📄 loader.asm
字号:
; loader.asm - SoftICE for Windows Millennium loader
; 2000.07.15 Iceman initial version
; 2000.07.20 The Owl disable SoftICE beta date check
; 2000.08.22 The Owl user can abort loading SoftICE
; 2000.11.01 The Owl fixed damn bug after the rewrite
; 2001.01.27 The Owl spawns winice directly
; assemble: nasm loader.asm -o loader.exe
BITS 16
ORG 100h
jmp start
chain:
jmp 0:0
vec21 equ $-4
seg21 equ $-2
check_msg:
cmp byte [cs:f_fake_version] , 2
jz chain
cmp ah , 0x9
jnz check_version
xchg si,dx
cmp dword [si],'Soft'
xchg si,dx
jnz chain
xchg si,dx
cmp dword [si+4],'ICE '
xchg si,dx
jnz chain
xchg si,dx
cmp word [si+8],'4.'
xchg si,dx
jnz chain
mov byte [cs:f_fake_version] , 1
jmp short chain
check_version:
cmp ah , 0x30
jnz chain
cmp byte [cs:f_fake_version] , 1
jnz chain
pushf
push cs
push word .next
jmp short chain
.next:
mov al,7
mov byte [cs:f_fake_version] , 2
iret
hook21:
cmp ah , 0x3D
jnz check_msg
call is_ldr
jnz chain
mov ax , 2 ;File not found
push bp
mov bp , sp
or byte [bp+6] , 1 ;STC == error
pop bp
iret
is_ldr:
pusha
push es
mov di , dx
mov ax , ds
mov es , ax
mov cx , 0xFFFF
xor al , al
cld
repne scasb
not cx
dec cx
sub cx , loader.end-loader
mov si , dx
add si , cx
mov ax , cs
mov es , ax
mov di , loader
mov cx , loader.end-loader
.next:
cmp byte [si] , 'a'
jb .comp
cmp byte [si] , 'z'
ja .comp
sub byte [si] , ' '
.comp:
cmpsb
loopz .next
pop es
popa
retn
f_fake_version: db 0
loader: db 'SYSTEM\VMM32\LOADER.EXE'
.end: db 0
path: TIMES 255 db 0
align 2
exec_ctrl:
env dw 0
cmdoff dw cmd_line
cmdseg dw 0
fcb11 dw 0x5c
fcb12 dw 0
fcb21 dw 0x6c
fcb22 dw 0
cmd_line:
cmd_len db 0
cmd_cmd db 13
TIMES 127-1 db 0
end_of_resident:
start:
call display_ukc
call ask_user
mov dx , userabort_msg
jc .quit
mov ax , 0x1600
int 0x2F
test al , 7Fh
mov dx , win_err
jnz .quit
call get_windir
mov dx , env_err
jc .quit
mov ax , 0x3521
int 0x21
mov [vec21] , bx
mov [seg21] , es
mov ax , 0x2521
mov dx , hook21
int 0x21
mov [fcb12] , cs
mov [fcb22] , cs
mov ax , [0x2C]
mov [env] , ax
mov [cmdseg] , cs
push cs
pop es
mov bx , 0x1000
mov ax , 0x4A00 ;free memory for winice/win
int 0x21
jc .err
mov dx , path
mov bx , exec_ctrl
mov ax , 0x4B00 ;spawn winice
int 0x21
.err:
mov ax , 0x2521
mov dx , [vec21]
mov ds , [seg21]
int 0x21
.quit:
mov ah , 9
int 0x21
int 0x20
display_ukc:
mov ax , 3
int 0x10
mov ah , 9
mov dx , ukc_msg
int 0x21
retn
; this part was adapted from a boot loader by Mikhail Ranish
ask_user:
mov ah , 9
mov dx , askuser_msg
int 0x21
mov bx , 0x0007
mov cx , 20 ; 6.5 sec
.check_key:
mov ah , 01
int 0x16
jz .print_dot
mov ax , 0x0E0D
int 0x10
mov ax , 0x0E0A
int 0x10
mov ah, 0
int 0x16
cmp al , 0x1B
jnz .load
stc
retn
.print_dot:
mov ax , 0x0E2E
int 0x10
push cx
mov ah , 0x86
xor dx , dx
mov cx , 5 ; 325 msec
int 0x15
pop cx
loop .check_key
mov ax , 0x0E0D
int 0x10
mov ax , 0x0E0A
int 0x10
.load:
clc
retn
get_windir:
push ds
mov ds , [0x2C]
mov si , 0xFFFF
.m0:
inc si
cmp si , 4096
jbe .m1
pop ds
stc
retn
.m1:
cmp dword [si], 'winb'
jnz .m0
cmp dword [si+4], 'ootd'
jnz .m0
cmp dword [si+7], 'dir='
jnz .m0
add si , byte 11
mov di , path
cld
.m2:
cmp byte [si] , 0
movsb
jnz .m2
pop ds
dec di
cmp byte [di-1] , '\'
jz .m3
mov byte [di] , '\'
inc di
.m3:
mov dword [di] , 'WINI'
mov dword [di+4] , 'CE.E'
mov dword [di+8] , 'XE'
clc
retn
ukc_msg: db '⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -