原贴在这里
http://bbs.pediy.com/showthread.php?t=121797&highlight=MBR
首先声明:
本人菜鸟
为了弄懂这个程序特地学了下汇编
把王爽老师的书看玩后总算看懂程序了
程序是用ASCII码相加的和来做密码的,也就是这一句
PassWordLength EQU 021DH ;"lenght of 'kevin'"
kevin 这几个字母的ASCII码相加等于021D,H代表是16进制,不信自己加一下。
这里是把没次输入的ASCII码相加
ADD CX,bx ;存入CX中
这里是比对
cmp cx,PassWordLength
看到这里也就能知道只要输入几个字母ASCII码加起来等于021D就可以登陆进去了。
我觉得这个不好,然后自己改了下,不料水平有限,程序编译通过了,但是在虚拟机上运行出现了错误,所以来这里求大牛指教。
;=================================================================
CPU 486
BITS 16
xor ebx,ebx
mov ds,bx
mov ax,[0x413] ;40:13,BIOS数据区保存常规的内存大小,单位:KBs.
and al,0xfc ;要求分配的物理内存地址,以页作为基地址
sub ax,4
mov [0x413],ax ;开辟一段内存,实现程序的驻留
shl ax,0x6 ;bx *= 1024 / 16 (KBs->线性地址=KBs*1024,段:除以16)
mov es,ax ;存储段地址
mov si,0x7c00 ;拷贝代码到驻留内存中执行
xor di,di ;偏移地址为0
mov cx,0x100 ;拷贝512
rep movsw
mov ax,0x201
mov cl,0x2
cdq ;Convert Double to Quad (386+)把edx扩展为eax的高位,也就是说变为64位。
push es
push word password
retf
;=====================================================================
password: ;校验密码
MOV SI,ShowAuthorMessage
CALL SHOWMESSAGE
mov si,ShowEnterMessage
CALL SHOWMESSAGE
CALL GETKEY
MOV SI,0
MOV CX,5
yanzheng1:
MOV AL,[InputPassWord+SI]
cmp AL,[PassWordAddress+SI]
ADD SI,1
jne again
loop yanzheng1
je bootloader
again: ;第二次校验密码
mov si,ShowError
call SHOWMESSAGE
mov si,ShowEnterMessage
CALL SHOWMESSAGE
CALL GETKEY
cmp cx,PassWordAddress
je bootloader
lasttime: ;最后一次校验密码
mov si,ShowLastError
call SHOWMESSAGE
mov si,ShowEnterMessage
CALL SHOWMESSAGE
CALL GETKEY
cmp cx,PassWordAddress
je bootloader
wrong: ;登陆失败
mov si,ShowByeBye
CALL SHOWMESSAGE
jmp $
bootloader: ;校验密码成功,开始登陆
mov si,ShowWelcome
call SHOWMESSAGE
CALL GETENTER
mov es,dx
mov eax,0x201
mov ecx,02h ;读第二扇区的原始MBR引导开机
mov edx,0x80
mov ebx,0x7c00
int 0x13
popad
pop ds
pop sp
jmp 0x0:0x7c00 ;jmp to original mbr from hard drive
;======================================================================
;======================================================================
SHOWMESSAGE:
mov bx,0007h ; Page Number = 0, Attribute = 07h
mov ah,0Eh ; Function 0Eh: Teletype Output
cs lodsb ; load the first character
Next_Char:
int 10h
cs lodsb ; al = next character
or al,al ; last letter?
jnz Next_Char ; if not print next letter
RETURNBACK:
POP SI
ret
;===========================================================
GETKEY:
XOR CX,CX
PUSH SI
XOR SI,SI
LOOP:
MOV AH,0
INT 16H
mov bl,al
;AND BX,0xFF
CMP AL,0DH ;判断是否Enter键
JZ RETURNBACK
;ADD CL,bx ;存入CX中
MOV [SI+InputPassWord],bl
ADD SI,1
MOV AL,2AH
MOV BX,07H
MOV AH,0EH
INT 10H ;显示*号,继续等待输入
JMP LOOP
;======================================================
GETENTER: ;判断是否Enter键,如果是则返回,若不是继续等待输入
MOV AH,0
INT 16H
AND AX,0xFF
CMP AL,0DH
JNZ GETENTER
RET
;=======================================================
ShowAuthorMessage db 10, 13, "Author:sbha0909@yahoo.com.cn", 0;
ShowEnterMessage db 10, 13, "Enter PassWord:", 0
ShowError db 10, 13, "wrong password!...Try again", 0
ShowLastError db 10, 13, "wrong password!...Try Last Time", 0
PassWordAddress db "kevin" ;021DH ;"lenght of 'kevin'"
InputPassWord db "000000"
ShowByeBye db 10, 13, "Sorry...Perhaps this is not your computer!", 0
ShowWelcome db 10, 13, "Welcome bingger...!Press Enter to load Windows", 0
;=================================================================
CodeEnd EQU $
times 510-($-$$) db 0 ;填充00h
Boot_Signature dw 0AA55h
;===============================================================
我把输入的值存入了InputPass里面
MOV [SI+InputPassWord],bl
然后对比改成了这样
MOV CX,5
yanzheng1:
MOV AL,[InputPassWord+SI]
cmp AL,[PassWordAddress+SI]
ADD SI,1
jne again
loop yanzheng1
结果在虚拟机里运行错误。
本人是临时会员,不能到编程版块讨论了,所以希望各位大哥帮忙顶下贴,一起学习下,别石沉大海了!
[课程]FART 脱壳王!加量不加价!FART作者讲授!
