it lists everything—the original way the tool works; otherwise, it prints out only the memory-related data.
if (good_command_line)
{
if (!init_raw_smbios_data())
{
p(_T("Failed to initialize raw smb bios data.nn"));
}
else
{
if (global_mode == 2)
{ // the original mode, lists everything
show_bios_information();
show_system_information();
show_system_enclosure();
show_processor_information();
show_cache_information();
show_system_slots();
show_physical_memory_array();
show_memory_device();
show_memory_array_mapped_address();
show_system_boot_information();
}
if (global_mode == 1)
{ // lists only the data we need, memory-related
show_memory_device();
}
}
}
On the next page we will see how this tool performs when put into action.
Next: Using the Tool >>
More Windows Security Articles
More By Barzan "Tony" Antal
