『楼 主』:
堵上DOS漏洞,破除硬盘锁的神话 [转帖]
使用 LLM 解释/回答一下
发信站: BBS 水木清华站 (Sat Apr 11 19:45:47 1998)
从DOS3.3以上(含3.3版〕版本,增加了硬盘分区功能,但
是可能是编程者的疏忽,在IO.SYS的一个模块中有一个漏洞。由于该
漏洞,使得在某种情况下,会导致计算机从软硬盘启动均会失败。
在一般情况下,这个漏洞也无关紧要。但是由于国内某著名
反病毒软件公司利用这一漏洞进行所谓版权保护,导致一些问题。由于
当软硬盘都不能启动时,危害极大。因此,介绍一种方法,可以堵上
这一漏洞,而保证DOS的其它功能仍正常,换句话说,修改后的DOS可同
正常的DOS一样使用。
鉴于这种方法是通过对DOS内核汇编代码的分析,直接修改
IO.SYS文件,因此对于不同的DOS版本,情况略有不同。以下仅针对两
种典型的DOS版本,给出方案。
1.西文MS-DOS6.22版修改方案: 用nu, debug, pctools,
ultraedit等工具查找 IO.SYS文件中的串(以16进制表示〕:
C2 03 06 E8 0A 00 07 72 03
替换为:C2 03 90 E8 0A 00 72 80 90
实际上只改动了四个字节。(其实该法也适合中文版
MS-DOS6.22〕
2. 西文IBM-DOS3.3版修改方案: 查找文件IBMBIO.SYS中串:
C2 03 E8 2B 00 72 25 E8 2C
替换为:C2 03 E8 2B 00 72 92 E8 2C
实际上只改动了一个字节。
3. 对于其它DOS版本,也可类似处理。
在对DOS作如上的修改之后,则DOS的启动失误被纠正,再也
不会发生那种从软硬盘均不能启动的情况(当然那种软硬盘的硬件本
身出了问题的情况不包括在内〕。
注意:1.本法不同于以前的各种方法。只需对系统盘的DOS作如
上修改,任何其它的修改都是多余的甚至有害的。
2.用以上方法修改过的DOS可正常使用,用完后不用再
改回去。
至于为什么要这样改,这样改又为什么能纠正启动失误,相信
有兴趣且懂汇编的朋友不难明白。
!!!重要声明:介绍本法纯属技术问题,本人并无意与任何
公司过不去,并非针对某种行之有效的保护
版权的措施。若因本法的传播导致某种有效
的保护版权的方法失效,则非本人本意。本
人大力鼓励使用正版尤其是国产软件。
Posted: BBS Tsinghua University Station (Sat Apr 11 19:45:47 1998)
Starting from DOS versions above 3.3 (including version 3.3), the hard disk partitioning function was added. However, due to an oversight by the programmer, there was a vulnerability in a module of IO.SYS. Due to this vulnerability, under certain circumstances, it would cause the computer to fail to boot from both the floppy and hard disks.
In general, this vulnerability is not a big deal. But because a famous domestic anti-virus software company used this vulnerability for so-called copyright protection, it caused some problems. Since it is extremely harmful when neither the floppy nor the hard disk can boot, an approach is introduced to plug this vulnerability while ensuring other functions of DOS still work normally. In other words, the modified DOS can be used the same as normal DOS.
Since this method involves analyzing the DOS kernel assembly code and directly modifying the IO.SYS file, the situation is slightly different for different DOS versions. The following only gives solutions for two typical DOS versions.
1. Modification plan for Western MS-DOS 6.22 version: Use tools like nu, debug, pctools, ultraedit, etc., to find the string (in hexadecimal representation) in the IO.SYS file:
C2 03 06 E8 0A 00 07 72 03
Replace with: C2 03 90 E8 0A 00 72 80 90
Actually, only four bytes are changed. (In fact, this method is also suitable for the Chinese version of MS-DOS 6.22)
2. Modification plan for Western IBM-DOS 3.3 version: Find the string in the file IBMBIO.SYS:
C2 03 E8 2B 00 72 25 E8 2C
Replace with: C2 03 E8 2B 00 72 92 E8 2C
Actually, only one byte is changed.
3. For other DOS versions, similar processing can be done.
After making the above modifications to DOS, the boot failure of DOS is corrected, and the situation where it cannot boot from both the floppy and hard disks will no longer occur (of course, the situation where the hardware of the floppy or hard disk itself is faulty is not included).
Note: 1. This method is different from previous methods. Only the DOS on the system disk needs to be modified as above, and any other modifications are redundant or even harmful.
2. The DOS modified by the above method can be used normally, and there is no need to change it back after use.
As for why this modification is done and why it can correct the boot failure, it is believed that friends who are interested and understand assembly will不难 understand.
!!! Important statement: Introducing this method is purely a technical issue. I have no intention of having any disputes with any company, and it is not aimed at any effective copyright protection measure. If the dissemination of this method leads to the failure of any effective copyright protection method, it is not my intention. I strongly encourage the use of genuine software, especially domestic software.
|
