📄 the boot sector.html
字号:
<tr>
<td> </td><td>DW 0xFFFF</td>
</tr>
<tr>
<td colspan="2"><b>MSG DB 'pR3sS 4nY k3y 2 k0n71nu3',13,10,'btw, ph33r',0</b></td>
</tr>
<tr>
<td> </td><td>TIMES 510-($-$$) DB 0</td>
</tr>
<tr>
<td colspan="2"><b>SIGNATURE DW 0xAA55</b></td>
</tr>
</table>
<p>Assemble with "nasm filename.asm". This will get you a file called "filename", no
extension. It is a raw binary image of the code. Get out a floppy and type
"debug filename". Enter this at the prompt: w 100 0 0 1. You should know what this
does from my assembly tutorial, if not it simply means write whatever is in memory to
location 100 on disk 0 (A:), starting from sector 0 to sector 1. Now try booting from
this disk. You should get the message:</p>
<blockquote>
<p>pR3sS 4nY k3y 2 k0n71nu3<br>
btw, ph33r</p>
</blockquote>
<p>And when you press a key, the keyboard buffer gets filled so interupt 16h is finished and
we move on to the restart procedure. Obviously this was just a simply example, instead
of printing a string, waiting for a key press and restarting, you could've put anything
in there, just as long as you don't use DOS interupts. One nice thing might be to get
into Protected Mode, or you could even do some graphics shit which might run faster than
in DOS or Windows since nothing is in memory except what you want to be there.</p>
</blockquote>
<h3><u>4. Making a program to write a boot sector</u></h3>
<blockquote>
<p>If you tryed to access the disk with your boot sector on it, you'll notice that you
can't. At least not using DOS. That's because DOS uses a few bytes of memory for data
that it needs to know in order to determine what kind of disk it is, our program however
uses those bytes for the code. Now, you could look up those memory areas and declare
them at the start of your program, but instead we will just create a program that will
write any kind of file directly to the boot sector of a disk, regardless of what's on
that disk. This sounds harder than it really is. In fact, the resulting program is
a mere 73 bytes. First of all we have to open the file we want to write to the boot
sector using the code:</p>
<p>READFILE:<br>
<blockquote>
MOV AX,3D00h<br>
MOV DX,OFFSET FILENAME<br>
INT 21h</p>
</blockquote>
<p>AH = 3Dh, Open file<br>
AL = 00, open file as read only<br>
DX = Points to file name. This has to be a ASCIIZ string, meaning it's terminated with
a NULL character (0).</p>
<p>This will return the file handle in AX. If an error has occured, the carry flag will be
set and the error code stored in AH. In that case, branch:<br>
<blockquote>
JC ERROR<br>
</blockquote>
Otherwise proceed to reading in the file:<br>
<blockquote>
MOV BX,AX<br>
MOV AH,3Fh<br>
MOV CX,0200h<br>
MOV DX,OFFSET SHIT<br>
INT 21h</p>
</blockquote>
<p>First we move the file handle from AX into BX, then set up the other registers as
follows:<br>
AH = 3Fh, Read file<br>
CX = 200h, Amount of data to read. Since a boot sector will always be 512 bytes long
we read in 200h bytes (512d).<br>
DX = Points to memory area to hold contents of file<br>
Again, the carry flag will be set if an error occured, so branch:<br>
<blockquote>
JC ERROR</p>
</blockquote>
<p>Now we're getting to the actual writing part. First we reset the floppy disk controller
with the code:<br>
WRITE_SECTOR:<br>
<blockquote>
MOV AH,0h<br>
MOV DL,0<br>
INT 13h<br>
</blockquote>
Next we write the data:<br>
<blockquote>
MOV AX,0301h<br>
MOV CX,1<br>
MOV DX,0<br>
MOV BX,OFFSET SHIT<br>
INT 13h</p>
</blockquote>
<p>This is one of the more complicated interupts, and you have to know some shit about how
hard drives are made up.<br>
AH = 03h, Write Sector<br>
AL = 1, Number of sectors to write on same track and head<br>
CH = 0, Track number to write<br>
CL = 1, Sector number to start writing from<br>
DH = 0, Head number to write<br>
DL = 0, Drive number to write (0 = A, 1 = B, etc)<br>
BX = Buffer to write sector(s) from</p>
<p>Again the carry flag is set if an error occurs, but I like to keep things interesting and
used a different method to check for an error. The error code is stored in AH, if AH
is 0 there was no error. So to check for an error I can simply XOR AH, AH and Jump if
Not Zero.<br>
<blockquote>
XOR AH,AH<br>
JNZ ERROR<br>
</blockquote>
Otherwise, we're done and can terminate the program:<br>
<blockquote>
INT 20h</p>
</blockquote>
<p>So the finished program looks like this:<br>
<table>
<tr>
<td width="250">MAIN SEGMENT</td>
<td width="300">;the usual setup I use for .com files</td>
</tr>
</table>
<blockquote>
ASSUME CS:MAIN,DS:MAIN,ES:MAIN,SS:MAIN<br>
ORG 100h</p>
</blockquote>
<p>START:<br>
<table>
<tr>
<td width="250">READFILE:</td>
<td width="300">;reads file as explained above</td>
</tr>
</table>
<blockquote>
MOV AX,3D00h<br>
MOV DX,OFFSET FILENAME<br>
INT 21h<br><br>
JC ERROR<br><br>
MOV BX,AX<br>
MOV AH,3Fh<br>
MOV CX,0200h<br>
MOV DX,OFFSET SHIT<br>
INT 21h<br><br>
JC ERROR</p>
</blockquote>
<p>
<table>
<tr>
<td width="250">WRITE_SECTOR:</td>
<td width="300">;writes sectors as explained above</td>
</tr>
</table>
<blockquote>
MOV AH,0h<br>
MOV DL,0<br>
INT 13h<br><br>
MOV AH,03h<br>
MOV AL,1<br>
MOV CX,1<br>
MOV DX,0<br>
MOV BX,OFFSET SHIT<br>
INT 13h<br><br>
XOR AH,AH<br>
JNZ ERROR<br><br>
INT 20h</p>
</blockquote>
<p>ERROR:<br>
<table>
<tr>
<td width="250">MOV AH,09h</td>
<td width="300">;displays error message</td>
</tr>
</table>
<blockquote>
MOV DX, OFFSET SHIT1<br>
INT 21h<br>
INT 20h</p>
</blockquote>
<table>
<tr>
<td>SHIT</td>
<td>DB ?</td>
<td>;uninitialized array to hold contents of file</td>
</tr>
<tr>
<td>SHIT1</td>
<td>DB 'Error$'</td>
<td>;Bad ass error message</td>
</tr>
<tr>
<td>FILENAME</td>
<td>DB 'ph33r',0</td>
<td>;filename to write</td>
</tr>
<tr>
<td colspan="2">MAIN ENDS</td>
</tr>
<tr>
<td colspan="2">END START</td>
</tr>
</table>
<p>Now this thing is very very basic. There are many areas you could improve on. For
example:</p>
<ol>
<li>Make the filename a user inputed value. To do so, make FILENAME an array of 12
unitialized bytes (DOS filenames can't be longer than that). Than load that array
into SI and call interupt 16h, function 0h. Loop it until enter is pressed, store
the value in SI, incrementing SI each time.</li>
<li>Add more error messages, maybe even something that checks the error code and response
with an appropriate message</li>
<li>This program wont wait for the motor to start up, so make a loop that loops about 3
times, checking if the disk drive is ready. If all tries fail, return an error
saying that the disk is not in the drive or something. The error code is returned in
AH, so you can make a simple check and respond with the corrosponding error message.</li>
<li>Display a (C) Microsoft message</li>
</ol>
</blockquote>
<h3><u>5. Other</u></h3>
<blockquote>
<p>If you fuck up your computer as a result of this tutorial, don't blame me. All code
has been tested and works great, but I cannot be held responsible for anything that
happens to you as a result of using this information.</p>
<p>You may freely distribute this text as long as you don't change anything. If there's
something you think should be changed, contact me first.</p>
<p>Please always get the newest version of this an other tutorials at <a href="http://awc.rejects.net" target="_blank">http://awc.rejects.net</a>
as they usually contained updated information, and addons.</p>
<p>Send feedback to <a href="mailto:fu@ckz.org">fu@ckz.org</a></p>
<p>Greetings to:<br>
cozgedal, skin_dot, Linxor, jyc, rpc, moJoe, Lindex, aphex twin</p>
<pre>
____w4r3z w4g0n with fr3sh 0-day k0d3z
/
/-------------------\
| w4r3z w4g0n |----\ <----driver of w4r3z w4g0n wearing special AWC k4m0phl4g3
| fr3sh 0-day | [ ] | kl04k1ng d3v1c3
\____________________|_____|
\__/ /|\ \__/ <---- tires of w4r3z w4g0n in special 0kt4g0n format
^ O ^
\_____Bill Gates being dragged on the street by w4r3z w4g0n because he
tryed to steal 0-day k0d3z and must be punished</pre>
<p>EOF</p>
</blockquote>
</body>
</html>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -