home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Gold Medal Software 2
/
Gold Medal Software Volume 2 (Gold Medal) (1994).iso
/
prog
/
spy_trak.arj
/
SPY.DOC
< prev
next >
Wrap
Text File
|
1993-08-16
|
15KB
|
320 lines
1.0 A FEW WORDS ABOUT SPY-TRAK:
SPY-TRAK is a disassembling and debugging tool for executable
.EXE and .COM programs.
There is a few products on the market used for dis-
assembling. Most of them do a job that may be termed as
examination of a program's dead body. They dissect programs
while these programs don't do anything. No data is input
from the command line. Neither, there is an input of data
during these programs execution. On few occasions we even
don't know if the code we got from such disassembling
actually is the one used by the program during its
execution. A program can have a self modifying capability,
such as for example packed files, which may be hard to reveal
by this "dead body" disassembling.
SPY-TRAK is unique because it does the disassembling during
the program execution. It tracks, step by step, each operation
performed by the program, recording the status of its
registers, flags and finally instructions, unassembled into
opcode.
The SPY-TRAK package generates 2 output programs:
1. $filename.TRC, which very much resembles a product of
DEBUG Trace Command. Except that $filename.TRC is
documenting the actual execution of filename[.ext].
2. $filename.LST is a list file of the executed program
tracked part of the code. $filename.LST provides a
brief synopsis of the tracked code. Tracked
segments (CS) are listed in the ascending order
of CS values.
Tracking and generating the listing file is controlled from
a user friendly shell program - SpyTrak.exe. More on SpyTrak
menus is given in p. 1.4 and 1.5.
SPY-TRAK disassembles most applications designed to operate
in real-time on 16-bit registers. To operate, it requires
a hard disk and DOS 3.10 or later.
The current shareware copy of SPY-TRAK is limited to
processing programs no bigger than 1200 bytes. Licensed
up-grades of SPY-TRAK can track programs of any size.
1.1 LIST OF PROGRAMS AND FILES MAKING SPY-TRAK PACKAGE:
SpyTrak.exe - the shell program;
SB1992.COM - never change name of this program!
SPY.COM - neither change name of this program!
SORT.EXE - leave this name unchanged too!
LIST.COM - Vernon D. Buerg's text viewing program;
SZCZOTA.COM
CROSS.COM - SPY-TRAK to SOURCER cross-referencing
utility;
KORVIN.BAT - to get Main Menu on the screen;
SPYDOC.BAT - it calls-out LIST.COM and SPY.DOC;
CROSSUSG.BAT - to get USAGE Info on CROSS.COM;
SPY.DOC - documentation file;
CROSS.DOC - documentation file;
MAINMANU.TXT - Menu file.
1.2 PRE-INSTALLATION NOTE:
SPY-TRAK has been designed as a TSR program. Therefore, to
avoid potential conflict, do not install it while other TSRs
are running. Do not install SPY-TRAK using DOS Shells ! Do
it directly from DOS instead.
SpyTrak program, and the SPY-TRAK main tracking module, need
a number of file handles to operate. Therefore, to track
some programs that open many files at a time, you may have
to increase the limit set on open files in your computer
system. In case of problems check FILES directive in your
CONFIG.SYS !
1.3 HOW TO RUN SPY-TRAK:
On your hard disk create SPYDIR directory - this is your
default directory. Load all executable SPY-TRAK files in
this directory. Run SpyTrak.exe SHELL
program.
Programs which you want to disassemble, can be called from
any place in your subdirectory system, provided the drive
and path for the program are defined. If no drive and path
is given, SPY-TRAK will look for the program in the default
directory.
SPY-TRAK output is written to the default directory.
You can review the output file using Vernon D. Buerg's
LIST.COM program, inclosed. To use LIST.COM type:
LIST [$filename.TRC], for track file
or, LIST [$filename.LST] for list file.
While tracking be aware of your hard disk storage
limitations. The $filename.TRC may quickly reach quite
sizable proportions.
For assessing your hard disk storage needs, you
can take a divisor of 8 when assessing the size of
$filename.LST against $filename.TRC. However, in the end,
the code listing file size depends od the tracked program
structure.
1.4 ON SPY-TRAK MENU:
The front page menu is providing the following options:
Track program...........1
Create list file........2
Setup menu..............3
Exit to DOS...........ESC
┌────────┐
│ Select │
│ Option │
│ ┌┐ │
│ └┘ │
└────────┘
┌───────────┐ ┌────────────┐
│EXEC CODE 0│ │LOOPS CLOSED│
└───────────┘ └────────────┘
1.4.1 TRACK PROGRAM selection:
The edit line data shall be input as follows:
┌───────────────────┐
───────────────────────┘ Track a program └────────────────
Track filespec: filename[.ext] [parameters]
────────────────────────────────────────────────────────────
"Hot Start" means start tracking from your program`s first
instruction. Default is [Y].
"Single Step" - use this option if the tested program is
crushing your computer system. You will have records of the
last performed instruction. Default for this mode is [N].
Single step mode will result in slowing down the tracking
process. But it may become, for some, a last resort to find
out why the system keeps crushing.
1.4.2 CREATE LIST FILE selection:
┌───────────────────┐
───────────────────────┘ Create list file └────────────────
Track filename: $filename.TRC
────────────────────────────────────────────────────────────
SpyTrak.exe is equipped with an error detection system.
It will intervene with ERROR message to most of false steps
taken by the SPY-TRAK user.
1.4.3 SETUP MENU selection:
This selection allows to change 2 parameters controlling
the tracking process.
1. EXEC level
2. Loops handling mode.
The current parameter values are given in the 2 boxes provided
at the screen bottom. Defaults are EXEC LEVEL=0 and LOOPS
CLOSED.
EXEC LEVEL > 0 allows to access for tracking a program called
by DOS function ah=4Bh (EXECUTE or MAKE OVERLAY). The depth
of accessing a subsequent child process can be defined from
1 through (hex) F.
LOOPS can be processed as they are performed, and that may
mean spending a lot of time by SPY-TRAK to record all this
looping. It makes also more difficult for the user to
follow such full loop records loaded in .TRC file.
Using option LOOP CLOSED provides full information on the
registers status before the loop is entered. The first loop
lap is fully recorded but then the tracking program stops
to wait for the first instruction after the program left
the loop.
1.5 ABOUT ALT HOT KEY COMBO APPLICATION:
The tracking process is switched ON/OFF by application
of the hot key combination.
The default Hot Key combination is <Alt T>. If for some
reason you want to use a different combination, the
redefinition should be made in response to the menu
questions.
In "Hot Start" [Y] mode the hot key combo serves to STOP
tracking. In "Hot Start" [N] mode the hot key is used both
for START and STOP of tracking.
NOTE: Once you stopped tracking using Hot Key, you can
not restart tracking by repeated application of
the Hot Key.
1.6 ABOUT SPY-TRAK HANDLING OF INTERRUPTS:
Interrupts are not entered by SPY-TRAK, except DOS function
4Bh if EXEC LEVEL parameter was setup for a value greater
than 0.
Interrupts such as 20h, 27h, 31h and DOS function AH=4Ch
end the tracking process.
An address checking mechanism is built in SPY-TRAK. It
allows to limit the recording only to operations performed
by the tracked program.
The user may be occasionally baffled by the presence of
INT 20h at IP=0000, as the last operation registered by
SPY-TRAK, when tracking a .COM program. It happens if the
.COM program is returning to DOS via its PSP interrupt.
It is because SPY-TRAK is recording any operation performed
by the program within the memory limits assigned to it,
including the PSP.
2.0 ON SUPPORT AND FUTURE UP-GRADES:
If you have any questions, you can contact Korvin Comm. by
CompuServe, addressing your mail to BOX#
76356,2033
or FAX to (310) 424 6823.
New features will be provided at a nominal cost of
shipping and handling to legal owners of SPY-TRAK.
We will keep you posted on these up-grades.
WE CAN ALSO CUSTOMIZE SPY-TRAK TO MEET YOUR SPECIFIC NEEDS.
CONSULTING IS AVAILABLE.
3.0 USEFUL REFERENCES:
* 80386 ASSEMBLY LANGUAGE by Penn Brumm and Don Brumm, TAB
Professional and Reference Books, 1988. I found this
book very useful in my decoding of the 80386 instruction
set. It is not, however, flawless since I found several
bugs in some opcodes. It is not either complete but
explanatory enough to find ways to decode some missing
instructions on one's own.
* SYSTEM BIOS FOR IBM PC/XT/AT COMPUTERS AND COMPATIBLES,
Phoenics Technical Reference Series, Addison-Wesley
Publishing Company, 1989. This book helps
get the very inside information about your PC internals.
It is because of the information provided by this book I
was able to create a simple subroutine for SPY-TRAK,
protecting the hot-key from getting stuck "until re-booting
makes us part".
* 8088 MACRO ASSEMBLER PROGRAMMING by Dan Rollins, Macmillan
Publishing Company, 1985. This seemingly
obsolete book provides in very simple terms the clearest
information on such programming features as Program Segment
Prefix (PSP) and File Control Block (FCB).
* USING ASSEMBLY LANGUAGE by Allen L. Wyatt, Sr., Que,1992.
It is the best reference to DOS interrupts. One should
beware, however, of repeating blindly the functions SYNTAX.
Some provided SYNTAX is good only for .COM programs.
* PC POWER TOOLS by Paul Sommerson, PC Magazine, 1988.
Features over 200 utilities for DOS versions 2.0 through
4.0. A disk is included and makes it the best source book on
a variety of programming tricks. SPY-TRAK can help
understand many of them.
4.0 LICENSE
To acquire a licensed copy of SPY-TRAK, please send check for
$29.50 + $5.50 S.H. in U.S. Money orders are required for
shipping outside United States. Shipping and handling for
overseas buyers is $7.00. Checks and money orders shall be
sent to KORVIN COMMUNICATIONS CO. 4067 Hardwick St. #306-H,
Lakewood, CA 90712.
SPY-TRAK is copyright (c) 1992,93 by KORVIN COMMUNICATIONS CO.
To contact KORVIN COMMUNICATIONS for information about
dealer pricing, volume discounts, site licensing, the status
of shipment of the product , the latest version number or
for technical information, or to discuss returns, use
CompuServe Electronic Mail address:
76356,2033
or FAX to (310) 424 6823,
or write to
╔═════════════════════════════════════╗
║ KORVIN COMMUNICATIONS CO. ║
║ ║
║ 4067 Hardwick St. #306-H ║
║ Lakewood, CA 90712 ║
╚═════════════════════════════════════╝
Use of non-licensed copies of SPY-TRAK by any person,
business, corporation, governmental agency or other entity
is strictly prohibited.
User is licensed to use SPY-TRAK only on a single computer
at the same time.
No user may modify SPY-TRAK in any way, including but not
limited to decompiling, disassembling or otherwise reverse
engineering the program.
SPY-TRAK may not be resold. No fee, charge or other
compensation may be accepted or requested by any licensee.
SPY-TRAK may not be distributed in conjunction with any
other product without a specific license to do so from
KORVIN COMMUNICATIONS CO.
5.0 WARRANTY
KORVIN warrants that all disks provided constitute an
accurate duplication of the software product and KORVIN
will replace any disks found to be defective within 30 days
from date of purchase.
KORVIN will not honor this warranty where the product has
been subjected to physical abuse, or used in defective or
non-compatible equipment.
KORVIN warrants that the program will perform in substantial
compliance with the documentation supplied with the software
product.
If a significant defect in the product is found, licensed
Purchaser will be entitled to a refund. In no event will
such a refund exceed the purchase price of the product.
┌────────────────────────────────────────────────────────────┐
│ All disk replacements and refunds shall be negotiated│
│ directly with KORVIN COMMUNICATIONS CO. Shareware retailers│
│ distributing shareware copies of SPY-TRAK have not been│
│ authorized to process returns of licensed copies. │
└────────────────────────────────────────────────────────────┘
EXCEPT AS PROVIDED ABOVE, KORVIN COMMUNICATIONS DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE PRODUCT.
SHOULD THE PROGRAM PROVE TO BE DEFECTIVE, THE PURCHASER
ASSUMES THE RISK OF PAYING THE ENTIRE COST OF ALL NECESSARY
SERVICING, REPAIR, OR CORRECTION AND ANY INCIDENTAL OR
CONSEQUENTIAL DAMAGES. IN NO EVENT WILL KORVIN BE LIABLE
FOR ANY DAMAGES WHATSOEVER (INCLUDING WITHOUT LIMITATION
DAMAGES FOR LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION,
LOSS OF BUSINESS INFORMATION AND THE LIKE) ARISING OUT OF
THE USE OF OR INABILITY TO USE THIS PRODUCT EVEN IF
KORVIN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Use of this software product for any period of time
constitutes your assumed acceptance of this agreement and
subjects you to it's contents.