;这一段是将整个硬盘锁从0000:7c00移至0000:0600,以免被后来读入的代码覆盖
0F6D:0100 1E PUSHDS
0F6D:0101 06 PUSHES
0F6D:0102 B90001 MOVCX,0100
0F6D:0105 BF0006 MOVDI,0600
0F6D:0108 B80000 MOVAX,0000
0F6D:010B 8ED8 MOVDS,AX
0F6D:010D 8EC0 MOVES,AX
0F6D:010F BE007C MOVSI,7C00
0F6D:0112 F2 REPNZ
0F6D:0113 A5 MOVSW
0F6D:0114 EA1A060000 JMP0000:061A ;长跳转至移动后的代码，也就是从011a处开始执行
0F6D:0119 90 NOP
0F6D:011A EB09 JMP0125 ;这一段是对屏幕进行初始化,显示字符串"PASSWORD"
0F6D:0125 B80006 MOVAX,0600
0F6D:0128 B7F0 MOVBH,F0
0F6D:012A B90000 MOVCX,0000
0F6D:012D BA4F18 MOVDX,184F
0F6D:0130 CD10 INT10 ;初始化屏幕(前景为黑色,背景为灰白,字符闪烁)
0F6D:0132 B21A MOVDL,1A
0F6D:0134 BE1C06 MOVSI,061C ;从061cH处显示字符(因为程序将被读入了0000:0600处，
;实际显示的也就是现在的11cH处开始的字符串)
0F6D:0137 B402 MOVAH,02
0F6D:0139 B610 MOVDH,10
0F6D:013B B700 MOVBH,00
0F6D:013D CD10 INT10 ;设光标位置(10H行1aH列)
0F6D:013F 8A04 MOVAL,[SI]
0F6D:0141 3C00 CMPAL,00
0F6D:0143 741B JZ0160 ;是否已显示完字符串,是则跳至从键盘读取密码处
0F6D:0145 B409 MOVAH,09
0F6D:0147 B90100 MOVCX,0001
0F6D:014A B700 MOVBH,00
0F6D:014C B370 MOVBL,70
0F6D:014E CD10 INT10 ;显示一个字符
0F6D:0150 FEC2 INCDL ;光标后移一位
0F6D:0152 46 INCSI ;字符指针后移一位
0F6D:0153 EBE2 JMP0137 ;继续显示下一字符 0f6d:011c db 'PASSWARD'00 ;用于显示的字符串 ; 从键盘读取密码
0F6D:0160 B90400 MOVCX,0004
0F6D:0163 B80000 MOVAX,0000
0F6D:0166 8EC0 MOVES,AX
0F6D:0168 BF0108 MOVDI,0801
0F6D:016B F3 REPZ
0F6D:016C AB STOSW ;在0000:0801开始处开一片长度为8个字节的缓冲区
;(用00H来标记),用于存放从键盘读入的密码,(密码
;最多为8个字符,最少为0个字符)
0F6D:016D B90900 MOVCX,0009 ;最多读9次键盘(当然第9次是重头读过)
0F6D:0170 BF0108 MOVDI,0801 ;从801H处开始写密码
0F6D:0173 B223 MOVDL,23 0F6D:0175 B400 MOVAH,00
0F6D:0177 CD16 INT16 ;读键盘
0F6D:0179 3C0D CMPAL,0D
0F6D:017B 7479 JZ01F6 ;是回车则跳至密码比较处
0F6D:017D B402 MOVAH,02
0F6D:017F 90 NOP
0F6D:0180 90 NOP
0F6D:0181 B610 MOVDH,10
0F6D:0183 B700 MOVBH,00
0F6D:0185 CD10 INT10 ;设置光标位置(当然是"PASSWARD"字符串后面了)
0F6D:0187 3C08 CMPAL,08
0F6D:0189 7437 JZ01C2 ;是退格键则跳至退格处理
0F6D:018B 50 PUSHAX
0F6D:018C B40E MOVAH,0E
0F6D:018E B02A MOVAL,2A
0F6D:0190 B307 MOVBL,07
0F6D:0192 CD10 INT10 ;显示一个"*"(没有回显的密码输入是不是很恐怖)
0F6D:0194 58 POPAX
0F6D:0195 0423 ADDAL,23 ;密码字符加23H(受空间限制，加上该程序在系统启
;动前执行，在此，我只是简单的将密字加上23H，
;如果谁有好而小巧的算法，别忘了告诉我)
0F6D:0197 8805 MOV[DI],AL
0F6D:0199 47 INCDI
0F6D:019A 49 DECCX
0F6D:019B 83F900 CMPCX,+00
0F6D:019E 740A JZ01AA ;是否读了第9次键盘,是跳转至输入溢出处
0F60:01A0 FEC2 INC DL
0F60:01A2 EBD1 JMP 0175 ;本段用于处理键盘输入超过8次
0F6D:01AA B610 MOVDH,10
0F6D:01AC B402 MOVAH,02
0F6D:01AE B223 MOVDL,23
0F6D:01B0 B700 MOVBH,00
0F6D:01B2 CD10 INT10
0F6D:01B4 B409 MOVAH,09
0F6D:01B6 B000 MOVAL,00
0F6D:01B8 B307 MOVBL,07
0F6D:01BA B90900 MOVCX,0009
0F6D:01BD CD10 INT10
0F6D:01BF EB9F JMP0160 ;重新读取密码 ;本段用于退格处理
0F6D:01C2 51 PUSHCX
0F6D:01C3 B403 MOVAH,03
0F6D:01C5 B700 MOVBH,00
0F6D:01C7 CD10 INT10 ;读光标位置
0F6D:01C9 80FA23 CMPDL,23
0F6D:01CC 74A7 JZ0175 ;光标是否已到头,是则去读下一密字
0F6D:01CE 81FF0008 CMPDI,0800
0F6D:01D2 74A1 JZ0175 ;密码缓冲是否已到头,是则去读下一密字 0F6D:01D4 B402 MOVAH,02
0F6D:01D6 FECA DECDL
0F6D:01D8 CD10 INT10
0F6D:01DA B40E MOVAH,0E
0F6D:01DC B000 MOVAL,00
0F6D:01DE B307 MOVBL,07
0F6D:01E0 CD10 INT10 ;光标前移一位,并删除一个"*"
0F6D:01E2 B80000 MOVAX,0000
0F6D:01E5 8905 MOV[DI],AX ;密码缓冲当前指针处清零
0F6D:01E7 4F DECDI ;密码缓冲指针减一
0F6D:01E8 8905 MOV[DI],AX ;密码缓冲当前指针处清零
0F6D:01EA 59 POPCX
INC CX ;///CX 应该加1
0F6D:01EB EB88 JMP0175 ;重新读键盘 ;本段用于比较密字
0F6D:01F6 B80000 MOVAX,0000
0F6D:01F9 8EC0 MOVES,AX
0F6D:01FB 8ED8 MOVDS,AX
0F6D:01FD BEB007 MOVSI,07B0
0F6D:0200 BF0108 MOVDI,0801
0F6D:0203 B90400 MOVCX,0004
0F6D:0206 F3 REPZ
0F6D:0207 A7 CMPSW
0F6D:0208 7404 JZ020E ;字符串相同则跳转至正确引导系统代码
0F6D:020A EB3C JMP0248 ;字符串不相同则跳转至加密硬盘代码 ;正确引导系统代码
0F6D:020E B80000 MOVAX,0000
0F6D:0211 8EC0 MOVES,AX
0F6D:0213 B80102 MOVAX,0201
0F6D:0216 B90200 MOVCX,0002
0F6D:0219 BA8000 MOVDX,0080
0F6D:021C BB00F0 MOVBX,F000
0F6D:021F CD13 INT13
0F6D:0221 B80103 MOVAX,0301
0F6D:0224 B90100 MOVCX,0001
0F6D:0227 BA8000 MOVDX,0080
0F6D:022A CD13 INT13 ;0柱0道2扇是HDBOOT.EXE写入的由硬盘锁代码
;(也就是大家现在看到的代码)+正确的硬盘分
;区表组成,将其写入0柱0道1扇后操作系统就可
;正常读取硬盘了
0F6D:022C B80000 MOVAX,0000
0F6D:022F 8EC0 MOVES,AX
0F6D:0231 B80102 MOVAX,0201
0F6D:0234 B90300 MOVCX,0003
0F6D:0237 BA8000 MOVDX,0080
0F6D:023A BB007C MOVBX,7C00
0F6D:023D CD13 INT13 ;0柱0道3扇是HDBOOT.EXE写入的原MBR区的备份,将
;其读入0000:7c00处
0F6D:023F EA007C0000 JMP0000:7C00 ;长跳转至原MBR代码处执行(以后怎么样引导就不
;是我们现在讨论的了),从而正确引导系统 ;加密硬盘代码
0F6D:0248 B80000 MOVAX,0000
0F6D:024B 8EC0 MOVES,AX
0F6D:024D B80102 MOVAX,0201
0F6D:0250 B90400 MOVCX,0004
0F6D:0253 BA8000 MOVDX,0080
0F6D:0256 BB00F0 MOVBX,F000
0F6D:0259 CD13 INT13
0F6D:025B B80103 MOVAX,0301
0F6D:025E B90100 MOVCX,0001
0F6D:0261 BA8000 MOVDX,0080
0F6D:0264 CD13 INT13 ;0柱0道4扇是HDBOOT.EXE写入的由硬盘锁代码(也就是
;大家现在看到的代码)加上江明原理的逻辑锁,将其写入
;0柱0道1扇后操作系统就被完全锁死了(不能从其它盘引导)
0F6D:0266 CD19 INT19 ;不用多说吧,相当于热启动 大家看后一定看出了一些问题，为了能够让这个硬盘锁可以跨平台，我设置为输入正确密码后就将
正确的分区表读入0柱0道1扇，输入不正确密码后就将江明锁读入0柱0道1扇，明白人一下就看出了，如
果电脑主人上次用正确密码进入了电脑,而电脑非法使用者一次都不试密码，就直接用软盘或光盘或
USB盘引导，那么就可以非法访问硬盘了，说实话，这个问题困扰了我许久，一直不得其解，不这样做，
就得在输入正确密码后就将正确的分区表读入0柱0道1扇，然后在操作系统启动后再做手脚把0柱0道1扇的
分区表加密，这样做有两个问题，(1)操作系统启动做的手脚一定是放在操作系统的自启动中(如DOS的
AUTOEXEC.BAT、WIN98的"启动"等)，这样做显然不安全，(2)同时这样做显然不能做到"跨平台",所以我只
能在程序说明中告诉使用者,如果离开电脑,就故意输入一错误密码,那么江明锁就将硬盘锁死了,这样电脑
非法使用者用软盘或光盘或USB盘都不能引导了,(大家知道所谓江明锁,就是让扩展分区指向自己,从而使
启动程序陷入死循环,这个该死的东西也不知害死了多少硬盘,也该让他做做好事了),要是谁有更好的方法
解决这一问题,一定要告诉我.
再来介绍一下HDLCOK.EXE文件，以下是完整的程序源代码： ;硬盘锁安装程序
DATA SEGMENT
D1 DB 0CDH,0BFH,0D1H,0E5H,0EAH,0CDH
D2 DB 'You had not install the HDLOCK,do you install?(y/n)',0dh,0ah,'$'
D3 DB 'HDLOCK.DAT',00H
D4 DB 'Can not find file (HDLOCK.DAT)',0dh,0ah,'$'
D5 DB 'PASSWORD',00H
D6 DB 1EH,06H,0B9H,00H,01H,0BFH,00H,06H,0B8H,00H,00H,8EH,0D8H,8EH,0C0H,0BEH;逻辑锁
DB 00H,7CH,0F2H,0A5H,0EAH,1AH,06H,00H,00H,90H,0EBH,09H,50H,41H,53H,53H
DB 57H,4FH,52H,44H,00H,0B8H,00H,06H,0B7H,0F0H,0B9H,00H,00H,0BAH,4FH,18H
DB 0CDH,10H,0B2H,01AH,0BEH,1CH,06H,0B4H,02H,0B6H,10H,0B7H,00H,0CDH,10H,8AH
DB 04H,3CH,00H,74H,1BH,0B4H,09H,0B9H,01H,00H,0B7H,00H,0B3H,70H,0CDH,10H
DB 0FEH,0C2H,46H,0EBH,0E2H,0CDH,20H,4FH,3DH,33H,0CDH,20H,33H,33H,33H,33H
DB 0B9H,04H,00H,0B8H,00H,00H,8EH,0C0H,0BFH,01H,08H,0F3H,0ABH,0B9H,09H,00H
DB 0BFH,01H,08H,0B2H,23H,0B4H,00H,0CDH,16H,3CH,0DH,74H,79H,0B4H,02H,90H
DB 90H,0B6H,10H,0B7H,00H,0CDH,10H,3CH,08H,74H,37H,50H,0B4H,0EH,0B0H,2AH
DB 0B3H,07H,0CDH,10H,58H,04H,23H,88H,05H,47H,49H,83H,0F9H,00H,74H,0AH
DB 0FEH,0C2H,0EBH,0D1H,24H,67H,00H,77H,69H,6EH,0B6H,10H,0B4H,02H,0B2H,23H
DB 0B7H,00H,0CDH,10H,0B4H,09H,0B0H,00H,0B3H,07H,0B9H,09H,00H,0CDH,10H,0EBH
DB 9FH,51H,51H,0B4H,03H,0B7H,00H,0CDH,10H,80H,0FAH,23H,74H,0A7H,81H,0FFH
DB 00H,08H,74H,0A1H,0B4H,02H,0FEH,0CAH,0CDH,10H,0B4H,0EH,0B0H,00H,0B3H,07H
DB 0CDH,10H,0B8H,00H,00H,89H,05H,4FH,89H,05H,59H,0EBH,88H,07H,43H,04H
DB 0E8H,86H,0CDH,20H,44H,44H,0B8H,00H,00H,8EH,0C0H,8EH,0D8H,0BEH,0B0H,07H
DB 0BFH,01H,08H,0B9H,04H,00H,0F3H,0A7H,74H,04H,0EBH,3CH,55H,55H,0B8H,00H
DB 00H,8EH,0C0H,0B8H,01H,02H,0B9H,02H,00H,0BAH,80H,00H,0BBH,00H,0F0H,0CDH
DB 13H,0B8H,01H,03H,0B9H,01H,00H,0BAH,80H,00H,0CDH,13H,0B8H,00H,00H,8EH
DB 0C0H,0B8H,01H,02H,0B9H,03H,00H,0BAH,80H,00H,0BBH,00H,7CH,0CDH,13H,0EAH
DB 00H,7CH,00H,00H,00H,00H,00H,00H,0B8H,00H,00H,8EH,0C0H,0B8H,01H,02H
DB 0B9H,04H,00H,0BAH,80H,00H,0BBH,00H,0F0H,0CDH,13H,0B8H,01H,03H,0B9H,01H
DB 00H,0BAH,80H,00H,0CDH,13H,0CDH,19H,00H,00H,00H,00H,00H,00H,00H,00H
DB 00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H
DB 00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H
DB 00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H
DB 00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H
DB 64H,64H,64H,64H,64H,64H,64H,64H,00H,00H,00H,00H,00H,00H,00H,00H
DB 01H,00H,05H,0FEH,7FH,05H,3FH,00H,00H,00H,47H,39H,40H,00H,00H,00H
DB 00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H
DB 00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H
DB 00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,00H,55H,0AAH
D7 DB 'You have been installed HDLOCK,do you remove?(y/n)',0dh,'$'
D8 DB 'PASSWORD ERROR$'
D9 DB 0dh,0ah
DB 0dh,0ah
DB ' # # # # # # # # # # # # #',0dh,0ah
DB ' # # # # # # # # # # # # #',0dh,0ah
DB ' # # # # # # # # # # # # #',0dh,0ah
DB ' # # # # # # # # # # # # #',0dh,0ah
DB ' # # # # # # # # # # # # # #',0dh,0ah
DB 0dh,0ah
DB ' ----------# HARD DISK LOCK #------------',0dh,0ah
DB ' BY:THE MAN LIKE WIND',0dh,0ah
DB ' E-mail:tyhhyf@hotmail.com',0dh,0ah
DB ' OICQ:86633320',0dh,0ah
D10 DB 'Enter anykey to enter the PASSWORD.$'
D11 DB 'Enter anykey to enter the PASSWORD again.$'
D12 DB 'Error:Two PASSWORD is not alike!$'
D13 DB 'The HDLOCK had been installed,please remember you PASSWORD!!!$'
D14 DB 'The HDLOCK had been removed.$'
DATA ENDS
CODE SEGMENT
ASSUME CS:CODE,DS:DATA,ES:DATA
START:
MOV AX,DATA
MOV DS,AX
MOV ES,AX
MOV DX,OFFSET D9
MOV AH,09H
INT 21H
MOV AH,00H
INT 16H
;判断是否安装过硬盘锁程序
NEXT:
MOV AX,0201H;读一扇区
MOV CX,0001H
MOV DX,0080H
MOV BX,0F000H
INT 13H
MOV AX,0201H
MOV CX,0001H
MOV DX,0080H
MOV BX,0E000H
INT 13H
MOV SI,0F1A0H
MOV DI,OFFSET D1
MOV CX,0003H
REPE CMPSW
JNZ INSTALL
JMP DEL
INSTALL:
MOV DX,OFFSET D2
MOV AH,09H
INT 21H
ENTER:
INT 16H
OR AL,20H
CMP AL,'y';是Y?
JE INSTALL1
CMP AL,'n'
JE EXIT
JMP ENTER
EXIT:
MOV AH,4CH
INT 21H
INSTALL1:
MOV AH,3DH
MOV DX,OFFSET D3
MOV AL,00H
INT 21H
JB AERROR
PUSH AX
MOV AH,3FH
MOV DX,0F000H
MOV CX,01BEH
POP BX
INT 21H
MOV AH,09H
MOV DX,OFFSET D10
INT 21H
MOV AH,00H
INT 16H
CALL NEAR PTR PWENTER
MOV SI,0F1B0H
MOV DI,0F3B0H
MOV CX,0004H
REPNZ MOVSW
MOV AH,06H
MOV AL,00H
MOV BH,07H
MOV CX,0000H
MOV DX,184FH
INT 10H
MOV DH,03H
MOV DL,00H
MOV BH,00H
MOV AH,02H
INT 10H
MOV AH,09H
MOV DX,OFFSET D11
INT 21H
MOV AH,00H
INT 16H
CALL NEAR PTR PWENTER
MOV SI,0F1B0H
MOV DI,0F3B0H
MOV CX,0008H
REPE CMPSB
JNZ EXIT4
JMP WRITE
AERROR:
MOV AH,09H
MOV DX,OFFSET D4
INT 21H
JMP EXIT
EXIT4:
MOV DH,03H
MOV DL,00H
MOV BH,00H
MOV AH,02H
INT 10H
MOV AH,06H
MOV AL,00H
MOV BH,07H
MOV CX,0000H
MOV DX,184FH
INT 10H
MOV AH,09H
MOV DX,OFFSET D12
INT 21H
MOV AH,4CH
INT 21H
WRITE:
MOV AX,0301H
MOV CX,0003H
MOV DX,0080H
MOV BX,0E000H
INT 13H
MOV BX,OFFSET D6
ADD BX,1B0H
MOV CX,4H
MOV SI,0F1B0H
MOV DI,BX
REPNZ MOVSW
MOV AX,0301H
MOV CX,0004H
MOV DX,0080H
MOV BX,OFFSET D6
INT 13H
MOV AX,0301H
MOV CX,0002H
MOV BX,0F000H
MOV DX,0080H
INT 13H
MOV AX,0301H
MOV CX,0001H
MOV BX,0F000H
MOV DX,0080H
INT 13H
MOV AH,06H
MOV AL,00H
MOV BH,07H
MOV CX,0000H
MOV DX,184FH
INT 10H
MOV DH,03H
MOV DL,00H
MOV BH,00H
MOV AH,02H
INT 10H
MOV AH,09H
MOV DX,OFFSET D13
INT 21H
JMP EXIT DEL:
MOV DX,OFFSET D7
MOV AH,09H
INT 21H
ENTER2:
MOV AH,00H
INT 16H
OR AL,20H
CMP AL,'y'
JE UNLADE
CMP AL,'n'
JE EXIT1
JMP ENTER2
EXIT1:
MOV AH,4CH
INT 21H
UNLADE:
CALL NEAR PTR PWENTER
MOV SI,0F1B0H
MOV DI,0E1B0H
MOV CX,8H
REPE CMPSB
JNZ EXIT2
MOV AX,0201H
MOV CX,0003H
MOV BX,0F000H
MOV DX,0080H
INT 13H
MOV AX,0301H
MOV CX,0001H
MOV BX,0F000H
MOV DX,0080H
INT 13H
MOV DH,03H
MOV DL,00H
MOV BH,00H
MOV AH,02H
INT 10H
MOV AH,06H
MOV AL,00H
MOV BH,07H
MOV CX,0000H
MOV DX,184FH
INT 10H
MOV AH,09H
MOV DX,OFFSET D14
INT 21H
JMP EXIT
EXIT2:
MOV AH,09H
MOV DX,OFFSET D8
INT 21H
MOV AH,4CH
INT 21H
;子程序用于从键盘读密码
PWENTER PROC NEAR
PUSH AX
PUSH BX
PUSH CX
PUSH DX
MOV AX,0600H
MOV BH,0F0H
MOV CX,0000H
MOV DX,184FH
INT 10H
MOV DL,1AH
MOV SI,OFFSET D5
DISPLAY:
MOV AH,02H
MOV DH,10H
MOV BH,00H
INT 10H
MOV AL,[SI]
CMP AL,00H
JE GETPW
MOV AH,09H
MOV CX,01H
MOV BH,00H
MOV BL,70H
INT 10H
INC DL
INC SI
JMP DISPLAY
GETPW:
MOV CX,0004H
MOV AH,0000H
MOV DI,0F1B0H
REPZ STOSW
MOV CX,0009H
MOV DI,0F1B0H
MOV DL,23H
READKEY:
MOV AH,00H
INT 16H
CMP AL,0DH
JE OK
CMP AL,20H
JE READKEY
CMP AL,00H
JE READKEY
CMP AL,09H
JE READKEY
CMP AL,1BH
JE AESC
PUSH CX
MOV AH,02H
MOV DH,10H
MOV BH,00H
INT 10H
POP CX
CMP AL,08H
JE BACKSPACE
PUSH AX
MOV AH,0EH
MOV AL,2AH
MOV BL,07H
INT 10H
POP AX
ADD AL,23H
MOV [DI],AL
INC DI
DEC CX
CMP CX,00H
JE OVERFLOW
INC DL
JMP READKEY
OK:
POP AX
POP BX
POP CX
POP DX
RET
AESC:
MOV AH,4CH
INT 21H
OVERFLOW:
MOV DH,10H
MOV AH,02H
MOV DL,23H
MOV BH,00H
INT 10H
MOV AH,09H
MOV AL,00H
MOV BL,07H
MOV CX,0009H
INT 10H
JMP GETPW
BACKSPACE:
PUSH CX
MOV AH,03H
MOV BH,00H
INT 10H
POP CX
CMP DL,23H
JE READKEY
CMP DI,0F1AFH;
JE READKEY
PUSH CX
MOV AH,02H
DEC DL
INT 10H
POP CX
PUSH CX
MOV AH,0EH
MOV AL,00H
MOV BL,07H
INT 10H
POP CX
MOV AX,0000H
MOV [DI],AX
DEC DI
MOV [DI],AX
CMP CX,09H
JE AJUMP
INC CX
JMP AJUMP
AJUMP:
JMP READKEY
PWENTER ENDP
CODE ENDS
END START 该程序用来将HDLOCK.DAT文件写到MBR区,有兴趣的朋友可以试试。
该文作者:风般的男人 出自:http://lsky.net/cgi-bin/lskybbs/leoboard.cgi
希望结交有技术的朋友,联系方法QQ:86633320 或EMAIL:tyhhyf@hotmail.com