Overview:
If it turns off the interrupt, not only the keyboard is not moving, the clock will not go, so you can use the time difference to track, the specific method is: First turn off the interrupt, then use the current time as a key encryption, executing a lot After the instruction, secretly decrypt the current time, if the time will change, the time will change, the decryption result will be wrong, then ... of course is a crash!
Sample example: code segment assume cs: code, ds: code ORG 100HSTART: JMP Installd1 DB 'OK, Pass ...', 0DH, 0AH, 24HINSTALL: XOR AX, AX MOV ES, AX MOV AX, ES: [046CH ]; System time count XOR WORD PTR _CODE, AX; encrypting the command of _CODE MOV AH, 0FFH IN Al, 21h xchg Ah, Al Out 21h, Al; turns off the interrupt, and saves the original interrupt switch to AH MOV CX , 100; here is a delayed statement, simulate other programs execution time LOP1: Push CX XOR CX, CXLOP2: loop LOP2 POP CX LOOP LOP1 MOV BX, ES: [046CH]; Take the time back to decrypt xor Word PTR _Code, BX XCHG AH, Al; remember to restore OUT 21h, Al_Code: NOP NOP MOV AH, 9 MOV DX, OFFSET D1 INT 21H INT 20HCODE Ends End Start
