Crack hard disk Protection Card

I have read two articles about hard disk protection card cracking (restoring the card to the final article: Rongke,), and I will share with you the benefits of the broken protection card with the existing machines in the machine room.
As mentioned in the previous two articles, you can use 'T' in debug to record the original int13h entry f000: xxxx.
What I want is to enable it to automatically enter the original int13h entry after it is restarted, rather than hard disk protection. So I wrote a small assembler program atouble.exe and added it to Autoexec. bat. Because we are in pure DOS 'T', I think we should add it to Autoexec. bat before windows starts.
OK. As we expected, the machine is readable and writable.
My Lenovo: I can remove write protection from the original entry that is changed to int13h under pure DOS, but not on windows? It also directly attacks atouble.exe, int13h is also changed to the original entry, theoretical uplink.
I hope to discuss with you how to get the supervisor password of the hard disk protection card!
Atouble. asm
Data segment
Data ends: data Segment
Stack1 segment para stack
Dw 20 h dup (0)
Stack1 ends: Stack segment
Coseg segment: code segment
Assume cs: coseg, ds: data
Assume ss: stack1
Start: push bx
Push ds: Save bx and ds
Mov bx, 100 h
Mov ax, di
Mov [bx], al
Mov [bx + 1 h], ah
Xor ax, ax
Mov [bx + 2 h], ah
Mov [bx + 3 h], ah
Lds di, [bx]: Set ds to 0000.
Mov bx, 4f: 0000: 004c ~ 4f is the vector address of int13h.
Mov ax, 0f0h: f000: 95e4 is the original entry address of int13h (for the local host, it is 95e4,
Mov [bx], al: it's not necessarily the case for other hosts, but also 'ttracking)
Mov ax, 00 h
Mov [BX-1], al
Mov ax, 95 h
Mov [BX-2], al
Mov ax, 0e4h
Mov [bx-3], al

 

Pop ds: Restore ds, bx
Pop bx
Mov ah, 4ch
Int 21 h: exit to DOS
Coseg ends
End start

 

Compile (masm.exe, connect to atoatoatoand get atouble.exe
Test environment:
Brand: Blue Star
Cup: p4 1.5G
Memory: 256 MB
Hard Disk: 40 GB
Protection Card: yuanzhi
OS: Windows 98