📄 psp.txt
字号:
利用父进程的PSP段值来测试程序是否被跟踪
.model small
.stack 200h
.data
.code
Start: ;程序开始执行时DS及ES都指向PSP
mov ax,ds:[16h] ;取父进程的PSP段值
mov ds,ax
call DispAx
call CrLf
cmp ax,ds:[16h] ;不相同,说明程序被跟踪!
jnz Start
mov ah,4ch
int 21h
CrLf proc uses ax dx ;显示回车换行的子程序
mov dl,0dh
mov ah,2
int 21h
mov dl,0ah
mov ah,2
int 21h
ret
CrLf endp
DispAx proc uses ax cx dx bp ;显示AX寄存器的值
xor cx,cx
mov bp,16 ;以16进制显示
DispAx1:
xor dx,dx
div bp
push dx
inc cx
or ax,ax
jnz DispAx1
DispAx2:
pop ax
add al,'0'
cmp al,'9'
jbe DispAx3
add al,'A'-'9'-1
DispAx3:
mov dl,al
mov ah,2
int 21h
loop DispAx2
ret
DispAx endp
end Start
--------------------------------------------------------------------------
编译连接及执行:
D:\Masm615>ml My1.asm
Microsoft (R) Macro Assembler Version 6.15.8803
Patched for you by promethee [ECL] in the year 2001 - enjoy
Copyright (C) Microsoft Corp 1981-2000. All rights reserved.
Assembling: My1.asm
Microsoft (R) Segmented Executable Linker Version 5.60.339 Dec 5 1994
Copyright (C) Microsoft Corp 1984-1993. All rights reserved.
Object Modules [.obj]: My1.obj
Run File [My1.exe]: "My1.exe"
List File [nul.map]: NUL
Libraries [.lib]:
Definitions File [nul.def]:
D:\Masm615>My1 ;没被跟踪
A11
D:\Masm615>debug My1.exe ;被跟踪
-g
BE2
A11
Program terminated normally
-q
D:\Masm615>_
==========================================================================
;文件名: My2.asm
;利用PSP中环境块段值,从中取出当前执行的程序名
.model small
.stack 200h
.data
.code
Start:
mov ax,ds:[2ch] ;取环境块段地址
mov es,ax
xor ax,ax
xor di,di
mov cx,7fffh ;环境块的最大长度
cld
Scan1:
repnz scasb ;扫描每个环境串
jnz Over
cmp al,es:[di] ;环境块结束了吗?
loopne Scan1 ;没结束,继续扫描
add di,3
mov si,di
push es
pop ds ;DS:SI指向当前执行的程序名
Display:
lodsb ;显示该程序名
or al,al
jz Over
mov dl,al
mov ah,2
int 21h
jmp Display
Over:
mov ah,4ch
int 21h
end Start
--------------------------------------------------------------------------
编译连接执行
D:\Masm615>Ml My2.asm
Microsoft (R) Macro Assembler Version 6.15.8803
Patched for you by promethee [ECL] in the year 2001 - enjoy
Copyright (C) Microsoft Corp 1981-2000. All rights reserved.
Assembling: My2.asm
Microsoft (R) Segmented Executable Linker Version 5.60.339 Dec 5 1994
Copyright (C) Microsoft Corp 1984-1993. All rights reserved.
Object Modules [.obj]: My2.obj
Run File [My2.exe]: "My2.exe"
List File [nul.map]: NUL
Libraries [.lib]:
Definitions File [nul.def]:
D:\Masm615>My2 ;执行程序看显示的文件名
D:\MASM615\MY2.EXE
D:\Masm615>ren My2.exe Test.exe ;换个名字看看!
D:\Masm615>Test ;照样能正常显示
D:\MASM615\TEST.EXE
D:\Masm615>_
==========================================================================
;文件名:My3.asm
;利用PSP在程序中实现输出改向
.model small
.stack 200h
.data
Welcome db 'How are you !$' ;将要输出的测试信息
File db 'Test',0 ;要改向输出的文件名
.code
Start:
mov ax,@data ;设置数据段
mov ds,ax
mov ax,3c00h ;创建一个文件
xor cx,cx
lea dx,File
int 21h
jb Over ;有错转结束
mov bx,ax ;文件把柄号
mov si,18h ;PSP中存放SOFT号的偏移地址
mov al,es:[si+bx] ;取已打开文件的SOFT号
mov es:[si+1],al ;替换标准输出设备的SOFT号
mov ah,9 ;向标准输出设备输出信息(实际已改向到文件)
lea dx,offset Welcome
int 21h ;屏幕上并没看到输出的信息
mov al,1
mov es:[si+1],al ;恢复原标准输出设备的SOFT号(就是1)
mov ah,3eh ;关闭文件
int 21h
Over:
mov ah,4ch
int 21h
end Start
--------------------------------------------------------------------------
编译链接执行
D:\Masm615>Ml My3.asm
Microsoft (R) Macro Assembler Version 6.15.8803
Patched for you by promethee [ECL] in the year 2001 - enjoy
Copyright (C) Microsoft Corp 1981-2000. All rights reserved.
Assembling: My3.asm
Microsoft (R) Segmented Executable Linker Version 5.60.339 Dec 5 1994
Copyright (C) Microsoft Corp 1984-1993. All rights reserved.
Object Modules [.obj]: My3.obj
Run File [My3.exe]: "My3.exe"
List File [nul.map]: NUL
Libraries [.lib]:
Definitions File [nul.def]:
D:\Masm615>My3 ;执行程序,却并未看到输出
D:\Masm615>type Test ;查看文件才发现输出已改向到文件
How are you !
D:\Masm615>_
--------------------------------怜香 于 2003/4/12-------------------------
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -