call.asm

masm32环境下

; #########################################################################

      .386
      .model flat, stdcall
      option casemap :none   ; case sensitive

; #########################################################################

      include \masm32\include\windows.inc
      include \masm32\include\user32.inc
      include \masm32\include\kernel32.inc

      includelib \masm32\lib\user32.lib
      includelib \masm32\lib\kernel32.lib
     
      include \masm32\macros\strings.mac
      
      includelib Rwcmosdll.lib
; #########################################################################


ReadNumBytes  equ  03fh

Start proto :DWORD, :DWORD

.DATA

    szStrFmt     db  "long is%d",0
    szDllName    db  "ntoskrnl.exe",0
    szIoSetFunc  db  "Ke386IoSetAccessProcess",0
    szSetIoFunc  db  "Ke386SetIoAccessMap",0
    
    Er_msg_loaddll db "load dll error",0
    Er_msg_getfunc db "get function address ok!",0
    
    Er_Msg_error   db "error",0
    Ok_Msg_ok      db "ok!",0
    
    Ok_msg_loaddll db "load dll ok",0
    Ok_msg_getfunc db "get function address error !",0
    
    	Er_Msg_none db "no data",0
	Er_Msg_createfile db "create file error",0
	
	Msg_yesno     db "Do you Want to clean the password ?",0
	szMsgbuffer db 128 dup(0)
	
	szFileName   db "Cmos.dat",0
    
.data?
    szBuffer     db  128 dup(?)
    hDll         dd  ?
    hFunc_IoSet  dd  ?
    hFunc_SetIo  dd  ?
    dwProcessId  dd  ?
    
.CODE
DateTime proc uses edi

local acDate[16]:CHAR
local acTime[16]:CHAR
local acOut[64]:CHAR

local data:WORD
local buffer[128]:CHAR
local hFile:DWORD
local dWrited:DWORD
	
	;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
	;;;       read the data and write to file
	mov cl,0h
	lea edi,buffer
   @@:
	mov al,cl
	out 70h,al
	in  al,71h
	mov [edi],al
	inc edi
	inc cl
	cmp cl,ReadNumBytes
	jbe @b
	
	invoke CreateFile,addr szFileName,GENERIC_WRITE,FILE_SHARE_READ,NULL,CREATE_NEW,\
	                  FILE_ATTRIBUTE_NORMAL,NULL
	.IF EAX ==  INVALID_HANDLE_VALUE
		invoke MessageBox,0,addr Er_Msg_createfile,0,0
		ret
	.ENDIF	       
	mov hFile,eax    
	invoke WriteFile,hFile,addr buffer,3fh,addr dWrited,0	
	invoke CloseHandle,hFile
	
	
	;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
	
	
	; See Ralf Brown's Interrupt List for details
        lea edi , buffer
        xor ecx,ecx
        
	mov al,29
	out 70h,al
	in  al,71h
	mov ah,al
	mov al,28
	out 70h,al
	in al,71h
	
	.if ax !=0
		mov data,ax
	Process_data:
	        cmp data,80h
	        jae Lable_Over
	        mov ax,data
	        and ax,3fh
	        cmp ax,20h
	        ja  @f
	        or  ax,30h
	      @@:
	        mov [edi],al
	        inc edi
	        inc ecx
	        sub data,ax
	        shr data,2
	        jmp Process_data

	Lable_Over:
	        mov [edi],al
	        inc edi
	        inc ecx
	        xor al,al
	        mov [edi],al
	
	.else
	    invoke MessageBox,0,addr Er_Msg_none ,0,0
	.endif
	
	
	invoke wsprintf,addr szMsgbuffer,$CTA0("PassWord length is: %u\n%s"),ecx,addr buffer
	invoke MessageBox,0,addr szMsgbuffer,0,0
	
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;           clean the password	
        invoke MessageBox,0,addr Msg_yesno,0,MB_YESNO
        .IF eax == IDYES
	mov al,10h
	out 70h,al
	mov al,01h
	out 71h,al
	.ENDIF
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;	
	
ret
	

DateTime endp
start:
    invoke GetCurrentProcessId
    mov dwProcessId, eax
    
    invoke Start,dwProcessId,70h
   
    .IF eax == TRUE
        invoke DateTime
    	invoke MessageBox,0,addr Ok_Msg_ok,0,0
    .ELSE
    	invoke MessageBox,0,addr Er_Msg_error,0,0
    .ENDIF

    

Exit_Program:
    push 0
    call ExitProcess

 
end start