UNICODE_STRING
Attributes dword ?; , w. o3 a# [ K! N, O2 H& \, w1 E
SecurityDescriptor dword ?; PVOID // Points to type SECURITY_DESCRIPTOR
SecurityQualityOfService dword ?VOID // Points to type SECURITY_QUALITY_OF_SERVICE
OBJECT_ATTRIBUTES ends , ^ P/ ]5 w" }3 r, E+ I. b
, p# _2 ]7 n; n7 [3 O6 ]% ^
TRUSTEE struct : y" V2 p/ ]: |$ Z
pMultipleTrustee dword ?TRUSTEE
MultipleTrusteeOperation dword ?; MULTIPLE_TRUSTEE_OPERATION 4 d( F+ p" k) e
TrusteeForm dword ?;TRUSTEE_FORM
TrusteeType dword ?;TRUSTEE_TYPE
ptstrName dword ?;LPTSTR
TRUSTEE ends
# D9 Q7 X& ?2 S) D
- \4 h- t9 u. I0 x
EXPLICIT_ACCESS struct
grfAccessPermissions DWORD ?
grfAccessMode dword ? ;ACCESS_MODE " l4 O2 ?8 a4 r# D, o
grfInheritance DWORD ? ;
Trustee TRUSTEE <> ;( G5 _6 m {6 d# w! M& K+ f
EXPLICIT_ACCESS ends
5 L, p. L- j, K5 f4 ~& d% q7 O
MyGATE struct ;门结构类型定义) r* \5 v" }, b) g. t& t2 }2 [( @% U
OFFSETL WORD ? ;32位偏移的低16位
SELECTOR WORd ? ;选择子0 v. w m/ G9 C: Z5 j/ K
DCOUNT BYTE ? ;双字计数字段
GTYPE BYTE ? ;类型
OFFSETH WORD ? ;32位偏移的高16位6 Y' t Z* M; `8 @- c5 p
MyGATE ends
$ Z, O3 J4 D$ G- c4 d1 G
IDEINFO struct
wGenConfig dw ?
wNumCyls dw ?;拄面数
wReserved dw ?6 E7 ]8 P7 w2 } \. _0 b2 L! n) L
wNumHeads dw ?;磁头数6 E( P2 C2 n8 D: C8 U- Q9 w8 U$ y
wBytesPerTrack dw ?;每道字节数
wBytesPerSector dw ?;每扇区字节数* y, V2 r0 E$ }: v! B9 z0 F( i1 d/ [
wSectorsPerTrack dw ?;每道山区数
wVendorUnique dw 3 dup (?)* I7 \6 I$ ~. `( Y: W, P
sSerialNumber db 20 dup (?);硬盘序列号+ S( E ?* |5 f7 ~$ P( ?1 j: t
wBufferType dw ?;! e& u" p+ H1 E6 x# q, R
wBufferSize dw ?; ;n * 512
wECCSize dw ?
sFirmwareRev db 8 dup (?);
sModelNumber db 40 dup (?)
wMoreVendorUnique dw ?$ ~' p' c0 O: H+ N- E
wDoubleWordIO dw ?7 J, R2 P' V( J6 `8 F
wCapabilities dw ?3 x( Z' _1 c' a; |+ C
wReserved1 dw ?( k& x$ r d3 M7 L3 W U* @
wPIOTiming dw ?;( p% |/ J9 o7 A
wDMATiming dw ?;
wBS dw ?
wNumCurrentCyls dw ?;4 c) K. W! E8 y6 }9 V- \9 e
wNumCurrentHeads dw ?;
wNumCurrentSectorsPerTrack dw ?;( j/ m8 p9 Q- t* {6 J |+ A
dwCurrentSectorCapacity dd ?;
wMultSectorStuff dw ?;' F" P6 |5 R) k) V1 A: v
dwTotalAddressableSectors dd ?;( s/ Q# f8 p3 i2 K M# i- {
wSingleWordDMA dw ?;# F5 n/ _! C- B( l" S
wMultiWordDMA dw ?;- D/ `3 {) |! e" s9 v+ |! u
bReserved db 128 dup (?)$ s( X% ?5 G: `* X" T8 \
IDEINFO ends3 g2 x9 o/ `& B
SetPhyscialMemorySectionCanBeWrited proto :dword
MiniMmGetPhysicalAddress proto :dword
, w' J; H$ _" ^8 C% z" ]; p
ENTERRING0 macro
pushad 4 t) [, v8 }3 Z
pushfd - ~# w/ i: X5 V- W4 ?7 D! F0 F
cli: w9 P5 W$ W# Y: G# {3 |! L3 K. @0 J
mov eax,cr0 ;get rid off readonly protect
and eax,0fffeffffh5 z1 h, ~$ ^2 T. H# n. ]
mov cr0,eax2 D: C+ g- s5 W6 Y- S# T: c# j; P
endm* C8 C, `9 m" Q' l7 i+ @
- h/ U K$ A: Z$ i: l: }
LEAVERING0 macro# P8 O: n% G! }3 T3 V
mov eax,cr0 ;restore readonly protect& K$ N" V6 O, e% Y& N
or eax,10000h8 Z/ b7 {! k% Y0 P- s6 i
mov cr0,eax4 {' @( u2 p! o4 p M8 a( F3 B
sti: S% w5 l* Z/ n2 t
popfd ; J5 H7 R2 Y5 \. d: v5 ~* e# k
popad 7 A' \- L) h2 o% ] W7 Z* { s
retf
endm
UNICODE_STR macro str* a7 q; I3 U$ }6 m/ S1 L( D
irpc _c,<str>
db '&_c'
db 0
endm) }8 ~/ S9 z { Z- w9 c
endm, k5 X1 }; J; k, }/ t
.data?
GdtLimit dw ?
GdtAddr dd ?0 _2 }- I3 i2 q, ]7 f. p4 W
# D( T+ |9 W- g' {
mapAddr dd ?
OldEsp dd ?) U1 V# _7 S4 |, B- X- i- S
% q, z$ c% q) L! l- o& G5 L
readed dw ?4 v$ P, w# J; C6 ?
buffer db 512 dup(?)
ShowText db 512*3 dup (?)
9 Q- a8 D7 U: K0 `; d2 c0 O4 @+ N4 N
szBuffer db 1024 dup (?)4 N6 m) Z- A* l1 [9 u1 Y
szModelNumber db 41 dup (?)9 _8 E; D6 b: z) v' I
szSerialNumber db 21 dup (?)
szFirmwareRev db 9 dup (?)* w) [: _8 y8 U `; t- K
stIDEINFO IDEINFO . X6 a$ @2 H. t! k
! X% N B5 R' S. i
.data% N% R5 u8 [ t
align 4" O6 @2 x! J# s$ ?5 K
objname dw objnamestr_size,objnamestr_size+2( _3 p# w& Z9 Q/ X j' F5 U
objnameptr dd 0) C0 }1 }& {7 p( Q J5 N4 ~
objnamestr equ this byte8 x8 s- t: x2 f! `. w* p O
UNICODE_STR <\Device\PhysicalMemory>
objnamestr_size equ $-objnamestr
5 F# d; K* X. D; W) r
szTitle db 'IDE 硬盘信息',0" G4 z6 V3 v* X; }
szErrInfo db '无法读取硬盘信息',0: i8 T) d' ~ H+ v- F( a5 C
szIDEInfo db '柱面数 : %d',0dh,0ah
db '磁头数 : %d',0dh,0ah& K* F: i8 {. _5 M8 v7 {
db '每道扇区数 : %d',0dh,0ah
db '缓冲大小 : %d 扇区',0dh,0ah
db '硬盘型号 : %40s',0dh,0ah. m/ [" J% N* B* `8 v4 F* w% y
db '序列号 : %20s',0dh,0ah! c, X& e7 D5 ?
db '版本号 : %8s',0
' q( {$ }4 j4 H$ |
align 4
ObjAttr db 24 dup (0)
+ ?8 ~- l! E/ }/ z* f2 @
Callgt dq 0 ;call gate's sel
ff; N# o3 d V) O- Z0 n
Caption db 'Windows XP绝对磁盘读写',0& U2 ?7 j; [/ H* v) o: M
Digit db '0123456789ABCDEF',0" j$ M4 e; b9 `0 M% O' R8 n
.code# K. v: C: m+ A0 M) z! r
_ShowBuffer proc ;显示所读出的信息7 ^4 k+ I5 U, M* F: B: A
;把数据转换成16进制的形式( l# b/ k- W, e6 ^% k0 c9 z7 }; s
mov [readed],512
mov esi,offset buffer ;数据
mov edi,offset ShowText ;转换后的数据9 q4 x4 O1 w$ ~* c0 A0 d
mov ebx,offset Digit+ B' U( W2 O/ b: l2 D) N+ a& Q
xor ecx,ecx
xor eax,eax
computeAgain:
cmp [readed],0
jz endCompute+ g6 ]8 U3 B* ]! v* ? C; w9 B& }2 }
dec [readed]
lodsb& J$ t5 {# D' N/ o% i3 _) `
push eax
shr eax,4 ;高4位
xlatb
stosb
pop eax3 ~8 @' ]. p- X
and eax,0fH ;低4位) P5 |8 J/ C$ B3 _/ P' w
xlatb
stosb5 l: M0 q" k0 E1 j
mov byte ptr[edi],' ' ;空格/ K" R0 ~2 u" F) C# M
inc edi
inc ecx
cmp ecx,16
jnz computeAgain
xor ecx,ecx
mov byte ptr[edi-1],13 ;回车
jmp computeAgain
endCompute:7 A9 K& A: ?' B9 E; {2 o
;显示
invoke MessageBoxA,NULL,offset ShowText,offset Caption,MB_OK. p0 P$ X/ U+ n9 ~
ret
_ShowBuffer endp4 h. |9 O4 G" h0 S6 A
SetPhyscialMemorySectionCanBeWrited proc uses ebx esi edi hSection:HANDLE - U. d8 S" Y3 J; U
local pDacl: PACL 0 J8 k. N3 r* E4 ]+ O
local pNewDacl
ACL
local pSD SECURITY_DESCRIPTOR 6 o% s @) B3 w& e- c5 N, o
local dwRes:DWORD ;
local ea:EXPLICIT_ACCESS ;
invoke GetSecurityInfo,hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION, NULL,NULL, addr pDacl,NULL, addr pSD6 }" r/ \. }# W
cmp eax,ERROR_SUCCESS
jz @f- }' j; K% m" S- N! [
jmp OutSet: [! B, ^# D' N! ]
@@:7 _* y k' S7 C9 ~, W! l
mov dwRes,eax, O% j1 {* N$ J2 {5 V7 U# L
mov ea.grfAccessPermissions ,SECTION_MAP_WRITE;2
mov ea.grfAccessMode ,GRANT_ACCESS;12 ]2 _8 u3 }3 Q* |3 ~7 d4 Q! m
mov ea.grfInheritance,NO_INHERITANCE;05 a3 D5 ?- N; u, Z6 h
mov ea.Trustee.pMultipleTrustee,0+ n4 g1 A! L- K
mov ea.Trustee.MultipleTrusteeOperation,0
mov ea.Trustee.TrusteeForm,TRUSTEE_IS_NAME;15 O1 N+ ^; u _
mov ea.Trustee.TrusteeType,TRUSTEE_IS_USER;1# M/ b8 Y7 H! |' n- V/ R5 [
call @f
db "CURRENT_USER",0
@@:/ R4 E0 Z5 a9 r" r0 D" k
pop edx1 T9 X2 L- w7 a3 y4 V
mov ea.Trustee.ptstrName,edx
invoke SetEntriesInAcl,1,addr ea,pDacl,addr pNewDacl7 v1 Q: q' S$ g: ?! b
cmp eax,ERROR_SUCCESS0 z! L/ ^- e+ O6 ]- T
jz @f
jmp OutSet. @' N# i9 B2 q6 h+ l6 R \
@@:
invoke SetSecurityInfo,hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION, NULL,NULL,pNewDacl,NULL
OutSet:
cmp pSD,0
jz @f
invoke LocalFree,pSD
@@:
cmp pNewDacl,0) q7 p8 f) V; v- O0 k3 {
jz @f/ B/ p% C( C, c3 {, @; J/ t: Y
invoke LocalFree,pNewDacl
@@:
ret/ G! j- l3 I# C3 A! |
SetPhyscialMemorySectionCanBeWrited endp- m3 u0 r$ F8 ~7 k; }
MiniMmGetPhysicalAddress proc virtualaddress:dword* |5 S7 Z4 p5 O8 S* s3 M6 w
mov eax,virtualaddress
cmp eax,80000000h. h& `/ [9 R8 q- Z
jb @f% w$ b. @( r. ~
cmp eax,0a0000000h
jae @f
and eax,1FFFF000h& b) P7 N" V& k6 P7 L' J
ret
@@:
mov eax,0
ret
MiniMmGetPhysicalAddress endp
ExecRing0Proc proc : T" g5 q1 k- m; k
local tmpSel:dword" @4 j; |( n7 o$ T- I3 @8 C
local setcg:dword
local BaseAddress:dword) |, Z8 ]2 r, p& {- c
local NtdllMod :dword( }/ z3 c3 Z% w
local hSection:HANDLE
local status:NTSTATUS
local objectAttributes:OBJECT_ATTRIBUTES ( z* W+ }7 ~/ N$ L
local objName:UNICODE_STRING
mov status,STATUS_SUCCESS; ; k. [, a9 w/ z; I( N% {
sgdt GdtLimit3 q' H6 z" S/ k8 o4 x) K6 K
invoke MiniMmGetPhysicalAddress,GdtAddr+ W; n+ L6 U* a
mov mapAddr,eax# p' }/ |6 Z3 ^' M8 U
test eax,eax) C* m" S0 ~& d- F6 W3 F
jz Exit1 i( |3 O2 _- W d. B) I6 I# P
call @f y' O" F2 K- e! S
db "Ntdll.dll",0
@@:3 N2 ]" ^$ U- P5 ]% ~
call LoadLibraryA
mov NtdllMod,eax8 E' e0 F) P" v
lea edx,objnamestr1 G: j7 C: Y1 A u3 q
mov objnameptr,edx
lea edi,ObjAttr$ \; i* G7 t# ^
and di,0fffch ;align to 4 bytes,or ZwOpenSection will fail
push edi ;edi->ObjAttr: _- F9 [' \9 T3 l7 u4 s! }4 c( j
push 24 ;length of <\Device\PhysicalMemory>
pop ecx6 `. _ V9 Q3 _1 q3 v9 T
push ecx
xor eax,eax
rep stosb ;put ObjAttr with 0
pop ecx
pop edi
mov esi,edi
stosd+ c9 M5 E, M8 m! z/ b
mov dword ptr[esi],ecx4 c1 A: S2 Y5 ]& b
stosd # c0 g1 ^/ b3 R" ^& |
lea eax,[edx-8] ;eax->objname/ q Q2 |( u# l( I) Q
stosd ;ObjAddr(18h,00,00,00,00,00,00,00,offset objname,40,02,00,00,dd 2 dup(0)
mov dword ptr [edi],240h( ] U; M. H3 h' o+ @' _
call @f
db "ZwOpenSection",0
@@:& Z; o) X! I. J- Q3 F( w
push NtdllMod$ V4 B5 D+ U* q: N, [2 i1 k
call GetProcAddress
mov ebx,eax ;ebx=ZwOpenSection
! I2 j0 L% c8 ~4 Q: p
push esi ;esi->ObjAttr
push SECTION_MAP_READ or SECTION_MAP_WRITE
lea edi,hSection
push edi ;edi->hSection" U1 r- B& R0 t; V2 P
call eax ;ZwOpenSection(&hSection,SECTION_MAP_READ or SECTION_MAP_WRITE,ObjAttr)+ Z1 q- v) L$ C
mov status,eax
cmp status,STATUS_ACCESS_DENIED& R' ^- i; s4 J( l/ H
jnz AccessPermit) f# v3 [2 r9 i/ @: a3 a+ J
mov eax,ebx- N$ i) b. v) l d3 Y0 c7 }2 G/ _
push esi
push READ_CONTROL or WRITE_DAC # C# c/ |- _% I- N: `0 i
push edi
call eax
$ j1 }, k6 A/ g' T* v
mov status,eax' y1 G' Z) K8 ], {. N
invoke SetPhyscialMemorySectionCanBeWrited,hSection # Z. \8 A2 g9 a
call @f$ D, r1 Q M& L
db "ZwClose",0
@@:
push NtdllMod
call GetProcAddress
push hSection
call eax ;zwClose hSection' Z6 M I. f5 R. R$ N
3 O! {( K7 _( x m% [
mov eax,ebx% z% {$ J/ o# u# m) S" F2 u5 d
( ~6 Z+ w0 [ j4 K6 i1 Z: B
push esi
push SECTION_MAP_READ or SECTION_MAP_WRITE ! b; p% J( c1 @! ?- Q
lea edi,hSection% l5 k2 w* b8 r7 c+ x
push edi
call eax$ L( S3 o$ O" h7 v
mov status ,eax
;status =ZwOpenSection(&hSection,SECTION_MAP_WRITE|SECTION_MAP_WRITE,&objectAttributes);
AccessPermit:
cmp status ,STATUS_SUCCESS 2 ?* h+ m o q1 s
jz @f
;printf("Error Open PhysicalMemory Section Object,Status:%08X\n",status); % j* }) c9 D* ]$ H
;return 0;
mov eax,03 p0 e6 [1 ^' Z) |
ret
@@:
movzx eax,word ptr[GdtLimit]
inc eax
invoke MapViewOfFile,hSection, FILE_MAP_READ or FILE_MAP_WRITE, 0, mapAddr, eax
mov BaseAddress,eax5 t+ K8 E& L8 ], k0 z! d8 K( H
cmp BaseAddress,0
jnz @f5 k% P' \* t" m0 t4 Z4 o- h3 E
;printf("Error MapViewOffile:"); ! K# i2 ^3 C1 D: y
rintWin32Error(GetLastError()); return 0;
mov eax,0
ret
@@: 6 d- J: s, S6 o6 E/ {/ T" F- w0 h
mov esi,eax ;esi->gdt base
mov ecx,3e0h: M3 p/ F) E$ z2 n) ^) d8 t
mov eax,GdtAddr1 N% P' l7 H2 E* B4 M9 ~1 o$ q
.if dword ptr [esi+ecx+2]!=0ec0003e8h
mov byte ptr [esi],0c3h# D" a9 O L$ n
0 a8 N+ `! X& x/ u+ a
mov word ptr [esi+ecx],ax( H* ^; }) ?* _1 Y( e2 Y5 i
shr eax,167 ^/ F3 b; U# r7 i
mov word ptr [esi+ecx+6],ax' Y6 J, U* z% T0 J# |7 ?3 t2 {6 @( C) a
mov dword ptr [esi+ecx+2],0ec0003e8h4 o9 U( `* C) ?( J( Y
mov dword ptr [esi+ecx+8],0000ffffh
mov dword ptr [esi+ecx+12],00cf9a00h
.endif, \2 l/ e3 t' |0 K5 s/ A
, a! J- E4 l+ T7 \& V2 F; E
mov setcg,TRUE
cmp setcg,0
jnz ChangeOK
call @f, P" T* S5 {# D7 O6 e
db "ZwClose",02 B! C3 u# q7 B+ S; y. ^
@@:
push NtdllMod! H) `9 n: z6 C6 p/ @
call GetProcAddress- n! A/ l) R/ m. Z
push hSection- }! p3 D8 p, |
call eax
xor eax,eax5 n5 b3 [3 w; }& }' a- h5 c
ret2 |1 k1 Z, K( F X
ChangeOK:
and dword ptr Callgt,0 * V7 e7 b j( [. ~
xor eax,eax
mov ax,3e0h
or al,3h- a4 c6 F4 c! q
mov word ptr [Callgt+4],ax / O$ g; Q! D- {: k& ]& I
;farcall[2]=((short)((ULONG)cg-(ULONG)BaseAddress))|3; //Ring 3 callgate; + C; A. |0 t/ Q) {: N
lea eax,_Ring0Proc9 h" M* |3 M4 [# c# J2 |
;invoke VirtualLock,eax,seglen : X. Z% P, q' J+ J% \6 ~6 J2 ]
test eax,eax- P. K( P; E$ g9 N- R# f1 @
jnz @f
xor eax,eax
ret
@@:
invoke GetCurrentThread
invoke SetThreadPriority,eax,THREAD_PRIORITY_TIME_CRITICAL " ?+ \) [+ W& j* E1 g& M
& ~& z4 c6 ]: F. R, r
invoke Sleep,0
call fword ptr [Callgt] ;use callgate to Ring0!
;_asm call fword ptr [farcall]
_Ring0Proc: ; Ring0 code here..
mov eax,esp ;save ring0 esp
mov esp,[esp+4];->ring3 esp
push eax& m1 J. q: Z3 X0 z) r
mov ebx,offset stIDEINFO. M; h# C' K$ S" G
assume ebx:ptr IDEINFO
;********************************************************************" Y d* Q0 `6 v
; 等待硬盘就绪& p: A2 `+ c; g' _# a5 {5 h$ d
;********************************************************************& R' x" f9 `$ P& u5 q P) B
mov ecx,10000h
mov dx,01f7h7 G# v# q% Z2 z1 |: H
@@:
in al,dx) n3 {: J/ H( }! D
cmp al,50h5 y1 v7 v, d9 j0 J
jz @F1 s' s% g! @/ O
loop @B( r$ ?+ t# T8 W; F9 `; b; H
jmp _II_TimeOut
@@:) V. Z8 I4 e5 Y5 B
;********************************************************************
; 发送命令7 r* w% Q; t+ Y+ H
; 如果向主控制发送命令,则端口为 1f0h-1f7h3 S1 z) f. E; z3 D) @0 j
; 如果向副控制发送命令,则端口为 170h-177h
; 1f6h 如果要检测的设备为该IDE接口的主(MASTER)设备, b1 e# h5 `7 Y* p
; 那么发送 a0,如果为从那么发送 b0
; 1f7h 如果要检测的设备为 ATA 设备那么发送 ec$ P6 ]' X' g5 I! N; }% p! Y
; 如果为 ATAPI 设备那么发送 a1, q5 f% F2 a; C- r
;********************************************************************( y! q! T0 H( V$ b* x
mov al,0a0h ;Drive 0,Head 0
mov dx,01f6h ;Drive and head port, M& i. E7 J0 Q9 ^- s# |
out dx,al
mov al,0ech
inc dx ;Command port' _) O4 h% p0 w) b9 |7 h& b3 a, p- J
out dx,al/ y: `' u/ h3 [$ j- |8 e' h% i
;********************************************************************
; 等待硬盘就绪2 I3 `3 [$ f. a. o! o1 `: b, l
;********************************************************************3 l; w7 x+ C. H- `8 j. E0 T
mov ecx,10000h
@@:/ C2 l' @( {7 W: u' n7 e" G! c
in al,dx;1f7 (r-status register)
cmp al,58h;(driver is ready ,and seek complete)2 Z. s8 D1 U0 v" }" d9 F/ y
jz @F* c$ R% Y, R2 l
loop @B
jmp _II_TimeOut
@@:
;********************************************************************
; 将返回信息读回
; 注意一定要读满 100h 个字长& k7 W4 s/ I# [& w p% H
;********************************************************************
cld
mov edx,01f0h;data port - data comes in and out here; F3 i( |; ~ X5 K1 M
mov edi,ebx
mov ecx,0100h
rep insw) b- D# ?" L& L3 Y. E; Y5 V
;********************************************************************
; 返回的信息中,型号、序列号、版本号为字形式# H W d0 h; N, {. c- i8 B" v2 f
; 需要整理到字符串的形式
;********************************************************************
lea esi,[ebx].sSerialNumber& |* x( P% m+ K8 A" e
mov edi,esi) F+ ^! e& G$ F2 S+ O
mov ecx,108 M; N4 q8 @- [1 T) Q' \. A" W
@@:% Q% g8 v- x4 s$ @
lodsw5 r( p5 b2 i% ?1 S9 R" H2 Q
xchg ah,al
stosw1 Z4 w, D. z( y# D) x
loop @B/ K' ]2 e7 h/ h0 O; V! c. v
" u" `( d' B8 P O7 M: d' p
lea esi,[ebx].sFirmwareRev, F$ u8 E8 a4 _% I0 y8 h4 {$ ~
mov edi,esi1 i1 p( }# m: o# Z- x+ P4 m$ E) ^6 U
mov ecx,24
@@:
lodsw
xchg ah,al. p0 i! e9 f, Q
stosw. {9 f, b, v, Q8 t
loop @B0 h0 K8 V1 f: H, F: O0 x9 H
_II_TimeOut:
assume ebx:nothing
pop esp ;restore ring0 esp G6 t+ O2 A0 L* x- _4 Z
push offset Ring3
retf2 |6 p! Z& x6 w- I5 g
Ring0CodeLen=$-_Ring0Proc) Y, |- e+ e: b" Q, C4 M$ D( r$ i, Y
, v4 C* ^( O8 n! O- t% ^
Ring3:
invoke GetCurrentThread
invoke SetThreadPriority,eax,THREAD_PRIORITY_NORMAL 1 Y7 p6 _5 C6 l# ]# G7 G6 k
& x, Q5 ?$ i- H) R( A4 C4 [
;invoke VirtualUnlock,Entry,seglen 7 P: Y( o8 L; }
call @f S0 ^7 s q: O5 Y. L9 w
db "ZwClose",0
@@:! a7 Z# G5 T% c% t4 ?
push NtdllMod
call GetProcAddress
push hSection
call eax
mov eax,TRUE5 Z( [+ U* F4 `- |1 H& t
ret0 V: z' {) b/ |1 X6 I
ExecRing0Proc endp
main:7 @* l3 K- S0 y4 D0 c4 r3 m
assume fs:nothing
push offset MySEH- F) f+ ?6 ^) |' [2 U6 T
push fs:[0]
mov fs:[0],esp* H6 q7 Z) t0 M
mov OldEsp,esp
mov ax,ds ;if Win9x?
test ax,42 e8 C( ?: R- u5 X* |
jnz Exit14 w, f7 }9 r- c) T: m
invoke ExecRing0Proc
- _5 X# L% T7 }9 K6 g
.if stIDEINFO.wNumCyls- `2 \; S6 @# x- }
lea esi,stIDEINFO.sModelNumber
mov edi,offset szModelNumber* L5 J. D; U0 q- I* U- o1 m
mov ecx,sizeof stIDEINFO.sModelNumber0 e5 g9 d& z5 X O. U+ k
rep movsb# m4 C; C [1 W; T1 \5 t5 r
3 K# Z9 \) P, b. r9 @( B! h
lea esi,stIDEINFO.sSerialNumber ^; c. ^, o& z
mov edi,offset szSerialNumber1 h }1 q# C/ M, ~+ E
mov ecx,sizeof stIDEINFO.sSerialNumber
rep movsb) H1 t/ u+ Y" L6 o$ {$ p |- M
; |) ~# B8 w0 [8 W' L
lea esi,stIDEINFO.sFirmwareRev5 p7 s) }0 G9 Y4 p5 ^* }5 `) }
mov edi,offset szFirmwareRev
mov ecx,sizeof stIDEINFO.sFirmwareRev& H3 `# M6 G* D( n
rep movsb
, u+ g* [8 A1 l( _1 L0 k! I
movzx eax,stIDEINFO.wNumCyls
movzx ebx,stIDEINFO.wNumHeads
movzx ecx,stIDEINFO.wSectorsPerTrack& E/ G" ?1 c8 w, k1 R
movzx edx,stIDEINFO.wBufferSize
invoke wsprintf,addr szBuffer,addr szIDEInfo, eax,ebx,ecx,edx, addr szModelNumber, addr szSerialNumber, addr szFirmwareRev. s t, r+ P6 }) h) D2 |2 h8 t
mov eax,offset szBuffer" d* s. @: Y) R% h# b2 {) o
.else! ]& U4 \' o- ~, ~7 E! j, ^. h/ t
mov eax,offset szErrInfo
.endif
@@:
invoke MessageBox,NULL,eax,addr szTitle,MB_ICONINFORMATION or MB_OK
Exit1:3 _1 X7 Y2 K c
pop fs:[0]8 Y; P7 y: U: n# u" E8 w
add esp,4
invoke ExitProcess,0
) W. k5 J$ q a3 n; z: |9 ]) m
MySEH :
mov esp,OldEsp
pop fs:[0]
add esp,4
invoke ExitProcess,-1& w8 ]. h; `2 ~: Q( N! p
end main
. G1 J6 J. m B" A/ x
| 欢迎光临 下沙论坛 (http://bbs.xiasha.cn/) | Powered by Discuz! X3.3 |