I. Modify the partition table information of a hard disk
The hard disk partition table information is critical to the hard disk startup. If no valid Partition Table is found, the hard disk cannot be started from the hard disk or cannot be found even if it is started from a floppy disk. Generally, the first Partition Table item's 0th sub-section is 80 H, which indicates that drive C is an active DOS partition, and whether the hard disk can be self-initiated depends on * It. If you change this byte to 00 H, the disk cannot be started from the hard disk, but the hard disk can still be accessed after the disk is started. The 4th-byte partition table indicates the partition type. The first partition is usually 06 H, indicating that drive C is an active DOS partition, if the first partition is modified here, the hard disk can be encrypted.
The specific performance is as follows:
1. If this byte is changed to 0, it indicates that the partition is not in use and cannot be started from drive C. After a floppy disk is started, the original drive C disappears. The drive C is the original drive d, and the drive D is the original drive E.
2. If the byte here is changed to 05 H, it will not be able to start from the hard disk. Even if it is started from a floppy disk, every Logical Disk on the hard disk will not be accessible. This means that the entire hard disk is encrypted. In addition, the valid identifier of the Disk Master Boot Record is that the last two bytes of the sector are 55AAH. If the two bytes are changed to 0, the entire hard disk can be locked and cannot be accessed. The hard disk partition table is located in the physical 0-cylinder 0-head 1-sector. You can use Diskedit in Norton for Win95 to directly call up and modify the sector and save the disk. Alternatively, use the H sub-function of INT 13 H in Debug to read the 0-cylindrical 0-head 1-sector into the memory and modify it at the corresponding position, use the 03H sub-function of INT 13 h to write the 03H sub-function into the 0-cylinder, 0-head, and 1-sector.
The preceding encryption process is sufficient for general users. However, for experienced users, even if the hard disk is inaccessible, the 02H sub-function of INT 13 h can be used to read the 02H sub-function of 0-cylindrical 0-head and 1-sector, and the corresponding location data can be modified based on experience, you can unlock the hard disk because the data at these locations is usually fixed or limited. Another safe but clumsy method is to back up the partition table items on the hard disk and change them to 0, so that others do not know the partition information, you cannot unlock or access the hard disk.
2. Add a password to the hard disk boot
We know that the system password can be set in CMOS to prevent illegal users from starting the computer, and of course the hard disk cannot be used. But this does not really lock the hard disk, because as long as the hard disk is attached to another computer, the data and software on the hard disk can still be used. To add a password to the hard disk boot, you can first store the Master Boot records and partition information of the hard disk with 0 cylinders, 0 heads, and 1 sectors in hidden sectors that are not used by the hard disk, for example, 0 cylinder, 0 head, 3 sectors. Then we use Debug to rewrite a program with no more than 512 bytes (in fact, more than 100 bytes are enough) and load it to the hard disk with 0 cylinder, 0 head, and 1 sector. The function of this program is to first enter a password when executing it. If the password is incorrect, it enters an endless loop; if the password is correct, read the hidden sector (0 cylinder, 0 head, 3 sectors) that contains the Master Boot Record and partition information on the hard disk and execute the Master Boot Record.
When the hard disk is started, the BIOS first calls the Bootstrap program INT 0000 h to read the Master Boot Record of the 0-cylinder, 0-head, and 1-sector of the main hard disk into the memory: 7C00H for execution, and we have already stolen the beam, turn the zero-cylinder, zero-head, and one-sector into a program we designed. In this way, when starting from the hard disk, we do not execute the main boot program, but the program we designed. When executing the program we designed, if the password is incorrect, the program cannot be started. Even if the disk is started from a floppy disk, the hard disk cannot be accessed because there is no partition information in the 0-cylinder, 0-head, and 1-sector. Of course, we can also design a program like a virus, some of which reside in high-end memory, monitor the use of INT 13 h, to prevent the use of 0 cylinder, 0 head, and 1 sector from being rewritten.
3. Implement User encryption management for Hard Disks
The UNIX operating system can implement multi-user management. In the DOS system, the hard disk management system can be improved, and multi-user management with similar functions can be implemented. The management system can meet the following requirements: 1. the hard disk is divided into public partition C and several dedicated partitions D. "Super User" is used to manage zone C and read and write data and update the system. "special users" (such as internal personnel in the IDC) use their own partitions through passwords, to protect your files and data; "general users" (such as general personnel on the machine room) can use the specified public partition. Neither of the last two types of users can perform write operations on the C disk, so that if the operating system and a large number of applications are installed on the C disk, it can prevent others from intentionally or unintentionally damaging the system and software in the public data center, ensuring the security and stability of the system. 2. During system startup, you must use a floppy key to start the system. Otherwise, the hard disk is locked and cannot be used. The implementation of this method can be achieved by using the partition linked list structure of each Logical Disk in the hard disk partition table and assembly programming.
4. Write protection for a Logical Disk
We know that there is a write protection gap on the floppy disk. before writing a floppy disk, the BIOS should check the status of the floppy disk. If the write protection gap is blocked, the write operation cannot be performed. The write protection function cannot be implemented on hardware but can be implemented through software. In the DOS system, disk write operations include: ① in COMMAND. write operations supported by COM, such as MD, RD, and COPY; ② some sub-functions in DOS Function calling, such as function numbers 10 H, 13 H, 3EH, and 5BH, can write to the hard disk; ③ use INT 26H to convert the logical sector to the absolute sector for writing; ④ use the sub-function numbers 03 H and 05H of INT 13H to write the disk. However, each write operation must call the sub-function of INT 13 H.
Therefore, if you intercept INT 13 H, you can disable write operations on a specific Logical Disk on the hard disk. Because the write operation of files on the disk is performed using the 03H sub-function of INT 13 H, when this sub-function is called, the register CL indicates the start sector number (in fact, only 6 characters below ); CH indicates the track number. In the hard disk, It is the cylindrical number. The cylindrical number is represented by 10 bits. The maximum two bits are placed in the highest two bits of CL. When partitioning a hard disk, the hard disk can be divided into multiple logical drives, and each logical drive starts from a complete cylindrical disk. For example, the author's hard disk is 2.5 GB, divided into C, D, E, F, G five disks. The starting cylinder of disk C is 00 H, the starting cylinder of disk D is 66 H, the starting cylinder of disk e is E5H, the starting cylinder of disk F is 164 H, and the starting cylinder of disk G is 26BH. If you intercept INT 13 H, when AH = 03 H, and the cylinder number expressed by the two high CL and CH is greater than E4H and less than 164 H, nothing will be returned, in this way, you can disable writing to an edisk.