硬盤鎖 HDD3.EXE
程序: zbin 1997-04-01 上海市經濟管理學院
曾有許多人抱怨自己工作的PC由于他人非法的使用,而導致工作文件丟失損壞,或者操作系統損壞,所以諸多人采用CMOS 加密的方法,但只有高版本的BIOS才具此功能,況且在CMOS放電之后此功能失效,故行之有效的方法就是對硬盤進行加密.
本人采用重寫硬盤主引導扇區的方法,隱藏硬盤分區表,接管INT 13H,徹底實現只能從硬盤啟動,拒絕啟動軟盤訪問硬盤的功能.
首先闡述一下PC啟動的步驟:
1. PC 加電BIOS 自舉,將硬盤物理第一扇區(主引導扇區)讀至 0000:7C00H , 檢測引導扇區的標志55H AAH ,程序 IP 跳至 7C00H
2. 主引導扇區得到控制權,引導程序檢測分區表是否非法,取得可啟動分區的系統引導扇區的位置,調用INT 13H 將系統引導扇區(諸如 DOS 系統)讀到0000:7C00H,IP 跳至7C00H.
3.系統(DOS)開始啟動,讀IO.SYS,MSDOS.SYS,CONFIG.SYS,AUTOEXEC.BAT, 完成一系列啟動工作.
本人程序主要思路如下:
1. 將原有主引導扇區WRITE 至 0磁頭0道13H扇,將漢字的字模WRITE至0磁頭0道21H之后的三個扇區
2. 改寫原有主引導扇區
使啟動軟盤不可訪問硬盤
本程序的特點是在操作系統啟動之前,
利用BIOS 10H AH=11H 的子功能,將漢字顯示在
屏幕上,所以事先應取得所要顯示漢字的字模
,將二進制字模轉換成能插入匯編程序,且
能被MASM.EXE編譯的數據(CPP,PROMPT1
之后的數據)
; ;97' 張斌
code segment
assume cs:code,ds:code,es:code ; 程序同段
first:
mov ax,ds
mov old_ds,ax
mov ch,0
mov cl,byte ptr es:[80h]
cmp cx,0
jne xxx
jmp begin
xxx: mov si,81h
loop1: lodsb
cmp al,'#'
je m1
loop loop1
jmp begin
m1:
lodsb
cmp al,'u'
jne t1
t2:
mov ax,cs
mov es,ax
mov ax,201h
mov bx,offset buf
mov cx,13h
mov dx,80h
int 13h
cmp byte ptr es:[buf+1fdh],'B' ;
je t3
mov ax,cs
mov ds,ax
lea dx,msg3
mov ah,9
int 21h
jmp exit
t3:
mov byte ptr es:[buf+1fdh],0
mov ax,cs
mov es,ax
mov ax,301h
mov bx,offset buf
mov cx,01h
mov dx,80h
int 13h
mov ax,301h
mov bx,offset buf
mov dx,80h
mov cx,13h
int 13h
mov ax,cs
mov ds,ax
lea dx,msg4
mov ah,9
int 21h
jmp exit
t1: cmp al,'U'
je t2
;**********************
push ax
mov ax,cs
mov es,ax
mov bx,offset buf
mov ax,201h
mov cx,21h
mov dx,80h
int 13h
pop ax
mov di, offset buf+226
mov word ptr cs:[buf+224],0
cmp al,'p'
jne p1
p2: lodsb
cmp al,0dh
je p3
stosb
inc word ptr cs:[buf+224]
jmp p2
p3:
mov ax,cs
push ax
pop es
mov ax,0301h
mov bx,offset buf
mov cx,21h
mov dx,80h
int 13h
jmp exit
p1: cmp al,'P'
je p2
begin:
mov ax,code
mov ds,ax
mov es,ax
jmp second ; 以上為程序拾取命令行參數
;************************** 程序說明
cpp db 008h,01dh,0f1h,011h,011h,0fdh,011h,038h,035h,054h,050h,091h,010h,010h,017h,010h
db 004h,0feh,004h,004h,004h,0fch,004h,000h,0fch,020h,020h,0fch,020h,020h,0feh
db 000h,001h,000h,03fh,020h,02fh,020h,021h,020h,02fh,020h,020h,020h,040h,040h
db 082h,001h,000h,088h,0fch,000h,0f8h,020h,040h,080h,0fch,088h,090h,080h,080h
db 080h,080h,000h,000h,000h,000h,000h,018h,018h,000h,000h,000h,018h,018h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,0feh,0c6h,086h,00ch,018h,030h,060h,0c2h
db 0c6h,0feh,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,018h,018h,000h,000h,000h,000h,000h,000h,0fch,066h,066h,066h,07ch,066h
db 066h,066h,066h,0fch,000h,000h,000h,000h,000h,000h,018h,018h,000h,038h,018h
db 018h,018h,018h,018h,03ch,000h,000h,000h,000h,000h,000h,000h,000h,000h,0dch
db 066h,066h,066h,066h,066h,066h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,03ch
db 066h,0c2h,0c0h,0c0h,0c0h,0c0h,0c2h,066h,03ch,000h,000h,000h,000h,02eh,057h
db 0cfh,06dh,0c5h,07eh,0feh,0eeh,0d7h,0ceh,0efh,07dh,0a2h,068h,08eh,047h,07dh
db 03dh,023h,018h,083h,0ffh,0eeh,0f7h,0eeh,07eh,077h,0fch,066h,061h,0f3h,043h
db 045h,053h,053h,021h,072h,0c7h,0ceh,0c6h,0cfh,0cfh,0d7h,07eh,056h,04dh,0feh
db 021h,0e4h,014h,0fdh,066h,067h,06eh,07dh,07dh,067h,076h,06fh,0e6h,047h,046h
db 047h,045h,054h,050h,05fh,05bh,021h,03ah,01eh,018h,05dh,05eh,05fh,07ch,045h
db 04eh,021h,07bh,001h,000h,045h,046h,050h,077h,0dch,0dfh,0edh,0fch,0ceh,07ch
db 04eh,0cfh,07dh,054h,046h,041h,0f4h,061h,0e5h,06fh,076h,067h,076h,076h,067h
db 0feh,054h,021h,008h,00ch,045h,053h,053h,07fh,070h,0fdh,031h,033h,03fh,030h
db 036h,05fh,043h,04fh,050h,059h,040h,023h,00fh,000h,047h,053h,045h,047h,052h
db 045h,041h,044h,021h,0bfh,00fh,000h,046h,053h,0d6h,0c7h,0d7h,0ceh,0ceh,0e7h
db 0deh,07ch,07dh,053h,054h,049h,04dh,045h,021h,05eh,011h,000h,047h,07fh,0d6h
db 0feh,0c9h,0c3h,0cfh,07ch,021h,0b6h,011h,000h,046h,053h,054h,052h,04ch,0ddh
db 07eh,067h,0edh,063h,068h,0ffh,05fh,04dh,04bh,04eh,041h,04dh,045h,0afh,003h
db 000h,006h,05fh,05fh,05fh,062h,072h,06bh,0f3h,000h,000h,008h,05fh,05fh,07fh
db 07ah,07fh,07eh,07dh,07ah,0dbh,018h,07eh,007h,05fh,05fh,05fh,073h,062h,072h
db 06bh,0f3h,000h,007h,05fh,05fh,072h,07fh,07eh,065h,072h,081h,000h,009h,05fh
db 07ah,06dh,0efh,0f7h,0f6h,0ffh,0f7h,0efh,0fch,03ch,006h,05fh,063h,070h,075h
db 074h,073h,068h,007h,000h,009h,05fh,063h,072h,065h,061h,074h,06eh,065h,077h
db 013h,006h,07eh,0dfh,0e7h,0f6h,07fh,067h,076h,076h,06dh,07dh,070h,013h,006h
db 000h,00ah,05fh,07eh,0e7h,0f6h,0e7h,07dh,0eeh,0eeh,0efh,0e7h,07dh,005h,000h
db 009h,05fh,066h,069h,06eh,064h,06eh,065h,078h,0feh,0a3h,00ah,009h,05fh,066h
db 070h,075h,074h,063h,068h,079h,07ah,0fbh,01ch,018h,05fh,07fh,07dh,07ch,07eh
db 069h,073h,06bh,0afh,008h,000h,01ch,07fh,07fh,07dh,07ch,07ch,07dh,078h,07ch
db 07fh,06eh,066h,06fh,0e1h,013h,000h,008h,05fh,068h,061h,072h,0feh,065h,072h
db 072h,02fh,00ch,000h,005h,05fh,069h,074h,07fh,06dh,0ceh,0c7h,0d7h,0dfh,0efh
db 0e7h,06dh,07bh,06dh,070h,078h,00dh,007h,05fh,0ffh,0ebh,0f4h,0e5h,0fdh,076h
db 09eh,00fh,0c6h,07fh,070h,075h,074h,063h,068h,062h,0d6h,0ffh,0f9h,040h,018h
db 000h,000h,000h,000h,000h,0e0h,0ffh,0c2h,041h
;********************輸入啟動密碼 保存到21H 扇區 load address 0:8200h
prompt1 db 020h,020h,020h,0fdh,022h,045h,050h,093h,0fah,013h,03ah,0d3h,012h,012h,012h,012h
db 040h,0a0h,0a0h,010h,00eh,0f4h,000h,0c4h,054h,0d4h,054h,0d4h,054h,044h,044h
db 0cch,004h,002h,001h,001h,001h,002h,002h,002h,004h,004h,008h,008h,010h,020h
db 040h,080h,000h,000h,000h,000h,000h,080h,080h,080h,040h,040h,020h,020h,010h
db 010h,00eh,004h,001h,000h,01fh,010h,010h,010h,01fh,010h,010h,010h,017h,024h
db 024h,044h,087h,004h,000h,084h,0feh,004h,004h,004h,0fch,000h,000h,004h,0feh
db 004h,004h,004h,0fch,004h,000h,000h,07ch,000h,001h,0feh,010h,010h,020h,024h
db 042h,0feh,042h,001h,002h,004h,040h,040h,040h,044h,0feh,044h,044h,044h,044h
db 044h,084h,084h,084h,004h,028h,010h,002h,001h,07fh,042h,089h,028h,04bh,00ch
db 077h,001h,021h,021h,021h,021h,03fh,020h,000h,000h,0feh,002h,024h,0c8h,004h
db 010h,0f0h,000h,008h,008h,008h,008h,0f8h,008h,000h,07dh,010h,011h,011h,021h
db 03dh,065h,0a5h,024h,024h,027h,024h,03ch,024h,000h,010h,0f8h,010h,010h,010h
db 010h,010h,010h,0fch,004h,024h,0f4h,004h,004h,014h,008h,000h,000h,000h,000h
db 018h,018h,000h,000h,000h,018h,018h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
;prompt1_number dw 224
password_long dw 3 ;密碼長度
password db 'pig',0 ,10 dup(0) ;密碼存放處
password_buf db 20 dup(0) ; ;輸入密碼的緩沖區
cur_pos dw 0e20h
number dw 0
tmpdi dw 0
tmpal db 0
tmpip dw 0
tmpcs dw 0
;*************************************
;從此開始512字節為改寫的硬盤引導程序,將被寫入引導扇區
v1: ;hard disk boot from here!
mov ax,0
mov ss,ax
mov ds,ax
mov es,ax
mov sp,7c00h
sti
mov ah,0
mov al,03h
int 10h ;80*25 模式
mov cx,200h
mov si,7c00h
mov di,600h
rep movsb
db 0eah
dw bb-v1+600h,0h
bb:
mov ax,0600h
mov bh,00h
mov cx,0
mov dx,2050h
int 10h ;清屏
;***********************
;**********
mov ax,0201h
mov bx,8200h
mov cx,0021h
mov dx,80h
int 13h ; ;調字模到內存1
mov ax,0202h
mov bx,8400h ;調字模到內存2
mov cx,22h
mov dx,80h
int 13h
;*****************************
; the first begin
mov ax,0
mov es,ax
mov bp,08200h
mov ax,1100h
mov cx,14
mov bh,16
mov bl,0
mov dx,0d0h
int 10h ;將字模裝入BIOS
;*****************
mov ah,2
mov bh,0
mov dx,0a18h
int 10h
mov word ptr cs:[8200h+cur_pos-prompt1],dx
mov cx,14
mov al,0d0h
rx: push cx
mov ah,09h
mov bl,0ah
mov cx,1
int 10h
inc al
mov ah,2
mov dx,word ptr cs:[8200h+cur_pos-prompt1]
inc dl
mov word ptr cs:[8200h+cur_pos-prompt1],dx
int 10h
pop cx
loop rx ;first end 顯示 “輸入啟動密碼:” 字符串
;**********************************
mov ax,0
mov es,ax
mov bp,08400h
mov ax,1100h
mov cx,12
mov bh,16
mov bl,0
mov dx,090h
int 10h
;*****************
mov ah,2
mov bh,0
mov dx,01738h
int 10h
mov word ptr cs:[8200h+cur_pos-prompt1],dx
mov cx,12
mov al,090h
rx2: push cx
mov ah,09h
mov bl,09eh
mov cx,1
int 10h
inc al
mov ah,2
mov dx,word ptr cs:[8200h+cur_pos-prompt1]
inc dl
mov word ptr cs:[8200h+cur_pos-prompt1],dx
int 10h
pop cx
loop rx2
;以上為顯示 ”程序設計:Z.bin” 字符串
;***********************
;****************************************
mov ah,1
mov ch,19
mov cl,0
int 10h
;去掉光標
;;*********************************
nv4:
mov bh,0
mov dx,0a28h
mov ah,2
int 10h ; ;設光標
mov al,20h
mov bx,0ah
mov cx,12
mov ah,9
int 10h ;清除顯示的密碼星號 ‘*’
mov word ptr cs:[8200h+number-prompt1],0 ;存放輸入的字符數
mov di,8200h+(password_buf-prompt1)
nv1:
mov word ptr cs:[8200h+tmpdi-prompt1],di
getmsg: mov ah,0 ;接收輸入的密碼
int 16h
cmp al,0dh ;按下enter 鍵
je nv2
inc word ptr cs:[8200h+number-prompt1]
cmp word ptr cs:[8200h+number-prompt1],11
jge getmsg ;輸入大過十個時不干
mov byte ptr cs:[8200h+tmpal-prompt1],al
mov bh,0
mov dx,0a28h
mov ah,2
int 10h
mov al,'*' ; ;輸入的密碼以* 的方式顯示
mov bx,0eh
mov cx,word ptr cs:[8200h+number-prompt1]
mov ah,9
int 10h
mov al,byte ptr cs:[8200h+tmpal-prompt1]
mov di,word ptr cs:[8200h+tmpdi-prompt1]
stosb ;將輸入字符存儲到 PASSWORD——BUF
jmp nv1
nv2:
mov di,word ptr cs:[8200h+password_long-prompt1]
cmp di,word ptr cs:[8200h+number-prompt1]
je nv3
jmp nv4
nv3:
mov di,8200h+(password-prompt1)
mov si,8200h+(password_buf-prompt1)
cld
mov cx, word ptr cs:[8200h+password_long-prompt1]
repe cmpsb ;比較輸入的密碼
je boot
jmp nv4
boot:
mov ax,0600h
mov bh,00h
mov cx,0
mov dx,2050h
int 10h ;清屏
;******** here is ok!
;************************************************
mov bx,13h*4 ; ;取INT 13H 的入口
mov dx,word ptr cs:[bx]
mov word ptr cs:[7c00h+ww-v1],dx
mov dx,word ptr cs:[bx+2]
mov word ptr cs:[7c00h+ww-v1+2], dx
;get intchar
dec word ptr cs:[413h]
dec word ptr cs:[413h] ;減小內存大小
mov ax,word ptr cs:[413h] ; [0000:0413H ] 記錄內存的大小
mov cl,6
shl ax,cl
;dec the menory size
;***********************
mov bx,13h*4
mov word ptr cs:[bx],0000h
mov word ptr cs:[bx+2],ax
; set decnumber memory size
;*************************
mov es,ax
mov cx,200h
mov si,[7c00h+setint-v1]
mov di,0
rep movsb ;將改寫的INT 13H 的中斷處理程序移到內存頂端
mov ax,0
mov es,ax
;**************************
mov ax,201h
mov cx,13h
mov bx,7000h
mov dx,80h
int 13h
mov si,7000h+1beh
mov dx,word ptr [si]
mov cx,word ptr [si+2]
mov bx,7c00h
mov ax,0201h ;讀取DOS BOOT SECTOR c/h/s 參數
int 13h
db 0eah
dw 7c00h,0000h ;遠跳址 讓DOS 引導程序得到控制權
;**************************
setint: ;截取INT 13H 的中斷處理程序
cmp dx,0080h
jne xx
cmp cx,01h
jne xx
cmp ah,02h
jne xx
mov cx,13h ; ;如果讀取 1 扇區 則改為讀13H
xx:
jmp dword ptr cs:[ww-setint]
ww dw 0,0 ;跳到原來的BIOS 的INT 13H 處理程序
vv:
fil equ 509-(vv-v1)
db fil dup (0)
db 'B' ;硬盤鎖是否安裝的標志
dw 0aa55h
;***********************
second:
MOV AX,0201H
MOV BX,OFFSET BUF
MOV CX,01H
MOV DX,80H
INT 13H
CMP CS:[BUF+01FdH],'B' ;判斷硬盤鎖是否安裝
JE install_yes
;****************************************
MOV CS:[BUF+01FdH],'B'
MOV AX,0301H
MOV CX,13H
mov bx,offset buf
mov dx,80h
INT 13H
;****************************************
mov ax,301h
mov bx,offset v1
mov cx,1
mov dx,80h
int 13h ;主引導山區 save the edited master booter sector!
;將改寫的啟動代碼寫入01H 扇區(從v1 偏址開始)
;****************************************
MOV AX,301H
MOV BX,OFFSET PROMPT1
MOV CX,21H
MOV DX,80H
int 13h ;將字模寫入21H扇區
;***************************************
MOV AX,302H
MOV BX,OFFSET CPP
MOV CX,22H
MOV DX,80H
INT 13H ;將字模寫入22H .23h扇區
;****************************************
EXIT:
mov ax,cs
mov ds,ax
lea dx,msg2
mov ah,9
int 21h
MOV AH,4CH
INT 21H ;退出
install_yes:
mov ax,cs
mov ds,ax
lea dx,msg1
mov ah,9
int 21h
jmp exit
BUF db 512 dup(?)
para db 20 dup (0)
old_ds dw 0
msg1 db ' # This Program Has Installed ! #',0dh,0ah,24h
msg2 db ' CopyRight Ver 1.0 Programming By Z.Bin 97-04-7 ',0dh,0ah,30 dup (20h)
db 'See You Later !',0dh,0ah,'Useing:',3 dup(20h),'HDD3.EXE #pxxxx Change Password !'
db 0dh,0ah,10 dup(20h),'HDD3.EXE #u Delete The Pc-lock ',0dh,0ah
db 10 dup (20h),'HDD3.EXE Lock Computer Default PSW: pig ',0dh,0ah,24h
msg3 db ' I Cannot Unistall It ! Because You Have Not Installed!',0dh,0ah,24h
msg4 db ' UnInstall Successful ! Bye Bye ! ',0dh,0ah,24h
code ends
end first
程序代碼文件: HDD3.ASM MASM.EXE 編譯 LINK.EXE 連接 VER 5.0
Getchar.c
Toasm.c
程序說明文件: README.DOC
程序執行文件: HDD3.EXE
程序運行環境: MSDOS 3.0 以上 [ 不可在WINDOWS 的 MSDOS 窗口中執行]
執行文件使用:
1. C:\> HDD3.EXE 實行加密 缺省密碼:pig /* 輸入時注意大小寫 */
2. C:\>HDD3.EXE #pxxxxxxx 改變密碼值 x 為密碼 p 為保留字 /* 密碼值最多10位 */
C:\HDD3 #pbanana 改變密碼為banana /* 重新啟動時輸入banana 可啟動系統*/
3. C:\HDD3.EXE #u 硬盤鎖卸除,恢復原貌 /* 在硬盤鎖未安裝或硬盤鎖卸除后不 可用此參數 */
程序文件: Getchar.c
將要顯示的漢字以圖形方式輸出(采用PRINTF 函數),用GETPIXEL 函數取得象素點的顏色值,值為0則為0,值為非0的則轉為1,存儲為字模文件.
程序代碼:
#define STRING "程序: Z.Bin CopyRight Ver 1.0 97-04-05" ;所要顯示的漢字,可更改
#define CHAR_BYTE 40 //顯示漢字的字節數 每個漢字2個字節
#define OUTPUT_FILE "c:\\dat" //輸出的字模文件 C:\DAT
#define SIZE CHAR_BYTE*16 //8*25 模式的DOS 環境下字符成 8*16 的點陣
#include <stdio.h>
#include <graphics.h>
#include <conio.h>
#include <stdlib.h>
main()
{ int At_x,color;
int g=0;int m;
int CharNumber;
int k;
int i,j;
char buf[SIZE];
char *p;
char a;
FILE *fp;
initgraph(&g,&m,"");
p=buf;
if((fp=fopen(OUTPUT_FILE ,"wb"))==NULL)
return 0;
printf(STRING);
for(i=0;i<=223;i++)
{
buf[i]=0; }
At_x=0;
for(CharNumber=0;CharNumber<CHAR_BYTE;CharNumber++)
{
for(j=0;j<=15;j++)
{
for(i=0;i<=7;i++)
{
color=getpixel(At_x+i,j);
if(color)
{a=1; a=a<<(7-i);
(*p)=(*p)|a;
}
}
p++;
}
At_x+=8;
}
fwrite(buf,1,SIZE,fp);
fclose(fp);
/*getch();*/
closegraph();
return 0;
}
程序文件: Toasm.c
程序使用:
c:\>toasm
enter the file name:
c:\dat //用戶輸入
此時程序自動生成 dat.asm 文件
用戶可編輯此文件,將 字符串 “begin:” 之后的數據(顯示漢字的16進制形式)copy到匯編程序,進行編譯.
程序代碼:
#include <stdio.h>
#include <bios.h>
#include <io.h>
#include <dos.h>
#include <dir.h>
main()
{ char name[40];
FILE *p; int m,n;
char *v;
long size;
int i,j;
char ch;
char *first=" \tcode segment\n \t assume cs:code,ds:code \n \torg 100h\n begin:\n";
char *end=" \tcode ends\n \tend begin";
int len1,len2;
void *buf;
char drive[3];char dir[20];char fname[10];char ext[4];
char newname[50];
char *extt=".asm";
printf("enter the file name:\n");
scanf("%s", name);
if((p=fopen(name,"rb"))==NULL)
{ printf("cann't open < %s > file!\n",name);
exit(0);}
size=filelength(fileno(p));
buf=(char *)malloc(size);
fread(buf,size,1,p);
fclose(p);
fnsplit(name,drive,dir,fname,ext);
fnmerge(newname,drive,dir,fname,extt);
if((p=fopen(newname,"wb"))==NULL)
{ printf("can't creat < %s > file!\n",newname);
exit(0);
}
fprintf(p,"%s\n",first);
fprintf(p," db ");
for(i=0,v=buf;i<size;i++,v++)
{
n=*v;
m=n;
n=n&0x0f0;
n=n>>4;
m=m&0x0f;
if(i==0)
{fprintf(p,"0%x%xh,",n,m);
continue;}
if((i%15)==0)
{fprintf(p,"0%x%xh",n,m);
fputc(0x0d,p);
fputc(0x0a,p);
if(i==(size-1))
continue;
fprintf(p," db ");}
else
{if(i==(size-1))
fprintf(p,"0%x%xh",n,m);
else
fprintf(p,"0%x%xh,",n,m); }
}
fprintf(p,"\n%s",end);
fcloseall();
printf(" \t PLEASE EDIT %s\n",newname);
}