Read RTC in Windows

Question

I'm not a C/ASM developer and I would like to get current date and time from RTC with a Windows program.

Here, I found a C code to do this.

I changed that code in the following way, and I compiled it with Visual Studio 2017 cl.exe compiler without errors and warnings:

#include <stdio.h>

int main()
{
   unsigned char tvalue, index;

   printf("STARTING...\n");

   for(index = 0; index < 128; index++)
   {
      __asm
      {
         cli             /* Disable interrupts */
         mov al, index   /* Move index address */
                         /* since the 0x80 bit of al is not set, */
                         /* NMI is active */
         out 0x70, al    /* Copy address to CMOS register */
                         /* some kind of real delay here is probably best */
         in al, 0x71     /* Fetch 1 byte to al */
         sti             /* Enable interrupts */
         mov tvalue, al
      }

      printf("%u\n", (unsigned int)tvalue);
   }

   printf("FINISHED!\n");
   return 0;
}

When I try to execute the exe from the command prompt, I don't see anything, only the row "STARTING...".

What am I doing wrong?

Thanks a lot.

score 9 · Accepted Answer · answered Jun 16 '19 at 08:24

9

The example code you found is operating system code, not Windows code. It would be sheer chaos if Windows allowed random processes to interact randomly with hardware devices like the real time clock. The operating system has a driver that talks to the real time clock and it won't allow processes to randomly poke into it.

As just the most obvious problem, you can't just disable interrupts from a process while a modern operating system is running!

answered Jun 16 '19 at 08:24

David Schwartz

179,497
17
214
278

Thank you, David. So is it impossible to bypass the WinAPIs? – Fabrizio Jun 16 '19 at 09:32
2

@Fabrizio: unless you can find a privilege-escalation exploit that lets you take over the kernel from user-space, yes. Or using admin privileges, load a kernel module. (I think Windows calls that a "driver".) – Peter Cordes Jun 16 '19 at 18:35

score 4 · Answer 2 · answered Jun 16 '19 at 09:09

4

I would like to get current date and time from RTC with a Windows program.

On Windows, you use Windows APIs (or wrappers)

The main APIs to read the system time are :

GetSystemTime

GetSystemTimePreciseAsFileTime

NtQuerySystemTime

answered Jun 16 '19 at 09:09

Castorix

1,465
1
9
11

Thanks, Castorix. The problem is that I really want to bypass windows APIs. Based on what you say, this is impossible. Is it so? – Fabrizio Jun 16 '19 at 09:30
3

At Boot time, Windows reads the SYSTEM time from the RTC and copies it in User mode in the **USER_SHARED_DATA** structure So it can be read from this structure without API calls, but it is not usual ( I tested on Windows 10) – Castorix Jun 16 '19 at 10:07
When you say "copies", do you mean "maps"? So all user-space processes have a shared mapping of some kernel data they can read without system calls? Linux does the same thing with the VDSO page(s), allowing some simple but common system calls like `getpid()` to not actually have to enter the kernel. For `clock_gettime`, instead of actually exporting a shared time counter, Linux exports a scale-factor and offset for `rdtsc`, so high-precision time is available in user-space. There might also be a low-precision time that can simply be read in Linux, like you're talking about on Windows. – Peter Cordes Jun 16 '19 at 18:41
1

Yes, it is a fixed area, since NT 3.5 IIRC, that any process can read. It is defined by `#define MM_SHARED_USER_DATA_VA 0x7FFE0000 #define USER_SHARED_DATA ((KUSER_SHARED_DATA * const)MM_SHARED_USER_DATA_VA)` – Castorix Jun 16 '19 at 18:52

Read RTC in Windows

2 Answers2

Linked