-1
int _tmain(int argc, _TCHAR* argv[])
{
    UINT *ptr = (UINT*) ((((UINT)&ptr) & 0x00FF0000) | 0xfe0c);
    if (*ptr) printf("higher than XP\n"); // It's really amazing!!!!
    else printf("XP\n");
    return 0;
}

I found this trick in the following article:

http://spareclockcycles.org/2012/02/14/stack-necromancy-defeating-debuggers-by-raising-the-dead/

But I can't figure out what common knowledge and convention behind the trick. Thanks for any comment.

佟俊辉
  • 1
  • It's officially undefined behaviour, so even when it does work, it really doesn't. If the OS version is what you're after, there are safer and less obfuscated ways, but that's probably beside the point. – chris Aug 08 '13 at 10:34
  • 6
    The article that you linked to explains this in great detail. Did you read it? – David Heffernan Aug 08 '13 at 10:34

1 Answers1

1

I don't understand the background, but it sets up a pointer to an address calculated from the stackpointer (at 0xFE0C). Then reads the value at this address, and it is either zero (XP) or non-zero (not XP).

I doubt very much that this is a RELIABLE way to determine this. The correct way to determine the version of Windows is to use the [GetVersion][1]

Mats Petersson
  • 126,704
  • 14
  • 140
  • 227
  • 1
    +1 Yes - don't use it. What if it stops working correctly in W9? – Martin James Aug 08 '13 at 11:14
  • Don't use ``GetVersion`` either. Use ``VerifyVersionInfo``. See [this](http://stackoverflow.com/questions/22303824/warning-c4996-getversionexw-was-declared-deprecated) stack overflow thread. – Chuck Walbourn Dec 05 '14 at 21:26