UNICODE_STRING
Attributes dword ?; ' ^; `$ H @) S/ @9 i5 ~5 _" f/ ^( F
SecurityDescriptor dword ?; PVOID // Points to type SECURITY_DESCRIPTOR
SecurityQualityOfService dword ?VOID // Points to type SECURITY_QUALITY_OF_SERVICE 0 M* r D2 f! h5 R# V
OBJECT_ATTRIBUTES ends : i+ z* |% K0 I- \9 L
TRUSTEE struct
pMultipleTrustee dword ?TRUSTEE
MultipleTrusteeOperation dword ?; MULTIPLE_TRUSTEE_OPERATION
TrusteeForm dword ?;TRUSTEE_FORM, _# m, M% E3 g" e) c
TrusteeType dword ?;TRUSTEE_TYPE
ptstrName dword ?;LPTSTR 6 \# ?7 d( n& a7 y3 p A
TRUSTEE ends7 f- X& B: f# Q6 [% h' }
EXPLICIT_ACCESS struct
grfAccessPermissions DWORD ?
grfAccessMode dword ? ;ACCESS_MODE ) u9 v5 h+ I% O
grfInheritance DWORD ? ;/ R1 q- n: k. ~- _: N
Trustee TRUSTEE <> ;0 \0 u: N; d9 G; L/ Z7 n7 R
EXPLICIT_ACCESS ends* A. \; y& X7 S' }* }
MyGATE struct ;门结构类型定义& t7 D% x: w1 O
OFFSETL WORD ? ;32位偏移的低16位' \. H. x8 ]$ M2 G
SELECTOR WORd ? ;选择子& {: i. i; B! s
DCOUNT BYTE ? ;双字计数字段
GTYPE BYTE ? ;类型+ N% M, ^2 ^5 b
OFFSETH WORD ? ;32位偏移的高16位
MyGATE ends& J% ?$ |" ]0 }8 L
% k( u' T9 F* q) y- r4 d: q
IDEINFO struct# s) E0 O! Z8 B" h
wGenConfig dw ?
wNumCyls dw ?;拄面数
wReserved dw ?
wNumHeads dw ?;磁头数
wBytesPerTrack dw ?;每道字节数7 }' l3 t3 D7 T
wBytesPerSector dw ?;每扇区字节数& P! {1 N- m7 @ t
wSectorsPerTrack dw ?;每道山区数) Q. j- J3 M+ S( n. Z! O2 _
wVendorUnique dw 3 dup (?)
sSerialNumber db 20 dup (?);硬盘序列号
wBufferType dw ?;
wBufferSize dw ?; ;n * 5124 c: n m5 R& S& n
wECCSize dw ?- b$ j( u8 {* o+ x- S+ u) J! f
sFirmwareRev db 8 dup (?);
sModelNumber db 40 dup (?)
wMoreVendorUnique dw ?6 h# Q6 n" J7 [3 E
wDoubleWordIO dw ?, e0 @+ L2 x/ ~" G9 z Z6 z" M0 l
wCapabilities dw ?
wReserved1 dw ?
wPIOTiming dw ?;! h8 f( a3 z. @$ v
wDMATiming dw ?;
wBS dw ?/ O" } l" \& u
wNumCurrentCyls dw ?;
wNumCurrentHeads dw ?;2 w& l/ M5 {9 Z- [) l- \1 u1 M
wNumCurrentSectorsPerTrack dw ?;
dwCurrentSectorCapacity dd ?;: u3 F( n# F+ Z4 `- Q
wMultSectorStuff dw ?;% v- x; q& H$ k" X9 U' m B) o. J
dwTotalAddressableSectors dd ?;3 R/ j, x( e4 y7 Y0 J
wSingleWordDMA dw ?;, P8 l/ F, {* ^: X
wMultiWordDMA dw ?;: z; W# D( B, O$ @* |- g; ?! u' t M
bReserved db 128 dup (?)- r a0 E5 S& @
IDEINFO ends1 p" a- A. U1 k) w9 @2 c
: m5 `1 N$ m) J" r6 b" q1 q' G
) H1 x! W& ~$ r: R0 a
SetPhyscialMemorySectionCanBeWrited proto :dword
MiniMmGetPhysicalAddress proto :dword s2 O. g' l! a' U' r
5 X3 d( j# a3 y# b0 S! _) @% r; ~6 {
ENTERRING0 macro$ f' g! U9 d/ D) _# \
pushad
pushfd p% s, K& x! G) M9 m# u# }
cli$ k/ M4 b, {5 m" w7 f) ?, \
mov eax,cr0 ;get rid off readonly protect& a$ p9 I% B; t, H
and eax,0fffeffffh
mov cr0,eax: X1 J9 A! N% P
endm
LEAVERING0 macro
mov eax,cr0 ;restore readonly protect
or eax,10000h
mov cr0,eax) c; b+ g. d: `* d+ i6 C
sti# N3 E. ^1 w D7 N0 K/ @6 _4 H" o) c
popfd % K6 ?3 I1 G# g4 S4 W% Q! Q
popad
retf( x2 \0 J& {6 H% I) u8 _/ e! }. z0 |+ n
endm1 h7 Z; u4 {9 o9 `) A7 M
3 u( [# W1 ?) j; D- [- p7 y, _3 g X
UNICODE_STR macro str
irpc _c,<str>
db '&_c'5 c5 [5 y2 S6 p4 S
db 0
endm
endm
.data?) b. M1 \3 b# d y
GdtLimit dw ?* l7 C& M$ m, u/ a
GdtAddr dd ?
( U, z" `$ [3 X, z+ L
mapAddr dd ?! s. S& ], @5 J# H- a
OldEsp dd ?" j8 u/ m0 d/ f k3 E
$ y$ M' P# p8 W+ Z H
readed dw ?; Q' ~! y' ? O6 ` D
buffer db 512 dup(?)
ShowText db 512*3 dup (?): y5 }9 w7 f7 X+ g( {$ t0 C3 C
szBuffer db 1024 dup (?)# S# y0 K% M# h
szModelNumber db 41 dup (?)! o: H+ j4 u4 t" z1 `; k
szSerialNumber db 21 dup (?) R5 a6 r1 Y; \5 x2 P( x
szFirmwareRev db 9 dup (?)
stIDEINFO IDEINFO 2 K3 s2 k5 k8 \: }1 e
5 g) a9 T" z5 S+ h
.data2 k. ?& |$ r0 X7 H
align 41 b; y6 b$ y! O* E
objname dw objnamestr_size,objnamestr_size+2# d7 v$ L$ W& o+ c0 Q
objnameptr dd 0
objnamestr equ this byte
UNICODE_STR <\Device\PhysicalMemory>6 r8 g1 a& H1 j4 Q0 t% @- _( J$ V
objnamestr_size equ $-objnamestr
szTitle db 'IDE 硬盘信息',0
szErrInfo db '无法读取硬盘信息',0
szIDEInfo db '柱面数 : %d',0dh,0ah
db '磁头数 : %d',0dh,0ah/ ~ ` a; I: V1 K
db '每道扇区数 : %d',0dh,0ah
db '缓冲大小 : %d 扇区',0dh,0ah
db '硬盘型号 : %40s',0dh,0ah
db '序列号 : %20s',0dh,0ah
db '版本号 : %8s',0
- Q" [) g5 W V/ j
align 4
ObjAttr db 24 dup (0)
. i2 m( {. Z" p) j
Callgt dq 0 ;call gate's sel
ff% \7 h$ B0 H# [+ P4 ]" @6 B/ [
Caption db 'Windows XP绝对磁盘读写',0
Digit db '0123456789ABCDEF',0/ Y- V, V% o6 L7 L$ Q% d: k, I/ j
.code
_ShowBuffer proc ;显示所读出的信息" h) w3 e4 s8 b* L+ S
;把数据转换成16进制的形式
mov [readed],512
mov esi,offset buffer ;数据+ R% x" i( A7 s2 M: K% g
mov edi,offset ShowText ;转换后的数据8 B4 W) ]: J Y+ b2 P0 o9 Y/ y
mov ebx,offset Digit
xor ecx,ecx1 x# {: \+ g% S( s
xor eax,eax- e0 H2 l, U# A2 }- t2 r
computeAgain:
cmp [readed],0. \/ W* }; \* {( U; G* x# S
jz endCompute
dec [readed]
lodsb9 V' Y* c4 E! O# n6 N% _1 j& R/ R$ h
push eax/ l& t; ~0 l9 h( G, u S
shr eax,4 ;高4位! I/ L) m9 y" g: R3 q0 `% K% E8 E
xlatb
stosb
pop eax+ V5 m4 `8 S+ A8 l1 \' z/ |
and eax,0fH ;低4位0 ~5 e& |. r, J* M e
xlatb
stosb( i0 k. _" B" n
mov byte ptr[edi],' ' ;空格0 g8 T6 V4 F' E9 w* j& r
inc edi9 D9 z) t! q9 X; P
inc ecx
cmp ecx,16% T* f1 a' q( { a) C
jnz computeAgain1 K0 g- ^6 v+ Q1 N1 Q& U
xor ecx,ecx- m* `6 A1 j- R: E
mov byte ptr[edi-1],13 ;回车- `" |: w- |+ G- T
jmp computeAgain
endCompute:- V9 E# r! s7 t7 `9 \
;显示; A9 x# ?4 q6 b {( r8 t/ u8 v" Y
invoke MessageBoxA,NULL,offset ShowText,offset Caption,MB_OK& S% V8 c3 k8 D( X \& E
ret
_ShowBuffer endp! }4 y8 Q4 }% W& W( d
SetPhyscialMemorySectionCanBeWrited proc uses ebx esi edi hSection:HANDLE 5 ~; F. m5 T; b0 r; L0 H. B
local pDacl: PACL 6 O# b1 W S# y# v( d
local pNewDacl
ACL
local pSD SECURITY_DESCRIPTOR
local dwRes:DWORD ;
local ea:EXPLICIT_ACCESS ;
invoke GetSecurityInfo,hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION, NULL,NULL, addr pDacl,NULL, addr pSD0 i4 H: x' S, k( O" x+ Q$ {+ X! ~
cmp eax,ERROR_SUCCESS+ \2 B" E5 q7 B0 d3 K1 b! O
jz @f
jmp OutSet2 O" j% D* l* T
@@:8 U" o9 F, |/ n! c( G1 g! u
mov dwRes,eax# O9 Q2 g5 F4 D1 j
mov ea.grfAccessPermissions ,SECTION_MAP_WRITE;2: [0 H; F/ r% u' p' j) j6 @% z, U. f
mov ea.grfAccessMode ,GRANT_ACCESS;1
mov ea.grfInheritance,NO_INHERITANCE;0
mov ea.Trustee.pMultipleTrustee,03 `* L4 P7 R# w$ |* x) y6 q
mov ea.Trustee.MultipleTrusteeOperation,03 i! e8 R% U3 f) }+ Q+ W, d- p5 u
mov ea.Trustee.TrusteeForm,TRUSTEE_IS_NAME;1
mov ea.Trustee.TrusteeType,TRUSTEE_IS_USER;1
call @f
db "CURRENT_USER",0; Y: X" P X8 a! M! `1 A
@@:: x* h0 b/ ^$ A: `
pop edx
mov ea.Trustee.ptstrName,edx
invoke SetEntriesInAcl,1,addr ea,pDacl,addr pNewDacl: S7 ^: h- l9 f3 p4 R
cmp eax,ERROR_SUCCESS
jz @f8 `) Z% B1 p2 t# P X
jmp OutSet$ g0 m8 A4 E$ g& Y, b# U, n
@@:% v- b2 T) l* l9 i( }
invoke SetSecurityInfo,hSection,SE_KERNEL_OBJECT,DACL_SECURITY_INFORMATION, NULL,NULL,pNewDacl,NULL
OutSet:+ C/ d0 x3 K6 |' a
cmp pSD,0
jz @f# H$ Y. I4 H8 l8 r- z) b
invoke LocalFree,pSD! ^0 O, ^$ T4 V8 J
@@:
cmp pNewDacl,0) V. T0 I6 {" G# N% E1 f; D G
jz @f2 h$ v8 |& p) y$ ]: @2 K
invoke LocalFree,pNewDacl( e5 |5 a8 P6 S4 s
@@:
ret
SetPhyscialMemorySectionCanBeWrited endp
MiniMmGetPhysicalAddress proc virtualaddress:dword
mov eax,virtualaddress
cmp eax,80000000h
jb @f+ C3 _* G4 ~* W& W0 A
cmp eax,0a0000000h
jae @f
and eax,1FFFF000h) w) o3 E# A0 g- T, u) a4 l. Z
ret
@@:0 K* k( B( |; ^1 x( B3 e4 w0 k
mov eax,0& _2 w; t) s: c" ~/ W
ret
MiniMmGetPhysicalAddress endp
ExecRing0Proc proc
local tmpSel:dword4 D+ r! B K% y+ b. F
local setcg:dword
local BaseAddress:dword/ N7 l& R0 Y1 b: ^
local NtdllMod :dword% L1 Y, w& y& r9 w6 q
local hSection:HANDLE
local status:NTSTATUS
local objectAttributes:OBJECT_ATTRIBUTES $ c* E% @7 o. {( f
local objName:UNICODE_STRING6 V8 \8 @; n `9 o/ L# G4 W' B
mov status,STATUS_SUCCESS;
sgdt GdtLimit+ |1 a- I; f$ Y F
invoke MiniMmGetPhysicalAddress,GdtAddr
mov mapAddr,eax+ [ J% x1 p6 Q5 z9 E; U
test eax,eax( a) `& j/ o$ E
jz Exit1" M! [& U5 O9 F7 n; Z% G
call @f8 p# t7 g$ B3 J
db "Ntdll.dll",03 x" B5 z. T: T0 r4 U
@@:
call LoadLibraryA4 x7 E* ^( b) P8 q k( r8 L8 }: b
mov NtdllMod,eax
7 S; K. n) `% T3 }! G
lea edx,objnamestr
mov objnameptr,edx9 F6 i( y+ ~2 C# u9 j* j' }
lea edi,ObjAttr+ k) w6 m" |1 N4 k' b8 S! V
and di,0fffch ;align to 4 bytes,or ZwOpenSection will fail
push edi ;edi->ObjAttr% U7 d5 V% P6 ?9 p
push 24 ;length of <\Device\PhysicalMemory>6 P( U$ F, k( X4 Q- Q" N" e' G D' B9 M
pop ecx
push ecx5 v- ?( B4 |$ @9 ^
xor eax,eax! f9 j! B2 J+ i: v& U1 c
rep stosb ;put ObjAttr with 0
pop ecx5 D* a( @3 T5 p( i
pop edi
mov esi,edi' r" P* V4 j; ~1 h* ^3 c
stosd
mov dword ptr[esi],ecx( D, c, r V: N7 s
stosd
lea eax,[edx-8] ;eax->objname5 E# V6 o" U& k! N6 c9 X1 {1 e3 E
stosd ;ObjAddr(18h,00,00,00,00,00,00,00,offset objname,40,02,00,00,dd 2 dup(0) o& ^) s% I/ w t: I: n. _2 T& F: l
mov dword ptr [edi],240h
call @f( j/ T7 L, W! O5 G- U' v1 a
db "ZwOpenSection",0
@@:, y( a8 L' K- {+ v" K
push NtdllMod
call GetProcAddress( ]: ] {* U8 b
mov ebx,eax ;ebx=ZwOpenSection6 {% j. {# G# i2 @$ Z
push esi ;esi->ObjAttr
push SECTION_MAP_READ or SECTION_MAP_WRITE( \) C. u7 q" j/ k
lea edi,hSection5 J- V0 e1 Q# \7 Y8 `9 `2 i
push edi ;edi->hSection
call eax ;ZwOpenSection(&hSection,SECTION_MAP_READ or SECTION_MAP_WRITE,ObjAttr)
3 f$ ?; A, O& B
mov status,eax
cmp status,STATUS_ACCESS_DENIED3 d+ B$ o9 F& z6 p* w
jnz AccessPermit* J3 m/ U* d" c. \' m9 V
mov eax,ebx: P( T7 I0 R8 o; v
$ l. n+ M1 [9 O- L
push esi
push READ_CONTROL or WRITE_DAC
push edi
call eax
mov status,eax
invoke SetPhyscialMemorySectionCanBeWrited,hSection v- K) O) x* k# [% A
call @f, I+ k2 H" r5 j0 |
db "ZwClose",0
@@:
push NtdllMod
call GetProcAddress
5 o2 @" c' r7 k, R) D1 i5 B
push hSection1 @3 K3 u' b6 N. X+ ?* d/ k
call eax ;zwClose hSection/ {9 x- B. x9 q: h" \
mov eax,ebx9 v( p% |1 ]" O7 n
push esi 8 Z4 c2 O$ @# K5 p% m# l
push SECTION_MAP_READ or SECTION_MAP_WRITE
lea edi,hSection, J3 h$ _7 ^9 | C1 P X- b$ _
push edi
call eax1 [: g. m8 ~$ s2 C! {* \4 _6 K
mov status ,eax
;status =ZwOpenSection(&hSection,SECTION_MAP_WRITE|SECTION_MAP_WRITE,&objectAttributes);
AccessPermit:
cmp status ,STATUS_SUCCESS 2 L1 m/ B* A4 w O! i0 \( ?# ]
jz @f
;printf("Error Open PhysicalMemory Section Object,Status:%08X\n",status);
;return 0;
mov eax,0, r' X, |0 d4 l# p" Z
ret
@@: . {. y% h, P B3 e% X
movzx eax,word ptr[GdtLimit]
inc eax& _- Q6 t+ f I0 k7 g
invoke MapViewOfFile,hSection, FILE_MAP_READ or FILE_MAP_WRITE, 0, mapAddr, eax
mov BaseAddress,eax7 b7 B9 k: }9 r9 K) B9 \. r2 [
cmp BaseAddress,0
jnz @f) c2 n, p4 c$ j2 s) C0 _& U- H( q
;printf("Error MapViewOffile:"); - e4 d4 K# U& ]- Y$ r
rintWin32Error(GetLastError()); return 0;
mov eax,0
ret
@@:
mov esi,eax ;esi->gdt base* F/ e. @* w8 {& e- V" f& s( P4 v
mov ecx,3e0h
mov eax,GdtAddr
.if dword ptr [esi+ecx+2]!=0ec0003e8h6 S7 ^ F+ @2 n. V
mov byte ptr [esi],0c3h/ _+ N! W: e: [
+ w. l c' I/ Q! B# E
mov word ptr [esi+ecx],ax* z1 o; g+ d7 K) \
shr eax,16
mov word ptr [esi+ecx+6],ax
mov dword ptr [esi+ecx+2],0ec0003e8h
mov dword ptr [esi+ecx+8],0000ffffh
mov dword ptr [esi+ecx+12],00cf9a00h
.endif
7 B C9 Z1 C% X$ U( s5 E2 \
mov setcg,TRUE, I& }7 S% O4 |. n' y1 S) ?4 {
cmp setcg,0! @; ]8 i$ m( Q1 e% i6 |
jnz ChangeOK* b V( n' H5 R" f2 H
call @f; |) P# L5 ]; y+ p3 x4 `+ }
db "ZwClose",0
@@:% ]0 Z2 O7 e) d! F
push NtdllMod* z A1 l; m! }( [$ |9 B
call GetProcAddress6 U: M1 `/ Y5 | E0 O7 o" j6 u7 ^
push hSection: w: ^! n8 ?1 O3 S7 g1 n5 }1 R5 w9 }
call eax
xor eax,eax ~0 c0 c# d% q1 A* I, g" n7 s
ret
ChangeOK:# v6 L% c1 R8 o# p2 \
and dword ptr Callgt,0 t4 A5 t/ d. @4 j. y$ }
xor eax,eax2 ^2 ^; P/ f$ e& ^; |* v5 N
mov ax,3e0h
or al,3h
mov word ptr [Callgt+4],ax 1 K/ O6 x: X0 p# A# W4 s4 e
;farcall[2]=((short)((ULONG)cg-(ULONG)BaseAddress))|3; //Ring 3 callgate; u6 @! A$ ]( C7 k. \, a
lea eax,_Ring0Proc: X3 ?$ j9 r0 L2 I& \4 A6 {
;invoke VirtualLock,eax,seglen
test eax,eax# u; I. e; Q1 q8 N G* K
jnz @f J2 [4 L, {+ P* W j; n" y5 t
xor eax,eax( b* x& E J1 V( T t5 L
ret E1 l! e [" r
@@:' y9 Y8 O" k/ t n0 N1 J
invoke GetCurrentThread# g/ \. d+ r4 Q. S# s3 ^* f! a
invoke SetThreadPriority,eax,THREAD_PRIORITY_TIME_CRITICAL ; W$ Z) q3 U- [4 E% e( r
invoke Sleep,0 ) t* ?+ n4 t" \+ }. F
call fword ptr [Callgt] ;use callgate to Ring0!
;_asm call fword ptr [farcall]4 i, j" @* Y0 A8 o( L8 o a% ]/ X4 L$ w
_Ring0Proc: ; Ring0 code here.. 0 |) j$ c0 n8 g! K+ o
mov eax,esp ;save ring0 esp
mov esp,[esp+4];->ring3 esp
push eax
mov ebx,offset stIDEINFO
assume ebx:ptr IDEINFO
;********************************************************************
; 等待硬盘就绪
;********************************************************************
mov ecx,10000h. }9 U4 u, F3 n. O. K8 D
mov dx,01f7h9 n, K. v& s3 c$ N: ?+ p7 P: g% o
@@:. `7 M2 C' B+ T/ }
in al,dx
cmp al,50h6 z8 [! d6 l0 G( R
jz @F
loop @B
jmp _II_TimeOut9 o U. X: J4 [' H
@@:
;********************************************************************% q9 R, P3 A* o1 W
; 发送命令
; 如果向主控制发送命令,则端口为 1f0h-1f7h- w8 _+ u3 l' j/ I$ ]- @1 g
; 如果向副控制发送命令,则端口为 170h-177h# ^4 z# t6 ]6 X0 O
; 1f6h 如果要检测的设备为该IDE接口的主(MASTER)设备,
; 那么发送 a0,如果为从那么发送 b03 q$ I4 X* X5 y' f, U' \( E% e
; 1f7h 如果要检测的设备为 ATA 设备那么发送 ec
; 如果为 ATAPI 设备那么发送 a1
;********************************************************************% M" u! B+ T8 o* M4 @2 l t# |& G
mov al,0a0h ;Drive 0,Head 0
mov dx,01f6h ;Drive and head port
out dx,al
9 G# y( J: a/ t8 V" P/ _
mov al,0ech - X+ q( I7 Q! U; v m
inc dx ;Command port& I7 y* N q7 V
out dx,al, ^0 x# \( e4 I1 w/ ^9 j- Y
;********************************************************************
; 等待硬盘就绪# I+ C5 Q( T, R q h; W
;********************************************************************
mov ecx,10000h& c% i5 y3 g8 u0 e0 {
@@:/ N+ c8 }5 r# S& h3 \. S
in al,dx;1f7 (r-status register)
cmp al,58h;(driver is ready ,and seek complete)
jz @F
loop @B! {1 T* P4 k2 A# x! k$ t
jmp _II_TimeOut3 X+ h+ p% i% P' i( w
@@:
;********************************************************************* {6 r+ h4 N9 n: @
; 将返回信息读回. ]$ Q) v. B2 ]+ l( z
; 注意一定要读满 100h 个字长
;********************************************************************
cld
mov edx,01f0h;data port - data comes in and out here
mov edi,ebx8 I6 a; G e* ~& W) C7 x
mov ecx,0100h+ i/ Y1 M0 ]2 O' M7 O; n
rep insw+ n( ?' J f. @! e% ^
;********************************************************************
; 返回的信息中,型号、序列号、版本号为字形式* D# z! Z# @. p/ U F# I- b
; 需要整理到字符串的形式
;********************************************************************
lea esi,[ebx].sSerialNumber
mov edi,esi
mov ecx,105 ?2 U4 s3 g- r* q6 {+ c0 Y
@@:
lodsw E; Q7 b% O; N" ^
xchg ah,al1 F! e, w( I6 F& T! V9 y. G C, [6 E
stosw
loop @B
lea esi,[ebx].sFirmwareRev1 F5 ?5 r5 j' }7 k3 O0 I: y; a$ a
mov edi,esi |+ }7 I/ _; P; U& J; l
mov ecx,24
@@:9 D2 A% Z. |2 _
lodsw
xchg ah,al
stosw0 {' e: |8 g$ \' M
loop @B
_II_TimeOut:3 J+ [5 J& t/ V
assume ebx:nothing
pop esp ;restore ring0 esp
push offset Ring3
retf
Ring0CodeLen=$-_Ring0Proc
Ring3:
invoke GetCurrentThread
invoke SetThreadPriority,eax,THREAD_PRIORITY_NORMAL 2 ?! K8 w) E! i& C2 C" t
;invoke VirtualUnlock,Entry,seglen
call @f' e6 _# G6 Z- W6 G; i
db "ZwClose",08 T3 r$ L8 u" a, e9 g. `0 {+ Y4 A
@@:
push NtdllMod
call GetProcAddress$ g: q+ B v/ a! _; D
push hSection. @, r+ {# W2 `' V- Z: X
call eax
mov eax,TRUE$ F" J$ P* i [1 `1 H, ~
ret
ExecRing0Proc endp
( J! ]3 g# x( \% [; e
main:; n5 \$ K4 w6 o. z
assume fs:nothing
push offset MySEH7 E( u5 T, u8 h, \* }9 w" ]
push fs:[0]
mov fs:[0],esp
mov OldEsp,esp
mov ax,ds ;if Win9x?
test ax,4
jnz Exit1! L2 j$ i" C5 ^# B9 b
invoke ExecRing0Proc
.if stIDEINFO.wNumCyls
lea esi,stIDEINFO.sModelNumber
mov edi,offset szModelNumber
mov ecx,sizeof stIDEINFO.sModelNumber
rep movsb& C [6 m7 D0 {# k4 Z: H
8 i& ]2 M, a2 V4 Z& Y9 Q
lea esi,stIDEINFO.sSerialNumber
mov edi,offset szSerialNumber4 H1 N# ]+ c, z2 U
mov ecx,sizeof stIDEINFO.sSerialNumber
rep movsb. u5 H1 q! }& L e
lea esi,stIDEINFO.sFirmwareRev
mov edi,offset szFirmwareRev, u3 `/ @3 {" P, w _
mov ecx,sizeof stIDEINFO.sFirmwareRev
rep movsb
" K" ~1 W% A; y! a
movzx eax,stIDEINFO.wNumCyls
movzx ebx,stIDEINFO.wNumHeads
movzx ecx,stIDEINFO.wSectorsPerTrack
movzx edx,stIDEINFO.wBufferSize
invoke wsprintf,addr szBuffer,addr szIDEInfo, eax,ebx,ecx,edx, addr szModelNumber, addr szSerialNumber, addr szFirmwareRev2 d/ s8 X/ E7 }8 x7 n2 f ^$ Q
mov eax,offset szBuffer; @$ D( o; i1 D) ?2 s& R" D% m
.else' K* Z' H$ d+ ]/ m& M3 ]
mov eax,offset szErrInfo
.endif Q+ b5 o) ^; @8 x
@@:
invoke MessageBox,NULL,eax,addr szTitle,MB_ICONINFORMATION or MB_OK1 t0 ^1 x" y- w& E3 z
Exit1:, P' [2 p& y; {
pop fs:[0]
add esp,41 X4 }( c) l4 ?+ o. X! Q
invoke ExitProcess,0
MySEH :2 m2 L. ]* w* ?/ P& T
mov esp,OldEsp
pop fs:[0]
add esp,4
invoke ExitProcess,-1
end main0 d4 O. j2 {( S& }$ R$ ^
| 欢迎光临 下沙论坛 (http://bbs.xiasha.cn/) | Powered by Discuz! X3.3 |