Joke Collection Website - Cold jokes - Dell D430 hard disk lock, please master the solution, thank you. Urgent! ! !

Dell D430 hard disk lock, please master the solution, thank you. Urgent! ! !

Hello, hard disk locking principle

Hard disk locking is usually tampering with the partition table of hard disk, so you should know the partition table of hard disk first. The hard disk partition table is located in cylinder 0, head 0 1 sector. The first 200 bytes of this sector are the main boot program, and the last 64 bytes starting from 0 1BEH are the partition table. Partition table ***64 bytes, divided into 4 columns, each column is 16 bytes, used to describe a partition. If you partition with the FDISK program of DOS, you only need two columns at most. The first column describes the basic DOS partition, and the second column describes the extended DOS partition.

The structure of partition table columns and the meaning of each byte are as follows:

00H— indicates active bytes, with 80H for active DOS partition and 00H for others.

01h-the number of heads of logical sector 0 in this partition.

02h-the sector number of the cylinder where the logical 0 sector is located.

03h-the cylinder number where the logical 0 sector is located.

04H— Partition type flag.

05H— The header number of the last sector in this partition.

06H— The sector number of the last sector.

07h-cylinder number of the last cylinder.

08H———— The total number of sectors of the hard disk before this partition, which is expressed in double words.

0CH— —— The total number of sectors in this partition, counting from logical 0 sectors, excluding hidden sectors, and expressed by double words.

Although the cylinder number and sector number given in the above introduction each take up one byte, in fact, the sector number is represented by 6 bits, and the cylinder number is represented by 10 bits. The most significant two bits of the byte where the sector number is located are actually the most significant two bits of the cylinder number.

The last two bytes of the partition table are valid flags of the partition table. If you change it, you will not be able to boot from the hard disk. This is a simple way to lock the hard disk. The solution is to boot from floppy disk, and the hard disk can still be used after startup. Use Debug or Diskedit software in Noratn to restore the flag in the hard disk partition table, so there is no problem booting from the hard disk. Another way to lock the hard disk is to tamper with partition parameters. If all partition parameters are changed to 0, you can't boot from the hard disk because you can't find the partition parameters at startup, and you won't recognize the hard disk after booting from the floppy disk. If you type the drive letter c and press enter, you will be prompted to enter an invalid driver specification. But fortunately, after all, you can boot, and it doesn't matter if you don't recognize the hard disk. You can still use DOS Debug to read the contents of disk 0, cylinder 0, head 1 sector on disk A, and then write it into disk 0, cylinder 0, head 1 sector after modification. It is no problem to restart the machine. If you change the partition table parameters to other parameters at will, you may not be able to start with a DOS system disk that can install DOS. Press F3 to exit, there will be a memory allocation error. If the prompt of DOS command interpreter cannot be loaded, the system will crash. I have been in this situation. But with a floppy disk formatted as a system disk, you can start it smoothly. As long as you have Debug, you can still modify the partition table parameters. Horribly, if the partition table parameter is unfortunately changed to a circular chain, that is, the next partition of disk C points to drive D, and the next partition of drive D points to area C. If this cycle continues, DOS startup or WIN95 startup will only collapse because of endless reading of logical drives. As long as there is a hard disk, whether you use a floppy disk or a hard disk, you can't start the machine. Because it can't be started because of the hard disk, it can't be used even if it is downloaded to another computer, so the hard disk is completely locked. This is what I met. If you don't believe me, you just need to change 1d0h of disk 0 cylinder 0 head to 1 (if the starting cylinder number of disk D is not big enough, it is already 1 here), and change 1D 1H to 0, which means that the starting cylinder number of disk D is the same as that of disk C. Look at you.

A complete hard disk lock program is nothing more than rewriting the boot program of 1 sector of cylinder 0 head, destroying or deliberately creating a circular partition table with partition table, and putting the real hard disk partition table parameters and boot program in other hidden sectors and protecting them. If the password is wrong when starting, the machine can't start, and if the password is correct, it can start smoothly. This hard disk lock program can also be started with floppy disk if the situation is good; The serious situation is that even the floppy disk can't be started, and the hard disk is really locked.

Programming method of unlocking hard disk lock

If the hard disk is locked, is it really impossible to unlock it? Of course not. Look at the crux of the problem. The root of the problem lies in IO. SYS file, which contains four modules: LOADER, IO 1, IO2 and IO3. Among them, IO 1 contains a key program SysInt_I, which insists on reading the partition table when it is started, and will never stop until it is finished. If the partition table is circular, it will only crash. This is the fragility and incompleteness of DOS. In fact, this can't be blamed on DOS, because DOS must read the partition table parameters to get the right to use the hard disk, and DOS also stipulates that the drive letter can't exceed 26, but it doesn't take into account such a circular partition table. In a word, the machine can't start because of DOS operating system. If you write another operating system, you may be able to start the machine. Of course, this is just a joke.

Knowing that the reason is DOS will make the problem easy. Don't you need to read the hard disk partition table when DOS starts? I won't show you the partition table or even the hard disk. You can start it smoothly. Indeed, the program implementation method of unlocking the hard disk lock is based on this idea. Of course, this can only start with floppy disks.

Looking at the start-up process of the computer, we have nothing to do with the first hardware self-check when the computer is turned on. We only care about what it did when it first handled the disk. If you choose to start from the hard disk, the initial interaction between the computer and the disk is to read the contents of the 1 sector of the hard disk 0 cylinder 0 into the memory at 0000: 7c00, and jump to 0000: 7c00 for execution; If you choose to start from floppy disk, the initial interaction between computer and disk is to read the contents of track 0 1 sector of disk A into memory at 0000: 7c00, and jump to 0000: 7c00 for execution. In the process of execution, the computer does not check the contents of this sector, but only mechanically executes the read command, so that many system viruses can survive. But taking advantage of this, just let our program unlock method play a role. If we use DOS to format a system floppy disk that can start the computer, move the contents of track 0 1 sector of the floppy disk to the blank sector at the back, and rewrite a program to track 0 1 sector of the floppy disk, so that the program we wrote will be executed first when the floppy disk starts. There are some functions in this program: intercept INT 13H before DOS starts, stay in high-end memory and monitor INT 13H to judge whether to read the hard disk, and if so, return directly, thus prohibiting reading the hard disk and avoiding the crash caused by DOS reading the circular partition table of the hard disk; At the same time, intercept the reading of floppy disk. If you read the floppy disk 0 track 0 header 1 sector, then read the sector with the boot program and the disk parameter table instead, to prevent DOS from crashing because it can't find the disk parameter table of the floppy disk at startup. While completing these tasks, we also need to read the real boot program of floppy disk and give it control.

This method can be called omnipotent, because you never deal with the hard disk when starting from floppy disk, so no matter how you lock the hard disk, it has no effect on DOS startup. Of course, the machine started in this way does not recognize the hard disk, but it doesn't matter. Debug can be used to call out the new INT 13H program that resides in the high-end memory after the machine is started, and the old INT 13H can be directly executed with only one statement, so that the contents of the sector 1 of the hard disk 0 cylinder 0 can be read with INT 13H under Debug. If there is a backup, restore the partition table parameters, and then write the sector of 0 cylinder header 1. If there is no backup, remove the circular chain from the partition table, and at least restart the hard disk with the normal DOS startup disk, so that the hard disk will not be locked and cannot be opened.

Procedures and instructions

1? The following is the source program that key.com wrote to the floppy disk 0 track 0 header 1 sector, which was input through debug.

C> debugging

-a 100

100 CLI

10 1 XOR AX, AX

103 MOV DS,AX

AX MOV East Street 105

107 MOV SS,AX

109 MOV AX,7C00

10C MOV SP,AX

10E STI

10F MOV SI,AX

MOV Area 7E00 1 1

1 14 CLD

MOV CX,0200

1 18 Republic

1 19 MOVSB

JMP 0000:7E 1F

1 1F MOV CX,0003

122 Push CX

123 MOV AX,020 1; Read the boot sector of the boot floppy disk

126 MOV BX,7C00

CX MOV 129,4F0 1

12C MOV fax, 0 100

12F INT 13

13 1 popular CX

132 CX1February

133 JNZ 0 122

135 MOV AX,[004 c]; Get the position of INT 13H first.

138 MOV [7E88],AX

13B MOV AX,[004E]

13E MOV [7E8A],AX

14 1 MOV axe, [04 13]

144 DEC AX

MOV 145[04 13], fax

148 MOV CL,06

CL, 14A SHL AX

14C MOV East Zone, AX

14E XOR AX, AX

150 MOV DS,AX

152 MOV SI, 7E6D copies the rewritten INT 13H program to the high-end memory.

155 MOV No.0000

158 MOV CX,0030

15B Republic

0 15C MOVSB

0 15D MOV AX,0000; Write the new INT 13H position into the interrupt vector table.

0 160 MOV [004C],AX

0 163 MOV AX,ES

0 165 MOV [004E],AX

JMP 0000:7C00

0 16D PUSHF; New INT 13H program

0 16E CMP DX,0080; Is it a hard disk?

0 172 JNZ 0 176; If it is not a hard disk, continue.

0 174 POPF

0 175 IRET; If it is a hard disk, return directly.

0 176 CMP DX,+00; Do you want to read the boot area of the floppy disk?

0 179 JNZ 0 186

0 17B CMP CX,+0 1

0 17E JNZ 0 186

0 180 MOV CX,4f 0 1; If so, read 79 tracks 1 head 1 sector.

0 183 MOV fax, 0 100

0 186 POPF

0 187 JMP 0000:0000; Jump here and execute the old INT 13.

; The location of the old INT 13H is obtained by the previous program and then written.

Northern key.com

RCX

200

W

Q

2? program loading

Before performing the following tasks, format the boot system disk with DOS and ensure that there are no bad sectors. It is best to carry out a start-up test to ensure that the machine can be started. Because there are only 3-inch floppy drives on most machines now, we choose the 3.5-inch floppy disk of 1.44M, and then use debug key.com to transfer the program key.com to the memory with the offset address of 100H, and write a loading program at 400H. Namely:

C> Debugging key.com

-a400

MOV CX 400, zip code 0003

403 push CX

404 MOV AX,020 1; Read the boot program of disk A into the memory of 1000H.

407 MOV BX, 1000; In order to ensure success, repeat reading 3 times for the first time.

40A MOV CX,000 1

40D MOV DX,0000

4 10 INT 13

4 12 popular CX

413cx1February

4 14 JNZ 0403

4 16 MOV AX,030 1; Write the floppy boot program that has been read into memory to the floppy disk.

4 19 MOV BX, 1000; The first sector of the last track

MOV CX,4F0 1

4 1F MOV fax, 0 100

422 INT 13

424 MOV AX,030 1; Write key.com program to floppy disk, track 0, head 0 1 sector.

No.427, 0 100

42A MOV CX,000 1

42D MOV DX,0000

430 INT 13

432 INT 3

In order to ensure foolproof, it is best to re-read the contents of these two sectors of the floppy disk to ensure successful writing. To do all this well, the safe way is to conduct a test, that is, use this floppy disk to start the computer once to see if it can be started successfully. If the startup is successful, you can lock the hard disk with the method of circular partition table to see if it can be started under normal DOS, and then try to start the computer with this floppy disk to see how it works.

After starting from this floppy disk, the hard disk is not recognized, and there is a new program INT 13H in the high-end memory, which is actually the part of key.com from 16D to 187. Because of this program, you can't read the hard disk under debugging, and you can't recover the hard disk partition table, so you should modify this program first after the machine starts. At present, the basic memory of the machine is usually 640K, so the location of this program in the memory is 9FC0:0000. Under debug, display this program with U9FC0: 0, and you can see that there is a jump instruction at 9FC0: 00 1A, which is to execute the original INT 13H. Because the BIOS version is different, the jump instruction may point to different locations, such as a JMP F000:A5D4 statement on the author's computer. At this time, write a statement under debug: A9FC0: 0JMPF000: A5D4. In this way, the prohibition of writing and reading on the hard disk no longer works. Under debug, the partition table of hard disk can be read by the No.2 subfunction of INT 13H, and the data can be written back to the partition table by the No.3 subfunction after modification and recovery. Quit debugging and restart the computer with normal DOS.

Incidentally, under normal DOS, the floppy disk can't be used because it has no boot area and no disk parameter table. Using the DIR A: command will cause a general failure when reading the drive A prompt. Ignore it without affecting its dedicated startup disk.

suggestion

In order to better protect your hard disk, it is recommended that you back up your hard disk partition table information. There are two ways to backup. One is to store the partition information of each logical disk of the hard disk in the form of a file. The other is to back up the partition information of hidden sectors of the hard disk. For example, you can back up 0 cylinder 0 head 1 sector at 0 cylinder 0 head 3 sector, back up D disk at 0 cylinder 0 head 3 sector and start cylinder 0 head 1 sector, and other logical disks. This method is simple, convenient and reliable. Using DISKEDI in NORTAN is easy to operate and realize. With the backup partition table information, you are not afraid of viruses destroying the partition table; Plus the program I gave you, even if someone really locks your hard disk, you can easily unlock it.