天龙还原精灵卸载器1.0 for win9x
.386P
.MODEL FLAT, STDCALL   &#59; with STDCALL we must reverse the sequence of pushes
option casemap :none   &#59; case sensitive
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib   

SetUnhandledExceptionFilter PROTO :DWORD

.DATA
&#59;---- Error Messages
szExceptionCaused db "不能进入RING 0,请在WIN9X下运行!",0
szError    db "Error",0
Caption  db ’天龙还原精灵卸载器1.0 for win9x’,0
ShowText db ’该程序用来卸载还原类软件 by:风般的男人’,0
ExceptionUsed EQU 5
buffer db 033h,0c0h,08eh,0d0h,0bch,000h,07ch,0fbh,050h,007h,050h,01fh,0fch,0beh,01bh,07ch
       db 0bfH,01bH,006H,050H,057H,0b9H,0e5H,001H,0f3H,0a4H,0cbH,0beH,0beH,007H,0b1H,004H
       db 038H,02cH,07cH,009H,075H,015H,083H,0c6H,010H,0e2H,0f5H,0cdH,018H,08bH,014H,08bH
       db 0eeH,083H,0c6H,010H,049H,074H,016H,038H,02cH,074H,0f6H,0beH,010H,007H,04eH,0acH
       db 03cH,000H,074H,0faH,0bbH,007H,000H,0b4H,00eH,0cdH,010H,0ebH,0f2H,089H,046H,025H
       db 096H,08aH,046H,004H,0b4H,006H,03cH,00eH,074H,011H,0b4H,00bH,03cH,00cH,074H,005H
       db 03aH,0c4H,075H,02bH,040H,0c6H,046H,025H,006H,075H,024H,0bbH,0aaH,055H,050H,0b4H
       db 041H,0cdH,013H,058H,072H,016H,081H,0fbH,055H,0aaH,075H,010H,0f6H,0c1H,001H,074H
       db 00bH,08aH,0e0H,088H,056H,024H,0c7H,006H,0a1H,006H,0ebH,01eH,088H,066H,004H,0bfH
       db 00aH,000H,0b8H,001H,002H,08bH,0dcH,033H,0c9H,083H,0ffH,005H,07fH,003H,08bH,04eH
       db 025H,003H,04eH,002H,0cdH,013H,072H,029H,0beH,046H,007H,081H,03eH,0feH,07dH,055H
       db 0aaH,074H,05aH,083H,0efH,005H,07fH,0daH,085H,0f6H,075H,083H,0beH,027H,007H,0ebH
       db 08aH,098H,091H,052H,099H,003H,046H,008H,013H,056H,00aH,0e8H,012H,000H,05aH,0ebH
       db 0d5H,04fH,074H,0e4H,033H,0c0H,0cdH,013H,0ebH,0b8H,000H,000H,080H,018H,002H,023H
       db 056H,033H,0f6H,056H,056H,052H,050H,006H,053H,051H,0beH,010H,000H,056H,08bH,0f4H
       db 050H,052H,0b8H,000H,042H,08aH,056H,024H,0cdH,013H,05aH,058H,08dH,064H,010H,072H
       db 00aH,040H,075H,001H,042H,080H,0c7H,002H,0e2H,0f7H,0f8H,05eH,0c3H,0ebH,074H,049H
       db 06eH,076H,061H,06cH,069H,064H,020H,070H,061H,072H,074H,069H,074H,069H,06fH,06eH
       db 020H,074H,061H,062H,06cH,065H,000H,045H,072H,072H,06fH,072H,020H,06cH,06fH,061H
       db 064H,069H,06eH,067H,020H,06fH,070H,065H,072H,061H,074H,069H,06eH,067H,020H,073H

   db 079H,073H,074H,065H,06dH,000H,04dH,069H,073H,073H,069H,06eH,067H,020H,06fH,070H
       db 065H,072H,061H,074H,069H,06eH,067H,020H,073H,079H,073H,074H,065H,06dH,000H,000H
.DATA?
lpOldGate  dd ?
IDT db 6 dup (?)
buffer2 db 512 dup (?)

.CODE
start:
        push  offset ExceptCallBack&#59; (security if ring transform doesn’t work)
 call   SetUnhandledExceptionFilter &#59; Catch exceptions 
        call ShowBuffer
 push offset Ring0Code      
 call ToRing0Code      
 invoke ExitProcess,0   &#59; exit

Ring0Code PROC    &#59; Ring0 code here..

 mov dx,1f6h  &#59;Drive and head port
        mov al,0a0h  &#59;Drive 0,Head 0
        out dx,al

        mov dx,1f2h  &#59;Sector count port
        mov al,1     &#59;Read One Sector
        out dx,al

        mov dx,1f3h  &#59;Sector number port
        mov al,1     &#59;Read One Sector
        out dx,al

        mov dx,1f4h  &#59;Cylinder low port
        xor al,al    &#59;Cylinder 0
        out dx,al

        mov dx,1f5h  &#59;Cylinder high port
        xor al,al    &#59;The rest of Cylinder 0
        out dx,al
 
        mov dx,1f7h  &#59;Command port
        mov al,20h   &#59;Read with Entry
        out dx,al
Still_going:
        in al,dx
        test al,8   &#59;This means the sector buffer requires servcing
        jz Still_going&#59;do not continue until the sector buffer is ready
        xor ecx,ecx
 mov cx,512/2  &#59;one sector/2
        mov edi,offset buffer2
        mov dx,1f0h   &#59;data port - data comes in and out here
        cli
        cld
        rep insw
        sti

   xor ecx,ecx
   mov cx,352/2

mov esi,offset buffer
   mov edi,offset buffer2
   rep movsw

 mov     dx,1f6h         &#59;Drive and head port
 mov     al,0a0h         &#59;Drive 0, head 0
 out     dx,al
 
 mov     dx,1f2h         &#59;Sector count port
 mov     al,1            &#59;Write one sector
 out     dx,al
 
 mov     dx,1f3h         &#59;Sector number port
 mov     al,1            &#59;Wrote to sector two
 out     dx,al
 
 mov     dx,1f4h         &#59;Cylinder low port
 mov     al,0            &#59;Cylinder 0
 out     dx,al
 
 mov     dx,1f5h         &#59;Cylinder high port
 mov     al,0            &#59;The rest of the cylinder 0
 out     dx,al
 
 mov     dx,1f7h         &#59;Command port
 mov     al,30h          &#59;Write with retry.
 out     dx,al
oogle:
 in      al,dx
 test    al,8            &#59;Wait for sector buffer ready.
 jz      oogle
 xor     ecx,ecx
 mov     cx,512/2        &#59;One sector /2
 mov     esi,offset buffer2
 mov     dx,1f0h         &#59;Data port - data comes in and out of here.
        cli
        cld
        rep outsw        &#59;Send it.
        sti
        iretd
Ring0Code ENDP

ShowBuffer proc   
 invoke  MessageBoxA,NULL,offset ShowText,offset Caption,MB_OK
 ret
ShowBuffer endp

ExceptCallBack PROC
 invoke    MessageBoxA, 0, addr szExceptionCaused,addr szError, 0
 invoke ExitProcess, -1
 ret
ExceptCallBack ENDP
 
ToRing0Code proc Ring0:DWORD

       sidt   fword ptr IDT   &#59; fetch IDT register

 mov  ebx, dword ptr [IDT+2]  &#59; ebx -> IDT
 add ebx, 8*ExceptionUsed  &#59; Ebx -> IDT entry of ExceptionUsed

 cli     &#