;made by correy
;made in 2009.05
;Email:leguanyuan@126.com
;QQ:112426112
;rc me.rc
;ml /coff test.asm /link /subsystem:windows me.res
.386
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include user32.inc
includelib user32.lib
includelib kernel32.lib
;made in 2009.05
;Email:leguanyuan@126.com
;QQ:112426112
;rc me.rc
;ml /coff test.asm /link /subsystem:windows me.res
.386
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include user32.inc
includelib user32.lib
includelib kernel32.lib
.data
correy db "made by correy",0
lpSystemTime SYSTEMTIME <>
format db"year is :%4d",0ah,0dh,
"month is :%2d",0ah,0dh,
"dayofweek is :%1d",0ah,0dh,
"day is :%2d",0ah,0dh,
"hour is :%2d",0ah,0dh,
"minute is :%2d",0ah,0dh,
"second is :%2d",0ah,0dh,
"millisecond is :%2d",0ah,0dh,
0
correy db "made by correy",0
lpSystemTime SYSTEMTIME <>
format db"year is :%4d",0ah,0dh,
"month is :%2d",0ah,0dh,
"dayofweek is :%1d",0ah,0dh,
"day is :%2d",0ah,0dh,
"hour is :%2d",0ah,0dh,
"minute is :%2d",0ah,0dh,
"second is :%2d",0ah,0dh,
"millisecond is :%2d",0ah,0dh,
0
.data?
buffer db 512 dup(?)
year dword ?
month dword ?
dayofweek dword ?
day dword ?
hour dword ?
minute dword ?
second dword ?
millisecond dword ?
buffer db 512 dup(?)
year dword ?
month dword ?
dayofweek dword ?
day dword ?
hour dword ?
minute dword ?
second dword ?
millisecond dword ?
.const
me equ 07777h
me equ 07777h
.code
start:
invoke GetLocalTime,addr lpSystemTime
movzx eax,lpSystemTime.wYear
mov year,eax
movzx eax,lpSystemTime.wMonth
mov month,eax
movzx eax,lpSystemTime.wDayOfWeek
mov dayofweek,eax
movzx eax,lpSystemTime.wDay
mov day,eax
movzx eax,lpSystemTime.wHour
mov hour,eax
movzx eax,lpSystemTime.wMinute
mov minute,eax
movzx eax,lpSystemTime.wSecond
mov second,eax
movzx eax,lpSystemTime.wMilliseconds
mov millisecond,eax
invoke wsprintf,addr buffer,addr format,year,month,dayofweek,day,hour,minute,second,millisecond
invoke MessageBox,0,addr buffer,addr correy,0
ret
end start
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
start:
invoke GetLocalTime,addr lpSystemTime
movzx eax,lpSystemTime.wYear
mov year,eax
movzx eax,lpSystemTime.wMonth
mov month,eax
movzx eax,lpSystemTime.wDayOfWeek
mov dayofweek,eax
movzx eax,lpSystemTime.wDay
mov day,eax
movzx eax,lpSystemTime.wHour
mov hour,eax
movzx eax,lpSystemTime.wMinute
mov minute,eax
movzx eax,lpSystemTime.wSecond
mov second,eax
movzx eax,lpSystemTime.wMilliseconds
mov millisecond,eax
invoke wsprintf,addr buffer,addr format,year,month,dayofweek,day,hour,minute,second,millisecond
invoke MessageBox,0,addr buffer,addr correy,0
ret
end start
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;下面是用驱动实现的。
;@echo off
;cd %cd%
;taskkill /f /im:exe.exe
;rc me.rc >error.txt
;ml /coff exe.asm /link /subsystem:windows me.res >>error.txt
;del /q me.res
;del /q exe.obj
;cd %cd%
;taskkill /f /im:exe.exe
;rc me.rc >error.txt
;ml /coff exe.asm /link /subsystem:windows me.res >>error.txt
;del /q me.res
;del /q exe.obj
.386
.model flat, stdcall
option casemap:none
include windows.inc
include kernel32.inc
include user32.inc
include advapi32.inc
includelib kernel32.lib
includelib user32.lib
includelib advapi32.lib
include Strings.mac
.model flat, stdcall
option casemap:none
include windows.inc
include kernel32.inc
include user32.inc
include advapi32.inc
includelib kernel32.lib
includelib user32.lib
includelib advapi32.lib
include Strings.mac
.data
sysname db "sys.sys",0
correy db "made by correy",0
szreg db "SYSTEM\\CurrentControlSet\\Services\\made by correy",0
formattime db "Current Date:%s",0dh,0ah
db "Current Time:%s",0
error1 db "Can't add Process ID into registry.",0
error2 db "Can't open registry.",0
error3 db "Can't register driver.",0
error4 db "Can't connect to Service Control Manager.",0
sysname db "sys.sys",0
correy db "made by correy",0
szreg db "SYSTEM\\CurrentControlSet\\Services\\made by correy",0
formattime db "Current Date:%s",0dh,0ah
db "Current Time:%s",0
error1 db "Can't add Process ID into registry.",0
error2 db "Can't open registry.",0
error3 db "Can't register driver.",0
error4 db "Can't connect to Service Control Manager.",0
CMOS MACRO by:REQ
mov al, by
out 70h, al
in al, 71h
mov ah, al
shr al, 4
add al, '0'
and ah, 0Fh
add ah, '0'
stosw
ENDM
.code
start proc
local fOK:BOOL
local hSCManager:HANDLE
local hService:HANDLE
local acDriverPath[MAX_PATH]:CHAR
local hKey:HANDLE
local dwProcessId:DWORD
local acDate[16]:CHAR
local acTime[16]:CHAR
local acOut[64]:CHAR
local x
and fOK, 0
invoke OpenSCManager,0,0, SC_MANAGER_CREATE_SERVICE
.if eax !=0
mov hSCManager, eax
invoke GetFullPathName,addr sysname, sizeof acDriverPath, addr acDriverPath,addr x
invoke CreateService, hSCManager,addr correy,addr correy, \
SERVICE_START + DELETE, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, \
SERVICE_ERROR_IGNORE, addr acDriverPath,0,0,0,0,0
.if eax !=0
mov hService, eax
invoke RegOpenKeyEx, HKEY_LOCAL_MACHINE,addr szreg,0, KEY_CREATE_SUB_KEY + KEY_SET_VALUE, addr hKey
.if eax == ERROR_SUCCESS
invoke GetCurrentProcessId
mov dwProcessId, eax
invoke RegSetValueEx, hKey, $CTA0("ProcessId", szProcessId),0, REG_DWORD,addr dwProcessId,4
.if eax == ERROR_SUCCESS
invoke StartService, hService, 0,0
inc fOK
invoke RegDeleteValue, hKey, addr szProcessId
.else
invoke MessageBox,0,addr error1,0,0
.endif
invoke RegCloseKey, hKey
.else
invoke MessageBox,0,addr error2,0,0
.endif
invoke DeleteService, hService
invoke CloseServiceHandle, hService
.else
invoke MessageBox,0,addr error3,0,0
.endif
invoke CloseServiceHandle, hSCManager
.else
invoke MessageBox,0,addr error4,0,0
.endif
.if fOK
push edi
mov al,0Bh
out 70h,al
in al,71h
push eax
and al,11111011y
or al,010y
out 71h,al
lea edi,acDate
CMOS 07h
mov al,'.'
stosb
CMOS 08h
mov al,'.'
stosb
CMOS 32h
CMOS 09h
xor eax,eax
stosb
lea edi,acTime
CMOS 04h
mov al,':'
stosb
CMOS 02h
mov al,':'
stosb
CMOS 0h
xor eax,eax
stosb
mov al,0Bh
out 70h,al
pop eax
out 71h,al
invoke wsprintf,addr acOut,addr formattime,addr acDate,addr acTime
invoke MessageBox,0,addr acOut,addr correy,0
pop edi
.endif
ret
start endp
end start
mov al, by
out 70h, al
in al, 71h
mov ah, al
shr al, 4
add al, '0'
and ah, 0Fh
add ah, '0'
stosw
ENDM
.code
start proc
local fOK:BOOL
local hSCManager:HANDLE
local hService:HANDLE
local acDriverPath[MAX_PATH]:CHAR
local hKey:HANDLE
local dwProcessId:DWORD
local acDate[16]:CHAR
local acTime[16]:CHAR
local acOut[64]:CHAR
local x
and fOK, 0
invoke OpenSCManager,0,0, SC_MANAGER_CREATE_SERVICE
.if eax !=0
mov hSCManager, eax
invoke GetFullPathName,addr sysname, sizeof acDriverPath, addr acDriverPath,addr x
invoke CreateService, hSCManager,addr correy,addr correy, \
SERVICE_START + DELETE, SERVICE_KERNEL_DRIVER, SERVICE_DEMAND_START, \
SERVICE_ERROR_IGNORE, addr acDriverPath,0,0,0,0,0
.if eax !=0
mov hService, eax
invoke RegOpenKeyEx, HKEY_LOCAL_MACHINE,addr szreg,0, KEY_CREATE_SUB_KEY + KEY_SET_VALUE, addr hKey
.if eax == ERROR_SUCCESS
invoke GetCurrentProcessId
mov dwProcessId, eax
invoke RegSetValueEx, hKey, $CTA0("ProcessId", szProcessId),0, REG_DWORD,addr dwProcessId,4
.if eax == ERROR_SUCCESS
invoke StartService, hService, 0,0
inc fOK
invoke RegDeleteValue, hKey, addr szProcessId
.else
invoke MessageBox,0,addr error1,0,0
.endif
invoke RegCloseKey, hKey
.else
invoke MessageBox,0,addr error2,0,0
.endif
invoke DeleteService, hService
invoke CloseServiceHandle, hService
.else
invoke MessageBox,0,addr error3,0,0
.endif
invoke CloseServiceHandle, hSCManager
.else
invoke MessageBox,0,addr error4,0,0
.endif
.if fOK
push edi
mov al,0Bh
out 70h,al
in al,71h
push eax
and al,11111011y
or al,010y
out 71h,al
lea edi,acDate
CMOS 07h
mov al,'.'
stosb
CMOS 08h
mov al,'.'
stosb
CMOS 32h
CMOS 09h
xor eax,eax
stosb
lea edi,acTime
CMOS 04h
mov al,':'
stosb
CMOS 02h
mov al,':'
stosb
CMOS 0h
xor eax,eax
stosb
mov al,0Bh
out 70h,al
pop eax
out 71h,al
invoke wsprintf,addr acOut,addr formattime,addr acDate,addr acTime
invoke MessageBox,0,addr acOut,addr correy,0
pop edi
.endif
ret
start endp
end start
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;@echo off
;rc me.rc >error.txt
;ml /nologo /c /coff sys.asm >>error.txt
;link /nologo /driver /base:0x10000 /align:32 /out:sys.sys /subsystem:native sys.obj>>error.txt
;del /q me.res
;del /q sys.obj
;rc me.rc >error.txt
;ml /nologo /c /coff sys.asm >>error.txt
;link /nologo /driver /base:0x10000 /align:32 /out:sys.sys /subsystem:native sys.obj>>error.txt
;del /q me.res
;del /q sys.obj
.386
.model flat, stdcall
option casemap:none
include ntstatus.inc
include ntddk.inc
include ntoskrnl.inc
includelib ntoskrnl.lib
include Strings.mac
.code
DriverEntry proc pDriverObject:PDRIVER_OBJECT, pusRegistryPath:PUNICODE_STRING
local status:NTSTATUS
local oa:OBJECT_ATTRIBUTES
local hKey:HANDLE
local kvpi:KEY_VALUE_PARTIAL_INFORMATION
local pIopm:PVOID
local pProcess:PVOID
local x
mov status,00C0000182h
lea ecx,oa
.model flat, stdcall
option casemap:none
include ntstatus.inc
include ntddk.inc
include ntoskrnl.inc
includelib ntoskrnl.lib
include Strings.mac
.code
DriverEntry proc pDriverObject:PDRIVER_OBJECT, pusRegistryPath:PUNICODE_STRING
local status:NTSTATUS
local oa:OBJECT_ATTRIBUTES
local hKey:HANDLE
local kvpi:KEY_VALUE_PARTIAL_INFORMATION
local pIopm:PVOID
local pProcess:PVOID
local x
mov status,00C0000182h
lea ecx,oa
assume ecx:ptr OBJECT_ATTRIBUTES
mov [ecx]._Length,sizeof OBJECT_ATTRIBUTES
mov [ecx].RootDirectory,0
push pusRegistryPath
pop [ecx].ObjectName
mov [ecx].Attributes,0
mov [ecx].SecurityDescriptor,0
mov [ecx].SecurityQualityOfService,0
assume ecx:nothing
mov [ecx]._Length,sizeof OBJECT_ATTRIBUTES
mov [ecx].RootDirectory,0
push pusRegistryPath
pop [ecx].ObjectName
mov [ecx].Attributes,0
mov [ecx].SecurityDescriptor,0
mov [ecx].SecurityQualityOfService,0
assume ecx:nothing
invoke ZwOpenKey,addr hKey,KEY_READ,ecx
.if eax==0
invoke ZwQueryValueKey,hKey,$CCOUNTED_UNICODE_STRING("ProcessId", 4),2,addr kvpi,sizeof kvpi,addr x;esp
.if ( eax != 0C0000034h ) && (x !=0)
invoke MmAllocateNonCachedMemory,2000h
.if eax !=0
mov pIopm,eax
lea ecx, kvpi
invoke PsLookupProcessByProcessId,dword ptr (KEY_VALUE_PARTIAL_INFORMATION PTR [ecx]).Data,addr pProcess
.if eax ==0
invoke Ke386QueryIoAccessMap,0,pIopm
.if al !=0
mov ecx,pIopm
add ecx,70h/8
mov eax,[ecx]
btr eax,70h MOD 8
mov [ecx],eax
mov ecx, pIopm
add ecx,71h/8
mov eax,[ecx]
btr eax,71h MOD 8
mov [ecx],eax
invoke Ke386SetIoAccessMap,1,pIopm
.if al != 0
invoke Ke386IoSetAccessProcess,pProcess,1
.if al != 0
.else
mov status,0C0000137h
.endif
.else
mov status,0C0000137h
.endif
.else
mov status,0C0000137h
.endif
invoke ObDereferenceObject,pProcess
.else
mov status,24h
.endif
invoke MmFreeNonCachedMemory,pIopm,2000h
.else
mov status,0C000009Ah
.endif
.endif
invoke ZwClose,hKey
.endif
mov eax,status
ret
DriverEntry endp
end DriverEntry
.if eax==0
invoke ZwQueryValueKey,hKey,$CCOUNTED_UNICODE_STRING("ProcessId", 4),2,addr kvpi,sizeof kvpi,addr x;esp
.if ( eax != 0C0000034h ) && (x !=0)
invoke MmAllocateNonCachedMemory,2000h
.if eax !=0
mov pIopm,eax
lea ecx, kvpi
invoke PsLookupProcessByProcessId,dword ptr (KEY_VALUE_PARTIAL_INFORMATION PTR [ecx]).Data,addr pProcess
.if eax ==0
invoke Ke386QueryIoAccessMap,0,pIopm
.if al !=0
mov ecx,pIopm
add ecx,70h/8
mov eax,[ecx]
btr eax,70h MOD 8
mov [ecx],eax
mov ecx, pIopm
add ecx,71h/8
mov eax,[ecx]
btr eax,71h MOD 8
mov [ecx],eax
invoke Ke386SetIoAccessMap,1,pIopm
.if al != 0
invoke Ke386IoSetAccessProcess,pProcess,1
.if al != 0
.else
mov status,0C0000137h
.endif
.else
mov status,0C0000137h
.endif
.else
mov status,0C0000137h
.endif
invoke ObDereferenceObject,pProcess
.else
mov status,24h
.endif
invoke MmFreeNonCachedMemory,pIopm,2000h
.else
mov status,0C000009Ah
.endif
.endif
invoke ZwClose,hKey
.endif
mov eax,status
ret
DriverEntry endp
end DriverEntry
没有评论:
发表评论