home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
User's Choice Windows CD
/
User's Choice Windows CD (CMS Software)(1993).iso
/
utility3
/
vwpd.zip
/
VWPD.DOC
< prev
next >
Wrap
Text File
|
1991-06-17
|
21KB
|
661 lines
Contents
Chapter 1 The Virtual 386 Write Protect Device 1
1.1 Basic Information . . . . . . . . . . . . . . 1
1.1.1 Description . . . . . . . . . . . . . . 1
1.2 Introduction . . . . . . . . . . . . . . . . 1
1.2.1 Worlds first Shareware VIRTUAL Device
Driver . . . . . . . . . . . . . . . . . 2
1.2.2 Low Overhead . . . . . . . . . . . . . . 2
1.2.3 Protecting old DOS applications . . . . 2
1.2.4 Optional features & additional options
when you register . . . . . . . . . . . 2
1.2.5 Advantages . . . . . . . . . . . . . . . 3
1.2.6 Updated Features: . . . . . . . . . . . 3
1.2.7 Updates . . . . . . . . . . . . . . . . 3
1.2.8 Warnings and cautions . . . . . . . . . 3
1.2.9 Trojan and Virus Programs . . . . . . . 4
1.2.10 Background . . . . . . . . . . . . . . 4
1.3 Known problems . . . . . . . . . . . . . . . 4
1.3.1 Entering DOS . . . . . . . . . . . . . . 4
1.4 Installation . . . . . . . . . . . . . . . . 5
1.4.1 Copying and naming files . . . . . . . . 5
1.4.2 Verifying Installation . . . . . . . . . 6
1.5 Features . . . . . . . . . . . . . . . . . . 6
1.6 Restrictions . . . . . . . . . . . . . . . . 6
1.7 Control Program . . . . . . . . . . . . . . . 7
1.7.1 Installation . . . . . . . . . . . . . . 7
1.7.2 Use . . . . . . . . . . . . . . . . . . 7
1.7.3 Messages . . . . . . . . . . . . . . . . 7
1.7.4 Exiting . . . . . . . . . . . . . . . . 7
1.8 Optional Features . . . . . . . . . . . . . . 7
1.9 DOS Utilities that are protected by VWPD . . 8
1.9.1 Always Protected . . . . . . . . . . . . 8
1.9.2 Protected when write protect is on . . . 8
1.10 Advanced Information . . . . . . . . . . . . 8
1.10.1 Terminate Task . . . . . . . . . . . . 8
1.10.2 Miscellaneous . . . . . . . . . . . . . 8
1.10.3 DOS and Windows Tested . . . . . . . . 8
1.10.4 Custom Windows and OS/2 programming . . 9
1.10.5 Supplementary Documentation . . . . . . 9
1.11 How to contact for information . . . . . . . 9
i
Chapter 1
The Virtual 386 Write Protect Device
1.1 Basic Information
Title: Prevents disk corruption and crashes in Windows
Keywords: VWPD CORRUPT CHKDSK CRASH DISK PROTECT WINDOWS
SHAREWARE NETWORK TROJAN VIRUS FORMAT
1.1.1 Description
VWPD prevents disk corruption from occuring when using CHKDSK
while Windows is running(see Windows User's Guide p.54). It has a
write protect feature which can be toggled on/off by the included
control program. Test suspected Trojan and virus programs with
secure write protect, enabled(runs in Protected Mode at Ring 0).
Requires MS Windows 386 Enhanced mode. Documentation included.
Network compatible. Simple installation. Download in 3 min.
1.2 Introduction
The "Virtual Write Protect Device" is a MS Windows 386 Enhanced
Mode virtual device driver.
The VWPD protects your hard disk drive from DOS low level sector
writes. Utilities like PC Tools Compress, Norton's SD, Golden
Bow's VOPT and disk repair and modification utilities will
receive an error("disk write protected"), if you attempt to run
them while MS Windows is running(Enhanced Mode only). The VWPD
also protects your hard disk from low level formatting and if you
have used the control program (VWPDCTRL.EXE) to turn on the write
protect feature you are protected from Interrupt 13h writes.
Not only are you protected from these common utilities but any
virus which might attack your system by the same method will be
stopped dead in it's tracks.
VWPD is a very simple system. There is the device
driver(VWPD.386) and there is the control program(VWPDCTRL.EXE).
Write protect for Interrupt 26 hex is always on.
Write protect for hard disk formats(INT 13h) is always on.
Write protect for low level writes(INT 13h) can be toggled on/off
by the control program.
This is NOT, repeat NOT an ordinary Windows Device Driver. They
run at ring 1. VWPD runs at ring 0. It is more secure than code
that runs at ring 1. Ordinary code that runs at rings 1,2 or 3
can not touch this driver. The only way code can run at ring 0
is be loaded at the time Windows starts up.
1.2.1 Worlds first Shareware VIRTUAL Device Driver
I have good reason to be believe that this is the first virtual
device driver for MS Windows ever released to the Shareware
market.
The effort and cost of doing a virtual device driver is not
trivial. It may be some time before anyone becomes crazy enough
to do another one.
If there are any contenders for the worlds first, speak up or
forever hold your peace. In 20 years no one will care who was
first! Maybe in 3 weeks.
For those of you interested in the INNER workings of MS Windows I
am presently working on a tool similar to David Maxey's "INTRSPY"
program. The TSR part of intrspy will be replaced by a virtual
device driver. Then we can watch the protected mode interrupts go
by. (Intrspy comes with the book "Undocumented DOS" by Andrew
Schulman, et all).
1.2.2 Low Overhead
The performance overhead for this protection is very low. When
normal programs are running there is minimal overhead. When one
of these special utilities that uses INT 26h is running it is
blocked and there is essentially no overhead.
1.2.3 Protecting old DOS applications
Our other shareware program system "Windows Safe" requires that
any DOS program that you do not want to run while Windows is
running must have a small utility added to the disk to block it
from running. If you use 386 Enhanced Mode, then VWPD will
protect you on a SYSTEM WIDE basis. It is not necessary to
protect each program individually, if what you are trying to
prevent is low level sector writes to the disk.
So...what you save is disk space. You gain ease of installation
and you get virus protection; all at the same time.
1.2.4 Optional features & additional options when you register
Custom enhancements and site licenses for larger firms.
- 2 -
When you register and pay the requested $20 fee you receive an
enhanced VWPD with many addition features.
The program which we have provided you in effect for free is not
a demo or crippled in ANY way. Feel free to use it. I won't waste
my breath, telling you to register.
So... I will tell you that you will receive an enhanced kit to
make it easier for you protect your system from inadvertent and
malicious disk writes.
If you would like the additional features, then grab the order
blank, print it out and send it in.
1.2.5 Advantages
Requires only small amount of extra memory to run.
Not a TSR.
Prevents many crashes in Windows, especially useful for network
administrators.
1.2.6 Updated Features:
Warning Messages 5-25-91
Toggle Messages 5-27-91
Improved Documentation 5-30-91
DOS Only write protect 6-09-91
Fixes to version #'s 6-09-91 + warning message
Fix DOS only bug 6-17-91 Drv. # 1.02, Ctrl. 1.01
1.2.7 Updates
VWPD is likely to be enhanced for quite a while as Windows itself
is being modified and as I discover more refined ways of
providing the same or improved protection.
If you have an early version of VWPD V. 1.0. Be sure to look for
an improved version (1.5) sometime about 7-1-91. I will post it
to Compuserve and maybe a few other places.
1.2.8 Warnings and cautions
I have tested the VWPD system carefully. I believe that VWPD
should work with ANY application in any situation. However, there
is no foolproof system against viruses.
During use, VWPD does absolutely no writing to your disk(s).
Does not protect Network or RAM disks (drives).
The device driver and it's control program have been installed
here and running for about a month(5-30-91). The documentation
and the control program are a bit rough looking but the driver
- 3 -
itself seems to be quite stable. Be sure to look for an update
about 7-1-91.
If you encounter any problems with the system be sure to let me
know.
1.2.9 Trojan and Virus Programs
The VWPD should be capable of stopping any DOS or Windows program
that contains a Trojan or virus. The control program is a
protected mode Windows program and is moderately safe from a DOS
application. The VWPD itself runs at ring 0 and can only be
controlled by a protected mode program and the interface to it is
not documented or published to make it more difficult to bypass
it.
Beware of a virtual device driver that contains or is a virus or
Trojan horse. As long as the ring 0 code in Windows does not
contain and does not become contaminated by a virus, then Windows
is much more secure than plain DOS. A Windows Virtual Device
Driver could become contaminated if the disk file were to be
modified, but a virus would have tough time changing memory
during the time Windows was running.
To test a suspected virus program.
First turn write protection on using the control program. Also,
turn warning messages ON, so that you will KNOW that a write was
attempted. Then run the suspected program. If a write to the disk
is attempted you will know.
1.2.10 Background
VWPD is a general purpose tool that allows you to control writes
to your disks. Some OLD DOS applications such as disk repair
utilites should not be run from inside Windows. VWPD provides
automatic protection for some of these programs. Users that
accidently run programs like this from inside Windows can cause
Windows to crash.
The crash protection described is not complete but it will save
you some headaches. Utilities that are not safe are those that
bypass INT 26h and use INT 13h.
1.3 Known problems
1.3.1 Entering DOS
Pageswap device driver causes a write to occur when opening a DOS
window.
This can be stopped by:
- 4 -
Checking the "DOS Only" box when turning on write protect.
Opening the DOS window before turning on write protect.
OR:
Set paging off in the system.ini file. See the installation
section below. "paging=FALSE". To turn paging back on set
"paging=TRUE".
1.4 Installation
1.4.1 Copying and naming files
This is a special WINDOWS Virtual Device Driver. Not a DOS device
driver that would go in the CONFIG.SYS file.
To install the Virtual Write Protect Driver(VWPD.386) a line must
be added to the SYSTEM.INI file located in the Windows directory.
This line must be placed in the "[386Enh]" section. The line
should look like this:
device=vwpd.386
For instance:
[386Enh]
device=vwpd.386
paging=FALSE
VCPIWarning=FALSE
SystemROMBreakPoint=False
FileSysChange=False
ebios=ebios.386
display=*vddvga
keyboard=*vkd
mouse=*vmd
...
(etc.)
...
The following information is based on information in the
sysini2.txt file and explains the general method for adding a
device.
------------------------------------------------------------
Device=<filename>
- 5 -
Default: none (Setup assigns appropriate values based on
your system configuration.)
Purpose: Specifies which virtual devices are being used
with Windows in 386 enhanced mode. This value
appears as the name of a specific virtual device file.
Filenames usually include the .386 extension. Multiple
device lines are required to run Windows in 386
enhanced mode.
To change: Use Notepad to edit the SYSTEM.INI file.
Copy the device driver VWPD.386 to the Windows system
subdirectory. Copy the VWPDCTRL.EXE program to your windows
subdirectory.
1.4.2 Verifying Installation
The simplest way to verify correct installation is to attempt to
use a disk defragmentor. When run it should stop and report that
the disk is write protected!
(not yet provided)The installation disk contains a program
specifically provided to test that the driver is working. It
reads one sector off the disk and attempts to write it back
exactly as it found it. The sector used is the last sector on the
disk. Not an important sector in a FAT or directory.
1.5 Features
Network compatible. Helps prevent Windows from crashing.
User Transparent
Simple Installation
Virus "resistant".
Very low overhead.
Contains NO code that can damage your system.
1.6 Restrictions
Disks: floppies are NOT protected from formatting.
Backup programs that do sector reads are not protected. Such
programs should not be run if the disk can be modified(written
to) while the backup is in progress.
- 6 -
1.7 Control Program
VWPD comes with control program that allows you to turn write
protection on and off.
It also has a status box to inform you as to the state of the
device driver.
1.7.1 Installation
Copy the VWPDCTRL.EXE file to your windows subdirectory.
1.7.2 Use
To turn write protect on/off and toggle warning messages click on
the "control" menu item. Toggle the appropriate options on or
off. If the OK button is selected and write protect is set on;
then VWPDCTRL will minimize itself automatically.
The DOS Only button allows write protect to be set on, for DOS
windows only.
1.7.3 Messages
VWPD will display only one message if messaging is enabled and
write protect is on. Due to the fact that messages are brought
from disk and disk interrupts are NOT re-entrant, in order to put
up a message it is necessary to queue the message. This means
that there is a delay before the message appears on the screen.
In the case of 486 cpu it's about 1/2 second.
1.7.4 Exiting
Failure to close VWPDCTRL or turn write protect off before
attempting to exit Windows will cause several annoying system
write protect messages to be generated. The consequence of this
is usually not harmful, but should be avoided.
1.8 Optional Features
A version with enhanced features is under development. This will
provide options to protect individual floppies drives when 386
mode Windows is running, as well as some other features.
Read Sector protection.
Format protection (by floppy)
Low level write protection by task.
Protection for all writes, by task.
Toggle protection on/off by task, by function, by drive.
I/O port protection.
Hiding Windows from a virus.
- 7 -
Call for information.
1.9 DOS Utilities that are protected by VWPD
1.9.1 Always Protected
CHKDSK
RECOVER
(Tested in DOS 3.30)If run from Windows while VWPD is installed
these programs will not write to the disk. They are safe to use.
1.9.2 Protected when write protect is on
DOS FORMAT is protected.
PC Tools Format is protected.
FDISK is protected.
1.10 Advanced Information
1.10.1 Terminate Task
VWPD can be used if you want to test a specific program, possibly
containing a virus. If an attempt is made to write to the disk, a
warning message will be displayed. You may choose to continue
(OK) or cancel in which case the task that was running will be
closed. If you choose to cancel, after our warning message you
will also get a Windows error message telling you that you must
reboot. This not necessary, the message is in error. You may
safely continue(this last statement is being tested, but believed
to be correct).
1.10.2 Miscellaneous
VWPD is a virtual device driver, NOT a program. It runs at ring 0
which means that no program can modify it while it is running.
Ring 0 is a hardware feature of the 80386, 80486 processors. This
driver does NOT work in standard or real modes.
Windows in standard (286) mode is not as vulnerable to ill-
behaved applications as enhanced mode is. At this time we do not
offer a driver that works in 286 mode.
1.10.3 DOS and Windows Tested
Tested under DOS 3.30 and Windows 3.0a on a 80486 processor.
Tested under DOS 5.0.
Requires DOS 3.x or higher. Windows 3.x or higher(386 Enhanced
mode)
- 8 -
Works with DOS 3.x, 4.x and 5.x
Runs only on 386 and above machines. Will not run on
8088,8086 or 80286.
1.10.4 Custom Windows and OS/2 programming
We do applications and device drivers, call or write for
information.
Old DOS applications should be modified to be Windows aware. If
you have a DOS product and need technical help to update it, we
can do the job
1.10.5 Supplementary Documentation
The registered kit contains a subdirectory that has several files
totaling over 60,000 characters of documentation, most of it
related to network issues.
See also:
Byte Magazine, Networking Windows, Mar. 91, p.299-307.
Your Windows directory (win3?), the text file: networks.txt.
Provided as is, without a warranty.
1.11 How to contact for information
Mom's Software
Box 449. 391 So. Pacific St.
Rockaway, OR 97136
503-355-2281
CIS 71171,47
- 9 -