-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnaskfunc.lst
246 lines (246 loc) · 15.8 KB
/
naskfunc.lst
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
1 00000000 ; naskfunc
2 00000000 ; TAB=4
3 00000000
4 00000000 [FORMAT "WCOFF"] ; 格式
5 00000000 [INSTRSET "i486p"] ; 486支持
6 00000000 [BITS 32] ; 32位指令模式
7 00000000 [FILE "naskfunc.nas"] ; 文件名
8 00000000
9 00000000 ;
10 00000000 ; 创建一个汇编函数的方法
11 00000000 ; 声明入口标签为GLOBAL
12 00000000 ; 标签名比函数多加一个下划线作为前缀
13 00000000 ;
14 00000000
15 00000000 GLOBAL _io_hlt, _io_cli, _io_sti, _io_stihlt
16 00000000 GLOBAL _io_in8, _io_in16, _io_in32
17 00000000 GLOBAL _io_out8, _io_out16, _io_out32
18 00000000 GLOBAL _io_load_eflags, _io_store_eflags
19 00000000 GLOBAL _load_gdtr, _load_idtr
20 00000000 GLOBAL _load_cr0, _store_cr0
21 00000000 GLOBAL _load_tr
22 00000000 GLOBAL _asm_inthandler20, _asm_inthandler21
23 00000000 GLOBAL _asm_inthandler27, _asm_inthandler2c
24 00000000 GLOBAL _memtest_sub
25 00000000 GLOBAL _farjmp, _farcall
26 00000000 GLOBAL _asm_hrb_api
27 00000000 EXTERN _inthandler20, _inthandler21
28 00000000 EXTERN _inthandler27, _inthandler2c
29 00000000 EXTERN _hrb_api
30 00000000
31 [SECTION .text]
32 00000000
33 00000000 _io_hlt: ; void io_hlt(void);
34 00000000 F4 HLT
35 00000001 C3 RET
36 00000002
37 00000002 _io_cli: ; void io_cli(void);
38 00000002 FA CLI
39 00000003 C3 RET
40 00000004
41 00000004 _io_sti: ; void io_sti(void);
42 00000004 FB STI
43 00000005 C3 RET
44 00000006
45 00000006 _io_stihlt: ; void io_stihlt(void);
46 00000006 FB STI
47 00000007 F4 HLT
48 00000008 C3 RET
49 00000009
50 00000009 _io_in8: ; int io_in8(int port);
51 00000009 8B 54 24 04 MOV EDX,[ESP+4] ; port
52 0000000D B8 00000000 MOV EAX,0
53 00000012 EC IN AL,DX
54 00000013 C3 RET
55 00000014
56 00000014 _io_in16: ; int io_in16(int port);
57 00000014 8B 54 24 04 MOV EDX,[ESP+4] ; port
58 00000018 B8 00000000 MOV EAX,0
59 0000001D 66 ED IN AX,DX
60 0000001F C3 RET
61 00000020
62 00000020 _io_in32: ; int io_in32(int port);
63 00000020 8B 54 24 04 MOV EDX,[ESP+4] ; port
64 00000024 ED IN EAX,DX
65 00000025 C3 RET
66 00000026
67 00000026 _io_out8: ; void io_out8(int port, int data);
68 00000026 8B 54 24 04 MOV EDX,[ESP+4] ; port
69 0000002A 8A 44 24 08 MOV AL,[ESP+8] ; data
70 0000002E EE OUT DX,AL
71 0000002F C3 RET
72 00000030
73 00000030 _io_out16: ; void io_out16(int port, int data);
74 00000030 8B 54 24 04 MOV EDX,[ESP+4] ; port
75 00000034 8B 44 24 08 MOV EAX,[ESP+8] ; data
76 00000038 66 EF OUT DX,AX
77 0000003A C3 RET
78 0000003B
79 0000003B _io_out32: ; void io_out32(int port, int data);
80 0000003B 8B 54 24 04 MOV EDX,[ESP+4] ; port
81 0000003F 8B 44 24 08 MOV EAX,[ESP+8] ; data
82 00000043 EF OUT DX,EAX
83 00000044 C3 RET
84 00000045
85 00000045 ; 获得中断标志位
86 00000045 _io_load_eflags: ; int io_load_eflags(void);
87 00000045 9C PUSHFD ; PUSH EFLAGS
88 00000046 58 POP EAX
89 00000047 C3 RET
90 00000048
91 00000048 ; 还原中断标志位
92 00000048 _io_store_eflags: ; void io_store_eflags(int eflags);
93 00000048 8B 44 24 04 MOV EAX,[ESP+4]
94 0000004C 50 PUSH EAX
95 0000004D 9D POPFD ; POP EFLAGS
96 0000004E C3 RET
97 0000004F
98 0000004F _load_gdtr: ; void load_gdtr(int limit, int addr);
99 0000004F 66 8B 44 24 04 MOV AX,[ESP+4] ; limit
100 00000054 66 89 44 24 06 MOV [ESP+6],AX
101 00000059 0F 01 54 24 06 LGDT [ESP+6]
102 0000005E C3 RET
103 0000005F
104 0000005F _load_idtr: ; void load_idtr(int limit, int addr);
105 0000005F 66 8B 44 24 04 MOV AX,[ESP+4] ; limit
106 00000064 66 89 44 24 06 MOV [ESP+6],AX
107 00000069 0F 01 5C 24 06 LIDT [ESP+6]
108 0000006E C3 RET
109 0000006F
110 0000006F _load_cr0: ; int load_cr0(void);
111 0000006F 0F 20 C0 MOV EAX,CR0
112 00000072 C3 RET
113 00000073
114 00000073 _store_cr0: ; void store_cr0(int cr0);
115 00000073 8B 44 24 04 MOV EAX,[ESP+4]
116 00000077 0F 22 C0 MOV CR0,EAX
117 0000007A C3 RET
118 0000007B
119 0000007B _load_tr: ; void load_tr(int tr);
120 0000007B 0F 00 5C 24 04 LTR [ESP+4] ; tr
121 00000080 C3 RET
122 00000081
123 00000081
124 00000081 ; 20中断函数转移代码片
125 00000081 _asm_inthandler20:
126 00000081 06 PUSH ES
127 00000082 1E PUSH DS
128 00000083 60 PUSHAD
129 00000084 89 E0 MOV EAX,ESP
130 00000086 50 PUSH EAX
131 00000087 66 8C D0 MOV AX,SS
132 0000008A 8E D8 MOV DS,AX
133 0000008C 8E C0 MOV ES,AX
134 0000008E E8 [00000000] CALL _inthandler20
135 00000093 58 POP EAX
136 00000094 61 POPAD
137 00000095 1F POP DS
138 00000096 07 POP ES
139 00000097 CF IRETD
140 00000098
141 00000098 ; 21中断函数转移代码片
142 00000098 _asm_inthandler21:
143 00000098 06 PUSH ES
144 00000099 1E PUSH DS
145 0000009A 60 PUSHAD
146 0000009B 89 E0 MOV EAX,ESP
147 0000009D 50 PUSH EAX
148 0000009E 66 8C D0 MOV AX,SS
149 000000A1 8E D8 MOV DS,AX
150 000000A3 8E C0 MOV ES,AX
151 000000A5 E8 [00000000] CALL _inthandler21
152 000000AA 58 POP EAX
153 000000AB 61 POPAD
154 000000AC 1F POP DS
155 000000AD 07 POP ES
156 000000AE CF IRETD
157 000000AF
158 000000AF ; 27中断函数转移代码片
159 000000AF _asm_inthandler27:
160 000000AF 06 PUSH ES
161 000000B0 1E PUSH DS
162 000000B1 60 PUSHAD
163 000000B2 89 E0 MOV EAX,ESP
164 000000B4 50 PUSH EAX
165 000000B5 66 8C D0 MOV AX,SS
166 000000B8 8E D8 MOV DS,AX
167 000000BA 8E C0 MOV ES,AX
168 000000BC E8 [00000000] CALL _inthandler27
169 000000C1 58 POP EAX
170 000000C2 61 POPAD
171 000000C3 1F POP DS
172 000000C4 07 POP ES
173 000000C5 CF IRETD
174 000000C6
175 000000C6 ; 2c中断函数转移代码片
176 000000C6 _asm_inthandler2c:
177 000000C6 06 PUSH ES
178 000000C7 1E PUSH DS
179 000000C8 60 PUSHAD
180 000000C9 89 E0 MOV EAX,ESP
181 000000CB 50 PUSH EAX
182 000000CC 66 8C D0 MOV AX,SS
183 000000CF 8E D8 MOV DS,AX
184 000000D1 8E C0 MOV ES,AX
185 000000D3 E8 [00000000] CALL _inthandler2c
186 000000D8 58 POP EAX
187 000000D9 61 POPAD
188 000000DA 1F POP DS
189 000000DB 07 POP ES
190 000000DC CF IRETD
191 000000DD
192 000000DD ; 内存检查函数
193 000000DD ; 该处使用汇编,是为了避免C编译器的优化
194 000000DD _memtest_sub: ; unsigned int memtest_sub(unsigned int start, unsigned int end)
195 000000DD 57 PUSH EDI ; 乮EBX, ESI, EDI 傕巊偄偨偄偺偱乯
196 000000DE 56 PUSH ESI
197 000000DF 53 PUSH EBX
198 000000E0 BE AA55AA55 MOV ESI,0xaa55aa55 ; pat0 = 0xaa55aa55;
199 000000E5 BF 55AA55AA MOV EDI,0x55aa55aa ; pat1 = 0x55aa55aa;
200 000000EA 8B 44 24 10 MOV EAX,[ESP+12+4] ; i = start;
201 000000EE mts_loop:
202 000000EE 89 C3 MOV EBX,EAX
203 000000F0 81 C3 00000FFC ADD EBX,0xffc ; p = i + 0xffc;
204 000000F6 8B 13 MOV EDX,[EBX] ; old = *p;
205 000000F8 89 33 MOV [EBX],ESI ; *p = pat0;
206 000000FA 83 33 FF XOR DWORD [EBX],0xffffffff ; *p ^= 0xffffffff;
207 000000FD 3B 3B CMP EDI,[EBX] ; if (*p != pat1) goto fin;
208 000000FF 75 18 JNE mts_fin
209 00000101 83 33 FF XOR DWORD [EBX],0xffffffff ; *p ^= 0xffffffff;
210 00000104 3B 33 CMP ESI,[EBX] ; if (*p != pat0) goto fin;
211 00000106 75 11 JNE mts_fin
212 00000108 89 13 MOV [EBX],EDX ; *p = old;
213 0000010A 05 00001000 ADD EAX,0x1000 ; i += 0x1000;
214 0000010F 3B 44 24 14 CMP EAX,[ESP+12+8] ; if (i <= end) goto mts_loop;
215 00000113 76 D9 JBE mts_loop
216 00000115 5B POP EBX
217 00000116 5E POP ESI
218 00000117 5F POP EDI
219 00000118 C3 RET
220 00000119 mts_fin:
221 00000119 89 13 MOV [EBX],EDX ; *p = old;
222 0000011B 5B POP EBX
223 0000011C 5E POP ESI
224 0000011D 5F POP EDI
225 0000011E C3 RET
226 0000011F
227 0000011F ; 不同段间的转移
228 0000011F _farjmp: ; void farjmp(int eip, int cs);
229 0000011F FF 6C 24 04 JMP FAR [ESP+4] ; eip, cs
230 00000123 C3 RET
231 00000124
232 00000124 ; 不同段间的调用
233 00000124 _farcall: ; void farcall(int eip, int cs);
234 00000124 FF 5C 24 04 CALL FAR [ESP+4] ; eip, cs
235 00000128 C3 RET
236 00000129
237 00000129 ; 系统调用软中断转移代码片
238 00000129 _asm_hrb_api:
239 00000129 FB STI
240 0000012A 60 PUSHAD ; 保存状态
241 0000012B 60 PUSHAD ; 将当前寄存器的状态作为_hrb_api函数的参数
242 0000012C E8 [00000000] CALL _hrb_api ; 调用函数
243 00000131 83 C4 20 ADD ESP,32 ; 清空栈
244 00000134 61 POPAD
245 00000135 CF IRETD
246 00000136