PCjs Machines
Home of the original IBM PC emulator for browsers.
PC-SIG Diskette Library (Disk #1119)
[PCjs Machine "ibm5170"]
Waiting for machine "ibm5170" to load....
Information about “PULLED BY REQUEST OF AUTHOR”
Many computer users are now worried about how they can protect
themselves from the viruses and trojan horses that are out there -- just
waiting to attack an unsuspecting system.
Here's a disk full of programs to help you in that fight. One of the
programs lets you write-protect your hard disk before you try any new
software, thus keeping viruses off it.
FLUSHOT+ lets you write-protect entire classes of files, such as all
your files ending with .EXE or .COM. It also lets you check individual
files for problems, keeps track of these files, and tells you if
anything has changed when you check them a second time. FLUSHOT+ even
tells you when a program has inserted something into a memory-resident
mode, thus alerting you to the kind of viruses that wait in memory
before they strike.
A second program, HDSENTRY, sets itself up in memory and monitors all
commands sent to the hard drive of your system. If the command is
potentially harmful, such as attempting to write to the drive or to
erase a file, HDSENTRY intercepts the command and prompts you for
continuation.
CRYPT.BAS
100 KEY OFF
110 COLOR 7,0
120 WIDTH 80
130 SCREEN 0,0,0
140 CLS
150 PRINT "A Simple File Cryption Program in BASIC"
160 PRINT "Written by Dan Gookin, Copyright (c) TAB Books"
170 PRINT
180 PRINT "Will you be <D>ecrypting or <E>ncrypting? (D or E): ";
190 B$ = INPUT$(1)
200 B$ = CHR$(ASC(B$) AND 95)
210 IF B$><"E" AND B$><"D" GOTO 190
230 PRINT B$
240 PRINT
250 LINE INPUT "Enter the INPUT file: ";FILEIN$
260 LINE INPUT "Enter the OUTPUT file: ";FILEOUT$
270 PRINT
280 LINE INPUT "Enter the keyword pattern: ";KEYWORD$
290 KEY.LEN = LEN(KEYWORD$)
300 IF KEY.LEN = 0 THEN 280
320 REM ******************************
330 REM Entryption/Decryption routines
340 REM ******************************
350 OPEN FILEIN$ FOR INPUT AS 1
360 OPEN FILEOUT$ FOR OUTPUT AS 2
370 FOR X=1 TO KEY.LEN
380 IF EOF(1) THEN 460
390 D$ = MID$(KEYWORD$,X,1)
400 A$=INPUT$(1,1)
410 ON INSTR("DE",B$) GOSUB 480,510
420 PRINT#2,C$;
430 PRINT C$;
440 NEXT X
450 GOTO 370
460 CLOSE
470 END
475 REM ******************************
480 REM Decrypt it:
490 C$ = CHR$((ASC(A$)-ASC(D$)) MOD 255)
500 RETURN
510 REM Encrypt it:
520 C$ = CHR$((ASC(A$)+ASC(D$)) MOD 255)
530 RETURN
DISKTOOL.DOC
------------------------------------
Disk Tool -- Disk Management Utility
User's Guide To Operation
Version 1.0A
------------------------------------
July 24, 1986
Copyright (c) 1986 by R. P. Gage, all rights reserved.
Disk Tool -- Disk Management Utility, version 1.0A Page 1
T A B L E O F C O N T E N T S
Page
Purpose of Disk Tool ................................... 3
System Requirements .................................... 4
Conventions Used ....................................... 5
Functions .............................................. 6
ALTER Modify the attributes of files ..... 8
CHANGE Change the current working drive ... 10
DISK View and/or edit the current drive . 11
ERASE Erase files on the current drive ... 14
FILE View and/or edit a file on the drive 15
LOCATE Look for matching files on the drive 16
RENAME Rename files on the current drive .. 17
QUIT End Disk Tool and return to DOS .... 18
Appendix A Known limitations ....................... 19
Appendix B Error Messages .......................... 20
Appendix C Program Notes ........................... 23
Appendix D Disclaimer .............................. 24
Appendix E WARNING ! ............................... 25
Appendix F Shareware ............................... 26
Disk Tool -- Disk Management Utility, version 1.0A Page 2
P U R P O S E O F D I S K T O O L
Disk Tool allows you to look at and make changes to what is
stored on your DOS disks. It gives you the ability to work with
individual files or the disk as a whole and lets you perform
operations that DOS usually isn't able to provide. Generally, it
lets you manipulate everything on your disks easily and with very
few restrictions.
The current version of Disk Tool, version 1.0A, provides the
following functions:
-- access any DOS disk available: any size floppy, any
size hard disk (up to 32MB), and any sized RAM disk;
all with any allowable sector size (128, 256, or 512
bytes).
-- edit the disk, on a sector basis, allowing full access
in a sequential or random manner to any available
sector on the disk. The sector number being edited is
displayed at all times.
-- edit any file on the disk, on a sector basis, allowing
full access in a sequential or random manner to any
sector in the file. The relative sector number within
the file is displayed at all times.
-- change all of the file attributes for any file on the
disk. This includes R/O, Hidden, System and Archive
status as well as the file's date and time of creation.
-- find any file on the disk matching an ambiguous or
unambiguous file specification. (ie. *.BAT or WS.COM).
-- rename any file on the disk.
-- erase any file on the disk.
-- all file operations allow full access to ANY file in
ANY subdirectory. The status of a file or subdirectory
is irrelevant.
Disk Tool -- Disk Management Utility, version 1.0A Page 3
S Y S T E M R E Q U I R E M E N T S
Disk Tool was written using TURBO Pascal 3.0. To run, it
requires an IBM PC/XT/AT or true compatible computer running
under DOS Version 2.0 or later with at least 128K memory, a
monitor using a Monochrome or Color/Graphics display card, and,
at a minimum, one floppy disk drive.
In addition, Disk Tool can make use of more memory (if it
needs it) and more disk drives (360K or 1.2MB floppy drives, hard
disks, or RAM disks). More memory is usually only required if
you are using Disk Tool with a hard disk that contains a lot of
files and sub-directories.
Currently, Disk Tool has successfully run under the TopView
and WINDOWS operating environments. In both cases, Disk Tool
runs in a separate window allowing simultaneous use with other
programs.
Disk Tool -- Disk Management Utility, version 1.0A Page 4
C O N V E N T I O N S U S E D
The conventions used in this document refer mainly to the
description of function keys. Each function key, wherever
possible, is described by the word or lettering that appears on
the key. Where this is not possible, the key is described by its
function and is surrounded in brackets.
The names I use for these keys and their descriptions are:
Home the Home key (key 7) on the numeric keyboard
End the End key (key 1) on the numeric keyboard
Enter the enter or return key
Esc the escape key (wherever it is located)
F1 function key one
F2 function key two
F3 function key three
F4 function key four
F5 function key five
F6 function key six
F7 function key seven
F8 function key eight
F9 function key nine
F10 function key ten
Ins the Ins (key 0) on the numeric keyboard
PgDn the PgDn key (key 3) on the numeric keyboard
PgUp the PgUp key (key 9) on the numeric keyboard
Tab the tab key
<UP> the up arrow key on the numeric keyboard
<DOWN> the down arrow key on the numeric keyboard
<LEFT> the left arrow key on the numeric keyboard
<RIGHT> the right arrow key on the numeric keyboard
Additionally, the program itself uses brackets around a key
name whenever it tells you to press a key. An example of this
exists in the main menu where, in part, a line states, "... then
pressing <ENTER>." This wording, where used, means to press the
enter key and not the letters, <, E, N, T, E, R, and >. The Esc
key and Ins key are also referred to in the program in this way
(ie., as <ESC> and <INS>).
Disk Tool -- Disk Management Utility, version 1.0A Page 5
F U N C T I O N S
Disk Tool is started by typing "DT" from the DOS prompt.
Doing so loads and runs Disk Tool without problem, but the com-
plete invocation for Disk Tool from the DOS prompt is:
DT [ /DC] [ /DM] [ /DS] [ /DF] [d:]
Each of the options, briefly described below, exist to force
Disk Tool to ignore what it has found out about your computer and
accept what you really want. All of the functions must have a
space in front of the "/", but the case and order of the options
is not important.
/DC Display Color. Makes Disk Tool display in a
variety of colors, even if it has found a
monochrome adapter installed.
/DM Display Monochrome. Causes Disk Tool to
display in two "colors".
/DS Display Slow. Forces Disk Tool to use DOS
to display on the screen. If Disk Tool is
used in a windowing operating environment,
this option may be necessary for Disk Tool to
run in a window alongside other programs.
/DF Display Fast. Forces Disk Tool to use direct
memory writes to display on the screen. This
is a lot faster than using DOS.
d: Sets the current working drive to d:. If d:
is not a valid drive letter, Disk Tool sets
the currently logged drive to the current
working drive.
Once started, the main menu is shown. The information in
the main menu includes the name of the program (Disk Tool) and
version number (1.0A), my copyright, MSDOS version number, amount
of memory available to DOS, number of drives, logical drive
letters, current working drive, my name and address, and finally
the functions available. If any of this information is missing
or seems altered, please inform me of that fact and immediately
stop using that copy of of Disk Tool.
Currently, there are eight functions available from the main
menu. They are:
ALTER .... Modify the attributes of files.
CHANGE ... Change the current working drive.
DISK ..... View and/or edit the current drive.
ERASE .... Erase files on the current drive.
FILE ..... View and/or edit a file on the drive.
LOCATE ... Look for matching files on the drive
Disk Tool -- Disk Management Utility, version 1.0A Page 6
RENAME ... Rename files on the current drive.
QUIT ..... End Disk Tool and return to DOS.
These functions are selected by moving the highlighted bar
with <UP> and <DOWN> and pressing Enter when the bar highlights
the function you want to execute. An alternative, easier method
of selecting a function is to type the first letter of the
function name (A, C, D, E, F, L, R, or Q) and then press Enter.
Disk Tool -- Disk Management Utility, version 1.0A Page 7
ALTER Modify the attributes of files
Pressing Enter when the ALTER function is highlighted gives
you the ability to change the attributes, date, and time for any
file on the current working drive.
Once you have selected ALTER, Disk Tool checks to see if the
current working drive's directory has been read into memory yet.
If it hasn't been read into memory, Disk Tool does so, displaying
the following message in the center of the screen.
Reading Directory Information...
Reading a disk's directory could be very quick or a little
slow depending on how many files and directories are on the disk.
In any case, be patient and after a moment, Disk Tool will be
done.
After the entire directory is in memory, using the <UP>,
<DOWN>, PgUp, PgDn, Home, and End keys to move the highlighted
cursor, select the directory you want to use to get files from.
<UP> and <DOWN> move the highlighted bar to the previous and next
directory, respectively. PgUp and PgDn move the bar up and down
to the previous and next screen of directories. Finally, Home
and End move the bar to the first and last directory.
Press Enter to accept the highlighted directory or press Esc
to abort and go back to the main menu. If you don't have any sub
directories, all of this will be skipped.
Then, in a similar manner, select the initial file to work
with.
When a file has eventually been selected, you have the
chance to change its attributes. To change one of the attributes
(Read Only, Hidden, System, or Archive), move the highlighted bar
with <UP> and <DOWN> and press Enter to toggle the highlighted
attribute on or off. When an attribute is on, it is set or in an
active state.
Changing the time or date is a little different, but not
enough to make it painful. Once the highlighted bar is over the
date or time field, press any key to tell Disk Tool you want to
change the contents of that field.
Upon pressing any key, you should notice the presence of a
cursor within the highlighted bar. You can now type in the new
date or time (only valid numbers are accepted), and move the
cursor to a different place using <LEFT> and <RIGHT>. Pressing
<UP>, <DOWN>, or Enter ends your changes to the date or time.
When you are not actually editing the date or time fields,
pressing <LEFT> or <RIGHT> changes the file you are working with
to the previous or next file in the directory, respectively.
Disk Tool -- Disk Management Utility, version 1.0A Page 8
When the file is changed in this manner, any changes you
made to the previous file ARE NOT SAVED. To save changes made to
a file's attributes, date, and time, press the Ins key. An easy
way to tell if you have saved a file's attributes is to compare
the "Present Attributes" column with the "New Attributes" column.
After pressing Ins, they are identical.
When you have had enough of changing attributes, pressing
Esc will let you leave the ALTER function. After doing this, you
are presented the ever familiar main menu and can continue from
there as usual.
Disk Tool -- Disk Management Utility, version 1.0A Page 9
CHANGE Change the current working drive
Pressing Enter with the CHANGE function selected opens up a
window on the screen showing something similar to:
Enter a letter from A to E to
change the current drive.
Press <ESC> to abort
To change the current working drive, do as it says and type
a letter in the range shown. In this example, you could type any
of the letters A, B, C, D, or E. Pressing anything else will not
be accepted.
Once you press one of the valid letters, all stored informa-
tion on the current working drive will be cleared, forcing Disk
Tool to start from scratch on the next disk read.
If you selected CHANGE by mistake, you can abort the func-
tion by pressing Esc. Doing so will keep Disk Tool from clearing
all stored information on the current drive.
Disk Tool -- Disk Management Utility, version 1.0A Page 10
DISK View and/or edit the current drive
For those who have a need or want to see and change what is
actually stored on their disks, at a byte level, the DISK
function provides that capability.
When DISK is highlighted, press Enter and Disk Tool will go
to the first sector on the disk in the current working drive and
display it in both hex and ASCII coded formats. If you select
DISK after previously editing the disk, (ie, selecting DISK a
second time on the same disk) Disk Tool will return you to the
last sector you were editing, not the first sector on the disk.
Once you begin editing the disk, a variety of function keys,
arrow keys, and movement keys, and others become effective.
These keys are all described below.
F1 Help. Hitting F1 any time while editing the disk
will display a screen summarizing the functions of
specific keys. Getting help will not cause any
changes previously made to be lost, so you can ask
for help at any time freely.
F2 Go to a sector. F2 gives you the ability to go
randomly to any allowable sector on the disk.
After you press F2, a window will be shown on the
screen. Then, you can enter a number in the range
shown, or press Esc to abort that function and
remain at the sector you are currently at.
F3 Go to start of disk. Anytime that F3 is pressed,
Disk Tool will immediately go to the first sector
of the disk, without question.
F4 Go to end of disk. Like F3, when F4 is pressed,
Disk Tool will go to the last available sector on
the disk.
F5 Edit hex display. Pressing F5 will cause the
blinking cursor to jump over to the hex side of
the display. The cursor will stay at the same
point in the sector that it was at previously, it
will just go over to the hex side.
F6 Edit ASCII display. F6 will, similarly, cause the
cursor to jump over to the ASCII side of the
display, remaining at the same point within the
sector being edited.
F7 - F9 not used
F10 Press F10, and Disk Tool will bring you back to
the main menu, leaving DISK.
Disk Tool -- Disk Management Utility, version 1.0A Page 11
<UP> Move up. Pressing <UP>, the up arrow, will move
the cursor up one line in the sector. If you are
at the first line, the cursor will wrap around to
the last line in the sector.
<DOWN> Move down. <DOWN>, the down arrow, will move the
cursor down one line within the sector. When the
cursor is at the last line, <DOWN> will cause the
cursor to wrap around to the first line.
<RIGHT> Move right. Yes, <RIGHT>, the right arrow key,
will make the cursor move to the right. When you
are at the last character (or byte) in a line,
<RIGHT> will move the cursor to the the first
character (or byte) in the next line.
<LEFT> Move left. <LEFT>, the left arrow, will move the
cursor to the left. When the cursor is at the
first character and <LEFT> is pressed, the cursor
will wrap around to the last character in the line
above the current line.
PgUp Go forwards. Hitting PgUp will make Disk Tool
advance and display the next sector available on
the disk, making it the current sector being
edited. If you are already at the last sector,
PgUp will wrap around to the first sector on the
disk.
PgDn Go backwards. PgDn causes Disk Tool to go
backwards one sector, making the previous sector
on the disk the current sector being edited. When
the current sector is the first sector, PgDn will
wrap around to the last sector on the disk.
Home Reread sector. Pressing Home will cause Disk Tool
to reread the current sector. There are two
reasons why you might want to do this. The first
is to try to read a sector when an error happened
on the first try. The other reason is to get a
fresh copy of the sector to edit, when you have
made too many unwanted changes to the sector.
When Home is pressed, Disk Tool will erase
whatever changes you made and display a new
working copy of the current sector.
End Write sector. End is the only way any changes
made will get saved. If you move to another
sector and forget to write it first, all changes
made to the previous sector will be lost. Disk
Tool doesn't remind (harass) you about writing any
changes. If you forget to write a sector, it
won't be changed, simply put.
At all times while editing, the actual sector number edited
Disk Tool -- Disk Management Utility, version 1.0A Page 12
is displayed at the bottom of the screen. The first sector
number for a disk is always 1, and the last sector number depends
on the format and capacity of the disk you are working with.
Making a change to any sector is relatively easy. First,
find or go to the sector you want to edit. Move the cursor to
the place you want to change something, then type in the changes.
Changes are discriminated from what was previously in the sector
by being highlighted.
Any character, all 255 of them, can be entered while the
cursor is in the ASCII part of the display, but only valid hex
characters can be entered while the cursor is on the hex side of
the display. This causes an interesting problem for those of you
who are used to making corrections with the backspace key. That
method of correcting errors doesn't work with Disk Tool, it is
just accepted as another character and processed as normal. To
make a correction, you have to move the cursor with <LEFT> and
type in the correction.
Disk Tool -- Disk Management Utility, version 1.0A Page 13
ERASE Erase files on the current drive
This function is used to erase any file on the current
working drive. Since Disk Tool doesn't use DOS to erase files,
you can erase any file, even if it is supposed to be read only or
hidden. The particular status of any file doesn't make any
difference.
After you have selected ERASE, choose the directory to get
files from then the initial file to erase. Since this is the
same process as described for the ALTER function, you could refer
to that section for help. Again, press Esc if you want to abort
and go back to the main menu.
When a file is selected, the screen clears and you will see
something similar to what is shown below.
The file, "OLD-FILE.NAM" will be deleted.
Press 'Y' to delete the file.
Press 'S' to skip deleting this file.
Press <ESC> to abort and exit.
If you now press 'Y', the file OLD-FILE.NAM will be erased
from the disk. Pressing 'S' (or 'N') will not erase the file.
Hitting Esc will put you back at the main menu.
Upon pressing 'Y' or 'S', Disk Tool does its work and then
returns you to the file selection screen for the chance to select
another file to erase. It will repeat doing this until there are
no files left in the directory or you eventually press Esc.
Disk Tool -- Disk Management Utility, version 1.0A Page 14
FILE View and/or edit a file on the drive
The FILE function is almost identical to the DISK function.
The main difference is that FILE gives you the ability to see and
edit only what is in a file and not the entire disk.
Press Enter when FILE is highlighted, select the directory
to get files from to edit, and then get the initial file to edit.
Look at what is described in ALTER for assistance in getting the
initial file. Press Esc to return to the main menu.
After a file is selected, you should be looking at the first
sector in the file, ready to edit it. All function keys, arrow
keys, movement keys, and other keys act the same way as they did
in DISK, with a few minor differences, described briefly below.
Except for what is described below, you should read and follow
what is said in the description for DISK.
F2 Go to a sector. Pressing the F2 key will still
let you go randomly to any sector, but only to
sectors within the file.
F3 Go to start of file. F3 will go to the start
(first sector) of the file instead of the first
sector on the disk.
F4 Go to end of file. Similar to F3, F4 goes to the
end of the file (its last sector) instead of the
end of the disk.
PgUp Go forwards. Pressing PgUp will advance the
relative sector to the next sector in the file.
It won't wrap around to the first sector if you
are at the last sector in the file, but will
remain at the last sector.
PgDn Go backwards. PgDn will go backwards in the file
to the previous sector in it. If you are already
at the first sector in the file, hitting PgDn will
not wrap around to the last sector, but will
leave you at the first sector.
At all times while editing, the relative sector number being
edited will be displayed, not the actual sector number. The
first relative sector number for a file is always 1, no matter
where the start of the file physically is.
Like DISK, pressing F10 will return you to the main menu.
Disk Tool -- Disk Management Utility, version 1.0A Page 15
LOCATE Look for matching files on the drive
All to often, users of hard disks have several copies of a
file in different places, don't know where a file is located, or
just want to look at all files on the disk. The LOCATE function
helps out those users by finding and displaying all files on the
current drive that match any given specification.
When ALTER is chosen, the screen clears, displays a few
lines of help, and gives you the prompt:
Filename: * .*
Now, enter the file(s) you want to look for. The wildcards
? and * can be used as they would be with DOS, anywhere within
the name to match any character and all characters from that
point on, respectively. <LEFT> and <RIGHT> can be used to move
the cursor to a specific place in the name, and changes made at
that place. Additionally, pressing Tab will make the cursor go
from the filename part to the extension part of the name and vice
versa. When the file to look for has been entered, press Enter.
Hitting Esc returns you to the main menu.
After Enter has been pressed, Disk Tool displays all files
matching what was typed (reading the directory if necessary),
pausing at the end of every screenfull of files. Note that all
I said all files matching what was typed. Disk Tool will display
a file even if it has a hidden or system status.
Disk Tool -- Disk Management Utility, version 1.0A Page 16
RENAME Rename files on the current drive
The RENAME function is used to rename any file on the
current working drive. Because Disk Tool goes around DOS to
rename files, you can rename any file, even if it has a hidden or
system status. The status of any file isn't important to Disk
Tool. The difference between the RENAME function and the DOS
rename is that RENAME can only rename one file at a time and
cannot be used with wildcards.
Once RENAME has been selected, pick the directory to get
files from and then a file to rename. See the ALTER function's
description for an explanation on doing this. Press Esc if you
decide at some point that you don't want to rename files and
you'll be returned to the main menu.
After you selected a file, the screen will clear and you
will be asked for the new name for the file. If you were trying
to rename "OLD-FILE.NAM," the screen would show, (in part):
Filename: OLD-FILE.NAM
Now, enter the new name for the file, typing over the old
name. <LEFT> and <RIGHT> can be used to move the cursor to any
point in the old name to make changes. Tab will move the cursor
from the name part to the extension part of the name and vice
versa. When you have changed the name to what you desire, press
Enter and you will see:
The file, "OLD-FILE.NAM" will be renamed to "NEW-FILE.NAM"
Press 'Y' to rename the file.
Press 'R' to re-enter the new file name.
Press 'S' to skip renaming this file.
Press <ESC> to abort and exit.
Pressing 'Y' at this point will rename the file to the new
name you typed in. If you pressed 'S' (or 'N'), the file won't
be erased and you will be allowed to select another file to
rename. 'R' will show you the "Filename:" prompt shown above,
letting you change the name again and try again. Hitting Esc, as
usual, will bring you back to the main menu.
Before going off, confident about RENAME, there are a few
notes to it. First, the new name must be typed in exactly as you
want to see it appear in the directory. You may have to type
over previous characters with spaces if necessary. Also, if you
leave leading or embedded spaces in the filename or extension
part of the name, DOS will have a difficult time accessing the
file from that point on. It can still be used in a few instances
from DOS (and always from Disk Tool), but a little trickery is
involved. Doing this (leaving spaces in the name) is permitted
in Disk Tool because you might want to make a file harder to
access. Embedding spaces in a name is definitely one way to make
a file harder to access.
Disk Tool -- Disk Management Utility, version 1.0A Page 17
QUIT End Disk Tool and return to DOS
Selecting QUIT from the main menu stops the execution of
Disk Tool and return you to DOS (or other operating environment,
if applicable). It returns to the same drive and directory that
you started in, unless of course you changed the disk that you
started from.
QUIT has a synonym that can be used if you like. Pressing
Esc while in the main menu also quits the program after confirma-
tion. This is no shorter than pressing "Q <ENTER>", but it is
included to be consistent with the exit command of other fun-
ctions. When you press Esc, you'll see the message:
Do you really want to exit Disk Tool? (Y/N)
If you enter anything other than 'Y', Disk Tool continues to
run as if nothing happened, waiting patiently for your next
command.
Disk Tool -- Disk Management Utility, version 1.0A Page 18
A P P E N D I X A
Known Limitations
In the current version of Disk Tool, there are three known
limitations, all of which should only affect a small minority of
the people using it. These limitations deal with memory usage,
floppy disk formats, and hard disk formats.
First, Disk Tool is potentially a memory hog. When a file
has to be accessed for any function, Disk Tool checks to see if
the disk directory has been read yet. If it hasn't, Disk Tool
goes ahead and reads the disk's entire directory, keeping ALL
files and ALL directory names in memory. For those people who
have a small amount of memory and a tremendous amount of files on
a hard disk, I am sorry, but you may be out of luck. Should Disk
Tool run out of memory reading a directory, it will abort. Plain
and simple.
Internally, each file consumes 39 bytes and each directory
33 bytes. On my hard disk, I have on the average about 600 files
and 40 sub directories. Doing a few calculations, this turns out
to require less than 25K of memory on top what Disk Tool already
uses. The bottom line is that, in my normal use, I need less
than 90K of free memory to run Disk Tool. Users with fewer files
naturally would need less memory while those with more files
would need more.
The second limitation deals with floppy disk formats, and is
more of a bug I have not worked out than anything else. When
physically switching between floppy disks of differing formats
(like between a 320K and a 360K disk, or more commonly, a 1.2MB
and 360K disk), Disk Tool isn't always aware of this, and still
thinks that you are using the previous format when you aren't. A
workaround for this problem is to, whenever switching formats in
a floppy drive, exit Disk Tool and log onto the new disk by
typing "Dir A:" or something similar. When you rerun Disk Tool
again, everything will work well and without problems.
Finally, Disk Tool only supports hard disks with 128, 256,
or 512 byte sectors. I say that it only supports those sector
sizes because it hasn't been tried with anything but those. It
also only works with hard disks of up to 32MB capacity, a DOS
limitation, not mine. If someone out there with a huge hard disk
tries Disk Tool on it and finds that it works as "advertised," I
would be very happy and like to hear about it. Anyone wanting to
donate a drive of the same magnitude to me so I could adapt Disk
Tool to it would be greatly (and publicly) applauded.
Disk Tool -- Disk Management Utility, version 1.0A Page 19
A P P E N D I X B
Error Messages
This appendix contains a list of the error messages you
might encounter while running Disk Tool and brief descriptions of
what they mean. The types of error messages are broken down into
three categories: program errors, disk errors, and your errors.
Program errors deal with something going wrong within Disk
Tool, or something happening that it couldn't deal with. All
program errors result in the screen being cleared and a message
displayed at the top of the screen stating that something went
wrong.
The most common (and hopefully only) program error concerns
running out of memory. If Disk Tool isn't able to read a disk's
entire directory into memory, it displays the following error
message at the top of the screen:
Disk Tool, version 1.0A is out of memory.
There are several solutions to this error. First, if you
don't have a full 640K of memory installed in your computer, the
easiest remedy is to purchase and install more memory. If more
memory is not a solution for you (you already have 640K, you
don't have enough $, etc.), removing a few memory resident pro-
grams, rebooting, and trying again is an alternative. Finally,
if you are running in a multi-tasking environment, allocating
more minimum memory to Disk Tool in its .PIF file or equivalent
should help out.
In all reality, most users will never run out of memory.
Never. Those few who have thousands of files on a hard disk are
the ones that may encounter a problem.
The next and only other program error message is a catch all
for anything unexpected going wrong. When Disk Tool stumbles
somewhere, it shows the following error message:
Oops, an unexpected error ...
This is only the beginning of the error message. What
follows is the error number, the location in the program where
the problem happened, and if possible a general description of
the error. If you ever get this error, please write down every-
thing that Disk Tool prints out and inform me of it. In doing
so, please try to include as much information on what you were
doing when the error happened. It will help me to rid the pro-
gram of the error.
Program errors take the easy out -- they abort. Disk
errors, on the other hand cause Disk Tool to open a window on the
screen and if possible, continue where it can. If a disk error
Disk Tool -- Disk Management Utility, version 1.0A Page 20
occurs while Disk Tool is reading a directory, Disk Tool exits
whatever function you were trying to execute and returns to the
main menu. Disk errors that occur elsewhere leave you where you
were in the appropriate function when the error happened,
possibly not reading or writing to the disk as you wanted to.
All disk errors dealing with the disk itself start with the
following message appearing as the first line in a window opened
in the middle of the screen.
> Disk Error! <
Following that line is one of the following error messages
describing what went wrong:
A general disk error happened.
Error during a disk read.
Error during a disk write.
Bad sector -- not found on disk.
Unknown disk format.
Error during disk seek.
CRC error -- bad parity check.
Disk not ready (door open, etc).
Invalid drive number.
The disk is write protected.
Bad Request.
To avoid going into a lengthy description on what each error
message means, I'll describe a few more common types of errors.
Hard disks and many "copy protected" floppy disks commonly
have a few "bad" sectors. If you run across one of these bad
sectors while using the DISK function, Disk Tool tells you so,
but it is no cause for concern. If you come across an error when
editing a file using FILE, there is a lot of reason for concern.
It would be much to your advantage to try to make a copy of that
file as soon as possible, even though it may be too late to save
the entire file.
The next most common problem is running Disk Tool on non-DOS
disks. Remember that Disk Tool is intended for use with ONLY DOS
DISKS. Yes, this means that you won't be able to look at what's
on disks from other operating systems nor a lot of game disks
that have to be booted to work.
As with everything however, there is an exception to this.
I briefly tried one disk emulation program that worked well
enough on a non-DOS disk to allow me to use several of Disk
Tool's functions on it without a problem. I suggest only using
the functions DISK and FILE if you do this though. I am not sure
that the other functions would operate as intended.
Also, remember that Disk Tool can't access a disk that
doesn't exist. Users with two floppy disk drives and no RAM
disks won't be able to access drives C, D, and E no matter how
Disk Tool -- Disk Management Utility, version 1.0A Page 21
much they try. Disk Tool reports a variety of errors if you try
to access a non-existent drive.
The next type of disk error shows up a lot when accessing
damaged and non-DOS disks. If Disk Tool finds that the FAT id
byte isn't one of the several valid ones when trying to read a
directory, it shows the following message in a window:
The disk ID byte appears to be
damaged or wrong.
If you know the disk was damaged, what the id byte should
be, and the correct location to put it, you can try to edit the
disk using the DISK function and make an attempt to reread the
directory.
Following the errors dealing with Disk Tool itself and your
disks are the errors due to your actions. These messages are
more informative than anything else, and nothing is affected when
you see one of these messages.
The following error message can happen in the ALTER, ERASE,
and RENAME functions. Before Disk Tool changes a directory entry
for a file, it checks to make sure that the file is in the place
it expects it to be. If you see the error message, Disk Tool
couldn't find the file in the place it thought it was in. This
basically means, as the message states, that you probably changed
disks somewhere along the line and forgot to CHANGE the current
drive letting Disk Tool know you did this.
File "OLD-FILE.NAM" was not found
You might have switched disks.
Note that the word OLD-FILE.NAM refers to a file on your
disk, while the words NEW-FILE.NAM and NEW-FIL?.* refer to new
file name that you typed in in response to a prompt.
The next two error messages appear exclusively when you
are in the RENAME function. The first message, below, is shown
when you try to rename a file to one that already exists in the
current directory. In this example, the old file, OLD-FILE.NAM
has been attempted to be renamed to the new file NEW-FILE.NAM
when NEW-FILE.NAM is already a file in the directory.
File "OLD-FILE.NAM" cannot be
renamed to "NEW-FILE.NAM"; the
new file name already exists.
The next error message below shows up when you try to rename
a file to something ambiguous. The characters '?' and '*' are
allowed from DOS, but unfortunately not from within Disk Tool.
File "OLD-FILE.NAM" cannot be
renamed to "NEW-FIL?.* "; '*'
and '?' aren't allowed.
Disk Tool -- Disk Management Utility, version 1.0A Page 22
A P P E N D I X C
Program Notes
Since Disk Tool was conceived less than a year ago, it has
gone through an almost complete circle of evolution. It has been
rewritten almost entirely several times to bring it to this
point, starting as a simple routine to draw a box on the screen
and mushrooming into what you can see and run now. The box
drawing routine is no longer present in the code, but it was the
reason why the program got started.
As the model for Disk Tool, I used various commercial and
public domain utilities of the same type. I picked out the best
or most useful features from all of the programs I used and
improved upon them wherever I saw possible. I hope that my
decisions on what is needed are similar to yours.
I am open to receive ideas for inclusion in future releases
of Disk Tool. In fact, I would rather implement other people's
ideas than mine.
Disk Tool -- Disk Management Utility, version 1.0A Page 23
A P P E N D I X D
Disclaimer
Both Disk Tool and this documentation are distributed
without any express or implied warranties. No warranty of
fitness for a particular purpose is offered. You, the user, are
advised to experiment and become familiar with Disk Tool before
relying on it. You assume all risk for the use and operation of
Disk Tool, and you shall be responsible for any loss of profits,
loss of savings, or other incidental or consequential damages
arising out of the use or failure to use Disk Tool, even if I
have been advised of the possibility of such damages. I do not
warrant that this documentation is accurate, or that Disk Tool
operates as I have claimed or designed it to operate.
By using Disk Tool, you agree to the above limitations.
IBM is a registered trademark of International Business
Machines Corporation.
MSDOS is a trademark of Microsoft Corporation.
TURBO Pascal is a trademark of Borland International, Inc.
Disk Tool -- Disk Management Utility, version 1.0A Page 24
A P P E N D I X E
WARNING !
BEFORE doing any work with Disk Tool, I ask that you are
conscious of the power you posses when running it and are very
careful. Disk Tool is able, purposefully or accidentally, to be
used to wipe out some very important parts of your disks. If you
are not well acquainted with the technical details of different
disk formats, please do not select the DISK function without
extreme care.
The areas that should be avoided unless absolutely necessary
are the boot record (the first sector), the FAT (the next few
sectors), and the directory. Making blind changes in any of
these areas has a good possibility of rendering your disks
useless. If you find a pertinent need to change one of these
areas, it is a good idea to make a backup copy (with DISKCOPY or
something similar) or your disk before you begin.
Also be cautious about where you get Disk Tool from and of
any new versions. Disk Tool, before being released, undergoes
extensive testing. I have taken every effort possible to make
sure most known bugs have been eliminated from the program and
that it functions properly when released.
A problem with a shareware distribution of Disk Tool may
arise because the source code to Disk Tool is available. Al-
though I hope it never happens, someone could easily modify the
source code to produce a trojan horse type of program. This
isn't as far fetched as it may seem; it happened in the recent
past with the ARC program. For that reason, either get the
latest release of Disk Tool from a very reliable source or from
me directly.
Disk Tool -- Disk Management Utility, version 1.0A Page 25
A P P E N D I X F
Shareware
Disk Tool is supported by the users that find it productive.
I ask that, if you have benefited in some way from Disk Tool or
make regular use of it, you donate $20.00. A person who donates
will be given a legitimate copy of the program (see the WARNING
in appendix E) and documentation and will receive any published
announcements of future releases of Disk Tool.
The donation is not an optional matter if Disk Tool is used
in a commercial environment.
You may make copies of the Disk Tool program and documenta-
tion files for your own use, and you may make copies to give to
others. If the program is given away, I ask that no fee be
charged for the copy and that ALL of the files (program, documen-
tation, and miscellaneous files) are distributed together, intact
and unmodified.
The source code is also available, although is not in any
way to be freely distributed. Anyone interested in the source
code should inquire about that on an individual basis.
Your comments, suggestions, friendly criticisms, bug
reports, and improvement ideas are welcome. Please contact me
ONLY at the address listed below.
Disk Tool and this documentation are:
Copyright (c) 1986 by
R. P. Gage
1125 6th St. N. #43
Columbus, MS 39701
Disk Tool -- Disk Management Utility, version 1.0A Page 26
FSP.TXT
FLU_SHOT+, Version 1.5
A Form of Protection from
Viral and Trojan Programs
by
Ross M. Greenberg
and
Software Concepts Design
594 Third Avenue
New York, New York 10016
BBS:(212)-889-6438 1200|2400|N/8/1
FLUSHOT+ is a trademark of Software Concepts Design.
Copyright (C), 1988 by Software Concepts Design.
All Rights Reserved.
Not for Commercial Distribution without written permission by the
copyright holder. Noncommercial copying of this software and this
documentation is encouraged. Commercial Distribution is easily
defined: if you distribute this software, or the enclosed
documentation, for more than your cost of such distribution, then
you're a Commercial Distributor and require our written
permission. Not-for-profit organizations and computer user
groups, and their bulletin board systems (if any) are
specifically *not* considered commercial distributors.
By your using this software, you agree to the terms herein.
Specifically, that you do not have the right to copy this
software except as outlined above, and that you are granted a
license to use this software only by registering this software as
mentioned elsewhere in this document.
You also agree, and signify that agreement by using this
software, that Software Concepts Design and Ross M. Greenberg
will not be held liable for any reason for any cost you may
incur, or any potential income you might lose as a result of
using this software. Finally, this software is provided "AS IS",
meaning that what you see is what you get. If you use this
software and a tree falls on your house, or your spouse leaves
you for someone younger and more virile, please do not bother
having your lawyer call -- it isn't the fault of the software, no
matter what the lawyer tries to convince you!
Table of Contents
I. Introduction
a. What is a Trojan.....................................1
b. What is a Virus......................................4
c. The Challenge to the Worm............................6
II. About the FLUSHOT Series
a. A Brief History......................................8
b. FLU_SHOT+ Features and Enhancements..................9
c. Registering FLU_SHOT+................................10
d. Site Licensing of FLU_SHOT+..........................10
III. Using FLU_SHOT+
a. The FLUSHOT.DAT file.................................12
1. Protecting files from Write Access..............13
2. Protecting files from Read Access...............13
3. Excluding files.................................13
4. Checksumming files..............................14
5. Registering a TSR program.......................15
6. Restricted Access...............................15
7. Protecting the FLUSHOT.DAT file.................16
8. Protection Recommendations......................16
9. Allowing "dangerous" programs to run............17
b. Running FLU_SHOT+....................................18
1. Checksumming the in-memory table................18
2. Intercepting Direct Disk Writes Through INT13...19
3. What about INT26................................19
4. Turning off the header message..................19
5. Disabling Triggering on Open With Write Acces...19
6. Changing the Trigger Window Attributes..........19
7. Allowing trusted TSR's to work..................21
8. Disabling FLU_SHOT+.............................21
9. Disabling FLU_SHOT+ Toggle Display..............22
10. Forcing FLU_SHOT+ to only use the BIOS..........22
10. Defining the "Special" Keys.....................23
11. Putting FLU_SHOT+ to sleep when run.............23
IV. Interpreting a FLU_SHOT+ Trigger..........................24
V. How Good is FLUSHOT+, Really?.............................29
VI. Reward Offered............................................31
VII. Appendix..................................................33
Introduction
What is a Trojan?
=================
Back in the good old days (before there were computers), there
was this bunch of soldiers who had no chance of beating a
superior force or of even making it into their fortress. They
had this nifty idea: present the other side with a gift. Once
the gift had been accepted, soldiers hiding within the gift would
sneak out and overtake the enemy from within.
We can only think of the intellectual giants of the day who would
accept a gift large enough to house enemy soldiers without
checking its contents. Obviously, they had little opportunity to
watch old WWII movies to see the same device used over and over
again. They probably wouldn't have appreciated Hogan's Heroes
anyway. No color TV's -- or at least not ones with reliable
reception.
Consider the types of people who would be thrilled at the concept
of owning their own rough hewn, large wooden horse! Perhaps they
wanted to be the first one on their block, or something silly
like that.
Anyway, you're all aware of the story of The Trojan Horse.
Bringing ourselves a bit closer to the reality we've all grown to
know and love, there's a modern day equivalent: getting a gift
from your BBS or user group which contains a little gem which
will attack your hard disk, destroying whatever data it contains.
In order to understand how a potentially useful program can cause
such damage when corrupted by some misguided soul, it's useful to
understand how your disk works, and how absurdly easy it is to
cause damage to the data contained thereon. So, a brief
technical discussion of the operation of your disk is in order.
For those who aren't concerned, turn the page or something.
Data is preserved on a disk in a variety of different physical
ways having to do with how the data is encoding in the actual
recording of that data. The actual *structure* of that data,
however, is the same between MS-DOS machines. Other operating
systems have a different structure, but that doesn't concern us
now.
Each disk has a number of "tracks". These are sometimes called
cylinders from the old type IBMer's. These are the same people
who call hard disks DASDs (Direct Access Storage Devices), so we
can safely ignore their techno-speak, and just call them tracks.
Tracks can be thought of as the individual little grooves on an
audio record, sort of.
Anyway, each track is subdivided into a number of sectors. Each
track has the same number of sectors. Tracks are numbered, as
1
are sectors. Any given area on the disk can be accessed if a
request is made to read or write data into or out of Track-X,
Sector Y. The read or write command is given to the disk
controller, which is an interface between the computer itself and
the hard disk. The controller figures out what commands to send
to the hard disk, the hard disk responds and the data is read or
written as directed.
The first track on the hard disk typically will contain a small
program which is read from the hard disk and executed when you
first power up your machine. The power up sequence is called
"booting" your machine, and therefore the first track is typical
known as the "boot track".
In order to read information from your disk in a logical
sequence, there has to be some sort of index. An unusual index
method was selected for MS-DOS. Imagine going to the card index
in a library, looking up the title you desire, and getting a
place in another index which tells you where on the racks where
the book is stored. Now, when you read the book, you discover
that only the first chapter of the book is there. In order to
find the next chapter of the book, you have to go back to that
middle index, which tells you where the next chapter is stored.
This process continues until you get to the end of the book.
Sounds pretty convoluted, right? You bet! However, this is
pretty much how MS-DOS does its "cataloguing" of files.
The directory structure of MS-DOS allows for you to look up an
item called the "first cluster". A cluster represents a set of
contiguous ("touching or in contact" according to Random House)
tracks and sectors. It is the smallest amount of information
which the file structure of MS-DOS knows how to read or write.
Based on the first cluster number as stored in the directory, the
first portion of a file can be read. When the information
contained therein is exhausted, MS-DOS goes to that secondary
index for a pointer to the next cluster. That index is called
the File Allocation Table, commonly abbreviated to "FAT". The
FAT contains an entry for each cluster on the disk. An FAT entry
can have a few values: ones which indicate that the cluster is
unused, another which indicates that the associated cluster has
been damaged somehow and that it should be marked as a "bad
cluster", and a pointer to the next cluster for a given file.
This allows for what is called a linked list: once you start
looking up clusters associated with a given file, each FAT entry
tells you what the next cluster is. At the end of the linked
list is a special indicator which indicates that there are no
more clusters associated with the file.
There are actually two copies of the FAT stored on your disk, but
no one really knows what the second copy was intended for.
Often, if the first copy of the FAT is corrupted for some reason,
a clever programmer could recover information from the second
copy to restore to the primary FAT. These clever programmers can
be called "hackers", and should not be confused with the thieves
2
who break into computer systems and steal things, or the "worms"
[Joanne Dow gets credit for *that* phrase!] who would get joy out
of causing you heartache!
But that heartache is exactly what can happen if the directory
(which contains the pointer to the first cluster a file uses),
the FAT (which contains that linked list to other areas on the
disk which the file uses), or other areas of the disk get
corrupted.
And that's what the little worms who create Trojan programs do:
they cause what at first appears to be a useful program to
eventually corrupt the important parts of your disk. This can be
as simple as changing a few bytes of data, or can include wiping
entire tracks clean.
Not all programs which write to your hard disk are bad ones,
obviously. Your word processor, spreadsheet, database and
utility programs have to write to the hard disk. Some of the DOS
programs (such as FORMAT), if used improperly, can also erase
portions of your hard disk causing you massive amounts of grief.
You'd be surprised what damage the simple "DEL" command can do
with just a simple typo.
But, what defines a Trojan program is its delivery mechanism: the
fact that you're running something you didn't expect. Typical
Trojan programs cause damage to your data, and were designed to
do so by the worms who writhe in delight at causing this damage.
May they rot in hell -- a mind is a terrible thing to waste!
Considering the personality required to cause such damage, you
can rest assured that they have few friends, and even their
mother doesn't like to be in the same room with them. They sit
back and chortle about the damage they do with a few other lowly
worms. This is their entire social universe. You should pity
them. I know that I do.
3
Introduction
What is a Virus?
================
Trojan programs are but a delivery mechanism, as stated above.
They can be implemented in a clever manner, so that they only
trigger the malicious part on a certain date, when your disk
contains certain information or whatever. However they're coded,
though, they typically affect the disk only in a destructive
manner once triggered.
A new breed of programs has the capability of not only reserving
malicious damage for a given event's occurrence, but of also
replicating itself as well.
This is what people refer to when they mention the term "Virus
Program".
Typically, a virus will spread itself by replicating a portion of
itself onto another program. Later, when that normally safe
program is run it will, in part, execute a set of instructions
which will infect other programs and then potentially, trigger
the Trojan portion of the program contained within the virus.
The danger of the virus program is twofold. First, it contains a
Trojan which will cause damage to your hard disk. The second
danger is the reason why everyone is busy building bomb shelters.
This danger is that the virus program will infect other programs
and they in turn will infect other programs and so forth. Since
it can also infect programs on your floppy disks, you could
unknowingly infect other machines! Pretty dangerous stuff,
alright!
Kenneth van Wyck, one of the computer folks over at Lehigh
University, first brought a particular virus to the attention of
the computer community. This virus infects a program, which
every MS-DOS computer must have, called COMMAND.COM. This is the
Command Line Interpreter and is the interface between your
keyboard and the MS-DOS operating system itself. Whatever you
type at the C> prompt will be interpreted by it.
Well, the virus subverts this intended function, causing the
infection of neighboring COMMAND.COMs before continuing with
normal functionality of the command you typed. After a certain
number of "infections", the Trojan aspect of the program goes
off, causing you to lose data.
The programmer was clever. But still a worm. And still
deserving of contempt instead of respect. Think of what good
purposes the programmer could have put his or her talents to
instead of creating this damage. And consider what this
programmer must do, in covering up what they've done. They
certainly can't tell anyone what they've accomplished.
Justifiable homicide comes to mind, but since the worms they must
4
hang around are probably as disreputable as they are, they must
hold their little creation a secret.
A pity. Hopefully, the worm is losing sleep. Or getting a sore
neck looking behind them wondering which of their "friends" are
gonna turn them in for the reward I list towards the end of this
document.
5
Introduction
The Challenge to the Worm
=========================
When I first released a program to try to thwart their demented
little efforts, I published this letter in the archive (still in
the FLU_SHOT+ archive of which this is a part of). What I say in
it still holds:
As for the designer of the virus program: most
likely an impotent adolescent, incapable of
normal social relationships, and attempting to
prove their own worth to themselves through
these type of terrorist attacks.
Never succeeding in that task (or in any
other), since they have no worth, they will one
day take a look at themselves and what they've
done in their past, and kill themselves in
disgust. This is a Good Thing, since it saves
the taxpayers' money which normally would be
wasted on therapy and treatment of this
miscreant.
If they *really* want a challenge, they'll try
to destroy *my* hard disk on my BBS, instead of
the disk of some innocent person. I challenge
them to upload a virus or other Trojan horse to
my BBS that I can't disarm. It is doubtful the
challenge will be taken: the profile of such a
person prohibits them from attacking those who
can fight back. Alas, having a go with this
lowlife would be amusing for the five minutes
it takes to disarm whatever they invent.
Go ahead, you good-for-nothing little
slimebucket: make *my* day!
Alas, somebody out there opted to do the cowardly thing and to
use the FLUSHOT programs as a vehicle for wrecking still more
destruction on people like you. The FLUSHOT3 program was
redistributed along with a companion program to aid you in
reading the documentation. It was renamed FLUSHOT4. And the
reader program was turned into a Trojan itself.
I guess the programmer involved was too cowardly to take me up on
my offer and prefers to hurt people not capable of fighting back.
I should have known that, I suppose, but I don't normally think
of people who attack innocents. Normally, I think of people to
respect, not people to pity, certainly not people who must cause
such damage in order to "get off".
They are below contempt, obviously, and can do little to help
6
themselves out of the mire they live in.
Still, a worm is a worm.
7
About FLUSHOT
A Brief History
===============
The original incarnation of FLU_SHOT was a quick hack done in my
spare time. It had a couple of bugs in it which caused it to
trigger when it shouldn't, and a few conditions which I had to
fix. A strangeness in how COMMAND.COM processed certain
conditions when I "failed" an operation caused people to lose
more data than they had intended -- certainly not my intent!
FLU_SHOT was modified and became FLUSHOT2. It included some
additional protections, protecting some other important system
files, and protecting against direct disk writes which can be
used to circumvent FLUSHOT's protection mechanisms.
Additionally, FLUSHOT2 forced an exit of the program currently
running instead of a fail condition when you indicated that an
operation should not be carried out.
FLUSHOT2 was also now distributed in the popular archive format
(have you remembered to send your shareware check into Phil Katz
for his efforts? You really should. It ain't that much money!).
Next came FLUSHOT3. A bug was fixed which could have caused
certain weird things when you denied direct disk I/O to certain
portions of DOS 3.x.
The enhancements to FLUSHOT3 included the ability to enter a 'G'
when FLUSHOT was triggered. This allowed FLUSHOT to become
inactive until an exit was called by the foreground task. So,
when you used some trustworthy program which did direct disk I/O,
you wouldn't be pestered with constant triggering after you enter
the 'G'. Primarily this was a quick hack to allow programs such
as the FORMAT program to run without FLUSHOT being triggered each
time it tried to do any work it was supposed to.
8
About FLUSHOT
FLU_SHOT+ Features and Enhancements
===================================
This release of FLU_SHOT has a new name: FLU_SHOT+. Because
FLUSHOT4 was a Trojan, I opted to change the name. Besides,
FLU_SHOT+ is the result of some real effort on my part, instead
of being a part-time quick hack. I hope the effort shows.
FLUSHOT is now table driven. That table is in a file which I
call FLUSHOT.DAT. It exists in the root directory on your C:
drive. However, I'll advise you later on how to change its
location so that a worm can't create a Trojan to modify that
file.
This file now allows you to write and/or read protect entire
classes of programs. This means that you can write protect from
damage all of your *.COM, *.EXE, *.BAT, and *.SYS files. You can
read protect all of your *.BAT files so that a nasty program can
not even determine what name you used for FLU_SHOT+ when you
invoked it!
Additionally, you can now automatically check programs when you
first invoke FLU_SHOT+ to determine if they've changed since you
last looked at them. Called checksumming, it allows you to know
immediately if one of the protected programs has been changed
when you're not looking. Additionally, this checksumming can
even take place each time you load the program for execution.
Also, FLU_SHOT+ will advise you when any program "goes TSR". TSR
stands for "Terminate and Stay Resident", allowing pop-ups and
other useful programs to be created. A worm could create a
program which leaves a bit of slime behind. Programs like
Borland's SideKick program, a wonderful program and certainly not
a Trojan or virus, is probably the best known TSR. FLU_SHOT+
will advise you if any program attempts to go TSR which you
haven't already registered in your FLUSHOT.DAT file.
Finally, FLU_SHOT+ will also now pop-up a little window in the
middle of your screen when it gets triggered. It also will more
fully explain why it was triggered. The pop-up window means that
your screen won't get screwed up beyond recognition -- unless
you're in graphics mode when it pops up. Sorry, 'dems the
breaks!
This version, FLU_SHOT+, Version 1.5 has some other substantial
improvements on the security side, has a couple of bug fixes here
and there and is generally the same program - just a little more
reliable, and a little more user friendly. And, more closely
attuned to what you, the user community, have asked me for.
9
About FLUSHOT
Registering FLU_SHOT+
=====================
FLU_SHOT+ is not a free program. You're encouraged to use it, to
distribute it to your friends and co-workers. If you end up not
using it for some reason, let me know why and I'll see if I can
do something about it in the next release.
But, the right to use FLU_SHOT+ is contingent upon you paying for
the right to use it. I ask for ten dollars as a registration
fee, plus four dollars to meet my costs for shipping, handling,
and processing each order. This entitles you to get informed
when the next update is available, and to have someone available
to help support you with any problem you might have with the
program. And it allows you to pay me, in part, for my labor in
creating the entire FLU_SHOT series. I don't expect to get my
normal consulting rate or to get a return equal to that of other
programs which I've developed and sell through more traditional
channels. That's not my intent, or I would have made FLU_SHOT+ a
commercial program and you'd be paying lots more money for it.
Some people are uncomfortable with the shareware concept, or
believe that there ain't no such thing as Trojan or Virus
programs, and that a person who profits from the distribution of
a program such as FLU_SHOT must be in it for the money. Although
I sympathize with their feelings, I feel that a user of FLU_SHOT
simply *must* pay for their usage of the program -- using it for
free is paramount to stealing, and we know how wrong that is!
I've created an alternative for these folks. I'll call it
"charityware" [first called that, to my knowledge, by Roedy
Green]. You can also register FLU_SHOT+ by sending me a check
for $10 made out to your favorite charity. And a check made out
to me for $4 to handle my costs. Be sure to include a stamped
and addressed envelope. I'll forward the monies onto them and
register you fully.
Of course, if you wish, you can send me a check for more than
$14. I'll cash it gladly (I'm no fool!).
Site Licensing of FLU_SHOT+
===========================
So, you run the computer department of a big corporation, you got
a copy of FLU_SHOT+, decided it was wonderful and that it did
everything you wanted and sent in your ten bucks. Then you
distributed it to your 1000 users.
Not what is intended by the shareware scheme. *Each* site using
FLU_SHOT+ should be registered. That's ten bucks a site, me
bucko! Again, make the check out to charity if you're
uncomfortable with the idea of a programmer actually deriving an
10
income from their work.
However, if you've really got 1000 computers, you should give me
a call. As much as I'd like to get $10 for each site, that
wouldn't be fair to you. So, quantity discounts are available.
Here's out quantity discount schedule. Remember to add in the
four dollar charge for each order.
Quantity Price Each
============== ===============
1 - 49 $10
50 - 249 $ 9
250 - 499 $ 7
500+ $ 6
10,000+ No Charge
Site licensee's get a "gold" disk, and make their own copies at
their site, working on the honor system. Each site license does
require a separate agreement, so be sure to give us a call to
work out the details.
11
Using FLU_SHOT+
The FLUSHOT.DAT file
====================
FLU_SHOT+ is table driven by the contents of the FLUSHOT.DAT
file. This file normally exists in the root directory of your C:
drive (C:\FLUSHOT.DAT).
A little later in this document you'll see how to disguise the
data file name, making life tougher for the worms out there. But
for the purposes of this document, we'll assume that the file is
called C:\FLUSHOT.DAT.
The FLU_SHOT+ program will read this data file exactly once. It
reads the data from the data file into memory and overwrites the
name of the data file in so doing. A little extra protection in
hiding the name of the file.
This data file contains a number of lines of text. Each line of
text is of the form:
<Command>=<filename><options>
Command can be any one of the following characters:
P - Write Protect the file named
R - Read Protect the file named
E - Exclude the file named from matching P or R lines
T - The named file is a legitimate TSR
C - Perform checksum operations on the file named
The filename can be an ambiguous file if you wish for all
commands except the 'T' and 'C' commands. This means that:
C:\level1\*.COM
will specify all COM files on your C: drive in the level1
directory (or its sub-directories). Specifying:
C:\level1\*\*.EXE
would specify all EXE files in subdirectories under the C:\level1
directory, but would not include that directory itself.
You can also use the '?' operator to specify ambiguous characters
as in:
?:\usr\bin\?.COM
would be used to specify files on any drive in the \usr\bin
directory on that drive. The files would have to be single
letter filenames with the extension of 'COM'.
Ambiguous file names are not allowed for the 'T' and 'C' options.
12
Using FLU_SHOT+
Protecting files from Write Access
==================================
Use the 'P=' option to protect files from write access. To
disallow writes to any of your COM, EXE, SYS, and BAT files,
specify lines of the form:
P=*.COM
P=*.EXE
P=*.SYS
P=*.BAT
which protects these files on any disk, in any directory.
Protecting files from Read Access
=================================
Similarly, you can use the 'R' command to protect files from
being read by a program (including the ability to 'TYPE' a
file!). To prevent read access to all of your BAT files, use a
line such as:
R=*.BAT
Combinations of R and P lines are allowed, so the combination of
the above lines would prevent read or write access to all batch
files.
Excluding files
===============
Programmers in particular should find usage for the 'E' command.
This allows you to exclude matching filenames from other match
operations. Assume you're doing development work in the
C:\develop directory.
You could exclude FLU_SHOT+ from being triggered by including a
line such as:
E=C:\develop\*.*
Of course, you might have development work on many disks under a
directory of that name. If you do, you might include a line
which looks like:
E=?:\develop\*.*
or
E=*\develop*
13
Checksumming files
==================
This line is a little more complicated than others and involves
some setup work. It's worth it though!
A checksum is a method used to reduce a files validity into a
single number. Adding up the values of the bytes which make up
the file would be a simple checksum method. Doing more complex
mathematics allows for more and more checking information to be
included in a test.
If you use a lie on the form:
C=C:\COMMAND.COM[12345]
then when FLU_SHOT+ first loads it will check the validity of the
file against the number in the square brackets. If the checksum
calculated does not match the number presented, you'll be advised
with a triggering of FLUSHOT, which presents the correct
checksum.
When you first set up your FLUSHOT.DAT file, use a dummy number
such as '12345' for each of the files you wish to checksum.
Then, when you run FLUSHOT, you should copy down the "erroneous"
checksum presented. Then, edit the FLUSHOT.DAT file and replace
the dummy number with the actual checksum value you had copied
down. Voila! If even one byte in the is changed, you'll be
advised the next time you run FLU_SHOT+.
But wait! There's more! Not available in stores!
Sorry. I got carried away.
Seriously, there is more. When a "checksummed" file is loaded by
MS-DOS, it will, by default, be checksummed again. So, if you
had a line such as:
C=C:\usr\bin\WS.COM[12345]
the venerable old WordStar program (still *my* editor of choice!)
would be checksummed each time you went to edit a file.
Of course, you might not want the overhead of that checksumming
to take place each time you load a program. Therefore, a few
switches have been added. The switches are place immediately
after the ']' in the checksum line:
C=C:\usr\bin\WS.COM[12345]<switch>
These switches are:
,n - will only checksum the file only 'n' times. Only
one digit allowed.
14
- - Only checksum this file when FLU_SHOT+ first
loads. ',1' and '-' are equivalent.
+ - Only checksum this file when it is loaded and
executed, not when FLU_SHOT+ first loads
Therefore, if you wished to only check your WS.COM file when you
first loaded the FLU_SHOT+ program, you'd specify a line as:
C=C:\usr\bin\ws.com[12345],1
or
C=C:\usr\bin\ws.com[12345]-
If you wished to checksum your program called "MY_PROG.EXE" only
when it was used, try:
C=C:\path\MY_PROG.EXE+
Registering a TSR program
=========================
Any unregistered TSR program which is run after FLU_SHOT+ will
cause a trigger when they "go TSR". You can register a program
so no trigger goes off by specifying it in a line such as:
T=C:\usr\bin\tsr_s\sk.com
which will keep FLU_SHOT+ from complaining about sk.com. Make
sure to take a look at the '-T' option, specified in the next
section.
Restricted Access
=================
Normally, when access to a file causes FLU_SHOT+ to trigger, the
user is given the option of hitting a 'Y' to allow the access, or
a 'G' to allow the access until program exit or a key is hit.
However, in some cases, access to a file should *never* be
allowed. If you end a line in your FLUSHOT.DAT file with an '!',
then the trigger will indicate that this is a restricted access
file, and the user will be asked to press a key to continue. In
any case, trigger accesses resulting from a line with a '!' at
the end will not be allowed to go forth. For example, if you
never want anyone to be able to read an AUTOEXEC.BAT file on any
of your disks, have a line of the form:
R=*AUTOEXEC.BAT!
in your FLUSHOT.DAT file. That's pretty easy! (Make sure,
however, to take a look at the FSP command line arguments for the
'--' switch.)
15
Protecting the FLUSHOT.DAT file
===============================
Obviously, the weak link in the chain of the protection which
FLU_SHOT+ offers you is the FLUSHOT.DAT file.
You would think that you'd want to protect the FLUSHOT.DAT file
from reads and writes as specified above. However this, too,
leaves a gaping security hole: memory could be searched for it,
and it could be located that way. A better alternative exists.
In the distribution package for FLUSHOT+ exists a program called
FLU_POKE.COM. This program allows you to specify the new name
you wish to call the FLUSHOT.DAT file. Simply type:
FLU_POKE <flushot_name>
where <flushot_name> represents the full path filename of your
copy of FLU_SHOT+.
You'll be prompted for the name of the FLUSHOT.DAT file. Enter
the name you've selected (remember to specify the disk and
directory as part of the name). Voila! Nothing could be easier.
Here's an example, assuming that you've already named your
FLUSHOT.DAT to FRED.TXT, and it resides in the C:\DOC directory.
Assume that FSP.COM is in the current directory and has been
renamed to MYFILE.COM. Here's the command line:
FLU_POKE MYFILE.COM
File opened ok...
Enter the FLUSHOT.DAT filename (full pathname): FRED.TXT
Protection Recommendations
==========================
Here's a sample FLUSHOT.DAT file, basically the same one included
in the archive. Your actual checksums will differ, and you may
want to modify what files and directories are protected.
Obviously, your exact needs are different than mine, so consider
this a generic FLUSHOT.DAT:
P=*.bat
P=*.sys
P=*.exe
P=*.com
R=*AUTOEXEC.BAT
R=*CONFIG.SYS
E=?\dev\*
C=C:\COMMAND.COM[12345]-
C=C:\IBMBIO.COM[12345]-
C=C:\IBMDOS.COM[12345]-
16
Allowing "dangerous" programs to run
====================================
In some cases, though, you'll still want the ability to let
"trusted" programs to run -- even if they are potentially
dangerous. A good example of this is the DOS FORMAT program:
here is a program specifically designed to overwrite the data on
your disk in such a way that it would be difficult, at best, to
recover. Yet, the program is a necessary part of your day-to-day
computer usage.
Therefore, the 'X=' switch has been added in to allow a program
such as FORMAT to run without interruption. THIS IS A POTENTIAL
SECURITY HOLE. To prevent an 'X=' program from being corrupted,
I suggest you also include any 'X=' program as both a 'C=' and a
'P=' program as well: any writes to the file would cause FLU_SHOT
to trigger, and you wouldn't be able to run a modified program
without first giving FLU_SHOT permission. Use 'X=' sparingly.
I'm rather uncomfortable with it myself.
17
Invoking FLU_SHOT+
Running FLUSHOT+
================
For extra protection, after you've run FLU_POKE, you should
rename the FLU_SHOT+ program is something unique and meaningful
to you, but not a worm.
Assuming you didn't rename it, however, you could invoke the
program simply by typing:
FSP
when at the prompt. That's all there is to it. When you're
satisfied, you can add it to your AUTOEXEC.BAT file, after all of
your trusted programs have run.
But there are some options you should know about:
Checksumming the in-memory table
================================
Since the wily worm may well be able to thwart some of the
efforts of FLU_SHOT+ by playing nasty games with the in-memory
copy of the FLUSHOT.DAT file, FLU_SHOT+ will also check this
table against a checksum it generates on a regular basis. If the
table gets corrupted, you'll be advised of it. This table is
checked with each call to DOS, so the table must be in good shape
before any disk I/O is done.
18
Intercepting Direct Disk Writes Through INT13
=============================================
The default operation of FLU_SHOT+ is to intercept and examine
every call to the direct disk routines. You can *disable* this
by including the '-F' switch on your command line:
FSP -F
This is not recommended, but exists primarily for developers who
can't use the constant triggering one of their programs may
cause.
What about INT26
================
Similarly, the same exists for the direct writes which normally
are only made by DOS through interrupt 26. Again, I do not
recommend you disable the checking, but if you desire to do so,
use the '-D' switch.
Turning off the header message
==============================
If you've no desire to see the rather lengthy welcome message
which is displayed when you first use FLU_SHOT+, use the '-h'
switch.
Disabling Triggering on Open with Write Access
==============================================
Files which are opened with write access allowed are often not
ever written to. For example, a COPY A.COM B.COM will open
*both* files for write access, although DOS will not actually
write to the A.COM file. Programmer laziness is the most likely
excuse, and I'm as guilty of it as anyone else. However, this
can cause some false alarms, which can alarm you! If you specify
the '-W' switch on your command line, you won't have this
particular alert come up.
Since the actual write operation to this file is also protected
by FLU_SHOT+, there is no real danger with using the '-W' option
-- except that a "protected" file could be created anew without
you being triggered. That's not too big a deal. Future versions
of FLU_SHOT+ will most probably have the '-W' option as the
default operation.
Changing the Trigger Window Attributes
======================================
Certain displays, particularly monochrome displays which try to
emulate color displays, have a problem with the default selection
of attributed in the trigger window of FLU_SHOT+. If you use the
'-Axcx:yy' switch, you can modify these attributes.
The xx:yy represent the hex values (as selected from the table
below) for the interior and the perimeter of the trigger window.
19
The 'xx' represents the interior attribute, the 'yy', the
perimeter. If you use the '-A' switch, you *must* select both of
these values - failure to do so may give a rather strange
display.
What follows is a table of color and characteristics associated
with the attribute byte. A byte has eight bits. Counting from
the leftmost bit, the first bit of the attribute byte, if set,
will cause the character to blink, regardless of other settings.
The next three bits represent the background color for a given
character position. The next bit indicates whether a character
should have high intensity turned on. Finally, the last three
bits represent the color of the character itself. To create the
color of your choice, simply combine the bits, then calculate
what they are in hexadecimal. If you're not sure of how to
create a hexadecimal representation of a binary number, have no
fear: that information follows, too.
Bkgrnd Frgrnd
B CLR I CLR
[] [][][] [] [][][]
Brightness----^ | | | | | | |
Background-------+-+-+ | | | |
Intensity---------------+ | | |
Foreground-----------------+-+-+
Value in hex
Bit Pattern Value Color if B or I set
====================================================
0 0 0 0 Black 8
0 0 1 1 Blue 9
0 1 0 2 Green a
0 1 1 3 Cyan b
1 0 0 4 Red c
1 0 1 5 Magenta d
1 1 0 6 Yellow e
1 1 1 7 White f
For example, to create an attribute byte that is high intensity,
blinking yellow characters on a green background, the attribute
byte would be:
Bkgrnd Frgrnd
B CLR I CLR
1 0 1 0 1 1 1 0
\--------/ \-------/
| |
A E
Attribute char: AE
IMPORTANT: If the value is less than 10 (hex), you *must* include
a leading zero or strange things will happen to the selected
value.
20
Allowing Trusted TSR's to Work
==============================
Normally, you'd load all of your trusted TSR's before FLUSHOT+ is
loaded from within your AUTOEXEC.BAT file. However, you might
want to use SideKick once in a while, removing it from memory as
you desire. This could cause some problems, since SideKick, and
programs like it, take over certain interrupts, and FLU_SHOT+
could get confused about whether this is a valid call or a call
that shouldn't be allowed. Normally, FLU_SHOT+ will trigger on
these calls, which is safer, but can be annoying. If you use the
special '-T' switch upon program invocation, then calls which
trusted TSR's (those specified with the 'T=' command in your
FLUSHOT.DAT file) make will be allowed. Understand, please, that
this basically means that calls made by a Trojan while a trusted
TSR is loaded may not be caught. Please, use this switch with
caution!
Disabling FLU_SHOT+
===================
There may be times when you're about to do some work which you
know will trigger FLU_SHOT+. And you might not want to be
bothered with all of the triggering, the pop-up windows and your
need to respond to each trigger. If you look in the upper right
hand corner of your screen, you'll see a '+' sign. This
indicates that FLU_SHOT+ is monitoring and attempting to protect
your system. Depress the ALT key three times. Notice that the
'+' sign' turned into a '-'? Well, FLU_SHOT+ is now disabled,
and will not trigger on any event. If you depress the ALT key
three more times, you'll see the '-' turn back into a '+' -- each
time you depress the ALT key three times, FLU_SHOT+ will toggle
between being enabled and disabled.
Disabling the Disabling of FLU_SHOT+
====================================
Yes, I know about the poor grammar used in the heading, but I
couldn't think of a better way of expressing it.
You can cause FLU_SHOT+ to ignore the "strike ALT three times"
function discussed above. If you'd rather that the people using
the machine FLU_SHOT is working on *not* be able to disable it,
then enter the '--' switch on the command line, as in:
FSP --
this is important when used in combination with the '!'
restricted file access option you may have opted to use in your
FLUSHOT.DAT file.
21
Disabling FLU_SHOT+ Toggle Display
==================================
Alas, there are graphics applications which will be screwed up be
the '-' or '+' in the upper right hand corner of your display.
Therefore, if you depress the CTRL key three times, you'll be
able to toggle the display capability of FLU_SHOT+. The default
configuration of FLU_SHOT+ is to "come up" with display turned
on. You can reverse this capability if you include the '-G' (for
graphics) switch on your command line when you run FLU_SHOT+.
When you toggle this function, the '-' or the '+' won't appear or
disappear immediately. Simply that the repainting of them will
no longer take place.
Defining Your Own "Special Keys"
================================
If you would like to, you can define your own "special keys" (as
in the default Alt and Ctrl keys in a similar way as you define
your attributes above. Use the '-Kxx:yy' option, which takes the
hexadecimal scan code value for the replacement Alt key as the
first argument (the 'xx') and the hexadecimal scan code value for
the replacement Ctrl key value. If you're not sure of what your
scan codes are, you should look them up in your BIOS tech ref
manual -- or there are a multitude of programs which will print
out the scan code for a given key. Most of these programs are
available on BBS's throughout the world, including the Software
Concepts Design, RamNet BBS at (212)-89-6438.
Due to extreme programmer fatigue, the "Welcome" message you see
when you first run FLU_SHOT+ with the '-K' option will not change
to reflect your selection. Maybe in the next version. And, of
course, it depends upon how much you, the end-user want such an
option.
IMPORTANT: If the value is less than 10 (hex), you *must* include
a leading zero or strange things will happen to the selected
value.
Forcing FLU_SHOT+ to only use the BIOS
======================================
Certain machines are not totally compatible with the IBM BIOS,
which is the BIOS for which FLU_SHOT+ was written. Because
FLU_SHOT has to be able to deal with the hardware in a pretty
direct manner in order to "pop-up" a screen, these machines were
not able to use FLU_SHOT. If you specify the '-B' switch in your
command line when you first run FLU_SHOT+, then only the BIOS
will be used for screen output. This is *drastically* slower
than direct screen memory writes (the method used unless you
specify to use the BIOS), but at least it works. However, the
"hit ALT and/or CTRL three times" options may not work in these
machines - only your experimentation will tell.
22
Putting FLU_SHOT+ to Sleep When Its First Run
==============================================
One of the idiosyncrasies of DOS is how a batch file is
processed. Basically, DOS opens the batch file, reads the next
command, closes the batch file, executes the command, and then
starts over again until the batch file is exhausted of commands.
This would, normally, not be a problem, but can become when you
opt to place the FLU_SHOT command line in your AUTOEXEC.BAT file
*and* you've opted to Read Protect (with the 'R=' option) the
AUTOEXEC file itself: you'll be advised that some program is
reading this protected file. Not a big deal, really, but
certainly a hassle when you fist boot up your system. Therefore,
protections within FLU_SHOT are not turned on a certain amount of
time. The default is set to ten seconds, or until you enter a
key. You can modify the default "sleep" time by entering a '-Sn'
option on the command line, where 'n' represents the number of
eighteenths of a second (1/18) you wish to have FLU_SHOT+ sleep
before becoming active. Since you will most likely have
FLU_SHOT+ as one of the final commands in your AUTOEXEC.BAT, you
probably won't have to modify this parameter, but the capability
exists, nonetheless.
23
Interpreting a FLU_SHOT+ Trigger
================================
So, you've run FLU_SHOT+, and you're at your C> prompt. Great!
Now stick a blank disk which you don't care about into your A:
drive and try to format it.
Surprise! FLU_SHOT+ caught the attempt! You have three choices
now: typing 'Y' allows the operation to continue, but the next
one will be caught as well. Typing a 'G' (for Go!) allows the
operation to continue, disabling FLU_SHOT+ until an exit from the
program is made. When FLU_SHOT+ is in the 'G' state, a 'G' will
appear in the upper right hand corner of your screen.
Any other key will cause a failure of the operation to occur.
When you've got FLU_SHOT+ running and you get signaled that there
is a problem, you should think about what might have caused the
problem. Some programs, like FORMAT, or the Norton Utilities or
PC-Tools, or DREP have very good reasons for doing direct reads
and writes to your hard disk. However, a public domain checkbook
accounting program doesn't. You'll have to be the judge of what
are legitimate operations and which are questionable.
There is no reason to write to IBMBIO or IBMDOS, right?
Wrong!
When you format a disk with the '/S' option, those files are
created on the target diskette. The act of creating, opening up
and writing those files will trigger FLU_SHOT+ as part of its
expected operation. There are many other legitimate operations
which may cause FLU_SHOT+ to trigger.
So will copying a COM or EXE file if you have those protected
with a 'P=' command. FLU_SHOT+ is not particularly intelligent
about what is allowed and what isn't. That's where you, the
pilot, get to decide.
Here's a fuller listing of the messages which you might see when
you're using FLU_SHOT+:
Checking ===><filename>
This message is displayed as FLU_SHOT+ checks the checksum on all
of the "C=" files when you first invoke FLU_SHOT+. The files
must be read in from disk, their checksum calculated and then
compared against the value you claim the checksum should equal.
24
If the checksum does *not* equal what you claim it should (which
means that the file may have been written to and might therefore
be suspect), a window will pop up in the middle of your screen:
+===============================================================+
| Bad Checksum on <filename> |
| Actual Checksum is: <checksum> |
|Press "Y" to allow, "G" to go till exit, any other key to exit.|
+===============================================================+
This message simultaneously advises you there is a problem with
the checksums not matching, shows you what the checksum should be
and then awaits your response.
Except for the initial run of FLU_SHOT+, if you type a 'Y' or a
'G', then the program will load and execute. Typing any other
key will cause the program to abort and for you to be returned to
the C> prompt. When FLU_SHOT+ is in the 'G' state, a 'G' will
appear in the upper right hand corner of your screen.
If this is the initial run of FLU_SHOT+, however, you'll be
advised of the program's actual checksum, but FLU_SHOT+ will
continue to run, checking all remaining "C=" files in the
FLUSHOT.DAT file.
If you're running a program and you see a screen like:
+===============================================================+
| ? WARNING! TSR Request from an unregistered program! |
|Number of paragraphs of memory requested (in decimal) are:<cnt>|
| (Press any key to continue) |
+===============================================================+
you're being advised that a program is about to go TSR. If this
is a program you trust (such as SideKick, of KBHIT, or a host of
other TSR programs you've grown to know and love), then you
should considering installing a "T=" line in the FLUSHOT.DAT file
so that future runs of this program will not trigger FLU_SHOT+.
However, if you get this message when running a program you don't
think has any need to go TSR (such as the proverbial checkbook
balancing program), you should be a little suspicious. Having a
TSR program is not, in of and of itself, something to be
suspicious of. But having one you don't expect --- well, that's
a different story.
Most TSR's "hook into" an interrupt vector before they go TSR.
These hooks might intercept and process key strokes ("hotkeys"),
or they might hook and intercept direct disk writes themselves.
In any event, FLU_SHOT+ (in this version!) doesn't have the
smarts to do more than advise you of the TSR'ing of the program.
If you're truly suspicious, reboot your machine immediately!
25
If a program attempts to write directly to the interrupts which
are reserved for disk writes, FLU_SHOT+ will also be triggered
and you'll see something like:
+===============================================================+
|====>Direct Disk Write attempt by program other than DOS! <====|
| (From Interrupt <xx>) |
|Press "Y" to allow, "G" to go till exit, any other key to fail.|
+===============================================================+
where the <xx> represents either a 13 (indicating a direct BIOS
write to the disk) or a 26 (indicating a direct DOS write).
Again, pressing a 'Y' or a 'G' allows the operation to continue,
pressing any other key will cause the operation to return a
failed status to DOS, and the operation will not take place. When
FLU_SHOT+ is in the 'G' state, a 'G' will appear in the upper
right hand corner of your screen.
If an attempt is made to format your disk, which may be a
legitimate operation made by the DOS FORMAT program, you'll see a
message such as:
+===============================================================+
| ====>Disk being formatted! Are You Sure?<==== |
| |
|Press "Y" to allow, "G" to go till exit, any other key to fail.|
+===============================================================+
which follows similarly to the direct disk write operations. You
should question whether the format operation is appropriate at
the time and take whatever action you think is best.
If one of your protected files is about to be written to, you'll
see a message like:
+===============================================================+
|Write access being attempted on: |
| <filename> |
|Press "Y" to allow, "G" to go till exit, any other key to fail.|
+===============================================================+
where <filename> represents the file you're trying to protect
from these write operations. Your red flag should fly, and you
should question why the program currently running should cause
such an operation.
26
You may also see the same type of message when one of your "Read-
Protected" files is being accessed:
+===============================================================+
|Read Access being attempted on: |
| <filename> |
|Press "Y" to allow, "G" to go till exit, any other key to fail.|
+===============================================================+
Again, the same red flag should fly, but it doesn't mean that
you're infected with some nasty virus program! It could be
something harmless or intended. You'll have to be the judge.
+===============================================================+
|Open File with Write access being attempted on: |
| <filename> |
|Press "Y" to allow, "G" to go till exit, any other key to fail.|
+===============================================================+
If you see the above message: Don't Panic! When a program opens
a file, it may open the file for different types of access. One
access method prohibits writing to the file. Another allows you
to write to the file. However, lazy programmers (myself included
in this category from time to time) will often open a file for
read *and* write access, even though they have no intention of
ever doing a write into the file. FLU_SHOT+ isn't smart enough
to be able to figure out what a program *might* do in the future,
so it will alert you to an attempt to open the indicated
protected file with write access allowed. Again, you'll have to
consider whether the program opening the file is a "trusted"
program or not and you'll have to then decide what action to
take.
+===============================================================+
|Handle Write Access being attempted on: |
| <filename> |
|Press "Y" to allow, "G" to go till exit, any other key to fail.|
+===============================================================+
If you see this message, it means that some program is trying to
write to a protected file through an access method known as
"handle access". This should normally never happen, with the
caveats raised above in the "Open With Write Access" section.
27
There are three separate messages you'll see if a program
attempts to rename a protected file (you'll only see one of these
messages at a time, though):
+===============================================================+
|FCB Rename being attempted on source file: |
|FCB Rename being attempted on target file: |
|Handle Rename being attempted on: |
| <filename> |
|Press "Y" to allow, "G" to go till exit, any other key to fail.|
+===============================================================+
This indicates what type of operation is attempting to rename a
protected file. FCB's are a relic of the older CP/M days, and
"handles" are a newer concept, a little more modern. In any
event, this tells you that a file is being renamed. It is
possible that a trojan or virus writer will attempt to rename an
existing protected file to some other name, then rename a
trojaned or virused program in its stead. FLU_SHOT will alert
you to this action: again, though, you'll have to decide what to
do about it.
+===============================================================+
|Delete being attempted on: |
| <filename> |
|Press "Y" to allow, "G" to go till exit, any other key to fail.|
+===============================================================+
Pretty much self-evident as to what's happening here, there are
very few reasons why one of the files you've opted to protect
should be deleted.
28
How Good is FLUSHOT+, Really?
FLU_SHOT+ is a pretty handy piece of code. But, it can't
absolutely protect you from a worm. No software can do that.
There are ways around FLU_SHOT+. I'm of two minds about
discussing them, since the worms out there are reading it this,
too. So I'll only discuss them in passing. And I'll tell you
what I use here to protect myself from worms. First, though, a
little story to tell you what it's like here, and how I protect
myself from getting wormed.
The RamNet Bulletin Board System site I run is open access. No
need to register, or to leave your phone number or address,
although a note to that effect is always appreciated. As
mentioned above, I dare the worm to try to affect the disk of
somebody who can fight back. A couple of of worms have tried and
I have a nice collection of Trojans and viruses. Obviously, I
run FLU_SHOT+ on my board, along with checking incoming files
with CHK4BOMB. My procedure for testing out newly uploaded code
involves me doing a backup, installing all sorts of software to
monitor what is going on, and doing a checksum on all files on
the disk. I then try out all of the code I get, primarily to
determine if the code is of high enough quality to be posted.
After testing out all of the weeks uploads, I run the checksum
program again to determine of any of my files might have been
modified by a worm's virus program.
Recently, what looked like a decent little directory lister was
posted to the board. For some reason I've yet to fathom,
directory aid programs seem to be the ones which have the highest
percentage of Trojans attached to them.
This directory aid program listed my directories in a wonderful
tree structure, using different colors for different types of
files. Nice program. When it exited, however, it went out and
looked for a directory with the word "FLU" in it. Once it found
a directory with a match in it, it proceeded to try to erase all
of the files in that directory. An assault! No big deal. That's
what backups are for.
But it brings up an interesting point: I was attacked by a
clever worm, and it erased a bunch of files which were pretty
valuable. All of the protection I had would have been for naught
if I didn't use the first line of defense from these worms: full
and adequate backup.
I've spent three years of my life developing one particular
software package. Imagine what would have happened if that had
been erased by a worm! Fortunately, I make backups at least once
a day, and usually more frequently than that. You should, too.
Now, I quarantine that machine as well. I spent a couple of
dollars and bought a bunch of bright red floppy disks. The basic
rule around here is that Red Disks are the only disks that go
into the BBS machine, and the Red Disks go into no other machine.
29
You see, I *know* that there is some worm out there who is gonna
find some way to infect my system. No matter what software
protection I use, there *is* a way around it.
You needn't be concerned though -- you're making backups on a
regular basis, right? And, you aren't asking for trouble. I am,
I expect to find it, and it is sort of amusing to see what the
worms out there are wasting their efforts on.
At this point, Trojans and Viruses are becoming a hobby with me:
watching what the worms try to do, figuring out a way to defend
against it, and then updating the FLU_SHOT series.
However, there is a possibility that the FLU_SHOT series (as well
as other protection programs which are just as valuable) are
causing an escalation of the terms of this war. The worms out
there are sick individuals. They must enjoy causing the damage
they do. But they haven't the guts to stand up and actually do
something in person. They prefer to hide behind a mist of
anonymity.
But you have the ultimate defense! No, not the FLU_SHOT+
program.
FULL AND ADEQUATE BACKUPS!
There are a variety of very good backup programs which can save
you more work than you can imagine. I use the FASTBACK+ program,
which is a great little program. I backup 30Megs once in a
while, and do an incremental backup on a very frequent basis.
There are a variety of very good commercial, public domain, and
shareware backup programs out there. Use them! Because, no
matter what software protection you use, somebody will find a way
around it once day. But they can't find a way around your
backups. And, if you (and everyone else) do regular backups,
you'll remove the only joy in life these worms have. They'll
kill themselves, hopefully, and an entire subspecies will be
wiped out -- and you'll be partially responsible!
My advance thanks for helping to exterminate these little
slimebuckets. But that brings me to something else.
30
Reward Offered
Somebody out there knows who the worms are. Even they must have
someone who is a friend. True, I can't think of any reason
someone would befriend a worm. But somebody who doesn't know
better has.
Well, I'm offering a reward for the capture and conviction of
these worms.
Enough already with software protection schemes, hardware
protection schemes, or any protection at all. It shouldn't be
required, dammit!
Here's the deal:
In this archive is a form called REWARD.FRM. If you're a
software or hardware manufacturer, or you have some software or
hardware you don't need, consider filling out that form, and
donating it to a worthy cause. I don't know what the legal and
tax ramifications of that donation would be. I'm not a lawyer
and we can cross that bridge when we get to it.
Anyway, if you know one of these worms, turn them in! Call me
up, send me a letter, a telegram, or leave a message for me on my
BBS. Indicate who you *know* is worming about. I'll keep your
name confidential.
It is surprisingly easy to get the authorities in on this --
they're as concerned about what is happening to our community as
we are. I'll presume that they'll end up putting a data tap on
the phone line of the accused worm. Then, when he next uploads a
Trojan or a virus to a BBS, he'll get nailed. The authorities
are pretty good about this stuff: they'll not tap a phone or take
any action whatsoever without adequate proof. Will your dropping
a dime on this worm be adequate proof? I don't know. Again, a
bridge to cross when we approach it.
However, assuming that this slimeball gets nailed, you'll get all
of the software and hardware which other people have donated. And
the satisfaction of knowing that you've done a Good Thing, that
you've helped an industry and community continue to grow. This
*is* your community, and the vast majority of people in it are
good people who shouldn't have to fear from your friend. Your
friend is not really a friend: he uses you to justify his own
existence. When someone uses you like that, they're not a
friend, they're a leach. And you've probably got better things
to do then let somebody use you like that.
Most importantly, the worm out there won't know if one of his
friends has already turned him in. So he won't know if his phone
is tapped. If *I* were a worm, and considering what kind of
friends I would have, I'd be sure that somebody dropped a dime on
me. And therefore an intelligent worm (perhaps I'm giving the
worm too much credit?) must presume that their line is tapped and
31
that they're gonna go to jail if they continue what they're
doing.
So just stop, you miserable little lowlife, huh? You're going to
be arrested. You're going to have to put up with indignities
which even you don't deserve! Your equipment will be
confiscated. You'll never get a job in the industry. You're
going to go to jail.
All because one of your friend's actually has a conscience and
knows what is right and what is wrong. And what you're doing is
wrong.
So, let me get back to the kind of programming I enjoy --
productive programming. And turn your programming to useful,
interesting, and productive programming. You have the talent to
do something useful and good with your life. What you're doing
is hurting the industry and hurting the community which would
welcome someone with your talents with open arms.
And the satisfaction of helping far surpasses the satisfaction
you must get from hurting innocent people.
So just stop.
Sincerely, Ross M. Greenberg
32
GO.TXT
╔═════════════════════════════════════════════════════════════════════════╗
║ <<<< Disk No 1119 FLUSHOT+, HDSENTRY and more >>>> ║
╠═════════════════════════════════════════════════════════════════════════╣
║ To copy the documentation for FLUSHOT to your printer, type ║
║ PRINT (press enter) ║
║ ║
║ In order to run FLUSHOT you must first copy all of the needed files ║
║ to the root directory of your hard drive. We have simplified this task ║
║ for you, all you have to type to copy all needed files to your hard ║
║ drive is, INSTALL (press enter) ║
║ ║
║ To start FLUSHOT, type FSP (presss enter) from your C: prompt ║
╚═════════════════════════════════════════════════════════════════════════╝
HARDWARE.TXT
FLU_SHOT+ can not, by itself, absolutely protect your disks from the
damage a determined worm attempts. It does as much as I can think
of, but that may not be sufficient for the sites which really can not
afford to have their data damaged.
We're in the process of designing and producing a hardware board which
will interface with a future release of FLU_SHOT+. This will be a
commercial product. We don't expect it to cost an arm and a leg, but
we haven't got the costs nailed down as of yet. When we do, we'll
announce the product, its limitations and advantages and, of course,
its price.
If you'd like more information on our future hardware board, please
check off the appropriate box on the registartion form and we'll keep
you advised.
Ross M. Greenberg
HDSENTRY.DOC
HDSENTRY.ARC contains:
. HDSENTRY.ASM
. HDSENTRY.EXE
. HDSENTRY.COM
HDSENTRY, whether you run the .EXE or the smaller .COM file, is an interrupt
handler that intercepts service requests to the hard disk. If the service
call is not destructive in any way, the call is passed on to DOS, and is
executed in normal fashion. Calls to floppies are also merely passed on.
However, if a call is made to the hard disk that is destructive (write or
format), the handler prevents it from occuring. To alert you that something
is amiss, the handler will notify you with a beep in the speaker and a sign:
<<< ALERT >>> Destructive disk call prevented!
HDSENTRY is intended for use while you are checking out newly downloaded
programs from a bulletin board and you suspect those programs to be TROJAN
HORSEs, i.e., a program that purports to be something useful but that in
fact intends to scramble your hard disk for you (this could be done by keeping
you amused with colorful graphics and overwriting your File Allocation
Table, or reformatting your hard disk to the tune of Beethoven's Fifth,
although I doubt anyone low enough to try such things have any breeding).
A good strategy is to NEVER download from a BBS to your hard disk, always
to a floppy. However, the TROJAN may think of that and make calls to the
hard disk anyway. HDSENTRY will put a stop to that! If you have HDSENTRY
installed and YOU try to erase something on the hard disk, YOU will be
prevented (the filename will disappear as though you were successful, but
when you reboot, you'll find the file is still there. This is part of the
strategy just in case the TROJAN tries to see if it successfully erased
a file.) When you're finished checking your downloads, reboot your system
without HDSENTRY.
If you have any problems, notify Andrew M Fried (address is in the .ASM
file), NOT me!
LOCK.DOC
LOCK.COM - Run this to write- and format-protect your hard disk. Useful
when letting someone else use your PC or when trying out
new BBS software. Each time it is run it
toggles the protection off or on - no need to reboot to get
rid of it. The toggle ON/OFF feature will not work if, after
running LOCK, you run another RESIDENT program that
re-vectors INT 13. In other words, run LOCK after running
other resident programs, such as Sidekick.
If the DOS FORMAT command is run when this is on, it will
appear to be formatting your hard disk, but what it is
actually doing is VERIFYing each sector, which does not
harm the disk. Your data is actually lost during a format
when DOS writes a new Directory and FAT - LOCK will prevent
that. Actually, if LOCK is not installed and you accidentally
start formatting your hard disk, you can type Ctrl-Break
to stop the formatting. The Ctrl-Break will not be
acknowledged right away, but that's ok - it will still break
you out of format before any damage is done.
10/21/85
RAMNET.TXT
This is a brief blurb about the main product Software Concept Design
derives income from. This is a blatant commercial announcement and we
have no excuses for it! We have kept it short, though, with the full text
available on the RamNet BBS at (212)-889-6438. Or, we can send you more
information if you check off the box on the registration form. On with
the show!
What is RamNet?
===============
RamNet is a background, memory resident program which enables you to:
* Run your own Bulletin Board System -- in the background!
* Have Electronic Mail (E-Mail) across the nation or across the globe
today....with no hardware other than your PC and modem!
* Do file transfers (both upload and download) totally in the
background, so you can continue your normal processing tasks in the
foreground.
* Run SCRIPT files that allow you to upload and download to any other
computer system.
* Utilize RamNet as a "normal" communications package via a user-
selectable Hot-Key. Start transfers in the foreground and switch
them to the background -- only a keystroke away! The transfer
continues while you work on something else.
* Incoming E-Mail may be immediately printed if you desire. You'll be
notified, in any case, when mail has arrived.
* RamNet uses the XMODEM protocol for error free file transfer. Both
Checksum (with about 99% error detection) and CRC (with at least
99.9% error detection) have been implemented.
* UUCP, the protocol of choice between UNIX sites is now available
between RamNet sites as well. Your RamNet site will appear as a UUCP
allowing file transfers to take place between UNIX systems and your
PC in "native" mode. You can send and receive UNIX mail to and from
your PC -- in the between UNIX systems and your PC in "native" mode.
You can send and receive UNIX mail to and from your PC -- in the
background! A free update to handle UNIX News is in the works, too!
* Now your PC can act as a Telex machine, too! Your incoming telex
messages are stored and/or printed without requiring an expensive
dedicated machine.
* Use RamNet as a Source Librarian! You can specify a given download
directory as a "locked directory". Files which are downloaded are
"locked" from future downloads until released.
* Wildcard Transfers via a special Batch file allow you to customize
which files you wish to transfer in one shot.
* The following Baudrates are supported: 110, 300, 600, 1200, 2400,
4800, 9600, 19200, 38400.
* Easily works with any modem, intelligent switch, or direct, hardwire
connection.
With RamNet you won't have to schedule your time with the person at the
other end: if they're running RamNet, they'll just continue with their
work as you continue with yours.
RamNet retails for only $149, and we offer a full money back guarantee.
No questions asked. You can't lose!
We can be reached via MCI and BIX as 'greenber', on the RamNet BBS
specified above, on CIS as [72241,36], or as bellcore!ditka!ramnet!root.
REGISTER.TXT
-------------------------------------------------------------------------------
FLU_SHOT+ (V1.5) Registration
Please fill out this form, then mail it along with a check for
$14 ($10 Registration, $4 Shipping/Handling/Processing) (or
more!) to:
Ross M. Greenberg
Software Concepts Design
594 Third Avenue
New York, New York 10016
Thanks for your support!
Name:_________________________________________________________
Title:________________________________________________________
Company:______________________________________________________
Address:______________________________________________________
______________________________________________________
City: _____________________ State: _________ Zip:______
Telephone:__________________________________
Comments and Suggestions:____________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
Where did you get FLUSHOT+ (V1.5) from? (check one, fill in the blank):
[__] User Group (which one:________________________________________)
[__] BBS (Name:_______________________)(Tel #:_____________________)
[__] Other (Such as:________________________________________________)
Please send me more information on:
[__] RamNet, the background communications program
[__] The Programmer's Co_operative
-------------------------------------------------------------------------------
THE_COOP.TXT
FOR IMMEDIATE RELEASE
Contacts: Ross M. Greenberg, (212)-889-6431
Marc Adler, (201)-792-3954
Greg Comeau, (718)-849-2355
THE PROGRAMMER'S CO_OPERATIVE:
By Programmers and For Programmers
April 10, 1988 --- The Programmer's Co_operative, dedicated to providing
software authors and developers with the unique services they require at
the lowest prices it can arrange, is opening its doors to new members.
Founders Marc Adler, Greg Comeau, and Ross M. Greenberg are three software
authors who decided it was time to act to resolve problems they discovered
all software authors faced.
"Independent software developers, the one or two person operation, are
overwhelmed by the costs of providing highly specialized services as they
need them.", said President Ross M. Greenberg. "We share costs, provide
marketing and sales services, bring volume discounts on advertising and
materials, and provide other services our members need."
Few software authors have expertise in the diverse fields required to
market and support a successful product, according to co-founder Marc
Adler. This makes it difficult and expensive for a new product to be
introduced or even to appear on the market.
"Just producing a single ad and placing it in a national publication can
cost individual developers more time, effort and money then they can afford
to spend. We offer each software author the benefit of working with a
larger organization, of having some clout.", Greg Comeau of Comeau
Computing pointed out.
Members of The Programmer's Co_operative pay a $250 one-time initiation fee
and a small quarterly membership fee. All Co_op members are entitled to
use any Co_op services at 10% above Co_op cost. Non-members may use Co_op
services, as available, at 15-25% above Co_op cost.
Among the services the Co_op offers or plans to offer to its members:
volume advertising discounts on single or multiple inserts, volume
discounts on production and distribution materials, and distribution and
fufillment services. The Co_op will also offer catalog sales, marketing and
PR services, documentation preparation and printing, legal services, and
postal services such as mail forwarding and bulk rates.
The Co_op is now retaining a telemarketing organization to handle sales of
products produced by Co_op members. According to Greenberg this will allow
the developers to concentrate on the thing they do best: create quality
software.
"For the first time, even the independent developer can have a chance to
succeed as we all band together. By programmers and for programmers. That's
what the Co_op is all about, and why it's working.", Greenberg stated.
For more information regarding The Programmer's Co_operative, contact them
at 594 Third Avenue, New York, New York, 10016
UPDATES.TXT
Version 1.1 of FLU_SHOT+ has a few enhancements:
1. If you use the '-B' switch when you first run FLU_SHOT+,
the machines BIOS will be used instead of direct screen
writes. Useful for machines which are less than IBM-PC
compatible. Or those people still running CGA's who don't
like snow. It's a little slow. For the CGA users: you
ever think of how nice it would be to see an unblurred
screen? EGA's aren;t that expensive anymore....
2. I neglected to remove some comments, and there was a hole
in FLU_SHOT+ V1.0 that a worm could have exploited. The
hole has been patched securely....
3. An additional option in the FLUSHOT.DAT file:
X=<ambigious_filename>
allows a matching program to "turn off" the triggering of
FLU_SHOT+ for the entire duration of its run. This could
leave a security hole if you're not careful....so be careful!
Do not use an ambigious directory: running a trojan from there
would not trigger FLU_SHOT+. I use it for programs like
FORMAT, Norton Utilities and that kind of stuff. I'm very
careful when using it, though. And you should be, too!
4. The in-memory protection table is now checksummed so that
worms can't change the files you're attempting to protect.
--
Version 1.2 of FLU_SHOT+ has a few enhancements:
1. A new option, '-I<num>' has been added. This allows you to
determine the frequency, in 1/18 seconds, of how often the CMOS
Check (if enabled) and the Protection Table Check are going to
run. The lower the number, the higher your protection, but
the more impact it will have on system operations: they'll
be a little slower. The default is set to one second.
2. Some complaints from those having FSP in their AUTOEXEC.BAT and
having a line of the the form R=\AUTOEXEC.BAT. FSP was protecting
the AUTOEXEC.BAT file (an intended option), but the boot sequence
was causing people to have to hit a 'G' to continue with their
boot. I've installed a '-S<num>', where <num> represents how many
1/18 seconds to sleep before activating the R= option.
The default is set to 10 seconds. It will also immediately
expire on the first key hit.
3. Because CMOS and Prot Table checks are done via the timer tick
in Version 1.2, there is no need for the counter to be associated
with the CMOS flag any longer. As such, '-C' is the full option
to turn on CMOS checking.
--
Version 1.4 of FLU_SHOT+ has a few enhancements:
1. I've skipped Version 1.3 - something about the number having
bad luck and all.
2. A major bug, due to programmer stupidity, has been fixed. Alas,
this bug actually could cause some damage to your disk.
3. The X= switch works better now - it was ignored on Direct Disk
Writes
4. Some of the error messages have been made a bit clearer.
5. Complaints from some of the users have caused me to increase the
size of the checksum buffer internal to FLU_SHOT+. This has the
sad result of increasing the TSR size of the program itself -- but
I consider it a reasonable increase for speeding up the checksumming
of files.
6. If a file to be checksummed could not be found at startup time,
the previous files checksum was displayed -- this has been fixed.
7. Certain holes in FLU_SHOT's security system have been patched.
8. The size of the FLUSHOT.DAT buffer has also been increased to allow
users to specify more files to be checksummed and/or protected.
Version 1.5, released on 1/15/89, has some enhancements and a
bug-fix or two:
1. IOCTL's are now checked pretty carefully. Earlier versions
had a minor hole.
2. A new option, '-W' will keep FLU_SHOT+ from triggering on an
open of a file which allows for write access. Many lazy
programmers (and I qualify as one, sometimes!) may open a
file for write access, even though no write is intended.
DOS's COPY command, for example, will cause a trigger on the
open access to the source file.
3. FLU_SHOT+ will now trigger when a write is attempted to a
file through the "handle" method. You'll get more triggers
than with the original "Open with Write Access" you got,
but it's better and more precise protection.
4. If you end a line in your FLUSHOT.DAT file with an '!', then
the files which match this are considered "restricted". When
access to these files causes a FLU_SHOT trigger, no options
are displayed: the user is advised they are attempting to
access a restricted file and to press any key. The
operation will always fail.
5. However, restricted access isn;t much use if three hits of
the ALT key can disable FLU_SHOT. So, a new option '--' has
been added to disable disabling (yeah, I know it sounds
weird!). If you use a '!' in your FLUSHOT.DAT file to
restrict access to users *local* to your system, then you
should use the '--' option in your FSP invocation call.
6. CMOS protection caused a lot of problems: about three out
of every four support calls were because of CMOS problems:
and nine out of ten of those calls were due to people
attempting to check CMOS on their XT. XT's don't have
CMOS!! Since the protection offered wasn't that big a deal
anyway, it's been pulled entirely. As has the '-I' switch.
The in-memory table is now checked before every DOS
operation.
7. A bug in 1.4 would allow the Lehigh virus through under
certain circumstances. This has been fixed.
8. The price of FLU_SHOT+ remains the same, at $10. However,
the cost of FGLU_SHOT went up. Huh? Well, we now charge
an additional $4 handling/shipping/processing charge on
each order. Sorry: I never expected to make a fortune
off of FLU_SHOT+, but I have to at least break-even.
9. A bug in the code would allow certain files to slip through
unprotected. It's been fixed.
10. Using the '-A' switch allows you to define what attributes
you want to use for the trigger window.
11. Using the '-K' switch allows you to define which "special"
keys will be used instead of the Alt and Ctrl keys.
12. A serious bug in the "use BIOS" routine which could cause a disk
to be trashed has been fixed.
Ross, 1/15/89
XWORD221.DOC
INTRODUCTION
XWORD is a general file format transformer; that is, it con-
verts files from one format to another. Selections are made from
two menus, "FORMAT CONVERTERS" and "LOGICAL OPTIONS." Since XWORD
is not tricky to use, this file deals with general operation
procedures, some problems, and what XWORD does not do. I have
made some arbitrary decisions regarding what XWORD does to files.
Sometimes it is not possible, or not possible without great
difficulty, to preserve print options between different word
processing formats. In some of these cases, I have elected to
eliminate them and let the user re-input them anew. For those
word processors which require a line length embedded in the
files, I have chosen one arbitrarily, based on my own experience.
If this proves burdensome for users, I will find another way.
Since XWORD is not a frozen, static program, but one which I
am continually changing (and, hopefully, improving), no feature
of XWORD need be considered as irrevocable. If users (or par-
ticular users) have a need for a certain type of revision, that
can be done.
XWORD appends a 1AH to the ends of files under certain
options. Those options that convert files to ASCII format all ap-
pend a 1AH to the file. This is not required for MS/PC-DOS, but
it is necessary in CP/M, to which ASCII files can be ported.
WILDCARDS
XWORD supports wildcards (* and ?) in the source file name.
When wildcards are used, XWORD will overwrite the source file (a
warning to that effect appears) except when converting TO MultiMate.
MENU ONE
REDUCING SPACES
Use only with WordStar-compatible files. DO NOT USE WITH MUL-
TIMATE FILES OR WITH WORDSTAR 2000 FILES. You will have to reboot
if you try to load a file processed with the P option into Multi-
mate or WordStar 2000.
WORDSTAR, WORDSTAR 2000, AND SIDEKICK
No special precautions need be taken regarding these files.
Both WordStar and WordStar 2000 will allow any kind of file name.
There is still a problem with tab handling (by XWORD), but the
rest of the options of the two should be OK. XWORD will support
WordStar 2000's JUSTIFY.FRM, RAGGED.FRM, MEMO.FRM, and
NORMAL.FRM. It will not support the NOFORM.FRM. This format is
identical to ASCII. Thus, if converting a file produced with
WordStar 2000 and NOFORM.FRM, select ASCII as the source
fileformat.
Sidekick is compatible with WordStar, BUT, the tabs of
files written in WordStar's non-document mode show up as capital
"I"s in Sidekick. XWORD expands expands these tabs so they will
appear properly.
If your file in WordStar2000 looks funny when XWORD is
through with it, place the cursor at the beginning of the
paragraph and press any letter (you will have to erase the letter
you input). This will cause WordStar2000 to reformat the
paragraph.
MULTIMATE
XWORD supports conversion both into and out of MultiMate. For
conversion out of MultiMate, it is important that you repaginate
your files first. After conversion, check to make sure that there
is no unwanted or misplaced text (MultiMate does not always
eliminate old versions of pages, but stores them and skips over
them when editing a file; also MultiMate sometimes stores pages
out of sequence). Repagination cuts down on this, but may not
eliminate it completely. When converting from WordStar, be care-
ful of indents. Make sure that indents begin after a hard return
or ^PM (equivalent to 0DH). MultiMate requires all document files
have the extension .DOC; XWORD appends this extension to
MultiMate-target files. You will notice that the converted Multi-
mate file will often have more indents than it should. This is
due to the algorithm I used; a future version of XWORD will solve
this problem. I have used XWORD to convert a 42+K file to Multi-
Mate with no problems.
XYWRITE II PLUS
No special precautions need be taken here, as XyWrite II is
very friendly. (XWORD has been tested on Version 1.00.)
WORDPERFECT
No special precautions are needed regarding conversion to or
from WordPerfect.
MENU TWO
The options on this menu are for bit and byte manipulation.
Some of them can be used for a quick and dirty type of
cryptography. Three of the options require the user to input a
value in hexadecimal format (digits 0-9 and letters A-F, which
represent our common notion of 10, 11, 12, to 15); they are:
AND,OR, XOR. Another one, NOT, requires no other input from the
user than the source and target file names. ROL and ROR require
the user supply a number between 1 and 7, inclusive.
The action of NOT, ROL and ROR are fully reversable. That is,
if NOT FileA produces FileB, and NOT FileB produces FileC, then
FileC is identical to FileA. ROR (ROtate through Right) and ROL
(ROtate through Left) circulate the eight bits that compose each
byte. ROR 1 time shifts the bits in each bit right once; the
rightmost bit is moved to the leftmost position (this information
is merely for the elucidation of the user; the user does not have
to understand the action of these options in order to use them).
ROL 1 acts in the same way, but to the left. ROR 2 is the same as
ROR 1 and then ROR 1 again. If FileA is processed with ROR 3,
say, producing FileB, and FileB is processed using ROL 3, produc-
ing FileC, then FileC is identical to FileA. You can use a
sequence of these options to scramble a file pretty well (but
remember to record your sequence and go through it in reverse to
unscramble it). That is, if your sequence was:
ROR 4, NOT, ROL 3, NOT, ROL 2
then to undo this, you must go:
ROR 2, NOT, ROR 3, NOT, ROL 4
REPLACE
The last option on this menu, Replace, is different from the
others. Replace allows the user to replace any text (ASCII) or
hexadecimal string (a string is a sequence of bytes) by any other
text or hexadecimal string. The two strings do not have to both
be ASCII or hex. Additionally, the user can elect to save these
strings and reuse them (especially useful if they were compli-
cated to figure out). The user will be prompted for a source file
and then a target file; then, whether the string is to be entered
in ASCII, hex, or from a previously saved file. If the user en-
ters a string in ASCII or hex, XWORD will ask if the user wants
to save the string. This sequence is repeated for the replacement
(new) string. Each string can be 30 bytes (characters) long. When
entering hex, note that each hex digit must be composed of two
numerals (including letters). Thus, the string more commonly
written as 0DH,0AH,27H,64H,0FFH, would be enterd as 0D0A2764FF.
Remember that if you rEplace a commonly occurring byte in a
file with a long string, then your target file could become up to
30 times as large as the original file. If users find longer
strings are more useful, I will change XWORD to accommodate
that need.
If you make an error during hex entry, hit the backspace key,
and you will be reset to the beginning of hex entry. Generally in
XWORD, hitting the space bar, return, or end key will let you es-
cape from one level of the program to another, and, except when
files are actually being converted, control-C always works.
OWNERSHIP, COPYRIGHTS, DISCLAIMERS
XWORD is the property of Ronald Gans; XWORD is unpublished
and copyrighted. XWORD may not be sold for profit by anyone. If
you purchased XWORD for more than the price of a disk, shipping,
and handling, you got taken and should notify me of that fact,
along with the name of the person or corporation from whom you
purchased XWORD. XWORD.EXE and XWORD.DOC may be freely copied and
distributed, but may not be altered in any way by anyone. If you
wish an alternate version of XWORD, please let me know. Please
direct all correspondence to:
RONALD GANS
350 WEST 55TH STREET
NEW YORK, NEW YORK 10019
CompuServe No. 74216,264 Telephone (212) 957-8361
MONEY
If you send me $15.00 (N.Y.State residents $16.24), I'll put
your name on a list so when revisions of XWORD are ready, or im-
portant bugs are discovered, I'll inform you by postcard, along
with the names and phone numbers of some BBSs from which they can
be downloaded. For $3.00 more, you'll get a year's worth of revisions
mailed to you.
WordStar and WordStar 2000 are registerd trademarks of
MicroPro International Corporation. Multimate is a registered
trademark of MultiMate International. XyWrite II Plus is a
registered trademark of XyQuest Inc. Sidekick is a registered
trademark of Borland International. WordPerfect is a registered
trademark of Satellite Software.
Directory of PC-SIG Library Disk #1119
Volume in drive A has no label
Directory of A:\
$READ_ME 1ST 3328 1-15-89
CRYPT BAS 1267 2-16-87 1:05p
$TOC 1536 1-15-89
DISKTOOL DOC 54528 7-24-86 9:07p
DT COM 57005 7-24-86 9:18p
DT PIF 369 3-15-86 5:24p
F EXE 31872 1-22-85 10:28p
UPDATES TXT 6682 1-15-89
FINDHIDE COM 605 2-18-87 11:44a
FLUSHOT DAT 128 1-15-89
FLU_POKE COM 844 1-15-89
FSP COM 15703 1-15-89
FSP TXT 79002 1-15-89
F_FEED 1 1-15-89
HARDWARE TXT 896 1-15-89
GO BAT 38 1-01-80 1:37a
GO TXT 1002 1-27-89 10:53a
MY_OWN CPY 1361 1-15-89
HDSENTRY ASC 6789 8-16-88 9:29p
HDSENTRY COM 617 8-16-88 9:29p
HDSENTRY DOC 1920 4-25-88 7:02p
HIDE COM 565 2-12-87 5:07p
INSTALL BAT 325 7-22-88 2:53p
LOCK COM 439 3-05-87 9:23p
LOCK DOC 1232 3-05-87 9:23p
PRINT BAT 512 1-15-89
RAMNET TXT 3245 1-15-89
REGISTER TXT 1895 1-15-89
REWARD FRM 1920 1-15-89
REWARD LST 1792 1-15-89
THE_COOP TXT 3328 1-15-89
SCAN EXE 6352 9-17-86 4:25p
SDIR5 COM 6528 3-05-87 3:13p
SDIR5 DOC 7936 3-05-87 3:13p
UNHIDE COM 597 2-12-87 5:15p
XWORD221 DOC 9139 2-24-87 12:54p
XWORD223 EXE 30592 11-12-86 12:22a
37 file(s) 341890 bytes
1024 bytes free