Regarding that part
In the line
echo hP1X500Pf3/f1/5++u5x>in.com
I asked my teacher; he explained it to me like this: I think it's clearer and easier to understand;
Share it
In this example, the file name is enclosed in single quotes, which means it's an external command,
that is, it is to be executed.
After disassembling in.com, the code is as follows:
00000000: 685031 push 3150
00000003: 58 pop ax ; AX=3150
00000004: 353030 xor ax,3030 ; AX=0160
00000007: 50 push ax
00000008: 5B pop bx ; BX=0160
00000009: 50 push ax
0000000A: 5A pop dx ; DX=0160
0000000B: 42 inc dx
0000000C: 42 inc dx
0000000D: 42 inc dx ; DX=0163
0000000E: 666823622323 push 23236223
00000014: 6658 pop eax ; EAX=23236223
00000016: 662D56406024 sub eax,24604056 ; EAX=FEC321CD
0000001C: 6650 push eax
0000001E: 665D pop ebp ; EBP=FEC321CD
00000020: 66332F xor ebp,dword ptr ; EBP=EBP ^
00000023: 66312F xor dword ptr ,ebp ; =FEC321CD
; +0160 CD
; +0161 21
; +0162 C3
; +0163 FE
Among them, the two bytes CD 21 in +0160 and +0161 are disassembled into the int 21h instruction
C3 in +0162 is disassembled into the ret instruction
The last FE in +163 is the parameter of DOS input function 0Ah (the previous DX=0163 points to this FE),
Indicates that up to 254 characters (including carriage return) can be entered
00000026: 352B2B xor ax,2B2B ; AX=0AE6, where 0Ah is the DOS function number,
; E6 is useless
00000029: 7535 jnz 00000060 ; Here it will definitely jump, equivalent to jmp 160
0000002B: 78 ; The last 78 is useless
0000002C: 0D ; 0D and 0A are automatically when echoing
0000002D: 0A ; Generated carriage return and line feed characters
After the program jumps to 160, it will execute the following instructions:
int 21h ; At this time AH=0Ah, DX=0163h, so execute DOS input function,
; The input content is automatically saved in the buffer starting from +165, and the for loop will read each character one by one
ret ; The program returns to the operating system and automatically ends
To sum up, the function of this in.com is to input a string of characters from the keyboard, with a length not exceeding 254 (including carriage return).
This batch processing is relatively clever. It uses a string of displayable strings to construct an executable code to realize
Keyboard input function, cooperate with for loop to make it possible to realize non-echo input in batch processing.
P.S.: According to the analysis, the last
The character in the garbled code in the echo statement of this batch processing (that is, the x in ++u5x before >) can be deleted. That is to say,
echo hP1X500Pf3/f1/5++u5x>in.com
can be changed to
echo hP1X500Pf3/f1/5++u5>in.com
BJSH posted on: 2007-04-19 08:13
- : by Herbert Kleebauer
- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
- @echo off
- echo hP1X500Pf3/f1/5++u5x>in.com
- set /p password=Enter password:<nul
- for /f "tokens=*" %%i in ('in.com') do set password=%%i
- pause
- del in.com
- echo.
- echo The Password is:"%password%"
- pause
In the line
echo hP1X500Pf3/f1/5++u5x>in.com
I asked my teacher; he explained it to me like this: I think it's clearer and easier to understand;
Share it
In this example, the file name is enclosed in single quotes, which means it's an external command,
that is, it is to be executed.
After disassembling in.com, the code is as follows:
00000000: 685031 push 3150
00000003: 58 pop ax ; AX=3150
00000004: 353030 xor ax,3030 ; AX=0160
00000007: 50 push ax
00000008: 5B pop bx ; BX=0160
00000009: 50 push ax
0000000A: 5A pop dx ; DX=0160
0000000B: 42 inc dx
0000000C: 42 inc dx
0000000D: 42 inc dx ; DX=0163
0000000E: 666823622323 push 23236223
00000014: 6658 pop eax ; EAX=23236223
00000016: 662D56406024 sub eax,24604056 ; EAX=FEC321CD
0000001C: 6650 push eax
0000001E: 665D pop ebp ; EBP=FEC321CD
00000020: 66332F xor ebp,dword ptr ; EBP=EBP ^
00000023: 66312F xor dword ptr ,ebp ; =FEC321CD
; +0160 CD
; +0161 21
; +0162 C3
; +0163 FE
Among them, the two bytes CD 21 in +0160 and +0161 are disassembled into the int 21h instruction
C3 in +0162 is disassembled into the ret instruction
The last FE in +163 is the parameter of DOS input function 0Ah (the previous DX=0163 points to this FE),
Indicates that up to 254 characters (including carriage return) can be entered
00000026: 352B2B xor ax,2B2B ; AX=0AE6, where 0Ah is the DOS function number,
; E6 is useless
00000029: 7535 jnz 00000060 ; Here it will definitely jump, equivalent to jmp 160
0000002B: 78 ; The last 78 is useless
0000002C: 0D ; 0D and 0A are automatically when echoing
0000002D: 0A ; Generated carriage return and line feed characters
After the program jumps to 160, it will execute the following instructions:
int 21h ; At this time AH=0Ah, DX=0163h, so execute DOS input function,
; The input content is automatically saved in the buffer starting from +165, and the for loop will read each character one by one
ret ; The program returns to the operating system and automatically ends
To sum up, the function of this in.com is to input a string of characters from the keyboard, with a length not exceeding 254 (including carriage return).
This batch processing is relatively clever. It uses a string of displayable strings to construct an executable code to realize
Keyboard input function, cooperate with for loop to make it possible to realize non-echo input in batch processing.
P.S.: According to the analysis, the last
The character in the garbled code in the echo statement of this batch processing (that is, the x in ++u5x before >) can be deleted. That is to say,
echo hP1X500Pf3/f1/5++u5x>in.com
can be changed to
echo hP1X500Pf3/f1/5++u5>in.com
