The most comprehensive tutorial on encryption and decryption

Basic tutorial


Chapter 1 Rules
1-1 Preface
Before learning how to decrypt data, you must understand what encryption is, how to encrypt data, and how to track programs. In this way, decryption is no longer a dream. Only DEBUG is used as a tool. COM, but the current program usually checks whether debugging is loaded. If yes, it will crash !!
1-2 DEBUG and files
Anyone who has learned DEBUG knows the following commands:
T --- one-step execution, one command at a time
G <Address> --- click <Address> to stop.
G --- execute the loaded Program
Or "W)
L --- LOAD)
W --- SAVE)
W --- SAVE)
Most of the decryption processes only use the upper-column commands .....
========================================================== ============
Files are divided into. COM and. EXE. Because. COM can only have a maximum of 64 KB, A. EXE file is generated. However,. EXE has another file header, which records that the file is stored there. Therefore, DEBUG cannot write this file back, resulting in an error message.
※Therefore, the EXE file must use PCTOOLS to find and modify the instruction code ....

Chapter II disk format and Protection
2-1 Disk format
Most people think that a disk can only be divided into several or two sides. In fact, there are 39 2D disks and 80 2HD disks, each slice is divided into nine sectors, and each slice is further divided into 512 single-bit tuples. Therefore, you only need to make a difference between protection and normal channels.
(PS: DOS2.0 has eight sectors, and DOS3.1 and later versions have nine sectors)
TRACK: A disk is divided into several concentric rings, which are called tracks.
Face (Head): a floppy disk is divided into 0/1 faces, but the hard disk may exceed this number.
SECTOR: One of the data storage areas on the track
N value: slice size, normal 2 (N = 1 256 Bytes, N = 2 512 Bytes)
The Npower of 2 multiplied by 256, that is, the size of the slice.
The Npower of 2 multiplied by 256, that is, the size of the slice.
Therefore, the normal track ID column should be:
T H S N
1 02 00 01 02 10.4% this is the second zero
2 02 00 02 02 10.4% "% indicates that this sector occupies this path
3 02 00 03 02 10.4% percentage, each time there will be a little
4 02 00 04 02 10.4% difference.
5 02 00 05 02 10.4%
6 02 00 06 02 10.4%
7 02 00 07 02 10.4%
8 02 00 08 02 10.4%
9 02 00 09 02 13.7%
----------------------------
If N = 3, more than 17.8% of the space is required to create a normal track. Otherwise, a bad track (crc error) will be created. Therefore, this track can only have five sectors; otherwise, it will become a bad track. This is because of the disk control card, so it is impossible to require a small and good (no error) sector.

2-2 protection types and introduction
Blank sector: this channel does not have a sector, that is, some do not do FORMAT, so that when reading and writing
This track will cause errors, but it can only prevent standard DISKCOPY
Copying a program is an early protection method, such as crazy music 』
Non-standard sector: The t h s n value is changed to be different from the normal channel, early protection
This method is also used to "change S value like kanov 』
Sector with abnormal size: Percentage of the track size. An exception occurs, such as hitting bricks 』
Hidden sector: Use the ID column error method so that the sector must use the read id method.
Find this sector, so you can cheat early COPYWRIT or COPYIIPC
"Car name Contest 』
Add additional sectors: Make a sector more than the normal number, such as the second generation of the car 』
If the disk controller can create 20 h sectors, it would be nice, but some
Make too many copies of the software that make it impossible to use, such as the totem graph capture software 』
Virtual slice, also known as weak bit, is the magnetic field between 0 and 1 when writing data.
Write, so the read data is different each time, and the drive is not normal
Make (by luck, but the larger the percentage, the more difficult it is to make), can only rely on external
Hardware copying "if you break through the fire network 』
Long Path: Use a slow-speed soft drive to write data, so that more data is written, unless
The speed of the copy drive is the same, otherwise it cannot be copied (the copy card cannot be copied)
Seamless lock: Use the slice with the N value of 6 because it exceeds the space that can be accommodated by this channel,
So when you read this partition, the data at the beginning and end will be read.
All the software drives cannot process the region, and thus cannot be copied.
This protector, each piece of data is not the same, it is impossible to copy, at the same time
This method will be used to select a software drive, so few people use it as "Fengyun Mahjong 』
Additional channels: For 39 normal disks, but 40 or 41 can be read and written, because
Someone is doing this and then reading and writing this road in a normal way.
"For example, speeding up the wind 』

2-3 Protection of abnormal sectors
The program of the FORMAT track verifies this track.
CS: 100 mov ax, 0000 resetting disk CS: 100 mov ax, 0000 resetting Disk
INT 13/preparation before reading and writing INT 13/preparation before reading and writing
Mov ax, 0501-FORMAT 1 slice mov ax, 0201-read one slice
Mov bx, 0200-ID: Put the data in ES: bx mov bx, 0200-put the data in ES: BX
Mov cx, 2901-29h mov cx, 29FF-29h, FFh sector
Mov dx, 0001-zero surface, B soft drive mov dx, 0001-zero surface, B soft drive
INT 13-boot disk I/o int 13-disk I/O boot
JB 0100-failed, re-create jb test error, no special Channel
INT 20-The ending program jmp test OK has a special path
ES: 200 DB 29 00 FF 02 (ID column data)
In the above example, the extra sector is used, and DOS only uses 27h channels, while the program uses 29h channels. Therefore, we are not afraid that someone will FORMAT the disk because the FORMAT will not wash the data. Make a sector numbered FFh in the 29 h channel, so even if you can copy it to the channel, you can also prevent general copy software and COPYIIPC (because only copy to the 28 h channel ), however, COPYWRIT still cannot be prevented.

Chapter 3 understanding of Disk control card
3-1 Disk control card Introduction

The uPD765A on the disk control card is the core of the entire disk operation, and the uPD765A communicates with the CPU Based on the three I/O ports. The three latches are as follows:
& H3F2
& H3F4
& H3F5: Data/Status Register
When data is transmitted to the disk, it can be divided into DMA and non-DMA modes, because it has nothing to do with the subject.
The uPD765A Disk control card can issue the following commands:
When there are too many threads, there are too many threads, too many threads.
Please Read Data (Read Data) then
Write Data
Specified Read ID (Read ID) unique
Fill Format A Track (Format the Magnetic Track) Fill
Additional Read Deleted Dtat (Read Deleted Data) Deleted
Write Delete Data (Write Deleted Data)
Reading Read A Track
Eclipseek
Scanned Scan EQUAL (EQUAL Scan ratio) scanned
Scanned Scan high or equal (scanning larger than or equal to) Scanning
Scanning Scan low or equal (scanning is less than or equal to) Scanning
Calibration Recalibrate (calibration head, head back to the zeroth rail) Calibration
Sense Interrupt status (Sense Interrupt status) interrupted
Driving Sense Driver Status (sensing drive Status) Available
Specified Specify
When there are too many threads, there are too many threads, too many threads.

3-2 working methods

When there are too many other users
┃ CPU quota
When there are too many other users
Bytes
Bytes
SYSTEM BUS)
Zookeeper
Please refer to the document window.
Zookeeper zookeeper DRQ zookeeper RLL zookeeper
Please wait until there are too many available rd data centers before please wait until there are too many magnetic links
Why?
Listen 8237 mongodack into uPD765A Very Busy busy → Busy busy
Too many threads → too many wr data threads
┃ DMA controller ┃ FDC ┃ input control ┃
Please wait until then → then
Too many rows → too many rows
When there are too many threads, too many TC threads, too many threads, too many threads, and output control
End count
3-3 interrupt description
Since there are a lot of assembler experts, we will not introduce each interrupt vector. We will only introduce several disk-related functions. Please check other interruptions on your own.
INT 13 h
　　　　　　　　　　　
(AH) = 0: resets the soft drive and pulls the head to TRACK 0.