核心是标号代表的是原安装程序中标号所代表的地址。
assume cs:code
code segment
start:push ax
push cx
push di
push si
push ds
push es
mov ax,0
mov es,ax
mov di,200H
mov ax,cs
mov ds,ax
mov si,offset i7ch
mov cx,offset i7chend - i7ch
cld
rep movsb
mov ax,0
mov es,ax
mov word ptr es:[7cH*4],200H
mov word ptr es:[7cH*4+2],0H
pop es
pop ds
pop si
pop di
pop cx
pop ax
mov ax,4c00H
int 21H
i7ch:jmp short set
table dw offset s0 - offset set, offset s1 - offset set , offset s2 - offset set , offset s3 - offset set ;标号所有值恒为安装时在原代码中地址,直接使用会使cs:ip指向安装过程中的地址造成错误,只有计算了偏移地址才可脱离该安装程序使用
set:push bx
cmp ah,3
ja setRet
mov bl,ah
mov bh,0
add bx,bx
mov bx,cs:202H[bx]
add bx,20aH
call bx
setRet:pop bx
iret
s0:push bx
push cx
push es
mov bx,0b800H
mov es,bx
mov bx,0
mov cx,2000
toSpace:mov byte ptr es:[bx],' '
add bx,2
loop toSpace
pop es
pop cx
pop bx
ret
s1:push bx
push cx
push es
mov bx,4c00H
mov es,bx
mov bx,1
mov cx,2000
s1Set:and byte ptr es:[bx],11111000B
or es:[bx],al
add bx,2
loop s1Set
pop es
pop cx
pop bx
ret
s2:push bx
push cx
push es
mov bx,0b800H
mov es,bx
mov bx,1
mov cx,2000
s2Set:and byte ptr es:[bx],10001111B
or es:[bx],al
add bx,2
loop s2Set
pop es
pop cx
pop bx
ret
s3:push cx
push di
push si
push es
push ds
mov di,0b800H
mov es,di
mov ds,di
mov di,0
mov si,160
cld
mov cx,24*160
rep movsb
mov si,0
mov cx,80
s3Set:mov byte ptr ds:[si+160*24],' '
add si,2
loop s3Set
pop ds
pop es
pop si
pop di
pop cx
ret
i7chend:nop
code ends
end start
assume cs:code
code segment
start:push ax
push cx
push di
push si
push ds
push es
mov ax,0
mov es,ax
mov di,200H
mov ax,cs
mov ds,ax
mov si,offset i7ch
mov cx,offset i7chend - i7ch
cld
rep movsb
mov ax,0
mov es,ax
mov word ptr es:[7cH*4],200H
mov word ptr es:[7cH*4+2],0H
pop es
pop ds
pop si
pop di
pop cx
pop ax
mov ax,4c00H
int 21H
i7ch:jmp short set
table dw offset s0 - offset set, offset s1 - offset set , offset s2 - offset set , offset s3 - offset set ;标号所有值恒为安装时在原代码中地址,直接使用会使cs:ip指向安装过程中的地址造成错误,只有计算了偏移地址才可脱离该安装程序使用
set:push bx
cmp ah,3
ja setRet
mov bl,ah
mov bh,0
add bx,bx
mov bx,cs:202H[bx]
add bx,20aH
call bx
setRet:pop bx
iret
s0:push bx
push cx
push es
mov bx,0b800H
mov es,bx
mov bx,0
mov cx,2000
toSpace:mov byte ptr es:[bx],' '
add bx,2
loop toSpace
pop es
pop cx
pop bx
ret
s1:push bx
push cx
push es
mov bx,4c00H
mov es,bx
mov bx,1
mov cx,2000
s1Set:and byte ptr es:[bx],11111000B
or es:[bx],al
add bx,2
loop s1Set
pop es
pop cx
pop bx
ret
s2:push bx
push cx
push es
mov bx,0b800H
mov es,bx
mov bx,1
mov cx,2000
s2Set:and byte ptr es:[bx],10001111B
or es:[bx],al
add bx,2
loop s2Set
pop es
pop cx
pop bx
ret
s3:push cx
push di
push si
push es
push ds
mov di,0b800H
mov es,di
mov ds,di
mov di,0
mov si,160
cld
mov cx,24*160
rep movsb
mov si,0
mov cx,80
s3Set:mov byte ptr ds:[si+160*24],' '
add si,2
loop s3Set
pop ds
pop es
pop si
pop di
pop cx
ret
i7chend:nop
code ends
end start
