Magnum One

home *** CD-ROM | disk | FTP | other *** search

/ Magnum One / Magnum One (Mid-American Digital) (Disc Manufacturing).iso / d1 / dectc31a.arc / DETECT.DOC < prev next >

Wrap

Text File | 1990-03-10 | 49KB | 1,454 lines

THE DETECTIVE Version 3.1 Complete File Tracking System for the IBM Personal Computers and Other Compatibles --------- User's Manual (c) 1990 PC SOFT-TECH March 5, 1990 Table of Contents Introduction................................................1 Installation................................................2 The Importance of File Tracking.............................3 File Tracking and CRC Checking..............................4 How to use THE DETECTIVE....................................5 Creating the Control File...................................7 Report Generated from THE DETECTIVE........................10 What is a VIRUS?...........................................11 Importance of Virus Detection..............................12 APPENDICES: ----------- System Requirements, Limits, and Performance................A Warranty/Disclaimer/Terms and Conditions....................B Registration................................................C Control File Layout.........................................D Sample files created by THE DETECTIVE.......................E PAGE 1 -- INTRODUCTION -- THE DETECTIVE is a program which allows a user to verify the integrity of files on his or her PC. THE DETECTIVE works on systems which are stand along, file servers for a network, or nodes within a network. Changes made to critical files (whether they are unintentional or intentional) can be detected quickly and accurately. This all in one program not only can detect viral infections, but also can allow the user to quickly review critical files on the system for any updating which may have occurred since the last review. As the PC world grows in size, connectivity and multi-user environments, this becomes more and more important. THE DETECTIVE is a must for Network Administrators who need a quick efficient way of verifying the integrity of their system as the program allows the user to specify exactly what drives, directories, and files that must be reviewed. THE DETECTIVE is available in two formats. The first is as share-ware from many public bulletin board systems. The second is through registration by sending $25.00 for a diskette containing the programs (see Appendix D for order form). Registered versions of THE DETECTIVE are available on 3 1/2" and 5 1/4" diskettes. NOTE: THE FREE VERSION OF THE DETECTIVE WILL NOT PROCESS THE ROOT DIRECTORIES OF ANY DISK DRIVE. IF YOU HAVE DONE A GOOD JOB OF DISK MANAGEMENT, THE ROOT DIRECTORY SHOULD CONTAIN 3 PROGRAMS ONLY (COMMAND.COM, IBMBIO.COM, AND IBMDOS.COM). WE REALIZE THAT THESE ARE THE MOST IMPORTANT PROGRAMS IN YOUR SYSTEM, BUT WE BELIEVE THAT QUALITY SOFTWARE IS WORTH A PRICE. If you fear that the copy of THE DETECTIVE you have received has been tampered or simply want to get the latest version, you can call our bulletin board system at (414) 241-9125. The BBS operates at 9600,N,8,1. You may also place your order through the BBS (PO number required, original PO received before shipment will be made) or send us some mail with any questions or comments you may have. PAGE 2 -- INSTALLATION -- THE DETECTIVE should be installed into its own directory and will always look for and create its files in the drive/ directory from where it was invoked. If you create a directory called DETECT and always invoke THE DETECTIVE from that directory, you will have no problems. If, on the other hand, you invoke THE DETECTIVE from the root directory the first time, and from another directory on a subsequent run, THE DETECTIVE will not be able to find the required files ([cntlfile].CTL and [cntlfile].NEW) and will establish new files in the current directory. To install THE DETECTIVE on the hard drive of your PC, you must first create a directory for the programs. First make sure you are in the root directory and create a sub-directory called DETECT. Put THE DETECTIVE diskette in Drive A: and follow these steps: Go to the Root Directory, type "CD \" (enter) Create DETECT Directory, type "MD DETECT" (enter) Go to the DETECT directory, type "CD DETECT" (enter) Copy DETECTIVE to hard disk, type "COPY A:*.*" (enter) THE DETECTIVE (DETECT.COM & DETECT.DOC) is now ready for use. If you wish to print a copy of THE DETECTIVE manual simply type "COPY DETECT.DOC PRN" while in the DETECT directory. The directory DETECT is not required, simply suggested. You can use any directory name, in any path, on any drive. PAGE 3 -- THE IMPORTANCE OF FILE TRACKING -- File Tracking today is more important than ever. Take the case of a new or inexperienced PC user inadvertently deleting or moving a critical file. Or the case of a user getting on the network and changing a batch file needed by other users. Even normal updates to existing files can be important to detect. With systems the size of PC's today, it can be very difficult for an operator to detect these and other subtle changes to the system on a timely basis, especially if limited to the DOS environment with commands such as 'DIR'. THE DETECTIVE is designed to give operators a method of easily checking out what changes have been made to the system in an efficient, timely manner. With THE DETECTIVE's versatility, the operator can check only the drives/directories and files required. And THE DETECTIVE will perform the requested checks very fast. By invoking THE DETECTIVE on a regular basis, the operator can request that all changes made to any (or those designated) files, in any or all paths which have been changed or updated since the last time THE DETECTIVE ran, be highlighted in a concise report file. This file can be saved for future reference as well as be printed immediately. One client we support has well over 100 programs and batch files that we change periodically. When it comes time to produce a new release of the system, we run THE DETECTIVE and it tells us everything that has changed and thus what we must update in the next release of the software. Another critical use of THE DETECTIVE is the ability to know what software is being used on a specific computer. If you are using THE DETECTIVE in a business environment and have expensive word processors, spreadsheets, or data base managers, and you find that the files created by these products are not changing, you can pretty well assume that the products are not being used very often and may wish to reexamine the need for the software product on a specific machine. PAGE 4 -- FILE TRACKING AND CRC CHECKING -- File tracking with THE DETECTIVE is simple and fast. You need only specify the paths (including drive letter) and file extensions to track. If you are concerned about prgrams in your system you would generally track EXE, COM, SYS, and OVL type files. If databases are more critical to your needs you could track DAT, IDX, and any other extensions that represent your databases. You can even track both types and others at the same time. If you have different conditions, timings, and/or users, you can run THE DETECTIVE at different times with different control information. This allows you to meet nearly any users needs. For file tracking, the program will find all requested files in the requested paths and log each file along with its date, time, and file size. On subsequent runs, this information is gathered over again and a report file of all differences is created. Any time a file is changed in any manner, DOS will re-update the files date, time, and size. This is what THE DETECTIVE keys in on for file tracking. There are some programs that do not have DOS update this information in which case no change is found since none of the attributes of the file have changed. These types of programs are few and far between, but they do exist. In order to detect changes in these conditions, THE DETECTIVE must do CRC checking. The CRC (cyclic redundancy check) is the key to knowing if a file has truely been modified. Specifically, the CRC is a process of taking the first byte within a file and through an algorithm, apply a value of the next byte in the file to derive a hexadecimal representation as of that byte in the file. This process repeats until each byte of the file has been applied to the algorithm, the result being a 4 character hexidecimal code. Some people claim that a standard CRC check is not sufficient, in fact, a program exists that will modify a file and not change the CRC value. For this reason THE DETECTIVE USES 2 DIFFERENT CRC ALGORITHMS!!. If, in the unlikely chance, the standard CRC is not altered, our second CRC will be. The process of doing the CRC calculation requires that each byte of the file be read. This entails much overhead compared to file tracking alone, but we have minimized this by writing THE DETECTIVE entirely in assembler. Simply stated, you will not find a faster product. We recommend that you use the CRC feature on all program type files (EXE, COM, SYS, and OV*). Programs in a system should never change unless they are updated to a newer version. The main purpose then for doing CRC checking is to detect viruses. The likelyhood of being infected is slight, but the potential damage can be disasterous. An ounce of prevention... PAGE 5 -- HOW TO USE THE DETECTIVE -- THE DETECTIVE essentially takes a snapshot of all specified files in the specified paths of the specified drives. At a later point in time you run THE DETECTIVE again telling it to check for all differences since the last time it was run. A report will then be created detailing all changes that had occurred. These changes are composed of added and deleted directories, and added, deleted, or changed files. Doing this on a weekly basis (for example) would give you a history of all changes made. You also have the ability to run an unlimited number of scenarios since each scenario you define is stored in a user defined control file. All files that are created using this 'control file' retain the control file name but have a different file extension. With this control, you can let specific users track their own files in a number of different ways while the system administrator tracks system wide files. These are just two of many possible variations. Before THE DETECTIVE can start issuing reports of all changes, you need to run it once to create the 'control file' and 'base file'. The control file contains the names of all paths to be searched, the file extensions to track, the file extensions to CRC, an indication if sub-directories are to be searched, and an indication if the program should abort if files are unavailable or damaged. The base file contains the snapshot of all directories and files found in the search, the date, time, file size, and CRC of file, and the options used to create the base file (from the control file). Once these files are created, subsequent executions can be done which will detail all changes since the previous run. If, after the initial run, you wish to change the options, you can rerun THE DETECTIVE as if for the first time and change the options. Since an initial run does not create a report of changes, you should only do this immediately after a run that did create the report of changes. If you are an advanced user, you could use your text editor to change the options in the control file rather than doing it through THE DETECTIVE. By doing this you would not have to re-create the base files, just change the control file and run THE DETECTIVE in its checkout mode. The format of the control file is given in the appendicies. To invoke THE DETECTIVE for the first time to create the base files, simply type "DETECT [optional control file name]". If no control file name is specified, you will be prompted for one. If the control file name is specified, it cannot contain a file extension. THE DETECTIVE reserves the file extension ".CTL" and will create the control file with the .CTL extension. After this invocation the program will prompt you for the options required. To invoke THE DETECTIVE for the checkout process, type "DETECT [control file name] C". The 'C' indicates to the program that it is to perform the checkout process. In this mode there is no operator intervention required since the program will read the options from the control file and perform its task. PAGE 6 -- HOW TO USE THE DETECTIVE -- (continued) You will generally want to run the checkout process in a batch file. This is because THE DETECTIVE sets the DOS errorlevel to indicate the result of the run. The values for errorlevel are as follows: 0 = The program ran successfully and no changes were reported. 1 = The program ran successfully and some changes were reported 2 = The program ran successfully and some CRC changes were reported 3 = The program aborted Errorlevels 0 and 1 are normal and expected. Errorlevel 2 means that a file that had CRC calculations made changed. An errorlevel of 3 means that something happened that should not have. The disk could be full so the report file could not be created, a file could be locked and the options require all files to be available, a read error could have happened, the base files do not exist, the base files are corrupted, etc. If this condition exists, it could happen at any time during the checkout process. After determining the result of the problem, you will have to make sure that the base files are restored to their original state before re-running. The control file should need no changing, but the snapshot file may need to be restored (a simple rename will do, see below). All files created by THE DETECTIVE have the same name as the control file but with a different extension. The files created are as follows: [cntlfile].CTL - Control file [cntlfile].RPT - Report file containing the list of all differences since the last run [cntlfile].NEW - The base file containing the current snapshot of all paths and files tracked [cntlfile].OLD - The previous base file When THE DETECTIVE is run in the checkout mode, it performs the following tasks: 1. Check the command line for proper format (DETECT [control file name] C) 2. Open and validate options in control file 3. Delete [cntlfile].OLD if it exists 4. Rename [cntlfile].NEW to [cntlfile].OLD 5. Create [cntlfile].NEW 6. Delete [cntlfile].RPT if it exists 7. Create [cntlfile].RPT 8. Open [cntlfile].OLD (to compare to [cntlfile].NEW in order to create report file) You will note from this that the report file is deleted. If you wish to retain this, you should either print it or rename it for later reference. PAGE 7 -- CREATING THE CONTROL FILE -- When you run THE DETECTIVE to create the base files, the following screen is displayed: |------------------------------------------------------------------------------| | THE DETECTIVE V3.1 (C)1989 PC SOFT-TECH | |------------------------------------------------------------------------------| | Global Options; Control File Name (no extension): NEW FILE! | | Abort If Files Unavailable (Y/N): | |------------------------------------------------------------------------------| | Path: Include Sub-Dirs (Y/N): | | File Extensions To Track: | | File Extensions To CRC: | | | | Path: Include Sub-Dirs (Y/N): | | File Extensions To Track: | | File Extensions To CRC: | | | | Path: Include Sub-Dirs (Y/N): | | File Extensions To Track: | | File Extensions To CRC: | |------------------------------------------------------------------------------| | Errors: | |------------------------------------------------------------------------------| | Help: Enter the name of the control file. An extension of .CTL | | will be appended to it. All files created will have the same | | name, but with a differnt extension (.NEW, .RPT, .OLD, etc). | | F1=Save File and continue | |------------------------------------------------------------------------------| During editing of the fields above, the following edit keys are available: backspace - deletes the character to the left of the cursor and shifts all following characaters to the left 1 character delete - deletes the character under the cursor and shifts all following characters to the left 1 character insert - allows you to insert characters into the field and shifts following characters 1 character to the right home - moves the cursor to the first position in the field end - moves the cursor past the last character in the field page up - moves cursor up to the next field group page down - moves cursor down to the next field group tab - moves cursor to the next field backtab - moves cursor to the previous field right arrow - moves cursor right 1 character left arrow - moves cursor left 1 character enter - moves cursor to next field PAGE 8 -- CREATING THE CONTROL FILE -- (continued) F1 - saves the options and starts processing F3 - sorts the paths (available only when cursor is in one of the paths fields) F5 - deletes the path the cursor is under (available only when cursor is in one of the path fields) ESC - Quits editing and will not save the control file During the editing process, the field 'ERRORS' will show any errors encountered or invalid data entered and the field 'HELP' will give field sensative help and where appropriate, sample data to enter. Below is a description of each field that needs to be entered: Control File Name - Type into this field the name of the control file. If it does not exist a message will be displayed displayed indicating that it is a new file. If the file does exist, it will be loaded and you will be able to page through it, make any changes necessary, and then save it and continue. If the name is not the name you want, you can go back and change it. Remember to specify the file name without an extension. Abort if files Unavailable - In a single user system, it is rare that files will be locked by another program or application, even if running under a multi-tasking operating system. Files can however be locked if the file sharing option of DOS is loaded (refer to your DOS users manual). If you are running under a network, it likely that files will be locked. If you enter a 'Y' to this question, THE DETECTIVE will abort if it tries to access a file that is locked. If you enter a 'N' to this question, any files that are unavailable, for whatever reason, will simply be logged in the [cntlfile].NEW with the reason for the unavailability. This may result in that file being reported on the [cntlfile].RPT file. Path - Enter the path name of the directory to be checked such as C:\ or C:\DBASE or F:\DOS\UTILITY or Z:\ACCTNG\GL\CHARTACT. If any directory does not exist (and thus drive letter), the cursor will not leave the field and you will have to re-enter it. If you simply want to get rid of the path, press F3 to delete it. In a Novell Netware environment, a path name can be as long as 128 characters long. If the path you enter is longer than the field on the screen, the name will be scrolled (from left to right) automatically. PAGE 9 -- CREATING THE CONTROL FILE -- (continued) Include Sub-Dirs - If you want to check the sub-directories of the path specified, enter a 'Y', otherwise enter a 'N'. A path of C:\ and including sub-directories will check the entire C drive. File Extensions To Track - You can specify up to 10 file extension to track in the given path, the wildcards * and ? ar valid. A '* ' will check all files, 'C* ' will check all files beginning with the extension of 'C', 'R?X' will track all files with 'R' as the first character of the extension and have a 'X' as the last character of the extension. File Extensions To CRC - This functions exactly as file extensions to track except that files with these extensions will have CRC (cyclic redundancy check) calculations made. Generally you want to specify EXE, COM, SYS, and OVL for this field. Keep in mind however that doing the CRC check requires that each byte of the file needs to be read where tracking above simply finds the attributes (date, time, file size) of the file. When entering path information, paths can be nested. What this means is that you can specify C:\ and include sub-directories and also specify C:\DBASE with or without sub-directories. If these were the only two paths entered, all of drive 'C' would be checked with the attributes specified for C:\ with the exception of the path C:\DBASE and its sub-directories. C:\DBASE would use the attributes specified for C:\DBASE, and the sub-directories of C:\DBASE, if included, would also use the attributes C:\DBASE. There is also no limit to the nesting that could be done. PAGE 10 -- REPORT GENERATED BY THE DETECTIVE -- As noted in the previous section, THE DETECTIVE will create the report file [cntlfile].RPT only during the checkout process DETECT (control filename) C. If [cntlfile].RPT exists, it will be deleted and a new one created, again in directory from where THE DETECTIVE was invoked. The [cntlfile].RPT file can be stored on the user's hard disk as well as printed on his or her printer. The report will list the start and end time of THE DETECTIVE file check. It will also list all files that have changed since the last time THE DETECTIVE was run (added, deleted, changed). Since the [cntlfile].RPT file is automatically written to the hard disk, THE DETECTIVE can run unattended from batch and allow the user or network administrator to check out what changes have occurred since the last running of THE DETECTIVE when he or she is available. Network Administrators can set THE DETECTIVE up as part of an initial boot-up of a machine by placing the DETECT (control filename) C command in the machine's autoexec.bat file and have it check the root directory only with no sub-directories. If changes to main system files have caused corruption, the errorlevel can be checked and the batch file paused before the network starts running. The Report has the following format: THE DETECTIVE STARTED AT 21:29:06 ON 05/22/1989 VERSION 3.1 Report of differences since last run Last run was on 05/15/1989 at 16:50:27 ADDED DIR: C:\DATABASE ADDED FILE: DATABASE ZIP 47294 5-22-89 7:08p 0000 0000 DIRECTORY: C:\DESQVIEW ADDED FILE: DVSETUP BAK 722 4-08-89 8:28p 0000 0000 CHANGED FILE FROM: DVSETUP DV 722 4-08-89 8:28p 0000 0000 TO: DVSETUP DV 722 5-21-89 12:44p 0000 0000 CHANGED FILE FROM: SPFCOMM PRM 828 3-22-89 10:58p 0000 0000 TO: SPFCOMM PRM 828 5-21-89 12:54p 0000 0000 DIRECTORY: C:\PS DELETED FILE: DIRSORT COM 6292 1-21-85 3:00p 0000 0000 CHANGED FILE FROM: FILECOPY EXE 12224 3-09-89 5:02p 0000 0000 TO: FILECOPY EXE 12224 5-18-89 5:11p 0000 0000 ADDED FILE: PS01010X EXE 22304 5-22-89 3:23p 0000 0000 ADDED FILE: PS01020X EXE 9552 5-22-89 3:11p 0000 0000 CHANGED FILE FROM: TEST1 CTL Sharing Violation TO: TEST1 CTL 260 5-22-89 5:06p 0000 0000 THE DETECTIVE ENDED AT 21:29:24 ON 05/22/1989 PAGE 11 -- WHAT IS A VIRUS -- A computer virus is a piece of program code that exists within an otherwise normal program. When this program is run, the viral code seeks out other programs within the computer and replicates itself. The other programs can be anywhere in your system and can even be the operating system itself. This infection can grow geometrically depending on the number and different types of programs you run (1 program infects 2, 3 then infect 6, 9 then infect 18...). At a given point in time or based on some other external triggers such as the number of times the program was run, the amount of free disk space is reduced to below 10%, or any of a million other circumstances, the viral code goes to work doing what it was intended for. It could be as harmless as blanking your screen or as vicious as formatting your hard disk and everything inbetween is possible. The concern over viruses has grown enormously over the past year and even IBM and NASA have been infected. You would think (or hope) that high security installations like NASA would be free from infections, but the fact of the matter is that it can happen to any computer, no matter how hard you try to prevent it. There is some software on the market today that tries to stop viruses from spreading by monitoring disk access and only allowing authorized updates. The biggest problem with these is that they are doing this monitoring while your doing your day-to-day work. You may not see any impact on performance with a fast cpu and disk, but not everyone has that sort of equipment. A bigger problem is that some viruses are created knowing what and how these monitor programs work. Once knowing this the virus can circumvent the protection process. We by no means imply that these viral-fighting programs are less than adequate, but only want you to know that regardless of the precautions, a virus can still infect your system. PAGE 12 -- THE IMPORTANCE OF VIRUS DETECTION -- Unfortunately, today viruses are a fact of life. They can cripple or destroy your machine or network system. The key to keeping your system virus-free is timely verification and early detection. A program that is so complex or time consuming to run will not be used, and therefore be of little help. Operators and network administrators need a fast, simple, and inexpensive pro- gram that can be depended upon to warn of an infection before any damage is done. A virus that goes undetected on your system or network can have devastating affects. Not only can your system be stopped due to replication of program code filling up your memory, but also files can be erased or manipulated to the point they do not function. And what about hackers who infiltrate your system and steal secured information. An article in the June 5, 1989 Computer World Magazine describes hackers getting into a real estate firm in the suburbs of Chicago and stealing credit card and long distance calling card numbers. Even authorized users of a system or network can cause problems. They can download an infected program from a bulletin board system or mistakenly change a file required by the system. THE DETECTIVE is the answer. Speed, ease of use, and versatility all rolled up into one inexpensive program. And virus detection is an additional benefit to a program already used to monitor and control your system or network. By simply adding the file extensions you wish to do CRC checking on to your control file, you have added state of the art virus detection to your system or network. No additional programs are required. And no addtional runs of THE DETECTIVE are required. In the same pass with the other file verification you have set up, THE DETECTIVE will do the double CRC verification of critical files such as *.SYS, *.COM, *.EXE files and issue a report highlighting changes to the CRC which could denote a virus has infected the system. APPENDIX A -- SYSTEM REQUIREMENTS, LIMITS AND PERFORMANCE -- THE DETECTIVE has been successfully run using DOS 2.0 through DOS 4.0 and has been run on the following machines (not all versions of DOS on all machines): o IBM PC o IBM XT o IBM XT/286 o IBM AT o IBM PS/2 Model 50, 60, 70 and 80 o Compac Deskpro o Compac SLT 286 o Leading Edge Model D o Panasonic Business Partner o Gateway 2000 25mhz 80386 THE DETECTIVE has a color display while running and works well using Monochrome, CGA, EGA, and VGA adapters/monitors. THE DETECTIVE requires 256k A maximum of 4096 tracked/CRC files per directory are allowed. A maximum of about 2500 tracked/CRC directories are allowed. This may vary since all available memory is allocated to hold a table of all directories. About 2000 directories can be processed if 512k of memory is available. THE DETECTIVE is written totaly in assembler and is very very fast. To track files only, the run time will be well less than a minute for a small size system to five or ten minutes for a large network file server. Running THE DETECTIVE with CRC checking requires the reading of entire files. On an 8 mhz AT about 2.5 to 3 megabytes are processed each minute. This figure rises to about 6 megabytes per minute for a 25 mhz 80386 machine. The average will fluctuate depending on the processor, disk speed, and for networks, the speed of the line. APPENDIX B -- WARRANTY/DISCLAIMER/TERMS & CONDITIONS -- PC Soft-Tech warrants to the original purchaser of this computer software product that the recording media on which the programs are recorded will be free from defects in material and workmanship for ninety (90) days from the date of purchase. Defective media returned by the purchaser within ninety (90) days will be replaced without charge provided the returned media have not been subjected to misuse, damage, or excessive wear. PC Soft-Tech does NOT warrant that the programs will meet the purchaser's specific requirements. ANY STATEMENTS MADE REGARDING THE UTILITY OF THE PROGRAMS ARE NOT TO BE CONSTRUED AS EXPRESS OR IMPLIED WARRANTIES. THIS WARRANTY IS IN LIEU OF ALL OTHER WARRANTIES, WHETHER WRITTEN OR ORAL, EXPRESSED OR IMPLIED. ANY IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MECHANTABILITY AND FITNESS FOR A SPECIFIC PURPOSE ARE EXCLUDED. IN NO EVENT WILL PC SOFT-TECH BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND IN CONNECTION WITH THE SOFTWARE PRODUCT. Registered copies of THE DETECTIVE and it's LOG may be purchased by completing the attached registration form and send it with a check for $25.00 each for THE DETECTIVE or $45.00 each for THE DETECTIVE plus THE DETECTIVE LOG (quantity discounts, network pricing and site licenses also available) to PC Soft-Tech at the address given. Purchase orders will be accepted subject at all times to apprval of PC Soft-Tech. Terms of payment for orders received via purchase order are "Due Net 30 days". PC Soft-Tech shall not be liable for delays in performance caused by riots, strikes, floods, accidents, or any other contingency beyond its control. Accepted orders are subject to cancellation charges to the extent PC Soft-Tech shall be reimbursed for the cost of reasonable expense incurred prior to the cancellation as a result of order acceptance. THE DETECTIVE distribution package, consisting of the program and documentation files are copyright (c) 1990 by PC SOFT-TECH. The author reserves the exclusive right to distribute this product, or any part thereof, for profit. Under NO CIRCUMSTANCES may modified versions or disassembled versions be distributed, either for profit or in the public domain. APPENDIX B -- WARRANTY/DISCLAIMER/TERMS & CONDITIONS (con't)-- User's groups, clubs, libraries and clearing houses are authorized to distribute the FREE version of THE DETECTIVE pursuant to the following conditions: 1. No charge is made for the software or documentation. A nominal distribution fee may be charged, provided that it is no more that $7 total. 2. The program and documentation are distributed together and are not modified in ANY way. APPENDIX C -- REGISTRATION -- Once you become a registered user of THE DETECTIVE and/or THE DETECTIVE LOG, you will receive a new version of THE DETECTIVE and/or THE DETECTIVE LOG which will include root directory files in the tracking process. You will also receive the following benefits: o Support by phone, mail, or through our bulletin board system. Support will only be provided to registered users. o Notice of significant upgrades and bug fixes. You will be notified by mail for any such updates. There will be no charge for updates as long as you send us a diskette and return postage. You can also receive a free update through our private bulletin board. Each copy of THE DETECTIVE and THE DETECTIVE LOG is registered for use on one computer only and a registered copy is required for each additional computer. The price breakdown is given below: THE DETECTIVE plus THE DETECTIVE THE DETECTIVE LOG Copies Price Per Copy Price Per Copy -------- ---------------- ------------------- 1-50 $25.00 $45.00 51-100 $21.00 $40.00 101-500 $18.00 $35.00 500+ $16.00 $30.00 The price for networks $50.00 for each file server and $5.00 for each computer (node) on the network (THE DETECTIVE). The price for networks $75.00 for each file server and $10.00 for each computer (node) on the network (THE DETECTIVE and THE DETECTIVE LOG). The registered version of THE DETECTIVE can be used in commercial, educational, and governmental institutions. The free version of THE DETECTIVE is expressly prohibited for use in commercial, educational, and governmental institutions except for the purpose of evaluation. APPENDIX C -- REGISTRATION FORM -- Please send me a copy of the current full version of THE DETECTIVE and/or THE DETECTIVE LOG and add me to the list of registered users, to be eligible for support and update notices. Computer Model: _____________________________________________ -----Quantity by diskette type----- THE DETECTIVE _______ 5.25 in. ________ 3.5 in. THE DETECTIVE and THE DETECTIVE LOG _______ 5.25 in. ________ 3.5 in. May we send you high-density diskettes? _____(yes) _____(no) Company Name: _____________________________________________ Your Name: _____________________________________________ Title: _____________________________________________ Address: _____________________________________________ City, State, Zip: _________________________________________ Phone: _____________________________________________ Any initial comments about THE DETECTIVE products? ___________________________________________________________ ___________________________________________________________ ___________________________________________________________ Where did you hear about THE DETECTIVE product? ___________________________________________________________ ___________________________________________________________ ___________________________________________________________ May we use your comments and/or name in future literature for THE DETECTIVE products? _____(yes) _____(no) Send registration form and check or money order to: PC SOFT-TECH P.O. Box 742 Mequon, Wi. 53092 (414) 241-9119 - Voice (414) 241-9125 - BBS (9600,N,8,1) APPENDIX D -- CONTROL FILE LAYOUT -- The control file can be edited with any text editor (such as edlin) as long as the format of the file is as defined below. We do not recommend that you change the file yourself, but advanced users with special needs may have to do this. The control file is a standard ASCII file with each record terminated with a carriage return and line feed. The first record in the file is simply a "Y" or "N" that indicates if THE DETECTIVE should abort if files are unavailable. All subsequent records have the following format: Start End Position Position Length Description 1 128 128 Path name 129 129 1 "Y" or "N" for including sub-directories 130 132 3 1st file extension to track 133 135 3 2nd file extension to track 136 138 3 3rd file extension to track 139 141 3 4th file extension to track 142 144 3 5th file extension to track 145 147 3 6th file extension to track 148 150 3 7th file extension to track 151 153 3 8th file extension to track 154 156 3 9th file extension to track 157 159 3 10th file extension to track 160 162 3 1st file extension to CRC 163 165 3 2nd file extension to CRC 166 168 3 3rd file extension to CRC 169 171 3 4th file extension to CRC 172 174 3 5th file extension to CRC 175 177 3 6th file extension to CRC 178 180 3 7th file extension to CRC 181 183 3 8th file extension to CRC 184 186 3 9th file extension to CRC 187 189 3 10th file extension to CRC APPENDIX E -- SAMPLE FILES CREATED BY THE DETECTIVE -- The [cntlfile].NEW and [cntlfile].OLD Files both have the following format: THE DETECTIVE STARTED AT 22:08:12 ON 05/22/1989 VERSION 3.1 **Building New Base File** Options: Abort if files unavailable: N Path: C:\ Include sub-dirs: Y Extensions to track: * Extensions to CRC: EXE COM SYS OV* BAT Path: D:\ Include sub-dirs: Y Extensions to track: * Extensions to CRC: EXE COM SYS OV* BAT DIR: C:\ FILE: AUTOEXEC BAT 443 5-08-89 2:39p 5F00 6FC5 FILE: BACKUP M_U 84480 5-08-89 2:39p 0000 0000 FILE: COMMAND COM 25307 3-17-87 12:00p 56B8 D3E3 FILE: CONFIG SYS 280 5-22-89 5:04p 1BA4 4A17 FILE: DMDRVR BIN 7699 10-13-87 12:00p 0000 0000 FILE: IBMBIO COM 22100 3-18-87 12:00p 9132 07DD FILE: IBMDOS COM 30159 3-17-87 12:00p 474C 0012 FILE: OLDBACK M_U 84480 5-08-89 2:39p 0000 0000 FILE: TO TRE 1877 5-22-89 7:09p 0000 0000 DIR: C:\A86 FILE: A86 COM 22180 7-30-88 9:35a 5575 936D FILE: D86 COM 17386 8-01-88 4:51p 8168 BB87 FILE: EDIT BAT 13 7-25-88 4:15p F517 0696 FILE: MAKELIB BAT 48 11-11-88 12:24a 205F 0E40 DIR: C:\A86\GRAPHIC FILE: TEST ASM 2149 10-31-88 8:19p 0000 0000 FILE: TEST COM 471 10-31-88 8:19p AC40 DF9F FILE: TEST SYM 474 10-31-88 8:19p 0000 0000 : : : : : : : : : : : : : : : : DIR: D:\SOFTTECH\PROGRAMS FILE: CUSTLIST WB 22593 5-04-88 10:07p 0000 0000 FILE: DETECLBL WB 1476 12-09-88 12:46p 0000 0000 FILE: FILEBLD WB 1295 10-04-88 10:07p 0000 0000 FILE: LABELS BAS 2378 12-04-88 3:22p 0000 0000 FILE: LABELS EXE 51686 12-09-88 12:50p D4E8 5B59 FILE: MAILLBLS WB 4160 12-04-88 4:24p 0000 0000 FILE: MAKE360 WB 1483 1-11-89 10:27a 0000 0000 FILE: MAKE720 WB 1487 1-11-89 10:28a 0000 0000 FILE: MENU WB 6161 8-14-88 7:43p 0000 0000 FILE: PRNTLABL WB 16324 5-11-89 10:09p 0000 0000 THE DETECTIVE ENDED AT 22:10:08 ON 05/22/1989 APPENDIX E -- SAMPLE FILES CREATED BY THE DETECTIVE -- (continued) The [cntlfile].RPT file has the following format: THE DETECTIVE STARTED AT 21:29:06 ON 05/22/1989 VERSION 3.1 Report of differences since last run Last run was on 05/15/1989 at 16:50:27 ADDED DIR: C:\DATABASE ADDED FILE: DATABASE ZIP 47294 5-22-89 7:08p 0000 0000 DIRECTORY: C:\DESQVIEW ADDED FILE: DVSETUP BAK 722 4-08-89 8:28p 0000 0000 CHANGED FILE FROM: DVSETUP DV 722 4-08-89 8:28p 0000 0000 TO: DVSETUP DV 722 5-21-89 12:44p 0000 0000 CHANGED FILE FROM: SPFCOMM PRM 828 3-22-89 10:58p 0000 0000 TO: SPFCOMM PRM 828 5-21-89 12:54p 0000 0000 DIRECTORY: C:\PS DELETED FILE: DIRSORT COM 6292 1-21-85 3:00p 0000 0000 CHANGED FILE FROM: FILECOPY EXE 12224 3-09-89 5:02p 0000 0000 TO: FILECOPY EXE 12224 5-18-89 5:11p 0000 0000 ADDED FILE: PS01010X EXE 22304 5-22-89 3:23p 0000 0000 ADDED FILE: PS01020X EXE 9552 5-22-89 3:11p 0000 0000 CHANGED FILE FROM: TEST1 CTL Sharing Violation TO: TEST1 CTL 260 5-22-89 5:06p 0000 0000 ADDED DIR: C:\WORK1 THE DETECTIVE ENDED AT 21:29:24 ON 05/22/1989