Vital Product Data Check
Original Publication Date: 2002-Nov-11
Included in the Prior Art Database: 2002-Nov-11
Method and apparatus to bypass Operating System physical memory access contraints, to enable the machine-independent scanning of PC / PC server ROMs for machine identification purposes.
Vital Product Data Check
A program is disclosed which is a stand-alone software application, VPDCHK and VPDCHK32, which addresses the problem of reliable identification/asset auditing of PCs and PC servers in the business/commercial environment, in a rapid and simply-deployed fashion. The data extracted, referred to here as 'VPD' (Vital Product Data) is defined as:
the Manufacturer (the name of company that produced the computer) the Model (the correct product designation of the computer) the chassis / product serial number (if present) Revision / version name of ROM BIOS
There are some products (commercially and in the public domain) that only provide generic information about a given PC. Other applications have been produced by manufacturers only for their own machines. Some methods for mining such asset data may require considerable setup time or even a system reboot (or server restart) in order to enter a diagnostic mode. VPDCHK overcomes all of these limitations by directly accessing (at a user level) the systemboard ROM BIOS, adaptor ROMs and system CMOS memory, using a variety of string scanning algorithms and model-specific keyword isolation heuristics. In short, these advantages guarantee VPD extraction with a competent success rate, whilst reducing the time and cost involved in normally extracting such data.
The novel contribution of VPDCHK can be described thus:
This invention is able to bypass the memory-access security technology of protected OS's: Microsoft Windows NT4* and Windows 2000*. The program employs a specific method of penetrating the protected subsystem in order to freely access physical systemboard (and bus adaptor) memory and I/O space. This is accomplished irrespective of executing at a 'User' level. This is a key feature of VPDCHK, since such functionality normally requires a specific registered kernel-level driver to afford low-level machine access, requiring installation and in some cases a system reboot before use; VPDCHK avoids these obstacles and achieves access without any external modules in a way that does not incur security violations. In fact, the OS is not even aware that low-level machine access is taking place when VPDCHK is scanning. This technique, named hereinafter as 'VDMPROBE', is a process which is analogous to a harmless variation of 'Trojan' code in Windows, created at runtime by VPDCHK . This code is copied to the Windows temporary directory and executed in its own 16-bit process space. The VDMPROBE runs just long enough to scan system board ROM(s) etc, and capture CMOS contents, then is promptly destroyed by VPDCHK and released from memory (refer to Figure 1).
An application of this novelty is illustrated in the following scenario:
A PC (Intel) server running Windows NT4 or 2000, resides in a mission critical business environment and cannot be shut down or restarted without major impact to the client. There is also a Change Freeze preventing the server from receiving any softw...