我在前一段时间写了一个硬盘锁,拿出来和大家交流交流,同时有个问题,希望大 家能帮我想想。 首先,大略介绍一下我的程序,我是用汇编写成,程序有2个文件:hdlock.exe hdlock.dat ,其中hdlock.dat是我写的用于装入硬盘0柱0道1扇的硬盘锁,hdlock.exe实现 (1)把hdlock.dat装入硬盘0柱0道1扇并设置硬盘锁的密码,(2)修改密码,(3)卸载 硬盘锁 在此,先介绍一下 hdlock.dat,因为硬盘锁本身受空间限制,必须严格控制在1bdH 字节内,(知道为什么吗?)所以是不能用masm先写原程序,再编译,我基本上是用debug 的A命令一次性写出来的,我把这些反汇编了出来,加上一些注释,给大家看看,互相学习 吗。 ;这一段是将整个硬盘锁从0000:7c00移至0000:0600,以免被后来读入的代码覆盖 0F6D:0100 1E PUSHDS 0F6D:0101 06 PUSHES 0F6D:0102 B90001 MOVCX,0100 0F6D:0105 BF0006 MOVDI,0600 0F6D:0108 B80000 MOVAX,0000 0F6D:010B 8ED8 MOVDS,AX 0F6D:010D 8EC0 MOVES,AX 0F6D:010F BE007C MOVSI,7C00 0F6D:0112 F2 REPNZ 0F6D:0113 A5 MOVSW 0F6D:0114 EA1A060000 JMP0000:061A ;长跳转至移动后的代码,也就是从011a处开始执行 0F6D:0119 90 NOP 0F6D:011A EB09 JMP0125 ;这一段是对屏幕进行初始化,显示字符串"PASSWORD" 0F6D:0125 B80006 MOVAX,0600 0F6D:0128 B7F0 MOVBH,F0 0F6D:012A B90000 MOVCX,0000 0F6D:012D BA4F18 MOVDX,184F 0F6D:0130 CD10 INT10 ;初始化屏幕(前景为黑色,背景为灰白,字符闪烁) 0F6D:0132 B21A MOVDL,1A 0F6D:0134 BE1C06 MOVSI,061C ;从061cH处显示字符(因为程序将被读入了0000:0600处, ;实际显示的也就是现在的11cH处开始的字符串) 0F6D:0137 B402 MOVAH,02 0F6D:0139 B610 MOVDH,10 0F6D:013B B700 MOVBH,00 0F6D:013D CD10 INT10 ;设光标位置(10H行1aH列) 0F6D:013F 8A04 MOVAL,[SI] 0F6D:0141 3C00 CMPAL,00 0F6D:0143 741B JZ0160 ;是否已显示完字符串,是则跳至从键盘读取密码处 0F6D:0145 B409 MOVAH,09 0F6D:0147 B90100 MOVCX,0001 0F6D:014A B700 MOVBH,00 0F6D:014C B370 MOVBL,70 0F6D:014E CD10 INT10 ;显示一个字符 0F6D:0150 FEC2 INCDL ;光标后移一位 0F6D:0152 46 INCSI ;字符指针后移一位 0F6D:0153 EBE2 JMP0137 ;继续显示下一字符 0f6d:011c db 'PASSWARD'00 ;用于显示的字符串 ; 从键盘读取密码 0F6D:0160 B90400 MOVCX,0004 0F6D:0163 B80000 MOVAX,0000 0F6D:0166 8EC0 MOVES,AX 0F6D:0168 BF0108 MOVDI,0801 0F6D:016B F3 REPZ 0F6D:016C AB STOSW ;在0000:0801开始处开一片长度为8个字节的缓冲区 ;(用00H来标记),用于存放从键盘读入的密码,(密码 ;最多为8个字符,最少为0个字符) 0F6D:016D B90900 MOVCX,0009 ;最多读9次键盘(当然第9次是重头读过) 0F6D:0170 BF0108 MOVDI,0801 ;从801H处开始写密码 0F6D:0173 B223 MOVDL,23 0F6D:0175 B400 MOVAH,00 0F6D:0177 CD16 INT16 ;读键盘 0F6D:0179 3C0D CMPAL,0D 0F6D:017B 7479 JZ01F6 ;是回车则跳至密码比较处 0F6D:017D B402 MOVAH,02 0F6D:017F 90 NOP 0F6D:0180 90 NOP 0F6D:0181 B610 MOVDH,10 0F6D:0183 B700 MOVBH,00 0F6D:0185 CD10 INT10 ;设置光标位置(当然是"PASSWARD"字符串后面了) 0F6D:0187 3C08 CMPAL,08 0F6D:0189 7437 JZ01C2 ;是退格键则跳至退格处理 0F6D:018B 50 PUSHAX 0F6D:018C B40E MOVAH,0E 0F6D:018E B02A MOVAL,2A 0F6D:0190 B307 MOVBL,07 0F6D:0192 CD10 INT10 ;显示一个"*"(没有回显的密码输入是不是很恐怖) 0F6D:0194 58 POPAX 0F6D:0195 0423 ADDAL,23 ;密码字符加23H(受空间限制,加上该程序在系统启 ;动前执行,在此,我只是简单的将密字加上23H, ;如果谁有好而小巧的算法,别忘了告诉我) 0F6D:0197 8805 MOV[DI],AL 0F6D:0199 47 INCDI 0F6D:019A 49 DECCX 0F6D:019B 83F900 CMPCX,+00 0F6D:019E 740A JZ01AA ;是否读了第9次键盘,是跳转至输入溢出处 0F60:01A0 FEC2 INC DL 0F60:01A2 EBD1 JMP 0175 ;本段用于处理键盘输入超过8次 0F6D:01AA B610 MOVDH,10 0F6D:01AC B402 MOVAH,02 0F6D:01AE B223 MOVDL,23 0F6D:01B0 B700 MOVBH,00 0F6D:01B2 CD10 INT10 0F6D:01B4 B409 MOVAH,09 0F6D:01B6 B000 MOVAL,00 0F6D:01B8 B307 MOVBL,07 0F6D:01BA B90900 MOVCX,0009 0F6D:01BD CD10 INT10 0F6D:01BF EB9F JMP0160 ;重新读取密码 ;本段用于退格处理 0F6D:01C2 51 PUSHCX 0F6D:01C3 B403 MOVAH,03 0F6D:01C5 B700 MOVBH,00 0F6D:01C7 CD10 INT10 ;读光标位置 0F6D:01C9 80FA23 CMPDL,23 0F6D:01CC 74A7 JZ0175 ;光标是否已到头,是则去读下一密字 0F6D:01CE 81FF0008 CMPDI,0800 0F6D:01D2 74A1 JZ0175 ;密码缓冲是否已到头,是则去读下一密字 0F6D:01D4 B402 MOVAH,02 0F6D:01D6 FECA DECDL 0F6D:01D8 CD10 INT10 0F6D:01DA B40E MOVAH,0E 0F6D:01DC B000 MOVAL,00 0F6D:01DE B307 MOVBL,07 0F6D:01E0 CD10 INT10 ;光标前移一位,并删除一个"*" 0F6D:01E2 B80000 MOVAX,0000 0F6D:01E5 8905 MOV[DI],AX ;密码缓冲当前指针处清零 0F6D:01E7 4F DECDI ;密码缓冲指针减一 0F6D:01E8 8905 MOV[DI],AX ;密码缓冲当前指针处清零 0F6D:01EA 59 POPCX INC CX ;///CX 应该加1 0F6D:01EB EB88 JMP0175 ;重新读键盘 ;本段用于比较密字 0F6D:01F6 B80000 MOVAX,0000 0F6D:01F9 8EC0 MOVES,AX 0F6D:01FB 8ED8 MOVDS,AX 0F6D:01FD BEB007 MOVSI,07B0 0F6D:0200 BF0108 MOVDI,0801 0F6D:0203 B90400 MOVCX,0004 0F6D:0206 F3 REPZ 0F6D:0207 A7 CMPSW 0F6D:0208 7404 JZ020E ;字符串相同则跳转至正确引导系统代码 0F6D:020A EB3C JMP0248 ;字符串不相同则跳转至加密硬盘代码 ;正确引导系统代码 0F6D:020E B80000 MOVAX,0000 0F6D:0211 8EC0 MOVES,AX 0F6D:0213 B80102 MOVAX,0201 0F6D:0216 B90200 MOVCX,0002 0F6D:0219 BA8000 MOVDX,0080 0F6D:021C BB00F0 MOVBX,F000 0F6D:021F CD13 INT13 0F6D:0221 B80103 MOVAX,0301 0F6D:0224 B90100 MOVCX,0001 0F6D:0227 BA8000 MOVDX,0080 0F6D:022A CD13 INT13 ;0柱0道2扇是HDBOOT.EXE写入的由硬盘锁代码 ;(也就是大家现在看到的代码)+正确的硬盘分 ;区表组成,将其写入0柱0道1扇后操作系统就可 ;正常读取硬盘了 0F6D:022C B80000 MOVAX,0000 0F6D:022F 8EC0 MOVES,AX 0F6D:0231 B80102 MOVAX,0201 0F6D:0234 B90300 MOVCX,0003 0F6D:0237 BA8000 MOVDX,0080 0F6D:023A BB007C MOVBX,7C00 0F6D:023D CD13 INT13 ;0柱0道3扇是HDBOOT.EXE写入的原MBR区的备份,将 ;其读入0000:7c00处 0F6D:023F EA007C0000 JMP0000:7C00 ;长跳转至原MBR代码处执行(以后怎么样引导就不 ;是我们现在讨论的了),从而正确引导系统 ;加密硬盘代码 0F6D:0248 B80000 MOVAX,0000 0F6D:024B 8EC0 MOVES,AX 0F6D:024D B80102 MOVAX,0201 0F6D:0250 B90400 MOVCX,0004 0F6D:0253 BA8000 MOVDX,0080 0F6D:0256 BB00F0 MOVBX,F000 0F6D:0259 CD13 INT13 0F6D:025B B80103 MOVAX,0301 0F6D:025E B90100 MOVCX,0001 0F6D:0261 BA8000 MOVDX,0080 0F6D:0264 CD13 INT13 ;0柱0道4扇是HDBOOT.EXE写入的由硬盘锁代码(也就是 ;大家现在看到的代码)加上江明原理的逻辑锁,将其写入 ;0柱0道1扇后操作系统就被完全锁死了(不能从其它盘引导) 0F6D:0266 CD19 INT19 ;不用多说吧,相当于热启动 大家看后一定看出了一些问题,为了能够让这个硬盘锁可以跨平台,我设置为输入正确密码后就将 正确的分区表读入0柱0道1扇,输入不正确密码后就将江明锁读入0柱0道1扇,明白人一下就看出了,如 果电脑主人上次用正确密码进入了电脑,而电脑非法使用者一次都不试密码,就直接用软盘或光盘或 USB盘引导,那么就可以非法访问硬盘了,说实话,这个问题困扰了我许久,一直不得其解,不这样做, 就得在输入正确密码后就将正确的分区表读入0柱0道1扇,然后在操作系统启动后再做手脚把0柱0道1扇的 分区表加密,这样做有两个问题,(1)操作系统启动做的手脚一定是放在操作系统的自启动中(如DOS的 AUTOEXEC.BAT、WIN98的"启动"等),这样做显然不安全,(2)同时这样做显然不能做到"跨平台",所以我只 能在程序说明中告诉使用者,如果离开电脑,就故意输入一错误密码,那么江明锁就将硬盘锁死了,这样电脑 非法使用者用软盘或光盘或USB盘都不能引导了,(大家知道所谓江明锁,就是让扩展分区指向自己,从而使 启动程序陷入死循环,这个该死的东西也不知害死了多少硬盘,也该让他做做好事了),要是谁有更好的方法 解决这一问题,一定要告诉我. 再来介绍一下HDLCOK.EXE文件,以下是完整的程序源代码: ;硬盘锁安装程序 DATA SEGMENT D1 DB 0CDH,0BFH,0D1H,0E5H,0EAH,0CDH D2 DB 'You had not install the HDLOCK,do you install?(y/n)',0dh,0ah,'$' D3 DB 'HDLOCK.DAT',00H D4 DB 'Can not find file (HDLOCK.DAT)',0dh,0ah,'$' D5 DB 'PASSWORD',00H D6 DB 1EH,06H,0B9H,00H,01H,0BFH,00H,06H,0B8H,00H,00H,8EH,0D8H,8EH,0C0H,0BEH;逻辑锁 DB 00H,7CH,0F2H,0A5H,0EAH,1AH,06H,00H,00H,90H,0EBH,09H,50H,41H,53H,53H DB 57H,4FH,52H,44H,00H,0B8H,00H,06H,0B7H,0F0H,0B9H,00H,00H,0BAH,4FH,18H DB 0CDH,10H,0B2H,01AH,0BEH,1CH,06H,0B4H,02H,0B6H,10H,0B7H,00H,0CDH,10H,8AH DB 04H,3CH,00H,74H,1BH,0B4H,09H,0B9H,01H,00H,0B7H,00H,0B3H,70H,0CDH,10H DB 0FEH,0C2H,46H,0EBH,0E2H,0CDH,20H,4FH,3DH,33H,0CDH,20H,33H,33H,33H,33H DB 0B9H,04H,00H,0B8H,00H,00H,8EH,0C0H,0BFH,01H,08H,0F3H,0ABH,0B9H,09H,00H DB 0BFH,01H,08H,0B2H,23H,0B4H,00H,0CDH,16H,3CH,0DH,74H,79H,0B4H,02H,90H DB 90H,0B6H,10H,0B7H,00H,0CDH,10H,3CH,08H,74H,37H,50H,0B4H,0EH,0B0H,2AH DB 0B3H,07H,0CDH,10H,58H,04H,23H,88H,05H,47H,49H,83H,0F9H,00H,74H,0AH DB 0FEH,0C2H,0EBH,0D1H,24H,67H,00H,77H,69H,6EH,0B6H,10H,0B4H,02H,0B2H,23H DB 0B7H,00H,0CDH,10H,0B4H,09H,0B0H,00H,0B3H,07H,0B9H,09H,00H,0CDH,10H,0EBH DB 9FH,51H,51H,0B4H,03H,0B7H,00H,0CDH,10H,80H,0FAH,23H,74H,0A7H,81H,0FFH DB 00H,08H,74H,0A1H,0B4H,02H,0FEH,0CAH,0CDH,10H,0B4H,0EH,0B0H,00H,0B3H,07H DB 0CDH,10H,0B8H,00H,00H,89H,05H,4FH,89H,05H,59H,0EBH,88H,07H,43H,04H DB 0E8H,86H,0CDH,20H,44H,44H,0B8H,00H,00H,8EH,0C0H,8EH,0D8H,0BEH,0B0H,07H DB 0BFH,01H,08H,0B9H,04H,00H,0F3H,0A7H,74H,04H,0EBH,3CH,55H,55H,0B8H,00H DB 00H,8EH,0C0H,0B8H,01H,02H,0B9H,02H,00H,0BAH,80H,00H,0BBH,00H,0F0H,0CDH DB 13H,0B8H,01H,03H,0B9H,01H,00H,0BAH,80H,00H,0CDH,13H,0B8H,00H,00H,8EH DB 0C0H,0B8H,01H,02H,0B9H,03H,00H,0BAH,80H,00H,0BBH,00H,7CH,0CDH,13H,0EAH DB 00H,7CH,00H,00H,00H,00H,00H,00H,0B8H,00H,00H,8EH,0C0H,0B8H,01H,02H DB 0B9H,04H,00H,0BAH,80H,00H,0BBH,00H,0F0H,0CDH,13H,0B8H,01H,03H,0B9H,01H DB 00H,0BAH,80H,00H,0CDH,13H,0CDH,19H,00H,00H,00H,00H,00H,00H,00H,00H DB 00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H DB 00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H DB 00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H DB 00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H DB 64H,64H,64H,64H,64H,64H,64H,64H,00H,00H,00H,00H,00H,00H,00H,00H DB 01H,00H,05H,0FEH,7FH,05H,3FH,00H,00H,00H,47H,39H,40H,00H,00H,00H DB 00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H DB 00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H DB 00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,55H,0AAH D7 DB 'You have been installed HDLOCK,do you remove?(y/n)',0dh,'$' D8 DB 'PASSWORD ERROR$' D9 DB 0dh,0ah DB 0dh,0ah DB ' # # # # # # # # # # # # #',0dh,0ah DB ' # # # # # # # # # # # # #',0dh,0ah DB ' # # # # # # # # # # # # #',0dh,0ah DB ' # # # # # # # # # # # # #',0dh,0ah DB ' # # # # # # # # # # # # # #',0dh,0ah DB 0dh,0ah DB ' ----------# HARD DISK LOCK #------------',0dh,0ah DB ' BY:THE MAN LIKE WIND',0dh,0ah DB ' E-mail:tyhhyf@hotmail.com',0dh,0ah DB ' OICQ:86633320',0dh,0ah D10 DB 'Enter anykey to enter the PASSWORD.$' D11 DB 'Enter anykey to enter the PASSWORD again.$' D12 DB 'Error:Two PASSWORD is not alike!$' D13 DB 'The HDLOCK had been installed,please remember you PASSWORD!!!$' D14 DB 'The HDLOCK had been removed.$' DATA ENDS CODE SEGMENT ASSUME CS:CODE,DS:DATA,ES:DATA START: MOV AX,DATA MOV DS,AX MOV ES,AX MOV DX,OFFSET D9 MOV AH,09H INT 21H MOV AH,00H INT 16H ;判断是否安装过硬盘锁程序 NEXT: MOV AX,0201H;读一扇区 MOV CX,0001H MOV DX,0080H MOV BX,0F000H INT 13H MOV AX,0201H MOV CX,0001H MOV DX,0080H MOV BX,0E000H INT 13H MOV SI,0F1A0H MOV DI,OFFSET D1 MOV CX,0003H REPE CMPSW JNZ INSTALL JMP DEL INSTALL: MOV DX,OFFSET D2 MOV AH,09H INT 21H ENTER: INT 16H OR AL,20H CMP AL,'y';是Y? JE INSTALL1 CMP AL,'n' JE EXIT JMP ENTER EXIT: MOV AH,4CH INT 21H INSTALL1: MOV AH,3DH MOV DX,OFFSET D3 MOV AL,00H INT 21H JB AERROR PUSH AX MOV AH,3FH MOV DX,0F000H MOV CX,01BEH POP BX INT 21H MOV AH,09H MOV DX,OFFSET D10 INT 21H MOV AH,00H INT 16H CALL NEAR PTR PWENTER MOV SI,0F1B0H MOV DI,0F3B0H MOV CX,0004H REPNZ MOVSW MOV AH,06H MOV AL,00H MOV BH,07H MOV CX,0000H MOV DX,184FH INT 10H MOV DH,03H MOV DL,00H MOV BH,00H MOV AH,02H INT 10H MOV AH,09H MOV DX,OFFSET D11 INT 21H MOV AH,00H INT 16H CALL NEAR PTR PWENTER MOV SI,0F1B0H MOV DI,0F3B0H MOV CX,0008H REPE CMPSB JNZ EXIT4 JMP WRITE AERROR: MOV AH,09H MOV DX,OFFSET D4 INT 21H JMP EXIT EXIT4: MOV DH,03H MOV DL,00H MOV BH,00H MOV AH,02H INT 10H MOV AH,06H MOV AL,00H MOV BH,07H MOV CX,0000H MOV DX,184FH INT 10H MOV AH,09H MOV DX,OFFSET D12 INT 21H MOV AH,4CH INT 21H WRITE: MOV AX,0301H MOV CX,0003H MOV DX,0080H MOV BX,0E000H INT 13H MOV BX,OFFSET D6 ADD BX,1B0H MOV CX,4H MOV SI,0F1B0H MOV DI,BX REPNZ MOVSW MOV AX,0301H MOV CX,0004H MOV DX,0080H MOV BX,OFFSET D6 INT 13H MOV AX,0301H MOV CX,0002H MOV BX,0F000H MOV DX,0080H INT 13H MOV AX,0301H MOV CX,0001H MOV BX,0F000H MOV DX,0080H INT 13H MOV AH,06H MOV AL,00H MOV BH,07H MOV CX,0000H MOV DX,184FH INT 10H MOV DH,03H MOV DL,00H MOV BH,00H MOV AH,02H INT 10H MOV AH,09H MOV DX,OFFSET D13 INT 21H JMP EXIT DEL: MOV DX,OFFSET D7 MOV AH,09H INT 21H ENTER2: MOV AH,00H INT 16H OR AL,20H CMP AL,'y' JE UNLADE CMP AL,'n' JE EXIT1 JMP ENTER2 EXIT1: MOV AH,4CH INT 21H UNLADE: CALL NEAR PTR PWENTER MOV SI,0F1B0H MOV DI,0E1B0H MOV CX,8H REPE CMPSB JNZ EXIT2 MOV AX,0201H MOV CX,0003H MOV BX,0F000H MOV DX,0080H INT 13H MOV AX,0301H MOV CX,0001H MOV BX,0F000H MOV DX,0080H INT 13H MOV DH,03H MOV DL,00H MOV BH,00H MOV AH,02H INT 10H MOV AH,06H MOV AL,00H MOV BH,07H MOV CX,0000H MOV DX,184FH INT 10H MOV AH,09H MOV DX,OFFSET D14 INT 21H JMP EXIT EXIT2: MOV AH,09H MOV DX,OFFSET D8 INT 21H MOV AH,4CH INT 21H ;子程序用于从键盘读密码 PWENTER PROC NEAR PUSH AX PUSH BX PUSH CX PUSH DX MOV AX,0600H MOV BH,0F0H MOV CX,0000H MOV DX,184FH INT 10H MOV DL,1AH MOV SI,OFFSET D5 DISPLAY: MOV AH,02H MOV DH,10H MOV BH,00H INT 10H MOV AL,[SI] CMP AL,00H JE GETPW MOV AH,09H MOV CX,01H MOV BH,00H MOV BL,70H INT 10H INC DL INC SI JMP DISPLAY GETPW: MOV CX,0004H MOV AH,0000H MOV DI,0F1B0H REPZ STOSW MOV CX,0009H MOV DI,0F1B0H MOV DL,23H READKEY: MOV AH,00H INT 16H CMP AL,0DH JE OK CMP AL,20H JE READKEY CMP AL,00H JE READKEY CMP AL,09H JE READKEY CMP AL,1BH JE AESC PUSH CX MOV AH,02H MOV DH,10H MOV BH,00H INT 10H POP CX CMP AL,08H JE BACKSPACE PUSH AX MOV AH,0EH MOV AL,2AH MOV BL,07H INT 10H POP AX ADD AL,23H MOV [DI],AL INC DI DEC CX CMP CX,00H JE OVERFLOW INC DL JMP READKEY OK: POP AX POP BX POP CX POP DX RET AESC: MOV AH,4CH INT 21H OVERFLOW: MOV DH,10H MOV AH,02H MOV DL,23H MOV BH,00H INT 10H MOV AH,09H MOV AL,00H MOV BL,07H MOV CX,0009H INT 10H JMP GETPW BACKSPACE: PUSH CX MOV AH,03H MOV BH,00H INT 10H POP CX CMP DL,23H JE READKEY CMP DI,0F1AFH; JE READKEY PUSH CX MOV AH,02H DEC DL INT 10H POP CX PUSH CX MOV AH,0EH MOV AL,00H MOV BL,07H INT 10H POP CX MOV AX,0000H MOV [DI],AX DEC DI MOV [DI],AX CMP CX,09H JE AJUMP INC CX JMP AJUMP AJUMP: JMP READKEY PWENTER ENDP CODE ENDS END START  
|