年關將近,最近繼續在整理舊書,偶然間翻到了一本放了很久的舊書 OrangeOS's 一個作業系統的實現。
在Windows 10 系統中,想試試它的範例,發現 a.img 檔案複製不過來,覺得十分奇怪。
突然跳出病毒移除警告,微軟的防毒軟體偵到 Trojan: DOS/Killmbr。
出現的路徑剛好是範例1的Hello World boot.asm 所對應的檔案 a.img
程式碼
原本的測試範例沒有Makefile, 筆者寫了一個測試用的Makefile 以方便在Ubuntu 16.04.4 重覆編譯
編譯測試檔案
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 2019-01-25 Ben Wei <ben@juluos.org> | |
| IMAGE=a.img | |
| BINFILE=boot.bin | |
| all: $(IMAGE) $(BINFILE) | |
| $(BINFILE): boot.asm | |
| nasm boot.asm -f bin -o $(BINFILE) | |
| dd if=$(BINFILE) of=./$(IMAGE) bs=512 count=1 | |
| $(IMAGE): | |
| qemu-img create -f raw $(IMAGE) 1440k | |
| mkfs.msdos -s 1 $(IMAGE) | |
| run: | |
| qemu-system-x86_64 -fda $(BINFILE) | |
| runraw: | |
| qemu-system-x86_64 -drive format=raw,file=$(BINFILE) | |
| clean: | |
| rm -f $(BINFILE) $(IMAGE) |
/Dev/orangeos/chapter1/a$ make qemu-img create -f raw a.img 1440k Formatting 'a.img', fmt=raw size=1474560 mkfs.msdos -s 1 a.img mkfs.fat 3.0.28 (2015-05-16) nasm boot.asm -f bin -o boot.bin dd if=boot.bin of=./a.img bs=512 count=1 1+0 records in 1+0 records out 512 bytes copied, 0.000185582 s, 2.8 MB/s |
被偵測到有問題的boot.asm 範例
org 07c00h mov ax, cs mov ds, ax mov es, ax call DispStr jmp $ DispStr: mov ax, BootMessage mov bp, ax mov cx, 16 mov ax, 01301h mov bx, 000ch mov dl, 0 int 10h ret BootMessage: db "Hello, OS world!" times 510-($-$$) db 0 dw 0xaa55 |
通Defender 偵測的 boot.asm 範例
測試 ghaiklor 的 Simple boot sector with Hello World 範例編譯沒有問題source: https://gist.github.com/ghaiklor/89e243a3463569480d01188c9e55e077
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| org 0x7C00 ; BIOS loads our programm at this address | |
| bits 16 ; We're working at 16-bit mode here | |
| start: | |
| cli ; Disable the interrupts | |
| mov si, msg ; SI now points to our message | |
| mov ah, 0x0E ; Indicate BIOS we're going to print chars | |
| .loop lodsb ; Loads SI into AL and increments SI [next char] | |
| or al, al ; Checks if the end of the string | |
| jz halt ; Jump to halt if the end | |
| int 0x10 ; Otherwise, call interrupt for printing the char | |
| jmp .loop ; Next iteration of the loop | |
| halt: hlt ; CPU command to halt the execution | |
| msg: db "Hello, World!", 0 ; Our actual message to print | |
| ;; Magic numbers | |
| times 510 - ($ - $$) db 0 | |
| dw 0xAA55 |
執行編譯OK的Hello World
Windows 10 pro with qemu / make tools installed by choco
小結
比較程式的差異,通Defender 偵測的 boot.asm 範例,是比較好的寫法,有做處理停止中斷及結束。
看到偵測有病毒檔案訊息,先不用緊張,確認問題點,調整一下寫法,就可避開 Defender 誤偵測,繼續快樂的作業系統程式開發與研究囉!
看到偵測有病毒檔案訊息,先不用緊張,確認問題點,調整一下寫法,就可避開 Defender 誤偵測,繼續快樂的作業系統程式開發與研究囉!
延伸閱讀:
- Chocolatey是一個Windows下類似OSX brew 的軟體套件管理工具
- NASM - The Netwide Assembler 英文使用手冊
- 在Mac OS X上編繹BenOS並使用Qemu執行
- 讀"Orange's 一個作業系統的實現"的心得
沒有留言:
張貼留言