DOS programa with a disk Protection [Archive] - RCE Messageboard's Regroupment

winroot

August 17th, 2004, 21:40

Hi,
I'm trying to learn with a DOS programa that has a disk Protection,
but i cann't konw how does is work?

how does it protect disk to copy?

Code:

seg001:0100                 assume ss:dseg, ds:nothing

seg001:0100 

seg001:0100 ; 圹圹圹圹圹圹圹?S U B R O U T I N E 圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹圹?

seg001:0100 

seg001:0100 

seg001:0100                 public start

seg001:0100 start           proc far

seg001:0100                 mov     ax, cs

seg001:0102                 mov     ds, ax

seg001:0104                 assume ds:seg001

seg001:0104                 mov     word_E028, es

seg001:0108                 mov     es, ax

seg001:010A                 assume es:seg001

seg001:010A                 mov     word_E02A, ss

seg001:010E                 mov     word_E02C, sp

seg001:0112                 mov     sp, cs

seg001:0114                 mov     ss, sp

seg001:0116                 assume ss:nothing

seg001:0116                 mov     sp, 242h

seg001:0119                 mov     ax, word_E028

seg001:011C                 add     word_E030, ax

seg001:0120                 add     word_E030, 10h

seg001:0125                 mov     ax, 201h

seg001:0128                 lea     bx, ds:244h

seg001:012C                 mov     cx, 5

seg001:012F                 mov     dx, 80h ; '€'

seg001:0132                 int     13h             ; DISK - READ SECTORS INTO MEMORY

seg001:0132                                         ; AL = number of sectors to read, CH = track, CL = sector

seg001:0132                                         ; DH = head, DL = drive, ES:BX -> buffer to fill

seg001:0132                                         ; Return: CF set on error, AH = status, AL = number of sectors read

seg001:0134                 jb      loc_E017

seg001:0136                 cmp     word ptr [bx+2], 0AA55h

seg001:013B                 jnz     loc_E017

seg001:013D                 lea     di, ds:1A2h

seg001:0141                 mov     si, bx

seg001:0143                 add     si, 6

seg001:0146                 mov     cx, 4

seg001:0149                 rep movsb

seg001:014B                 cmp     byte_E032, 0

seg001:0150                 jz      loc_DFE3

seg001:0152                 mov     ax, word_E022

seg001:0155                 add     word_E02E, ax

seg001:0159                 mov     ax, word_E024

seg001:015C                 add     word_E030, ax

seg001:0160                 jmp     short loc_DFFE

seg001:0160 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?

seg001:0162                 db 90h

seg001:0163 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?

seg001:0163 

seg001:0163 loc_DFE3:                               ; CODE XREF: start+50j

seg001:0163                 mov     ax, word_E028

seg001:0166                 mov     es, ax

seg001:0168                 assume es:nothing

seg001:0168                 lea     si, ds:1E2h

seg001:016C                 mov     di, 100h

seg001:016F                 mov     cx, 10h

seg001:0172 

seg001:0172 loc_DFF2:                               ; CODE XREF: start+7Cj

seg001:0172                 lodsw

seg001:0173                 xor     ax, word_E022

seg001:0177                 xor     ax, word_E024

seg001:017B                 stosw

seg001:017C                 loop    loc_DFF2

seg001:017E 

seg001:017E loc_DFFE:                               ; CODE XREF: start+60j

seg001:017E                 mov     sp, word_E02C

seg001:0182                 push    word_E030

seg001:0186                 push    word_E02E

seg001:018A                 mov     dx, word_E028

seg001:018E                 mov     es, dx

seg001:0190                 mov     ds, dx

seg001:0192                 assume ds:dseg

seg001:0192                 xor     si, si

seg001:0194                 xor     di, di

seg001:0196                 retf

seg001:0197 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?

seg001:0197 

seg001:0197 loc_E017:                               ; CODE XREF: start+34j

seg001:0197                                         ; start+3Bj

seg001:0197                 mov     dx, 1B3h

seg001:019A                 mov     ah, 9

seg001:019C                 int     21h             ; DOS - PRINT STRING

seg001:019C                                         ; DSX -> string terminated by "$"

seg001:019E                 mov     ah, 4Ch

seg001:01A0                 int     21h             ; DOS - 2+ - QUIT WITH EXIT CODE (EXIT)

seg001:01A0 start           endp                    ; AL = exit code

seg001:01A0 

seg001:01A0 ; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪?

seg001:01A2 word_E022       dw 0                    ; DATA XREF: start+52r

seg001:01A2                                         ; start+73r

seg001:01A4 word_E024       dw 0                    ; DATA XREF: start+59r

seg001:01A4                                         ; start+77r

seg001:01A6                 align 4

seg001:01A8 word_E028       dw 0                    ; DATA XREF: start+4w

seg001:01A8                                         ; start+19r ...

seg001:01AA word_E02A       dw 0                    ; DATA XREF: start+Aw

seg001:01AC word_E02C       dw 0                    ; DATA XREF: start+Ew

seg001:01AC                                         ; start+7Er

seg001:01AE word_E02E       dw 0FDFFh               ; DATA XREF: start+55w

seg001:01AE                                         ; start+86r

seg001:01B0 word_E030       dw 0DDF9h               ; DATA XREF: start+1Cw

seg001:01B0                                         ; start+20w ...

seg001:01B2 byte_E032       db 1                    ; DATA XREF: start+4Br

seg001:01B3 aWarningFileWas db 'Warning: File was damaged by COMPUTER VIRUS ! $',0

seg001:01E3                 db 461h dup(0)

seg001:01E3 seg001          ends

seg001:01E3 

seg001:01E3 

seg001:01E3                 end start

dELTA

August 18th, 2004, 07:15

First of all, this thread belongs in the newbie forum, and you should really read the FAQ regarding the posting guidelines...

Anyway, it seems to read a direct disk sector from the floppy, probably marked as bad on the original disk, and check if a certain byte pattern is present in that sector.

winroot

August 18th, 2004, 11:03

thx your replay
It read a direct disk sector from the disk c:\ and check it
but what does it read?

naides

August 18th, 2004, 14:22

Quote:

[Originally Posted by winroot]thx your replay
It read a direct disk sector from the disk c:\ and check it
but what does it read?

It reads One sector at C hard drive, Head 00, track 01, Sector 01, into a buffer pointed by bx, ds:0244.

If it does not succesfully read the sector, or the bytes at position 02 ([bx+2] of the sector are not equal AA55 it claims a virus has striken (jmp loc_E017), otherwise it does more stuff. . .

You can manually look up the contents of that sector using and advanced hexeditor that can read sectors,

and you can learn 16 bit assembly, even an old and dumb 8086 like me can do it.