include "macroc.h" include "sys.h" main ;;;;;;;;;;;;;;;;;硬盘主引导病毒判别及清除;;;;;;;;;;;;;;;;;;;;;;; compmainboot;硬盘主引导判别,出错后覆盖病毒体并重新启动. jmp br1 ;;;;;;;;;;;;;;;;;硬盘主引导病毒监视;;;;;;;;;;;;;;;;;;;;;;;;;;;;; newint13hproc: cmp dx,80h; jnz oldint13hproc;不为C盘,允许任何读写磁盘操作 cmp ah,05h; jz newint13h;格式化C盘,不允许写磁盘操作 cmp ah,03h jnz oldint13hproc;允许任何读磁盘操作 cmp cx,1 jz newint13h;不允许对C盘主引导写磁盘操作 oldint13hproc: db 0eah ;jmp FAR newint13h;执行读写磁盘操作(INT13) oldint13h: dw 0774h,0070h;原INT13中断入口地址 newint13h: xor ax,ax;误导病毒,让其认为以写入成功!!! iret newint13hlen=$-newint13hproc ;;;;;;;;;;;;;;;;;硬盘主引导病毒监视的安装;;;;;;;;;;;;;;;;;;;;;; br1: cli mov ds,cx mov si,4ch mov di,OFFSET oldint13h movsw movsw sub si,4 les di,[DWORD ds:si] cmp [WORD es:di],0fa81h;本系统已装载成功标志 jnz br2;本系统未装载成功,开始装载. sti exit;本系统已装载成功,返回DOS. br2: mov di,38h mov [WORD ds:si],di mov [WORD ds:si+2],cs mov ax,cs mov ds,ax mov es,ax mov si,OFFSET newint13hproc mov cx,newint13hlen repz movsb sti mov ax,3100h mov dx,5;(newint13hlen+54h)/10h int 21h;常驻内存后返回DOS,并时刻监视病毒的出现. endmain
;;硬盘主引导记录程序宏 MACRO mainbootproc LOCAL br1,br2,br3,br4,br5,br6,br7,br8,br9,br10 cli xor ax,ax mov ss,ax mov sp,7c00h ;;SP设为7B0EH mov si,sp push ax pop es push ax pop ds sti cld mov di,600h mov cx,100h repnz movsw ;;将主引导记录移至0:600H~0:7FFH jmp FAR 0:61dh ;;继续执行主引导记录 mov si,7beh ;;SI指向分区表首项 mov bl,4 ;;最多可有四个分区项 br1: cmp [BYTE si],80h ;;测活动分区标志 jz br2 ;;找到活动分区转BR2 cmp [BYTE si],0 jnz br4 ;;自举标志字节非法转BR4 add si,+10h ;;每个分区占16个字节 dec bl jnz br1 ;;继续寻找活动分区 int 18h ;;无活动分区,启动ROM-BASIC br2: mov dx,[WORD si] ;;活动分区物理地址低字(低16位) mov cx,[WORD si+2] ;;活动分区物理地址高字(高16位) mov bp,si br3: add si,+10h dec bl jz br7 cmp [BYTE si],0 jz br3 br4: mov si,68bh ;;br10 出错显示信息首址 br5: lodsb cmp al,0 jz br6 push si mov bx,7 ;;置属性(黑底白字) mov ah,0eh int 10h pop si jmp br5 br6: jmp br6 ;;出错死循环 br7: mov di,5 ;;试读BOOT五次 br8: mov bx,7c00h mov ax,201h push di int 13h ;;将活动分区BOOT读至0:7C00H pop di jnb br9 ;;读成功转br9 xor ax,ax int 13h ;;失败,硬盘复位 dec di jnz br8 ;;未试读完,继续 mov si,6a3h ;;出错信息'Error loading operating system'地址 jmp br5 ;;显示出才信息 br9: mov si,6c2h ;;出错信息'Missing operating system'地址 mov di,7dfeh cmp [WORD di],0aa55h ;检查BOOT有效标志 jnz br5 ;;无效,转出错显示 mov si,bp jmp FAR 0:7c00h ;;有效,执行分区引导 br10: db 'Invalid partition table',0 db 'Error loading operating system',0 db 'Missing operating system',0 db 0e3h dup(0) ENDM
;;磁盘扇区读写 MACRO diskrw diskrw_str,macroc drive_macroc macroc,,&diskrw_str ENDM MACRO drive_macroc macroc,dkmod,rwmod,drive,nsects,lsect,buf argx <int,char,int,int> IFNB <buf> movx bx,&buf ;;缓冲区地址(DS:BX) ELSE IFNB <macroc> ;;入口参数4 mov bx,[argnum4] ELSE mov bx,OFFSET return_msdos ENDIF ENDIF IFDIF <dkmod>,<DSK_MOD> IFNB <nsects> ;;入口参数2 movx cx,&nsects ;;扇区数 ELSE IFNB <macroc> mov cx,[argnum2] ELSE mov cx,1 ENDIF ENDIF IFNB <lsect> ;;入口参数3 movx dx,&lsect ;;起始逻辑扇区号 ELSE IFNB <macroc> mov dx,[argnum3] ELSE xor dx,dx ENDIF ENDIF IFNB <drive> ;;入口参数1 movx ax,&drive ;;驱动器号(0=A,1=B,2=C,...) ELSE IFNB <macroc> mov ax,[argnum1]; ELSE xor ax,ax ENDIF ENDIF IFIDN <rwmod>,<DISK_FAT> mov ah,5 int 13h ELSE IFIDN <rwmod>,<DISK_WR> int 26h ;;rwmod=25h读,rwmod=26h写 ELSE int 25h ;;默认读方式 ENDIF inc sp inc sp ENDIF ELSE IFNB <drive> ;;入口参数1 movx dx,&drive ;;驱动器号 ELSE IFNB <macroc> mov dx,[argnum1] ELSE mov dx,80h ;;默认硬盘 ENDIF ENDIF IFNB <lsect> ;;入口参数3 movx cx,&lsect ;;扇区号 ELSE IFNB <macroc> mov cx,[argnum3] ELSE mov cx,1 ;;默认硬盘主引导 ENDIF ENDIF IFNB <rwmod> IFNB <nsects> IF (SYMTYPE nsects) EQ 24h mov ax,300h OR &nsects;;rwmod=2读,rwmod=3写,nsects=扇区数 ELSE movx al,&nsects mov ah,3 ENDIF ELSE IFNB <macroc> mov al,[argnum2] mov ah,3 ELSE mov ax,301h ;;默认1个扇区 ENDIF ENDIF ELSE IFNB <nsects> IF (SYMTYPE nsects) EQ 24h mov ax,200h OR &nsects;;rwmod=2读,rwmod=3写,nsects=扇区数 ELSE movx al,&nsects mov ah,2 ENDIF ELSE IFNB <macroc> mov al,[argnum2] mov ah,2 ELSE mov ax,201h ;;默认1个扇区 ENDIF ENDIF ENDIF int 13h ENDIF ENDM
;include file of name is 'sys.h' INCLUDE "dos.h" include "bios.h" INCLUDE "sys.hcc" ;磁盘复位 MACRO restdisk restdisk_macroc ENDM MACRO restdisk_macroc xor ax,ax int 13h ENDM ;读磁盘主引导 MACRO readmainboot readboot_str readmainboot_macroc ,&readboot_str ENDM MACRO readmainboot_macroc macroc,buf diskread_macroc macroc,HC_DISK,1,1,&buf ENDM ;写磁盘主引导(全部替换) MACRO writemainboot writeboot_str writemainboot_macroc ,&writeboot_str ENDM MACRO writemainboot_macroc macroc,buf diskwrite_macroc macroc,HC_DISK,1,1,&buf ENDM ;读磁盘分区引导 MACRO readfdiskboot readboot_str readfiskboot_macroc ,&readboot_str ENDM MACRO readfdiskboot_macroc macroc,fdisk,buf absread_macroc macroc,fdisk,1,0,&buf ENDM ;写磁盘分区引导(全部替换) MACRO writefdiskboot writeboot_str writefdiskboot_macroc ,&writeboot_str ENDM MACRO writefdiskboot_macroc macroc,fdisk,buf abswrite_macroc macroc,fdisk,1,0,&buf ENDM ;备份硬盘主引导 MACRO backmainboot buf diskcopy <,,,7,,&buf> ENDM ;用第七扇区(大麻病毒区)恢复硬盘主引导(不恢复分区表) MACRO restmainboot restboot_str restmainboot_macroc &restboot_str ENDM MACRO restmainboot_macroc buf1,buf2 diskread <,,7,&buf1> copymainboot <&buf1,&buf2> ENDM ;用硬盘主引导替换第七扇区(大麻病毒区) MACRO replmainboot buf diskcopy <,,,7,,&buf> ENDM ;比较硬盘主引导与第七扇区 MACRO compmainboot compboot_str compmainboot_macroc &compboot_str ENDM MACRO compmainboot_macroc buf1,buf2 diskcomp <,,&buf1,,7,&buf2> ENDM MACRO overmainboot LOCAL br1,br2 copymainboot_macroc ,<OFFSET &br1>,<OFFSET &br2> exit br1: mainbootproc br2: ENDM ;拷贝硬盘主引导(不替换分区表) MACRO copymainboot copyboot_str copymainboot_macroc macroc,©boot_str ENDM MACRO mainboot_type2_disk20M_fdiskc;;长城机分区表 LOCAL _fdisk1,_fdisk2,_fdisk3,_fdisk4,_feof _fdisk1:db 080h,001h,001h,000h,004h,003h,091h,065h db 011h,000h,000h,000h,007h,0a3h,000h,000h _fdisk2:db 000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h _fdisk3:db 000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h _fdisk4:db 000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h _feof: db 055h,0aah ENDM MACRO mainboot_type17_disk40M_fdiskcd LOCAL _fdisk1,_fdisk2,_fdisk3,_fdisk4,_feof _fdisk1:db 080h,001h,001h,000h,004h,004h,0d1h,002h db 011h,000h,000h,000h,0eeh,0ffh,000h,000h _fdisk2:db 000h,000h,0c1h,003h,005h,004h,0d1h,0cfh db 0ffh,0ffh,000h,000h,011h,044h,000h,000h _fdisk3:db 000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h _fdisk4:db 000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h _feof: db 055h,0aah ENDM MACRO mainboot_type41_disk40M_fdiskcd mainboot_type17_disk40M_fdiskcd ENDM MACRO mainboot_type47_disk40M_fdiskcd;;总工办 LOCAL _fdisk1,_fdisk2,_fdisk3,_fdisk4,_feof _fdisk1:db 080h,001h,001h,000h,004h,003h,061h,0efh db 021h,000h,000h,000h,09fh,0ffh,000h,000h _fdisk2:db 000h,000h,041h,0f0h,005h,003h,0a1h,099h db 0c0h,0ffh,000h,000h,0a8h,057h,000h,000h _fdisk3:db 000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h _fdisk4:db 000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h _feof: db 055h,0aah ENDM MACRO mainboot_type17_disk40M_fdiskcD;;电源室 LOCAL _fdisk1,_fdisk2,_fdisk3,_fdisk4,_feof _fdisk1:db 080h,001h,001h,000h,004h,004h,051h,08fh db 011h,000h,000h,000h,0bfh,084h,000h,000h _fdisk2:db 000h,000h,041h,090h,005h,004h,0d1h,0cfh db 0d0h,084h,000h,000h,040h,0bfh,000h,000h _fdisk3:db 000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h _fdisk4:db 000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h _feof: db 055h,0aah ENDM MACRO mainboot_type40_disk80M_fdiskcde;;今天的村长吴** LOCAL _fdisk1,_fdisk2,_fdisk3,_fdisk4,_feof _fdisk1:db 080h,001h,001h,000h,004h,009h,051h,080h db 011h,000h,000h,000h,099h,0ffh,000h,000h _fdisk2:db 000h,000h,041h,081h,005h,009h,0d1h,0cfh db 0aah,0ffh,000h,000h,076h,088h,001h,000h _fdisk3:db 000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h _fdisk4:db 000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h _feof: db 055h,0aah ENDM MACRO mainboot_type15_disk120M_fdiskc;;仪表室 LOCAL _fdisk1,_fdisk2,_fdisk3,_fdisk4,_feof _fdisk1:db 080h,001h,001h,000h,006h,007h,0a7h,0f6h db 027h,000h,000h,000h,0e1h,09ch,003h,000h _fdisk2:db 000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h _fdisk3:db 000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h _fdisk4:db 000h,000h,000h,000h,000h,000h,000h,000h db 000h,000h,000h,000h,000h,000h,000h,000h _feof: db 055h,0aah ENDM MACRO readdbt readdbtstr readdbt_macroc ,&readdbtstr ENDM MACRO readdbt_macroc macro,buf,dkmod absread <&dkmod,2,53h,&buf> ENDM
|
|
雁塔菜农 2008-6-12 22:33
wang1jin 2007-11-19 15:24
用户741296 2007-11-19 14:29