硬盘锁 HDD3.EXE
程序: zbin 1997-04-01 上海市经济管理学院
曾有许多人抱怨自己工作的PC由于他人非法的使用,而导致工作文件丢失损坏,或者操作系统损坏,所以诸多人采用CMOS 加密的方法,但只有高版本的BIOS才具此功能,况且在CMOS放电之后此功能失效,故行之有效的方法就是对硬盘进行加密.
本人采用重写硬盘主引导扇区的方法,隐藏硬盘分区表,接管INT 13H,彻底实现只能从硬盘启动,拒绝启动软盘访问硬盘的功能.
首先阐述一下PC启动的步骤:
1. PC 加电BIOS 自举,将硬盘物理第一扇区(主引导扇区)读至 0000:7C00H , 检测引导扇区的标志55H AAH ,程序 IP 跳至 7C00H
2. 主引导扇区得到控制权,引导程序检测分区表是否非法,取得可启动分区的系统引导扇区的位置,调用INT 13H 将系统引导扇区(诸如 DOS 系统)读到0000:7C00H,IP 跳至7C00H.
3.系统(DOS)开始启动,读IO.SYS,MSDOS.SYS,CONFIG.SYS,AUTOEXEC.BAT, 完成一系列启动工作.
本人程序主要思路如下:
1. 将原有主引导扇区WRITE 至 0磁头0道13H扇,将汉字的字模WRITE至0磁头0道21H之后的三个扇区
2. 改写原有主引导扇区
使启动软盘不可访问硬盘
本程序的特点是在操作系统启动之前,
利用BIOS 10H AH=11H 的子功能,将汉字显示在
屏幕上,所以事先应取得所要显示汉字的字模
,将二进制字模转换成能插入汇编程序,且
能被MASM.EXE编译的数据(CPP,PROMPT1
之后的数据)
; ;97' 张斌
code segment
assume cs:code,ds:code,es:code ; 程序同段
first:
mov ax,ds
mov old_ds,ax
mov ch,0
mov cl,byte ptr es:[80h]
cmp cx,0
jne xxx
jmp begin
xxx: mov si,81h
loop1: lodsb
cmp al,'#'
je m1
loop loop1
jmp begin
m1:
lodsb
cmp al,'u'
jne t1
t2:
mov ax,cs
mov es,ax
mov ax,201h
mov bx,offset buf
mov cx,13h
mov dx,80h
int 13h
cmp byte ptr es:[buf+1fdh],'B' ;
je t3
mov ax,cs
mov ds,ax
lea dx,msg3
mov ah,9
int 21h
jmp exit
t3:
mov byte ptr es:[buf+1fdh],0
mov ax,cs
mov es,ax
mov ax,301h
mov bx,offset buf
mov cx,01h
mov dx,80h
int 13h
mov ax,301h
mov bx,offset buf
mov dx,80h
mov cx,13h
int 13h
mov ax,cs
mov ds,ax
lea dx,msg4
mov ah,9
int 21h
jmp exit
t1: cmp al,'U'
je t2
;**********************
push ax
mov ax,cs
mov es,ax
mov bx,offset buf
mov ax,201h
mov cx,21h
mov dx,80h
int 13h
pop ax
mov di, offset buf+226
mov word ptr cs:[buf+224],0
cmp al,'p'
jne p1
p2: lodsb
cmp al,0dh
je p3
stosb
inc word ptr cs:[buf+224]
jmp p2
p3:
mov ax,cs
push ax
pop es
mov ax,0301h
mov bx,offset buf
mov cx,21h
mov dx,80h
int 13h
jmp exit
p1: cmp al,'P'
je p2
begin:
mov ax,code
mov ds,ax
mov es,ax
jmp second ; 以上为程序拾取命令行参数
;************************** 程序说明
cpp db 008h,01dh,0f1h,011h,011h,0fdh,011h,038h,035h,054h,050h,091h,010h,010h,017h,010h
db 004h,0feh,004h,004h,004h,0fch,004h,000h,0fch,020h,020h,0fch,020h,020h,0feh
db 000h,001h,000h,03fh,020h,02fh,020h,021h,020h,02fh,020h,020h,020h,040h,040h
db 082h,001h,000h,088h,0fch,000h,0f8h,020h,040h,080h,0fch,088h,090h,080h,080h
db 080h,080h,000h,000h,000h,000h,000h,018h,018h,000h,000h,000h,018h,018h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,0feh,0c6h,086h,00ch,018h,030h,060h,0c2h
db 0c6h,0feh,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,018h,018h,000h,000h,000h,000h,000h,000h,0fch,066h,066h,066h,07ch,066h
db 066h,066h,066h,0fch,000h,000h,000h,000h,000h,000h,018h,018h,000h,038h,018h
db 018h,018h,018h,018h,03ch,000h,000h,000h,000h,000h,000h,000h,000h,000h,0dch
db 066h,066h,066h,066h,066h,066h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,03ch
db 066h,0c2h,0c0h,0c0h,0c0h,0c0h,0c2h,066h,03ch,000h,000h,000h,000h,02eh,057h
db 0cfh,06dh,0c5h,07eh,0feh,0eeh,0d7h,0ceh,0efh,07dh,0a2h,068h,08eh,047h,07dh
db 03dh,023h,018h,083h,0ffh,0eeh,0f7h,0eeh,07eh,077h,0fch,066h,061h,0f3h,043h
db 045h,053h,053h,021h,072h,0c7h,0ceh,0c6h,0cfh,0cfh,0d7h,07eh,056h,04dh,0feh
db 021h,0e4h,014h,0fdh,066h,067h,06eh,07dh,07dh,067h,076h,06fh,0e6h,047h,046h
db 047h,045h,054h,050h,05fh,05bh,021h,03ah,01eh,018h,05dh,05eh,05fh,07ch,045h
db 04eh,021h,07bh,001h,000h,045h,046h,050h,077h,0dch,0dfh,0edh,0fch,0ceh,07ch
db 04eh,0cfh,07dh,054h,046h,041h,0f4h,061h,0e5h,06fh,076h,067h,076h,076h,067h
db 0feh,054h,021h,008h,00ch,045h,053h,053h,07fh,070h,0fdh,031h,033h,03fh,030h
db 036h,05fh,043h,04fh,050h,059h,040h,023h,00fh,000h,047h,053h,045h,047h,052h
db 045h,041h,044h,021h,0bfh,00fh,000h,046h,053h,0d6h,0c7h,0d7h,0ceh,0ceh,0e7h
db 0deh,07ch,07dh,053h,054h,049h,04dh,045h,021h,05eh,011h,000h,047h,07fh,0d6h
db 0feh,0c9h,0c3h,0cfh,07ch,021h,0b6h,011h,000h,046h,053h,054h,052h,04ch,0ddh
db 07eh,067h,0edh,063h,068h,0ffh,05fh,04dh,04bh,04eh,041h,04dh,045h,0afh,003h
db 000h,006h,05fh,05fh,05fh,062h,072h,06bh,0f3h,000h,000h,008h,05fh,05fh,07fh
db 07ah,07fh,07eh,07dh,07ah,0dbh,018h,07eh,007h,05fh,05fh,05fh,073h,062h,072h
db 06bh,0f3h,000h,007h,05fh,05fh,072h,07fh,07eh,065h,072h,081h,000h,009h,05fh
db 07ah,06dh,0efh,0f7h,0f6h,0ffh,0f7h,0efh,0fch,03ch,006h,05fh,063h,070h,075h
db 074h,073h,068h,007h,000h,009h,05fh,063h,072h,065h,061h,074h,06eh,065h,077h
db 013h,006h,07eh,0dfh,0e7h,0f6h,07fh,067h,076h,076h,06dh,07dh,070h,013h,006h
db 000h,00ah,05fh,07eh,0e7h,0f6h,0e7h,07dh,0eeh,0eeh,0efh,0e7h,07dh,005h,000h
db 009h,05fh,066h,069h,06eh,064h,06eh,065h,078h,0feh,0a3h,00ah,009h,05fh,066h
db 070h,075h,074h,063h,068h,079h,07ah,0fbh,01ch,018h,05fh,07fh,07dh,07ch,07eh
db 069h,073h,06bh,0afh,008h,000h,01ch,07fh,07fh,07dh,07ch,07ch,07dh,078h,07ch
db 07fh,06eh,066h,06fh,0e1h,013h,000h,008h,05fh,068h,061h,072h,0feh,065h,072h
db 072h,02fh,00ch,000h,005h,05fh,069h,074h,07fh,06dh,0ceh,0c7h,0d7h,0dfh,0efh
db 0e7h,06dh,07bh,06dh,070h,078h,00dh,007h,05fh,0ffh,0ebh,0f4h,0e5h,0fdh,076h
db 09eh,00fh,0c6h,07fh,070h,075h,074h,063h,068h,062h,0d6h,0ffh,0f9h,040h,018h
db 000h,000h,000h,000h,000h,0e0h,0ffh,0c2h,041h
;********************输入启动密码 保存到21H 扇区 load address 0:8200h
prompt1 db 020h,020h,020h,0fdh,022h,045h,050h,093h,0fah,013h,03ah,0d3h,012h,012h,012h,012h
db 040h,0a0h,0a0h,010h,00eh,0f4h,000h,0c4h,054h,0d4h,054h,0d4h,054h,044h,044h
db 0cch,004h,002h,001h,001h,001h,002h,002h,002h,004h,004h,008h,008h,010h,020h
db 040h,080h,000h,000h,000h,000h,000h,080h,080h,080h,040h,040h,020h,020h,010h
db 010h,00eh,004h,001h,000h,01fh,010h,010h,010h,01fh,010h,010h,010h,017h,024h
db 024h,044h,087h,004h,000h,084h,0feh,004h,004h,004h,0fch,000h,000h,004h,0feh
db 004h,004h,004h,0fch,004h,000h,000h,07ch,000h,001h,0feh,010h,010h,020h,024h
db 042h,0feh,042h,001h,002h,004h,040h,040h,040h,044h,0feh,044h,044h,044h,044h
db 044h,084h,084h,084h,004h,028h,010h,002h,001h,07fh,042h,089h,028h,04bh,00ch
db 077h,001h,021h,021h,021h,021h,03fh,020h,000h,000h,0feh,002h,024h,0c8h,004h
db 010h,0f0h,000h,008h,008h,008h,008h,0f8h,008h,000h,07dh,010h,011h,011h,021h
db 03dh,065h,0a5h,024h,024h,027h,024h,03ch,024h,000h,010h,0f8h,010h,010h,010h
db 010h,010h,010h,0fch,004h,024h,0f4h,004h,004h,014h,008h,000h,000h,000h,000h
db 018h,018h,000h,000h,000h,018h,018h,000h,000h,000h,000h,000h,000h,000h,000h
db 000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h,000h
;prompt1_number dw 224
password_long dw 3 ;密码长度
password db 'pig',0 ,10 dup(0) ;密码存放处
password_buf db 20 dup(0) ; ;输入密码的缓冲区
cur_pos dw 0e20h
number dw 0
tmpdi dw 0
tmpal db 0
tmpip dw 0
tmpcs dw 0
;*************************************
;从此开始512字节为改写的硬盘引导程序,将被写入引导扇区
v1: ;hard disk boot from here!
mov ax,0
mov ss,ax
mov ds,ax
mov es,ax
mov sp,7c00h
sti
mov ah,0
mov al,03h
int 10h ;80*25 模式
mov cx,200h
mov si,7c00h
mov di,600h
rep movsb
db 0eah
dw bb-v1+600h,0h
bb:
mov ax,0600h
mov bh,00h
mov cx,0
mov dx,2050h
int 10h ;清屏
;***********************
;**********
mov ax,0201h
mov bx,8200h
mov cx,0021h
mov dx,80h
int 13h ; ;调字模到内存1
mov ax,0202h
mov bx,8400h ;调字模到内存2
mov cx,22h
mov dx,80h
int 13h
;*****************************
; the first begin
mov ax,0
mov es,ax
mov bp,08200h
mov ax,1100h
mov cx,14
mov bh,16
mov bl,0
mov dx,0d0h
int 10h ;将字模装入BIOS
;*****************
mov ah,2
mov bh,0
mov dx,0a18h
int 10h
mov word ptr cs:[8200h+cur_pos-prompt1],dx
mov cx,14
mov al,0d0h
rx: push cx
mov ah,09h
mov bl,0ah
mov cx,1
int 10h
inc al
mov ah,2
mov dx,word ptr cs:[8200h+cur_pos-prompt1]
inc dl
mov word ptr cs:[8200h+cur_pos-prompt1],dx
int 10h
pop cx
loop rx ;first end 显示 “输入启动密码:” 字符串
;**********************************
mov ax,0
mov es,ax
mov bp,08400h
mov ax,1100h
mov cx,12
mov bh,16
mov bl,0
mov dx,090h
int 10h
;*****************
mov ah,2
mov bh,0
mov dx,01738h
int 10h
mov word ptr cs:[8200h+cur_pos-prompt1],dx
mov cx,12
mov al,090h
rx2: push cx
mov ah,09h
mov bl,09eh
mov cx,1
int 10h
inc al
mov ah,2
mov dx,word ptr cs:[8200h+cur_pos-prompt1]
inc dl
mov word ptr cs:[8200h+cur_pos-prompt1],dx
int 10h
pop cx
loop rx2
;以上为显示 ”程序设计:Z.bin” 字符串
;***********************
;****************************************
mov ah,1
mov ch,19
mov cl,0
int 10h
;去掉光标
;;*********************************
nv4:
mov bh,0
mov dx,0a28h
mov ah,2
int 10h ; ;设光标
mov al,20h
mov bx,0ah
mov cx,12
mov ah,9
int 10h ;清除显示的密码星号 ‘*’
mov word ptr cs:[8200h+number-prompt1],0 ;存放输入的字符数
mov di,8200h+(password_buf-prompt1)
nv1:
mov word ptr cs:[8200h+tmpdi-prompt1],di
getmsg: mov ah,0 ;接收输入的密码
int 16h
cmp al,0dh ;按下enter 键
je nv2
inc word ptr cs:[8200h+number-prompt1]
cmp word ptr cs:[8200h+number-prompt1],11
jge getmsg ;输入大过十个时不干
mov byte ptr cs:[8200h+tmpal-prompt1],al
mov bh,0
mov dx,0a28h
mov ah,2
int 10h
mov al,'*' ; ;输入的密码以* 的方式显示
mov bx,0eh
mov cx,word ptr cs:[8200h+number-prompt1]
mov ah,9
int 10h
mov al,byte ptr cs:[8200h+tmpal-prompt1]
mov di,word ptr cs:[8200h+tmpdi-prompt1]
stosb ;将输入字符存储到 PASSWORD——BUF
jmp nv1
nv2:
mov di,word ptr cs:[8200h+password_long-prompt1]
cmp di,word ptr cs:[8200h+number-prompt1]
je nv3
jmp nv4
nv3:
mov di,8200h+(password-prompt1)
mov si,8200h+(password_buf-prompt1)
cld
mov cx, word ptr cs:[8200h+password_long-prompt1]
repe cmpsb ;比较输入的密码
je boot
jmp nv4
boot:
mov ax,0600h
mov bh,00h
mov cx,0
mov dx,2050h
int 10h ;清屏
;******** here is ok!
;************************************************
mov bx,13h*4 ; ;取INT 13H 的入口
mov dx,word ptr cs:[bx]
mov word ptr cs:[7c00h+ww-v1],dx
mov dx,word ptr cs:[bx+2]
mov word ptr cs:[7c00h+ww-v1+2], dx
;get intchar
dec word ptr cs:[413h]
dec word ptr cs:[413h] ;减小内存大小
mov ax,word ptr cs:[413h] ; [0000:0413H ] 记录内存的大小
mov cl,6
shl ax,cl
;dec the menory size
;***********************
mov bx,13h*4
mov word ptr cs:[bx],0000h
mov word ptr cs:[bx+2],ax
; set decnumber memory size
;*************************
mov es,ax
mov cx,200h
mov si,[7c00h+setint-v1]
mov di,0
rep movsb ;将改写的INT 13H 的中断处理程序移到内存顶端
mov ax,0
mov es,ax
;**************************
mov ax,201h
mov cx,13h
mov bx,7000h
mov dx,80h
int 13h
mov si,7000h+1beh
mov dx,word ptr [si]
mov cx,word ptr [si+2]
mov bx,7c00h
mov ax,0201h ;读取DOS BOOT SECTOR c/h/s 参数
int 13h
db 0eah
dw 7c00h,0000h ;远跳址 让DOS 引导程序得到控制权
;**************************
setint: ;截取INT 13H 的中断处理程序
cmp dx,0080h
jne xx
cmp cx,01h
jne xx
cmp ah,02h
jne xx
mov cx,13h ; ;如果读取 1 扇区 则改为读13H
xx:
jmp dword ptr cs:[ww-setint]
ww dw 0,0 ;跳到原来的BIOS 的INT 13H 处理程序
vv:
fil equ 509-(vv-v1)
db fil dup (0)
db 'B' ;硬盘锁是否安装的标志
dw 0aa55h
;***********************
second:
MOV AX,0201H
MOV BX,OFFSET BUF
MOV CX,01H
MOV DX,80H
INT 13H
CMP CS:[BUF+01FdH],'B' ;判断硬盘锁是否安装
JE install_yes
;****************************************
MOV CS:[BUF+01FdH],'B'
MOV AX,0301H
MOV CX,13H
mov bx,offset buf
mov dx,80h
INT 13H
;****************************************
mov ax,301h
mov bx,offset v1
mov cx,1
mov dx,80h
int 13h ;主引导山区 save the edited master booter sector!
;将改写的启动代码写入01H 扇区(从v1 偏址开始)
;****************************************
MOV AX,301H
MOV BX,OFFSET PROMPT1
MOV CX,21H
MOV DX,80H
int 13h ;将字模写入21H扇区
;***************************************
MOV AX,302H
MOV BX,OFFSET CPP
MOV CX,22H
MOV DX,80H
INT 13H ;将字模写入22H .23h扇区
;****************************************
EXIT:
mov ax,cs
mov ds,ax
lea dx,msg2
mov ah,9
int 21h
MOV AH,4CH
INT 21H ;退出
install_yes:
mov ax,cs
mov ds,ax
lea dx,msg1
mov ah,9
int 21h
jmp exit
BUF db 512 dup(?)
para db 20 dup (0)
old_ds dw 0
msg1 db ' # This Program Has Installed ! #',0dh,0ah,24h
msg2 db ' CopyRight Ver 1.0 Programming By Z.Bin 97-04-7 ',0dh,0ah,30 dup (20h)
db 'See You Later !',0dh,0ah,'Useing:',3 dup(20h),'HDD3.EXE #pxxxx Change Password !'
db 0dh,0ah,10 dup(20h),'HDD3.EXE #u Delete The Pc-lock ',0dh,0ah
db 10 dup (20h),'HDD3.EXE Lock Computer Default PSW: pig ',0dh,0ah,24h
msg3 db ' I Cannot Unistall It ! Because You Have Not Installed!',0dh,0ah,24h
msg4 db ' UnInstall Successful ! Bye Bye ! ',0dh,0ah,24h
code ends
end first
程序代码文件: HDD3.ASM MASM.EXE 编译 LINK.EXE 连接 VER 5.0
Getchar.c
Toasm.c
程序说明文件: README.DOC
程序执行文件: HDD3.EXE
程序运行环境: MSDOS 3.0 以上 [ 不可在WINDOWS 的 MSDOS 窗口中执行]
执行文件使用:
1. C:\> HDD3.EXE 实行加密 缺省密码:pig /* 输入时注意大小写 */
2. C:\>HDD3.EXE #pxxxxxxx 改变密码值 x 为密码 p 为保留字 /* 密码值最多10位 */
C:\HDD3 #pbanana 改变密码为banana /* 重新启动时输入banana 可启动系统*/
3. C:\HDD3.EXE #u 硬盘锁卸除,恢复原貌 /* 在硬盘锁未安装或硬盘锁卸除后不 可用此参数 */
程序文件: Getchar.c
将要显示的汉字以图形方式输出(采用PRINTF 函数),用GETPIXEL 函数取得象素点的颜色值,值为0则为0,值为非0的则转为1,存储为字模文件.
程序代码:
#define STRING "程序: Z.Bin CopyRight Ver 1.0 97-04-05" ;所要显示的汉字,可更改
#define CHAR_BYTE 40 //显示汉字的字节数 每个汉字2个字节
#define OUTPUT_FILE "c:\\dat" //输出的字模文件 C:\DAT
#define SIZE CHAR_BYTE*16 //8*25 模式的DOS 环境下字符成 8*16 的点阵
#include <stdio.h>
#include <graphics.h>
#include <conio.h>
#include <stdlib.h>
main()
{ int At_x,color;
int g=0;int m;
int CharNumber;
int k;
int i,j;
char buf[SIZE];
char *p;
char a;
FILE *fp;
initgraph(&g,&m,"");
p=buf;
if((fp=fopen(OUTPUT_FILE ,"wb"))==NULL)
return 0;
printf(STRING);
for(i=0;i<=223;i++)
{
buf[i]=0; }
At_x=0;
for(CharNumber=0;CharNumber<CHAR_BYTE;CharNumber++)
{
for(j=0;j<=15;j++)
{
for(i=0;i<=7;i++)
{
color=getpixel(At_x+i,j);
if(color)
{a=1; a=a<<(7-i);
(*p)=(*p)|a;
}
}
p++;
}
At_x+=8;
}
fwrite(buf,1,SIZE,fp);
fclose(fp);
/*getch();*/
closegraph();
return 0;
}
程序文件: Toasm.c
程序使用:
c:\>toasm
enter the file name:
c:\dat //用户输入
此时程序自动生成 dat.asm 文件
用户可编辑此文件,将 字符串 “begin:” 之后的数据(显示汉字的16进制形式)copy到汇编程序,进行编译.
程序代码:
#include <stdio.h>
#include <bios.h>
#include <io.h>
#include <dos.h>
#include <dir.h>
main()
{ char name[40];
FILE *p; int m,n;
char *v;
long size;
int i,j;
char ch;
char *first=" \tcode segment\n \t assume cs:code,ds:code \n \torg 100h\n begin:\n";
char *end=" \tcode ends\n \tend begin";
int len1,len2;
void *buf;
char drive[3];char dir[20];char fname[10];char ext[4];
char newname[50];
char *extt=".asm";
printf("enter the file name:\n");
scanf("%s", name);
if((p=fopen(name,"rb"))==NULL)
{ printf("cann't open < %s > file!\n",name);
exit(0);}
size=filelength(fileno(p));
buf=(char *)malloc(size);
fread(buf,size,1,p);
fclose(p);
fnsplit(name,drive,dir,fname,ext);
fnmerge(newname,drive,dir,fname,extt);
if((p=fopen(newname,"wb"))==NULL)
{ printf("can't creat < %s > file!\n",newname);
exit(0);
}
fprintf(p,"%s\n",first);
fprintf(p," db ");
for(i=0,v=buf;i<size;i++,v++)
{
n=*v;
m=n;
n=n&0x0f0;
n=n>>4;
m=m&0x0f;
if(i==0)
{fprintf(p,"0%x%xh,",n,m);
continue;}
if((i%15)==0)
{fprintf(p,"0%x%xh",n,m);
fputc(0x0d,p);
fputc(0x0a,p);
if(i==(size-1))
continue;
fprintf(p," db ");}
else
{if(i==(size-1))
fprintf(p,"0%x%xh",n,m);
else
fprintf(p,"0%x%xh,",n,m); }
}
fprintf(p,"\n%s",end);
fcloseall();
printf(" \t PLEASE EDIT %s\n",newname);
}