?? psp.txt
字號:
利用父進程的PSP段值來測試程序是否被跟蹤
.model small
.stack 200h
.data
.code
Start: ;程序開始執行時DS及ES都指向PSP
mov ax,ds:[16h] ;取父進程的PSP段值
mov ds,ax
call DispAx
call CrLf
cmp ax,ds:[16h] ;不相同,說明程序被跟蹤!
jnz Start
mov ah,4ch
int 21h
CrLf proc uses ax dx ;顯示回車換行的子程序
mov dl,0dh
mov ah,2
int 21h
mov dl,0ah
mov ah,2
int 21h
ret
CrLf endp
DispAx proc uses ax cx dx bp ;顯示AX寄存器的值
xor cx,cx
mov bp,16 ;以16進制顯示
DispAx1:
xor dx,dx
div bp
push dx
inc cx
or ax,ax
jnz DispAx1
DispAx2:
pop ax
add al,'0'
cmp al,'9'
jbe DispAx3
add al,'A'-'9'-1
DispAx3:
mov dl,al
mov ah,2
int 21h
loop DispAx2
ret
DispAx endp
end Start
--------------------------------------------------------------------------
編譯連接及執行:
D:\Masm615>ml My1.asm
Microsoft (R) Macro Assembler Version 6.15.8803
Patched for you by promethee [ECL] in the year 2001 - enjoy
Copyright (C) Microsoft Corp 1981-2000. All rights reserved.
Assembling: My1.asm
Microsoft (R) Segmented Executable Linker Version 5.60.339 Dec 5 1994
Copyright (C) Microsoft Corp 1984-1993. All rights reserved.
Object Modules [.obj]: My1.obj
Run File [My1.exe]: "My1.exe"
List File [nul.map]: NUL
Libraries [.lib]:
Definitions File [nul.def]:
D:\Masm615>My1 ;沒被跟蹤
A11
D:\Masm615>debug My1.exe ;被跟蹤
-g
BE2
A11
Program terminated normally
-q
D:\Masm615>_
==========================================================================
;文件名: My2.asm
;利用PSP中環境塊段值,從中取出當前執行的程序名
.model small
.stack 200h
.data
.code
Start:
mov ax,ds:[2ch] ;取環境塊段地址
mov es,ax
xor ax,ax
xor di,di
mov cx,7fffh ;環境塊的最大長度
cld
Scan1:
repnz scasb ;掃描每個環境串
jnz Over
cmp al,es:[di] ;環境塊結束了嗎?
loopne Scan1 ;沒結束,繼續掃描
add di,3
mov si,di
push es
pop ds ;DS:SI指向當前執行的程序名
Display:
lodsb ;顯示該程序名
or al,al
jz Over
mov dl,al
mov ah,2
int 21h
jmp Display
Over:
mov ah,4ch
int 21h
end Start
--------------------------------------------------------------------------
編譯連接執行
D:\Masm615>Ml My2.asm
Microsoft (R) Macro Assembler Version 6.15.8803
Patched for you by promethee [ECL] in the year 2001 - enjoy
Copyright (C) Microsoft Corp 1981-2000. All rights reserved.
Assembling: My2.asm
Microsoft (R) Segmented Executable Linker Version 5.60.339 Dec 5 1994
Copyright (C) Microsoft Corp 1984-1993. All rights reserved.
Object Modules [.obj]: My2.obj
Run File [My2.exe]: "My2.exe"
List File [nul.map]: NUL
Libraries [.lib]:
Definitions File [nul.def]:
D:\Masm615>My2 ;執行程序看顯示的文件名
D:\MASM615\MY2.EXE
D:\Masm615>ren My2.exe Test.exe ;換個名字看看!
D:\Masm615>Test ;照樣能正常顯示
D:\MASM615\TEST.EXE
D:\Masm615>_
==========================================================================
;文件名:My3.asm
;利用PSP在程序中實現輸出改向
.model small
.stack 200h
.data
Welcome db 'How are you !$' ;將要輸出的測試信息
File db 'Test',0 ;要改向輸出的文件名
.code
Start:
mov ax,@data ;設置數據段
mov ds,ax
mov ax,3c00h ;創建一個文件
xor cx,cx
lea dx,File
int 21h
jb Over ;有錯轉結束
mov bx,ax ;文件把柄號
mov si,18h ;PSP中存放SOFT號的偏移地址
mov al,es:[si+bx] ;取已打開文件的SOFT號
mov es:[si+1],al ;替換標準輸出設備的SOFT號
mov ah,9 ;向標準輸出設備輸出信息(實際已改向到文件)
lea dx,offset Welcome
int 21h ;屏幕上并沒看到輸出的信息
mov al,1
mov es:[si+1],al ;恢復原標準輸出設備的SOFT號(就是1)
mov ah,3eh ;關閉文件
int 21h
Over:
mov ah,4ch
int 21h
end Start
--------------------------------------------------------------------------
編譯鏈接執行
D:\Masm615>Ml My3.asm
Microsoft (R) Macro Assembler Version 6.15.8803
Patched for you by promethee [ECL] in the year 2001 - enjoy
Copyright (C) Microsoft Corp 1981-2000. All rights reserved.
Assembling: My3.asm
Microsoft (R) Segmented Executable Linker Version 5.60.339 Dec 5 1994
Copyright (C) Microsoft Corp 1984-1993. All rights reserved.
Object Modules [.obj]: My3.obj
Run File [My3.exe]: "My3.exe"
List File [nul.map]: NUL
Libraries [.lib]:
Definitions File [nul.def]:
D:\Masm615>My3 ;執行程序,卻并未看到輸出
D:\Masm615>type Test ;查看文件才發現輸出已改向到文件
How are you !
D:\Masm615>_
--------------------------------憐香 于 2003/4/12-------------------------
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -