Media Share 9

home *** CD-ROM | disk | FTP | other *** search

/ Media Share 9 / MEDIASHARE_09.ISO / utility / dint_sw1.zip / DINT.DOC next >

Wrap

Text File | 1993-07-13 | 32KB | 564 lines

╔═══════════════════════════════════════╗ ║ DOS INterrupt Toolkit ║ ║ (c) 1992, 1993 Zen Works ║ ╚═══════════════════════════════════════╝ A long while ago, I realized that my aging brain could not possibly retain all the DOS Interrupt 21h sub-function information that I needed from time to time. While I have a reasonably decent programmer's library, at least as far as assembly language is concerned (never mind the wisecracks - everything around here is done Quick-and-Dirty and I happen to LOVE pasta, particularly spaghetti!), but the needed data is spread over a variety of printed volumes as well as binary files such as Ralf Brown's excellent Interrupt List, various virus disassemblies, and the collected Virus-L Digests. I needed one single reference that would provide the necessary information to use and/or translate all of the Interrupt 21h sub-functions, particularly those that are rarely used in the course of my normal programming and virus disassembly. About a year ago, I put everything on hold and went through every bit of source material at my disposal, accumulating a collection of the essential reference material on the INT 21h sub-functions. Since there are definite limits to the amount of time available for such a project, all INT 21h sub-functions utilized by Novell, and any other network, were omitted. Sorry, folks, maybe one of these days, if there happens to be enough demand, but not now. The result of my data collecting was DINT - a [D]os [IN]terrupt 21h [T]oolkit, although I'm not certain whether the name `DINT' was originally inspired by "what does that [D]amn [INT]errupt do?" or by the "[DINT]y Moore" brand of Irish stew, given that DINT is also a collection of odd ingredients from strange sources... <grin> DINT exists in two parts, and is simple to use (remember, I wrote it for my own use... ,-> ) Type "dint" and press <Enter>. Barring a power failure or a lightning strike, you'll be presented with a screen (Surprise! You were expecting pizza, maybe?):- ╔══════════════════════════════════════════════════════════════════════════╗ ╔═══════════════════════════════════════════════════╗ ║ DOS INterrupt Toolkit - v.n.nn ║ ║ (c) 1992, 1993 Zen Works ║ ╚═══════════════════════════════════════════════════╝ Quick reference for INT 21h sub-function calls. [If registered copy, your name appears here] Display an INT 21h sub-function [D] Scroll Virus Installation Checks [V] Test an INT 21h function [T] Quit program [Q] ╚══════════════════════════════════════════════════════════════════════════╝ where v.n.nn is the current version number. Selecting the `D' option (yeah, you press `d' or `D' - DINT is dumb and DINT don't care...) clears the screen and presents a single line:- ╔══════════════════════════════════════════════════════════════════════════╗ Enter sub-function in 4-digit hex mode: ╚══════════════════════════════════════════════════════════════════════════╝ which means just what it says. If hexadecimal is a stranger to you, what are you doing here? For instance, if you want to see what the program termination function, 4C00h needs for calling parameters, enter `4C00'. And here, a small note of apology is in order. I set DINT up to accept a 4-character hex input with the idea that one of these days I might enhance the program to allow the user to input sub-function requests down to the AL level, for example, 5801 - Set memory allocation strategy. You will discover, if you try it, that I never did hone DINT down that fine, and it will default to AL being equal to 00. Put up with it. Suffering builds character. So assume we enter 7400:- ╔══════════════════════════════════════════════════════════════════════════╗ Enter sub-function in 4-digit hex mode: 7400 ╚══════════════════════════════════════════════════════════════════════════╝ DINT will display the available information on that sub-function call:- ╔══════════════════════════════════════════════════════════════════════════╗ INT 21h Function 74h - Undocumented Display an INT 21h sub-function [D] Scroll Virus Installation Checks [V] Test an INT 21h function [T] Quit program [Q] ╚══════════════════════════════════════════════════════════════════════════╝ Surprise! In spite of the work of Ralf Brown and others, there are still many functions whose purpose is unknown. Microsoft may know what some of these do, but Microsoft wasn't a major contributor to this product. And of course, DINT, being well behaved, returns the menu for your further selection. Repeating the `D' option, and this time choosing sub-function 4B00h produces a bit more information:- ╔══════════════════════════════════════════════════════════════════════════╗ INT 21h Function 4Bh - "EXEC" - LOAD AND/OR EXECUTE PROGRAM Call with AL = 00h "Load and Execute Program" 03h "Load Overlay:" ES:BX = seg:offset of parameter block DS:DX = seg:offset of program specifications Returns: AX = error code if CF set INT 21h Function 4B04h VIRUS - "MG", "699"/"Thirteen Minutes" - INSTALLATION CHECK Returns: CF clear if MG resident AX = 044Bh if 699/Thirteen Minutes resident INT 21h Function 4B05h - DOS 5.0 - SET EXECUTION STATE Call with DS:DX -> execution state structure Returns: AX = 0000h AX = error code if CF set Function has more screens. Display them? [Y/N] ╚══════════════════════════════════════════════════════════════════════════╝ Pressing a `Y' or `y' will hopefully produce Yet Another Screen of invaluable data for your perusal:- ╔══════════════════════════════════════════════════════════════════════════╗ INT 21h Function 4B25h VIRUS - "1063"/"Mono" - INSTALLATION CHECK Returns: DI = 1234h if resident INT 21h Function 4B40h VIRUS - "Plastique"/"AntiCad" - INSTALLATION CHECK Returns: AX = 5678h if resident INT 21h Function 4B41h VIRUS - "Plastique"/"AntiCad" - UNKNOWN Call with AL = 41h Returns: ??? INT 21h Function 4B4Ah VIRUS - "Jabberwocky" - INSTALLATION CHECK Returns: AL = 57h if resident INT 21h Function 4B4Bh VIRUS - "Horse-2" - INSTALLATION CHECK Call with AL = 4Bh Returns: CF clear if resident Function has more screens. Display them? [Y/N] ╚══════════════════════════════════════════════════════════════════════════╝ Any function that has more than a single screen of information available will display the "Function has more screens" line, leaving it up to you whether they are to be displayed or not. Time for one other little quirk. At the risk of sounding like an echo in the Alps, DINT insists on a 4-character input. So, if you want to see the accumulated wisdom concerning sub-function 0F, `Open File', you must enter 0F00. On the other hand, particularly for programmer types who know that hexadecimal numbers must be input in odd ways, FORGET IT. Here, for example, if you want to explore sub-function FF, you merely enter `FF00'. FOUR characters only; got it? DINT includes references to INT 21h sub-functions used by assorted DOS viruses. Staale Fagerland suggested that it would be quite convenient if one were able to scroll through those selected sub-functions. Since I've wished for the same feature many times since DINT was originally written, I'm more than happy to comply with his request. Staale, this is for you:- Select [V] from the menu, and you get:- ╔══════════════════════════════════════════════════════════════════════════╗ INT 21h Function 0B56h VIRUS - "Perfume" - Installation Check Returns: AX = 4952h if resident INT 21h Function 0D20h VIRUS - "Crazy Imp" - Installation Check Returns: AX = 1971h if resident INT 21h Function 30h VIRUS - "Possessed" - Installation Check Call with DX = ABCDh Returns: DX = DCBAh if installed INT 21h Function 30F1h VIRUS - "Dutch-555"/"Quit 1992" - Installation Check Returns: AL = 00h if resident Function has more screens. Display them? [Y/N] ╚══════════════════════════════════════════════════════════════════════════╝ so you can at least scroll forward through the collected information pertaining to DOS computer viruses. Backward scrolling is NOT available. Don't ask. Forget it. Unless I get absolutely overwhelmed with registrations and multiple requests for a backward scroll feature, both of which are highly unlikely. The [T] option, wherein the user can `test' an INT 21h sub-function is only available in the registered version, and I'm not at all certain it's a good idea, even then. WARNING!!! WARNING!!! WARNING!!! WARNING!!! ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ Use it entirely at your own risk. Neither I nor Zen Works will accept ANY responsibility for anything you manage to do to yourself, your computer, some one else's computer, your neighbour's lawn, pet dog, pet iguana, pet wife, antique auto, house plants, or innocent bystanders. If you choose to use this feature, you are absolutely on your own. We refuse to even send flowers. After all that, if you do select the [T] option, you'll be presented with a further warning screen: ╔══════════════════════════════════════════════════════════════════════════╗ WARNING!! Selected functions are executed! This is NOT a simulation. Use at your own risk! [C]ontinue or [A]bort: ╚══════════════════════════════════════════════════════════════════════════╝ Means just what it says. The sub-function you plug in here WILL be executed on your machine. You can create or delete a directory, a file, or do anything of which the various sub-functions of DOS Interrupt 21h are capable. Entering an `A' (yes, evan an `a') will get you back to the menu. Press `C' and there's no turning back. Well, there are a couple of ways.... which is why God gave us the Reset button and the 3-finger salute.... The next screen to appear:- ╔══════════════════════════════════════════════════════════════════════════╗ Enter Function number (hex) in AX Preloading other registers is optional - default values are 0000h with Carry Flag clear Enter Function (4-digit hex mode) : ╚══════════════════════════════════════════════════════════════════════════╝ Again, the program wants input in four hexadecimal characters, but here you can make use of the AL register by entering values other than 0 as the last two hex characters. At this point, there is one more way to get out. Enter 4C00, the DOS Interrupt 21h "Terminate" function, and you're back to the DOS prompt. Let us assume you want to see what, if anything, the undocumented sub-function 9A00h actually does return:- Enter Function (4-digit hex mode) : 9a00 DINT will then give you the option of preloading any value you like in the other registers (all but CS, of course!). ╔══════════════════════════════════════════════════════════════════════════╗ Enter Function number (hex) in AX Preloading other registers is optional - default values are 0000h with Carry Flag clear Enter Function (4-digit hex mode) : 9a00 Preload any other registers? [Y/N]: ╚══════════════════════════════════════════════════════════════════════════╝ Press `N' at this point and DINT will execute an INT 21h, sub-function 9Ah, with the AX, BX, CX, and DX registers set to zero and the Carry Flag clear. Press `Y' and DINT will cycle through the registers, giving you the opportunity to load any hex value you like into each of them:- ╔══════════════════════════════════════════════════════════════════════════╗ Enter Function number (hex) in AX Preloading other registers is optional - default values are 0000h with Carry Flag clear Enter Function (4-digit hex mode) : 9a00 Preload any other registers? [Y/N]:y Preload BX register? [Y/N] : ╚══════════════════════════════════════════════════════════════════════════╝ If you choose to load a value in a particular register, press `Y' and you will then be prompted for the value:- ╔══════════════════════════════════════════════════════════════════════════╗ Enter Function number (hex) in AX Preloading other registers is optional - default values are 0000h with Carry Flag clear Enter Function (4-digit hex mode) : 9a00 Preload any other registers? [Y/N]:y Preload BX register? [Y/N] : y Enter hex value: ╚══════════════════════════════════════════════════════════════════════════╝ If you attempt to preload the CS register, you will get a short message telling you that sins of that magnitude are not allowed in polite society. ;-) ╔══════════════════════════════════════════════════════════════════════════╗ Enter Function number (hex) in AX Preloading other registers is optional - default values are 0000h with Carry Flag clear Enter Function (4-digit hex mode) : 9a00 Preload any other registers? [Y/N]:y Preload CS register? [Y/N] : y Enter hex value: 0010 Set Carry Flag? [Y/N] : Sorry, CS manipulation will hang your system! ╚══════════════════════════════════════════════════════════════════════════╝ Note that subsequent Preload queries all utilize the same line, overwriting the previously displayed line. Pay attention! And finally, you can choose whether to set the Carry flag or not. Immediately that your choice of the carry flag setting is entered, DINT will execute the requested INT 21h sub-function. If your selection wasn't entirely bizarre, and your system didn't hang as a result, you should get a response screen:- ╔══════════════════════════════════════════════════════════════════════════╗ Enter Function number (hex) in AX Preloading other registers is optional - default values are 0000h with Carry Flag clear Enter Function (4-digit hex mode) : 9a00 Preload any other registers? [Y/N]:y Preload CS register? [Y/N] : y Enter hex value: 0010 Set Carry Flag? [Y/N] : n AX is now 9A00 hex BP is now 0000 hex BX is now 0010 hex CS is still 3D14 hex CX is now 0000 hex DS is now 3D14 hex DX is now 0000 hex ES is now 27C4 hex SI is now 0000 hex SS is now 27D4 hex DI is now 0000 hex Carry Flag is clear. Test again? [Y/N] ╚══════════════════════════════════════════════════════════════════════════╝ There, wasn't that totally enlightening? The value preloaded in BX didn't change, the carry flag is still clear, and the values of the CS, DS, ES and SS registers are simply the values that DINT happens to be currently using. A real Zen experience, huh? Since the distribution copy of DINT is a compilation, amalgamation, and accumulation of information from a wide variety of sources, some copyrighted and some not, I can't ask for money. Use it as you will, distribute it as you wish. Call my BBS and bitch, gripe, moan in ecstasy, writhe, grovel, or leave comments. Love to hear them. If you're overburdened with the world's riches, donations are always welcome. How welcome? Well, I wrote DINT on an XT-class machine, and the BBS runs on a 12MHz 80286, if that gives you the picture... However, the Test feature is only available in a registered version, and for that I expect to be paid. $20.00 gets you a 3.5" diskette sent via ordinary mail anywhere. Of that fee, $2.00 cover the code and the balance is a meagre payment for writing the doc file. The family philosophy (yes, there's more of us!) is that it's enough for a programmer to write and debug the code; users shouldn't expect documentation. But they do. $25.00 buys the same diskette via registered mail. The additional $5.00 also covers the aggravation of my having to be awake in the daytime to go to the post office. If you're bordering on the suicidal and have a compelling desire to spend your hard earned money just to be able to do arcane and absurd things to your system, make cheques (Yes, I'll accept personal cheques - I've been stiffed for greater sums than twenty bucks and managed to survive), money orders, cashier's cheques, or bank drafts payable to R. W. Hale (that being the way I sign my name, simply because it's shorter and quicker), and mail it, along with your name spelled the way you want it to appear on the opening screen, and your complete mailing address. Mail to me at:- R. Wallace Hale P. O. Box 528 Houlton, Maine 04730-0528 U.S.A. Messages to me on Driftnet (my BBS) telling me "the cheque is in the mail" will be ignored. At least until the mail is delivered. If any Canadian has read this far, and still has money left after taxes, the price is the same in Canadian dollars. But if you do send Canadian money, you'd better have a Canadian mailing address! <grin> To answer a few questions that some one, somewhere, may be asking:- NO! I don not plan to create a TSR version. No, I'm not aware of any conflicts between DINT and any TSRs, but I don't use many TSRs, so I don't speak from any position of great authority. Upgrades? Possibly, depends on my life span and what new data becomes available. Will upgrades be free to registered users? I doubt it. If enough additional data becomes available to justify updating DINT, and if more than two people have registered the program, I probably won't be able to afford the distribution costs. However, I will keep the cost of updates to the absolute minimum. Bug fixes? Serious ones will be fixed on my nickel, but you may have to call Driftnet to get the patched version. Minor ones? Depends on my workload. Windows compatability? I sincerely hope not! An OS/2 version? Why would you want it? Network compatibility? Perhaps by accident, but not by design. - R. Wallace Hale 13 July 1993 ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ █ ╔═══════════════════╦═════════════════════════════════════════════════╗ █ █ ║ Driftnet BBS ║ Free access at all levels. ║ █ █ ║ Woodstock, N. B. ║ Download on first call, no ratios. ║ █ █ ║ (506) 325-9002 ║ Extensive collection of the latest virus ║ █ █ ║ Intel 14.4 v32 ║ information and anti-viral tools. ║ █ █ ║ 24 hours ║ The virus research section is absolutely ║ █ █ ║ Wallace Hale ║ restricted to recognized members of the ║ █ █ ║ Sysop ║ AV community. ║ █ █ ╠═══════════════════╩═════════════════════════════════════════════════╣ █ █ ║ -= Zen Works =- ║ █ █ ╚═════════════════════════════════════════════════════════════════════╝ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀