Use the driver to read the hard disk serial number

There is a small program hdsn32.asm, I wrote in 2000, to read the hard drive in win9x serial number, which uses a similar approach CIH virus was ring0 authority under the win2000 can not run.
; Hdsn32.asm
.386
. Model flat, stdcall; 32 bit memory model
option casemap: none; case sensitive

include masm32includewindows.inc
include MASM32INCLUDEshell32.inc
include MASM32INCLUDEmasm32.inc
include masm32includeuser32.inc
include masm32includekernel32.inc

includelib MASM32LIBshell32.lib
includelib MASM32LIBmasm32.lib
includelib masm32libuser32.lib
includelib masm32libkernel32.lib

. Data

IDTR df 0; This will receive the contents of the IDTR
; Register

SavedGate dq 0; We save the gate we replace in here

OurGate dw 0; Offset low-order word
dw 028h; Segment selector
dw 0EE00h;
dw 0; Offset high-order word
BUFF1 DW 256 DUP (20H)
hdsn_1 db''serial number of hard disk C:'', 0DH, 0AH
hdsn_2 db 256 dup (0)
hdsn_3 db 20 dup (0)
szCaption db''hdsn32 v1.0 for win9x Shandong Haihua Group Sheng Yu by preparing 2000.12.21'', 0
name_buffer db''hdsn.bin'', 0

. Data?
hFile HANDLE?
SizeReadWrite DWORD?

. Code
Start:
mov eax, offset Ring0Proc
mov [OurGate], ax; Put the offset words
shr eax, 16; into our descriptor
mov [OurGate +6], ax

sidt fword ptr IDTR
mov ebx, dword ptr [IDTR +2]; load IDT Base Address
add ebx, 8 * 3; Address of int 3 descriptor in ebx

mov edi, offset SavedGate
mov esi, ebx
movsd; Save the old descriptor
movsd; into SavedGate

mov edi, ebx
mov esi, offset OurGate
movsd; Replace the old handler
movsd; with our new one

int 3h; Trigger the exception, thus
; Passing control to our Ring0
; Procedure

mov edi, ebx
mov esi, offset SavedGate
movsd; Restore the old handler
movsd

invoke MessageBox, NULL, addr hdsn_1, addr szCaption, MB_OK

invoke CreateFile, ADDR name_buffer, GENERIC_READ or GENERIC_WR99vE, FILE_SHARE_READ or FILE_SHARE_WR99vE, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_ARCHIVE, NULL
mov hFile, eax
push offset hdsn_2
pop esi
push offset hdsn_3
pop edi
mov ecx, 20
jm_1:
lodsb
xor al, 36h
stosb
loop jm_1
invoke WriteFile, hFile, ADDR hdsn_3, 20, ADDR SizeReadWrite, NULL
invoke CloseHandle, hFile
invoke ExitProcess, eax

Ring0Proc PROC
start_1:
mov edx, 1f7h
in al, dx
cmp al, 50h
jnz start_1
dec dx
mov al, 0a0h
out dx, al
mov dx, 1f7h
mov al, 0ech
out dx, al
mov dx, 1f7h
st_1:
in al, dx
cmp al, 58h
jnz st_1
mov dx, 1f0h
mov edi, offset BUFF1
mov ecx, 0
mov cx, 256
st_2:
in ax, dx
xchg ah, al
stosw
loop st_2
sti
push offset BUFF1 [20]
pop esi
push offset hdsn_2
pop edi
mov ecx, 20
rep movsb
iretd

Ring0Proc ENDP
end Star