;;;;!!!!!!!!!!!!!!!!!!!Special for unlocking (lock 95)!!!!!!!!!!!!! ;;;########### Disk read information ############## ;1. Select Enable ROM write(in config.sys or BIOS) ;2. Run int40.com ;3. Run lock program ;4. All reg are put to 9000:0 .286 .model tiny .code code segment assume cs:code,ds:code org 100h start: jmp init old db 5 dup(?) jmp_far db 0eah my_off dw ? my_seg dw ? _di dw 0 no dw 0 _no db 'NO.',5 dup(20h) space db 8 dup(20h) _ax db 'AX=',5 dup(20h) _bx db 'BX=',5 dup(20h) _cx db 'CX=',5 dup(20h) _dx db 'DX=',5 dup(20h) handle dw 0 int40_begin: sti cmp ax,201h je zd jmp exit zd: pusha push es push ds mov bp,sp push es push ds push word ptr [bp+14h] push word ptr [bp+16h] push ax push bx push cx push dx push si push di mov ax,9000h mov es,ax pop word ptr es:[0] ;di pop word ptr es:[2] ;si pop word ptr es:[4] ;dx pop word ptr es:[6] ;cx pop word ptr es:[8] ;bx pop word ptr es:[10] ;ax pop word ptr es:[12] ;cs pop word ptr es:[14] ;ip pop word ptr es:[16] ;ds pop word ptr es:[18] ;es mov ds,[bp+16h] add bp,1Ah mov es:[20],ss ;ss mov es:[22],bp ;sp mov word ptr ds:[194bh],9090h mov byte ptr ds:[1972h],0EBh mov byte ptr ds:[1998h],0EBh mov byte ptr ds:[1a5bh],0EBh mov ax,8000h mov es,ax mov cx,0FFFFh mov si,0 mov di,0 cld ;rep movsb push cs pop ds mov dx,dx mov si,offset _dx call hex2ascii mov dx,bx mov si,offset _bx call hex2ascii mov dx,cx mov si,offset _cx call hex2ascii mov dx,ax mov si,offset _ax call hex2ascii mov dx,no mov si,offset _no call hex2ascii mov ax,8000h mov es,ax mov si,offset _no mov di,_di mov cx,48 ;rep movsb add _di,48 inc word ptr no pop ds pop es popa exit: pusha push es push ds mov si,offset old call change pop ds pop es popa pushf call dword ptr cs:old_int40_off pushf pusha push es push ds mov si,offset jmp_far call change pop ds pop es popa popf retf 2 ;jmp_far_back db 0eah old_int40_off dw 0ec59h old_int40_seg dw 0f000h hex2ascii proc push cx push ax mov cx,4 _out: push cx mov cl,4 rol dx,cl mov al,dl and al,0fh daa add al,0f0h adc al,40h mov byte ptr cs:[si+3],al ;stdout inc si pop cx loop _out pop ax pop cx ret hex2ascii endp change proc mov ax,0f000h mov es,ax mov ax,cs mov ds,ax mov di,0ec59h mov cx,5 rep movsb ret change endp init: xor ax,ax mov si,80h mov al,ds:[80h] add si,ax cmp byte ptr [si],'u' jz unload cmp byte ptr [si],'U' jnz install unload: mov ax,0f000h mov es,ax cmp byte ptr es:[0ec59h],0eah jz un mov dx,offset mess2 mov ah,9 int 21h jmp quit un: mov ax,es:[0ec59h+3] mov ds,ax mov di,0ec59h mov si,offset old mov cx,5 rep movsb mov ax,cs mov ds,ax mov dx,offset mess1 mov ah,9 int 21h quit: mov ah,4ch int 21h install: mov ax,0f000h mov es,ax cmp byte ptr es:[0ec59h],0eah jnz go mov dx,offset mess mov ax,cs mov ds,ax mov ah,9 int 21h jmp quit go: mov ax,cs mov cs:my_seg,ax mov ax,offset int40_begin mov cs:my_off,ax mov ax,0f000h mov ds,ax mov ax,cs mov es,ax mov si,0ec59h mov di,offset old mov cx,5 rep movsb mov ax,cs mov ds,ax mov ax,0f000h mov es,ax mov si,offset jmp_far mov di,0ec59h mov cx,5 rep movsb mov dx,offset init int 27h mess db 'Already installed!$' mess1 db 'INT40.com disable!$' mess2 db 'INT40.com is disable!$' end start