|
[原创]用记事本编写2字节程序,超级经典
确实刚才才发现其实可以不用 MZ ,随便什么都可以,但是不能是空文件.... |
|
[求助]磁盘是怎么寻址的?
你得描述一下你写的是什么程序嘛,windows 应用程序 还是 MFC程序 抑或是控制台程序,不然大家怎么知道你写的是驱动程序 还是 16位的dos程序呢? |
|
[原创]浅谈完美、诛仙等游戏验证码的识别
楼主太牛B了,我看了一下,没有做旋转什么之类的处理,应该还不能解决旋转了的汉字, |
|
[求助]素数的疑问的验证问题
有时候如果有一部分素数表,则只要 将 2 到 sqrt(n) 之间的素数除一遍 |
|
[分享]3句代码,在星际争霸屏幕上写字(详细教程,有图,附源码)
把代码 嵌入到 星际争霸中, |
|
[原创]奇虎360第1题 hook WRITE_PORT_UCHAR
网上 也又很多 io硬盘的方法 ,但是执行起来总是有问题,也没有什么检测硬盘存在的问题,经常都是虚拟机上正常,真机子上就不行了。 后来还是跟踪 int 13h + atapi 文档 解决的 |
|
[原创]奇虎360第1题 hook WRITE_PORT_UCHAR
不是 lba48,而是 io 硬盘的方法 |
|
[原创]奇虎360第1题 hook WRITE_PORT_UCHAR
前几天在代码里发现了一个错误 if((at_rig[REG_CYL_HI] == 0)&& (at_rig[REG_CYL_LO] == 0) && (at_rig[REG_SECTOR] == 1) && ((at_rig[REG_LDH]&0x10) == 0)) 要改成 if((at_rig[REG_CYL_HI] == 0)&& (at_rig[REG_CYL_LO] == 0) && (at_rig[REG_SECTOR] == 1) && ((at_rig[REG_LDH]&0x1f) == 0)) |
|
|
|
|
|
[求助]关于编程的理论和实践问题
只会 编译原理,算法导论,计算机组成..... 也不能叫 developer ,只能叫考王 |
|
[原创]奇虎360第1题 hook WRITE_PORT_UCHAR
看了老v io硬盘的代码, 用的是 CHS 寻址,最大可以访问 8G 硬盘 不存在只能访问头几个扇区的情况。不过我觉得吧,老v 的代码只在传输数据的时候关了中断,那么如果在传输数据之前发生了任务切换,并且切换的过程中 windows 访问了硬盘...那么当切换回来时 硬盘的状态已经发生改变了。其实也就是一个同步的问题 下面是 DeviceIoControl 访问硬盘的代码 , lba48 没有经过测试 ,weolar 能帮忙测一下不? (超过128 G 的硬盘 才用 lba48,不然一般不支持lba48) 直接 io 硬盘的代码就不发了(不想方便干坏事的人)。DeviceIoControl 的代码无法穿透我做一题的那个bin,所以还是可以发一下地。代码有什么错误的 一定要告诉俺,俺感激不尽,俺不想再做硬盘分区了。 #include <Windows.h> #include <stdio.h> #include <Winioctl.h> #include "ntddscsi.h" #define REG_PRECOMP 0 #define REG_COUNT 1 #define REG_SECTOR 2 #define REG_CYL_LO 3 #define REG_CYL_HI 4 #define REG_LDH 5 #define REG_COMMAND 6 #define LDH_DEFAULT 0xA0 #define LDH_LBA 0x40 #define CMD_WRITE_EXT 0x34 #define CMD_WRITE 0x30 #define CMD_READ_EXT 0x24 #define CMD_READ 0x20 typedef __int64 LONGLONG; char * write_disk(LONGLONG sec,int cnt,void * buff,int is_lba48 ) {//sec :扇区号; cnt : 扇区数; is_lba48 :是否使用 lba48 ;不使用lba48 可寻址 128G HANDLE hDevice; // handle to the drive to be examined BOOL bResult; // results flag DWORD junk; ATA_PASS_THROUGH_DIRECT rigs; // /*author: zdg102 */ hDevice = CreateFile("\\\\.\\PhysicalDrive0", // drive to open GENERIC_ALL, // FILE_SHARE_READ | // share mode FILE_SHARE_WRITE, NULL, // default security attributes OPEN_EXISTING, // disposition 0, // file attributes NULL); // do not copy file attributes if (hDevice == INVALID_HANDLE_VALUE) // cannot open the drive { return "cannot open the drive"; } rigs.Length = sizeof(rigs); rigs.AtaFlags = ATA_FLAGS_DATA_OUT | ATA_FLAGS_DRDY_REQUIRED ;//| ATA_FLAGS_USE_DMA; if(is_lba48) rigs.AtaFlags |= ATA_FLAGS_48BIT_COMMAND; rigs.PathId = 0; rigs.TargetId = 0 ; rigs.Lun = 0; rigs.ReservedAsUchar = 0 ; rigs.DataTransferLength = cnt*512; rigs.TimeOutValue = 10; rigs.ReservedAsUlong = 0; rigs.DataBuffer = buff; rigs.CurrentTaskFile[REG_PRECOMP] = 0; rigs.CurrentTaskFile[REG_COUNT] =(char) cnt & 0xff; rigs.CurrentTaskFile[REG_SECTOR] =(char) sec & 0xff; rigs.CurrentTaskFile[REG_CYL_LO] =(char) (sec>>=8) & 0xff; rigs.CurrentTaskFile[REG_CYL_HI] =(char) (sec>>=8) & 0xff; rigs.CurrentTaskFile[REG_LDH] = LDH_DEFAULT | LDH_LBA; sec>>=8; if(!is_lba48) rigs.CurrentTaskFile[REG_LDH] |= (char) sec&0xf; if(is_lba48) rigs.CurrentTaskFile[REG_COMMAND] = CMD_WRITE_EXT; else rigs.CurrentTaskFile[REG_COMMAND] = CMD_WRITE; rigs.CurrentTaskFile[7] = 0; rigs.PreviousTaskFile[REG_PRECOMP] = 0; rigs.PreviousTaskFile[REG_COUNT] =(char) (cnt>>=8)&0xff; rigs.PreviousTaskFile[REG_SECTOR] =(char) (sec)&0xff; rigs.PreviousTaskFile[REG_CYL_LO] =(char) (sec>>=8)&0xff; rigs.PreviousTaskFile[REG_CYL_HI] =(char) (sec>>=8)&0xff; rigs.PreviousTaskFile[REG_LDH] = LDH_DEFAULT | LDH_LBA; rigs.PreviousTaskFile[REG_COMMAND] = CMD_WRITE_EXT; rigs.PreviousTaskFile[7] = 0; bResult = DeviceIoControl(hDevice, // device to be queried IOCTL_ATA_PASS_THROUGH_DIRECT, // operation to perform &rigs, sizeof(rigs), // no input buffer &rigs, sizeof(rigs), // output buffer &junk, // # bytes returned (LPOVERLAPPED) NULL); // synchronous I/O if(!bResult) { bResult = GetLastError(); return "call DeviceIoControl error\n"; } CloseHandle(hDevice); return 0; } char * read_disk(LONGLONG sec,int cnt,void * buff,int is_lba48 ) { HANDLE hDevice; // handle to the drive to be examined BOOL bResult; // results flag DWORD junk; ATA_PASS_THROUGH_DIRECT rigs; // /*author: zdg102 */ hDevice = CreateFile("\\\\.\\PhysicalDrive0", // drive to open GENERIC_ALL, // FILE_SHARE_READ | // share mode FILE_SHARE_WRITE, NULL, // default security attributes OPEN_EXISTING, // disposition 0, // file attributes NULL); // do not copy file attributes if (hDevice == INVALID_HANDLE_VALUE) // cannot open the drive { return "cannot open the drive"; } rigs.Length = sizeof(rigs); rigs.AtaFlags = ATA_FLAGS_DATA_IN | ATA_FLAGS_DRDY_REQUIRED ;//| ATA_FLAGS_USE_DMA; if(is_lba48) rigs.AtaFlags |= ATA_FLAGS_48BIT_COMMAND; rigs.PathId = 0; rigs.TargetId = 0 ; rigs.Lun = 0; rigs.ReservedAsUchar = 0 ; rigs.DataTransferLength = cnt*512; rigs.TimeOutValue = 10; rigs.ReservedAsUlong = 0; rigs.DataBuffer = buff; rigs.CurrentTaskFile[REG_PRECOMP] = 0; rigs.CurrentTaskFile[REG_COUNT] =(char) cnt & 0xff; rigs.CurrentTaskFile[REG_SECTOR] =(char) sec & 0xff; rigs.CurrentTaskFile[REG_CYL_LO] =(char) (sec>>=8) & 0xff; rigs.CurrentTaskFile[REG_CYL_HI] =(char) (sec>>=8) & 0xff; rigs.CurrentTaskFile[REG_LDH] = LDH_DEFAULT | LDH_LBA; sec>>=8; if(!is_lba48) rigs.CurrentTaskFile[REG_LDH] |= (char) sec&0xf; if(is_lba48) rigs.CurrentTaskFile[REG_COMMAND] = CMD_READ_EXT; else rigs.CurrentTaskFile[REG_COMMAND] = CMD_READ; rigs.CurrentTaskFile[7] = 0; rigs.PreviousTaskFile[REG_PRECOMP] = 0; rigs.PreviousTaskFile[REG_COUNT] =(char) (cnt>>=8)&0xff; rigs.PreviousTaskFile[REG_SECTOR] =(char) (sec)&0xff; rigs.PreviousTaskFile[REG_CYL_LO] =(char) (sec>>=8)&0xff; rigs.PreviousTaskFile[REG_CYL_HI] =(char) (sec>>=8)&0xff; rigs.PreviousTaskFile[REG_LDH] = LDH_DEFAULT | LDH_LBA; rigs.PreviousTaskFile[REG_COMMAND] = CMD_READ_EXT; rigs.PreviousTaskFile[7] = 0; bResult = DeviceIoControl(hDevice, // device to be queried IOCTL_ATA_PASS_THROUGH_DIRECT, // operation to perform &rigs, sizeof(rigs), // no input buffer &rigs, sizeof(rigs), // output buffer &junk, // # bytes returned (LPOVERLAPPED) NULL); // synchronous I/O if(!bResult) { bResult = GetLastError(); return "call DeviceIoControl error\n"; } CloseHandle(hDevice); return 0; } char data[1024] = "fuck your disk"; int main() { int i,j,k; i=0; write_disk(1,1,data,0); do { read_disk(i,1,data,0); for(k=0;k<0x20;k++) { for(j=0;j<16;j++) { printf("%2X ",data[j+k*16]&0xff); } printf(" "); for(j=0;j<16;j++) { if( (data[j+k*16]&0xff) > 0x20 && (data[j+k*16]&0xff) < 0x7f) printf("%c",data[j+k*16]&0xff); else printf("."); } printf("\n"); } scanf("%d",&i); }while(i>=0); printf("ok"); return 0; } |
|
[原创]奇虎360第1题 hook WRITE_PORT_UCHAR
本想写写 lba48 代码,测试一下再发上来,以后终归是要写的,但身体不太舒服,明天还要考四级... 只好下次了 |
|
[原创]奇虎360第1题 hook WRITE_PORT_UCHAR
lba48 也差不多,但是我自己没有试过读 160G 的硬盘(没160G硬盘..),下面是英文原始资料 里面有表格贴不上来。 6.33 READ MULTIPLE EXT 6.33.1 Command code 29h 6.33.2 Feature set 48-bit Address feature set − Mandatory for all devices implementing the 48-bit Address feature set. − Use prohibited when the PACKET command feature set is implemented 6.33.3 Protocol PIO data-in (See Clause 11). 6.33.4 Inputs Sector Count Current - number of sectors to be transferred low order, bits (7:0). Sector Count Previous - number of sectors to be transferred high order, bits (15:8). 0000h in the Sector Count register specifies that 65,536 sectors are to be transferred. LBA Low Current - LBA (7:0). LBA Low Previous - LBA (31:24). LBA Mid Current - LBA (15:8). LBA Mid Previous - LBA (39:32). LBA High Current - LBA (23:16). LBA High Previous - LBA (47:40). Device - DEV shall specify the selected device. LBA shall be set to one 6.33.7 Prerequisites DRDY set to one. If bit 8 of IDENTIFY DEVICE data word 59 is cleared to zero, a successful SET MULTIPLE MODE command shall precede a READ MULTIPLE EXT command. 6.33.8 Description This command reads the number of sectors specified in the Sector Count register. The number of sectors per block is defined by a successful SET MULTIPLE command. If no successful SET MULTIPLE command has been issued, the block is defined by the device’s default value for number of sectors per block as defined in bits (7:0) in word 47 in the IDENTIFY DEVICE data. The device shall interrupt for each DRQ block transferred. When the READ MULTIPLE EXT command is issued, the Sector Count register contains the number of sectors (not the number of blocks) requested. If the number of requested sectors is not evenly divisible by the block count, as many full blocks as possible are transferred, followed by a final, partial block transfer. The partial block transfer shall be for n sectors, where n = remainder (sector count/ block count). If the READ MULTIPLE EXT command is received when READ MULTIPLE commands are disabled, the READ MULTIPLE operation shall be rejected with command aborted. Device errors encountered during READ MULTIPLE EXT commands are posted at the beginning of the block or partial block transfer, but the DRQ bit is still set to one and the data transfer shall take place, including transfer of corrupted data, if any. The contents of the Command Block Registers following the transfer of a data block that had a sector in error are undefined. The host should retry the transfer as individual requests to obtain valid error information. Subsequent blocks or partial blocks are transferred only if the error was a correctable data error. All other errors cause the command to stop after transfer of the block that contained the error. 我说一下大概吧: 读 lba48 的 Command code 为 29h , 输入参数中: Features 寄存器保留; Device 寄存器 LBA 位(6位) 设为 1 , DEV 位(4位) 需要设置; Sector Count ; LBA Low ;LBA Mid ;LBA High; 这几个寄存器你可以把它理解成 16 位的,第一次往这些寄存器里写数据写到 高八位,第二次则写到 低八位 LBA Low ;LBA Mid ;LBA High; 加起来 共 48 位,应此能寻址 48 位 |
|
[原创]奇虎360第1题 hook WRITE_PORT_UCHAR
是啊,咋就没想到 4 楼的方法啊,牛 |
|
[原创]奇虎360第1题 hook WRITE_PORT_UCHAR
没见答题区开放,但是又想看大牛是怎么做题的,只好先抛砖引玉了,可是我只做了2题,而且只有这题拿得出手,希望大家不要笑俺。也希望大牛多发代码,让我们这些菜鸟多学习学习 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值