这里有个小程序hdsn32.asm,是我2000年写的,在win9x下读取硬盘的序列号,它利用了类似CIH病毒的办法获得ring0权限,在win2000下不能运行.
;hdsn32.asm
.386
.modelflat,stdcall;32bitmemorymodel
optioncasemap:none;casesensitive
includemasm32includewindows.inc
includeMASM32INCLUDEshell32.inc
includeMASM32INCLUDEmasm32.inc
includemasm32includeuser32.inc
includemasm32includekernel32.inc
includelibMASM32LIBshell32.lib
includelibMASM32LIBmasm32.lib
includelibmasm32libuser32.lib
includelibmasm32libkernel32.lib
.data
IDTRdf0;ThiswillreceivethecontentsoftheIDTR
;register
SavedGatedq0;Wesavethegatewereplaceinhere
OurGatedw0;Offsetlow-orderword
dw028h;Segmentselector
dw0EE00h;
dw0;Offsethigh-orderword
BUFF1DW256DUP(20H)
hdsn_1db'硬盘C序列号:',0DH,0AH
hdsn_2db256dup(0)
hdsn_3db20dup(0)
szCaptiondb'hdsn32v1.0forwin9x山东海化集团盛玉增编制2000.12.21',0
name_bufferdb'hdsn.bin',0
.data?
hFileHANDLE?
SizeReadWriteDWORD?
.code
Start:
moveax,offsetRing0Proc
mov[OurGate],ax;Puttheoffsetwords
shreax,16;intoourdescriptor
mov[OurGate+6],ax
sidtfwordptrIDTR
movebx,dwordptr[IDTR+2];loadIDTBaseAddress
addebx,8*3;Addressofint3descriptorinebx
movedi,offsetSavedGate
movesi,ebx
movsd;Savetheolddescriptor
movsd;intoSavedGate
movedi,ebx
movesi,offsetOurGate
movsd;Replacetheoldhandler
movsd;withournewone
int3h;Triggertheexception,thus
;passingcontroltoourRing0
;procedure
movedi,ebx
movesi,offsetSavedGate
movsd
本篇文章来源于 黑基网-中国最大的网络安全站点 原文链接:http://www.hackbase.com/lib/2006-01-03/11360.html