1.glibc源码分析(二)系统调用
2.VC++ MFCå¦ä½è·åCPU IDå硬ççåºåå·ï¼
3.冲击波病毒病毒反汇编源码
glibc源码分析(二)系统调用
在glibc源码中,码分许多系统调用被使用了.c封装的码分方式进行封装。这一过程借助嵌入式汇编,码分严格遵循系统调用封装规则。码分以stat函数为例,码分其实现揭示了.c封装的码分量比战法公式源码奥秘。
在源代码中,码分stat系统调用被INLINE_SYSCALL宏所封装。码分该宏首先调用INTERNAL_SYSCALL宏,码分执行系统调用并把返回值存入resultvar变量中。码分接下来,码分通过判断系统调用是码分否成功执行,采取相应的码分后续操作。若执行错误,码分则调用__syscall_error设置errno并返回-1;若执行成功,码分则返回resultvar。
在处理系统调用参数个数nr时,INTERNAL_SYSCALL宏发挥了关键作用。根据nr的分享源码违法吗不同,宏会调用不同的内部函数进行处理。例如,当nr为0时,调用INTERNAL_SYSCALL_MAIN_0宏,设置eax寄存器为系统调用号,执行*_dl_sysinfo函数进行系统调用。当nr为1时,宏将参数1存入ebx寄存器,同时设置eax寄存器为系统调用号,小打卡管理源码并执行系统调用。
类似的,nr为2、3、4、5或6时,宏分别会将参数2至6存入ecx、edx、esi、删除代挂源码edi或ebp寄存器中,并与系统调用号相结合,执行*_dl_sysinfo函数。通过这一系列的嵌入式汇编操作,.c文件成功封装了系统调用,实现了高效、精确的调用过程。
总的来说,glibc中.c封装的springboot应用及源码实现展示了汇编语言的强大功能,以及在系统调用处理中的应用。通过精确的汇编指令和灵活的参数传递,封装过程确保了系统调用的执行效率和正确性。
VC++ MFCå¦ä½è·åCPU IDå硬ççåºåå·ï¼
// âè·å¾Intel CPU IDâæé®æ¶æ¯å¤çå½æ°
void CIntelCPUIDDlg::OnBtnCPUID()
{
unsigned long s1,s2;
unsigned char vendor_id[]="------------";//CPUæä¾åID
CString str1,str2,str3;
// 以ä¸ä¸ºè·å¾CPU IDçæ±ç¼è¯è¨æ令
_asm // å¾å°CPUæä¾åä¿¡æ¯
{
xor eax,eax // å°eaxæ¸ 0
cpuid // è·åCPUIDçæ令
mov dword ptr vendor_id,ebx
mov dword ptr vendor_id[+4],edx
mov dword ptr vendor_id[+8],ecx
}
str1.Format("%s",vendor_id);
_asm // å¾å°CPU IDçé«ä½
{
mov eax,h
xor edx,edx
cpuid
mov s2,eax
}
str2.Format("%X-",s2);
_asm // å¾å°CPU IDçä½ä½
{
mov eax,h
xor ecx,ecx
xor edx,edx
cpuid
mov s1,edx
mov s2,ecx
}
str3.Format("%X-%X\n",s1,s2);
str2=str2+str3;
m_editVendor.SetWindowText(str1);
m_editCPUID.SetWindowText(str2);
}
// GetHDSerial.cpp: implementation of the CGetHDSerial class.
//
//////////////////////////////////////////////////////////////////////
#include "stdafx.h"
#include "GetHDSerial.h"
char m_buffer[];
WORD m_serial[];
DWORD m_OldInterruptAddress;
DWORDLONG m_IDTR;
// çå¾ ç¡¬ç空é²
static unsigned int WaitHardDiskIdle()
{
BYTE byTemp;
Waiting:
_asm
{
mov dx, 0x1f7
in al, dx
cmp al, 0x
jb Endwaiting
jmp Waiting
}
Endwaiting:
_asm
{
mov byTemp, al
}
return byTemp;
}
//ä¸ææå¡ç¨åº
void _declspec( naked )InterruptProcess(void)
{
int byTemp;
int i;
WORD temp;
//ä¿åå¯åå¨å¼
_asm
{
push eax
push ebx
push ecx
push edx
push esi
}
WaitHardDiskIdle();//çå¾ ç¡¬ç空é²ç¶æ
_asm
{
mov dx, 0x1f6
mov al, 0xa0
out dx, al
}
byTemp = WaitHardDiskIdle(); //è¥ç´æ¥å¨Ring3级æ§è¡çå¾ å½ä»¤ï¼ä¼è¿å ¥æ»å¾ªç¯
if ((byTemp&0x)!=0x)
{
_asm // æ¢å¤ä¸æç°åºå¹¶éåºä¸ææå¡ç¨åº
{
pop esi
pop edx
pop ecx
pop ebx
pop eax
iretd
}
}
_asm
{
mov dx, 0x1f6 //å½ä»¤ç«¯å£1f6,éæ©é©±å¨å¨0
mov al, 0xa0
out dx, al
inc dx
mov al, 0xec
out dx, al //åé读驱å¨å¨åæ°å½ä»¤
}
byTemp = WaitHardDiskIdle();
if ((byTemp&0x)!=0x)
{
_asm // æ¢å¤ä¸æç°åºå¹¶éåºä¸ææå¡ç¨åº
{
pop esi
pop edx
pop ecx
pop ebx
pop eax
iretd
}
}
//读å硬çæ§å¶å¨çå ¨é¨ä¿¡æ¯
for (i=0;i<;i++)
{
_asm
{
mov dx, 0x1f0
in ax, dx
mov temp, ax
}
m_serial[i] = temp;
}
_asm
{
pop esi
pop edx
pop ecx
pop ebx
pop eax
iretd
}
}
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
CGetHDSerial::CGetHDSerial()
{
}
CGetHDSerial::~CGetHDSerial()
{
}
// 读å硬çåºåå·å½æ°
char* CGetHDSerial::GetHDSerial()
{
m_buffer[0]='\n';
// å¾å°å½åæä½ç³»ç»çæ¬
OSVERSIONINFO OSVersionInfo;
OSVersionInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx( &OSVersionInfo);
if (OSVersionInfo.dwPlatformId != VER_PLATFORM_WIN_NT)
{
// Windows 9x/MEä¸è¯»å硬çåºåå·
WORD m_wWin9xHDSerial[];
Win9xReadHDSerial(m_wWin9xHDSerial);
strcpy (m_buffer, WORDToChar (m_wWin9xHDSerial, , ));
}
else
{
// Windows NT//XPä¸è¯»å硬çåºåå·
DWORD m_wWinNTHDSerial[];
// å¤ææ¯å¦æSCSI硬ç
if ( ! WinNTReadIDEHDSerial(m_wWinNTHDSerial))
WinNTReadSCSIHDSerial(m_wWinNTHDSerial);
strcpy (m_buffer, DWORDToChar (m_wWinNTHDSerial, , ));
}
return m_buffer;
}
// Windows9X/MEç³»ç»ä¸è¯»å硬çåºåå·
void _stdcall CGetHDSerial::Win9xReadHDSerial(WORD * buffer)
{
int i;
for(i=0;i<;i++)
buffer[i]=0;
_asm
{
push eax
//è·åä¿®æ¹çä¸æçä¸ææ述符ï¼ä¸æé¨ï¼å°å
sidt m_IDTR
mov eax,dword ptr [m_IDTR+h]
add eax,3*h+h
cli
//ä¿ååå çä¸æå ¥å£å°å
push ecx
mov ecx,dword ptr [eax]
mov cx,word ptr [eax-h]
mov dword ptr m_OldInterruptAddress,ecx
pop ecx
//设置修æ¹çä¸æå ¥å£å°å为æ°çä¸æå¤çç¨åºå ¥å£å°å
push ebx
lea ebx,InterruptProcess
mov word ptr [eax-h],bx
shr ebx,h
mov word ptr [eax+h],bx
pop ebx
//æ§è¡ä¸æï¼è½¬å°Ring 0ï¼ç±»ä¼¼CIHç æ¯åçï¼
int 3h
//æ¢å¤åå çä¸æå ¥å£å°å
push ecx
mov ecx,dword ptr m_OldInterruptAddress
mov word ptr [eax-h],cx
shr ecx,h
mov word ptr [eax+h],cx
pop ecx
sti
pop eax
}
for(i=0;i<;i++)
buffer[i]=m_serial[i];
}
// Windows 9x/MEç³»ç»ä¸ï¼å°åç±»åï¼WORDï¼ç硬çä¿¡æ¯è½¬æ¢ä¸ºå符类åï¼charï¼
char * CGetHDSerial::WORDToChar (WORD diskdata [], int firstIndex, int lastIndex)
{
static char string [];
int index = 0;
int position = 0;
// æç §é«åèå¨åï¼ä½åèå¨åç顺åºå°åæ°ç»diskdata ä¸å 容åå ¥å°å符串stringä¸
for (index = firstIndex; index <= lastIndex; index++)
{
// åå ¥åä¸çé«åè
string [position] = (char) (diskdata [index] / );
position++;
// åå ¥åä¸çä½åè
string [position] = (char) (diskdata [index] % );
position++;
}
// æ·»å å符串ç»ææ å¿
string [position] = '\0';
// å é¤å符串ä¸ç©ºæ ¼
for (index = position - 1; index > 0 && ' ' == string [index]; index--)
string [index] = '\0';
return string;
}
// Windows NT//XPç³»ç»ä¸ï¼å°ååç±»åï¼DWORDï¼ç硬çä¿¡æ¯è½¬æ¢ä¸ºå符类åï¼charï¼
char* CGetHDSerial::DWORDToChar (DWORD diskdata [], int firstIndex, int lastIndex)
{
static char string [];
int index = 0;
int position = 0;
// æç §é«åèå¨åï¼ä½åèå¨åç顺åºå°ååä¸çä½ååå ¥å°å符串stringä¸
for (index = firstIndex; index <= lastIndex; index++)
{
// åå ¥ä½åä¸çé«åè
string [position] = (char) (diskdata [index] / );
position++;
// åå ¥ä½åä¸çä½åè
string [position] = (char) (diskdata [index] % );
position++;
}
// æ·»å å符串ç»ææ å¿
string [position] = '\0';
// å é¤å符串ä¸ç©ºæ ¼
for (index = position - 1; index > 0 && ' ' == string [index]; index--)
string [index] = '\0';
return string;
}
// Windows NT//XPä¸è¯»åIDE硬çåºåå·
BOOL CGetHDSerial::WinNTReadIDEHDSerial(DWORD * buffer)
{
BYTE IdOutCmd [sizeof (SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE - 1];
BOOL bFlag = FALSE;
int drive = 0;
char driveName [];
HANDLE hPhysicalDriveIOCTL = 0;
sprintf (driveName, "\\\\.\\PhysicalDrive%d", drive);
// Windows NT//XPä¸å建æ件éè¦ç®¡çåæé
hPhysicalDriveIOCTL = CreateFile (driveName,
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, 0, NULL);
if (hPhysicalDriveIOCTL != INVALID_HANDLE_VALUE)
{
GETVERSIONOUTPARAMS VersionParams;
DWORD cbBytesReturned = 0;
// å¾å°é©±å¨å¨çIOæ§å¶å¨çæ¬
memset ((void*) &VersionParams, 0, sizeof(VersionParams));
if(DeviceIoControl (hPhysicalDriveIOCTL, IOCTL_GET_VERSION,
NULL, 0, &VersionParams,
sizeof(VersionParams),
&cbBytesReturned, NULL) )
{
if (VersionParams.bIDEDeviceMap > 0)
{
BYTE bIDCmd = 0; // IDEæè ATAPIè¯å«å½ä»¤
SENDCMDINPARAMS scip;
// å¦æ驱å¨å¨æ¯å 驱ï¼éç¨å½ä»¤IDE_ATAPI_IDENTIFYï¼ command,
// å¦åéç¨å½ä»¤IDE_ATA_IDENTIFY读å驱å¨å¨ä¿¡æ¯
bIDCmd = (VersionParams.bIDEDeviceMap >> drive & 0x)?
IDE_ATAPI_IDENTIFY : IDE_ATA_IDENTIFY;
memset (&scip, 0, sizeof(scip));
memset (IdOutCmd, 0, sizeof(IdOutCmd));
// è·å驱å¨å¨ä¿¡æ¯
if (WinNTGetIDEHDInfo (hPhysicalDriveIOCTL,
&scip,
(PSENDCMDOUTPARAMS)&IdOutCmd,
(BYTE) bIDCmd,
(BYTE) drive,
&cbBytesReturned))
{
int m = 0;
USHORT *pIdSector = (USHORT *)
((PSENDCMDOUTPARAMS) IdOutCmd) -> bBuffer;
for (m = 0; m < ; m++)
buffer[m] = pIdSector [m];
bFlag = TRUE; // 读å硬çä¿¡æ¯æå
}
}
}
CloseHandle (hPhysicalDriveIOCTL); // å ³éå¥æ
}
return bFlag;
}
// WindowsNT//XPç³»ç»ä¸è¯»åSCSI硬çåºåå·
BOOL CGetHDSerial::WinNTReadSCSIHDSerial (DWORD * buffer)
{
buffer[0]='\n';
int controller = 0;
HANDLE hScsiDriveIOCTL = 0;
char driveName [];
sprintf (driveName, "\\\\.\\Scsi%d:", controller);
// Windows NT//XPä¸ä»»ä½æéé½å¯ä»¥è¿è¡
hScsiDriveIOCTL = CreateFile (driveName,
GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL,
OPEN_EXISTING, 0, NULL);
if (hScsiDriveIOCTL != INVALID_HANDLE_VALUE)
{
int drive = 0;
DWORD dummy;
for (drive = 0; drive < 2; drive++)
{
char buffer [sizeof (SRB_IO_CONTROL) + SENDIDLENGTH];
SRB_IO_CONTROL *p = (SRB_IO_CONTROL *) buffer;
SENDCMDINPARAMS *pin =
(SENDCMDINPARAMS *) (buffer + sizeof (SRB_IO_CONTROL));
// åå¤åæ°
memset (buffer, 0, sizeof (buffer));
p -> HeaderLength = sizeof (SRB_IO_CONTROL);
p -> Timeout = ;
p -> Length = SENDIDLENGTH;
p -> ControlCode = IOCTL_SCSI_MINIPORT_IDENTIFY;
strncpy ((char *) p -> Signature, "SCSIDISK", 8);
pin -> irDriveRegs.bCommandReg = IDE_ATA_IDENTIFY;
pin -> bDriveNumber = drive;
// å¾å°SCSI硬çä¿¡æ¯
if (DeviceIoControl (hScsiDriveIOCTL, IOCTL_SCSI_MINIPORT,
buffer,
sizeof (SRB_IO_CONTROL) +
sizeof (SENDCMDINPARAMS) - 1,
buffer,
sizeof (SRB_IO_CONTROL) + SENDIDLENGTH,
&dummy, NULL))
{
SENDCMDOUTPARAMS *pOut =
(SENDCMDOUTPARAMS *) (buffer + sizeof (SRB_IO_CONTROL));
IDSECTOR *pId = (IDSECTOR *) (pOut -> bBuffer);
if (pId -> sModelNumber [0])
{
int n = 0;
USHORT *pIdSector = (USHORT *) pId;
for (n = 0; n < ; n++)
buffer[n] =pIdSector [n];
return TRUE; // 读åæå
}
}
}
CloseHandle (hScsiDriveIOCTL); // å ³éå¥æ
}
return FALSE; // 读å失败
}
// Windows NT//XPä¸è¯»åIDE设å¤ä¿¡æ¯
BOOL CGetHDSerial::WinNTGetIDEHDInfo (HANDLE hPhysicalDriveIOCTL, PSENDCMDINPARAMS pSCIP,
PSENDCMDOUTPARAMS pSCOP, BYTE bIDCmd, BYTE bDriveNum,
PDWORD lpcbBytesReturned)
{
// 为读å设å¤ä¿¡æ¯åå¤åæ°
pSCIP -> cBufferSize = IDENTIFY_BUFFER_SIZE;
pSCIP -> irDriveRegs.bFeaturesReg = 0;
pSCIP -> irDriveRegs.bSectorCountReg = 1;
pSCIP -> irDriveRegs.bSectorNumberReg = 1;
pSCIP -> irDriveRegs.bCylLowReg = 0;
pSCIP -> irDriveRegs.bCylHighReg = 0;
// 计ç®é©±å¨å¨ä½ç½®
pSCIP -> irDriveRegs.bDriveHeadReg = 0xA0 | ((bDriveNum & 1) << 4);
// 设置读åå½ä»¤
pSCIP -> irDriveRegs.bCommandReg = bIDCmd;
pSCIP -> bDriveNumber = bDriveNum;
pSCIP -> cBufferSize = IDENTIFY_BUFFER_SIZE;
// 读å驱å¨å¨ä¿¡æ¯
return ( DeviceIoControl (hPhysicalDriveIOCTL, IOCTL_GET_DRIVE_INFO,
(LPVOID) pSCIP,
sizeof(SENDCMDINPARAMS) - 1,
(LPVOID) pSCOP,
sizeof(SENDCMDOUTPARAMS) + IDENTIFY_BUFFER_SIZE - 1,
lpcbBytesReturned, NULL) );
}
冲击波病毒病毒反汇编源码
这部分代码是冲击波病毒的反汇编源码片段,它包含了多个指令和操作。首先,有两条指令(F6 and esi,esi 和 1AFC sbb bh,ah)对esi和esi以及bh和ah进行操作。接下来的( DDDC xor eax,4DC9DD3)执行异或操作,改变eax的值。然后是pop edx,wait和cli指令,可能用于控制程序流程和中断处理。 在后面的代码中,有mov ebp,FFD和mov dl,0C3等,用以设置内存地址和执行特定操作。cmps指令用于比较内存中的字节,push esp和inc/dec esi等操作用于数据处理。未知命令(E2 F4 loopd和C6?)可能代表未识别的循环指令。test al,7B和jpo等指令用于条件判断。 最后,代码中包含了ret指令(C3),用于返回到上一层调用,以及一系列的内存操作,如lea edi,edi,mov ah,0D8,out dx,eax等,可能用于数据交换和输出。整体来看,这部分源码执行了一系列复杂的指令,用于执行病毒的特定功能,如数据比较、内存操作和控制流程。扩展资料
冲击波(Worm.Blaster)病毒是利用微软公司在7月日公布的RPC漏洞进行传播的,只要是计算机上有RPC服务并且没有打安全补丁的计算机都存在有RPC漏洞,具体涉及的操作系统是:Windows、XP、Server 。