Chip 1996 April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 1996 April / CHIP 1996 aprilis (CD06).zip / CHIP_CD06.ISO / sac / pack / thd_12_1.exe / rar / THDEXARC.RAR / THDEXARC.TXT < prev

Wrap

Text File | 1995-12-25 | 24KB | 490 lines

******************************* EDITORIAL NOTE ******************************* ** ** ** It should be noted that use of this utility is recommended against. ** ** It removes the "control" factor from THDPRO.EXE on which the entire ** ** security concept is based. With proper use, this utility can be a gift. ** ** However in the hands of people not "FULLY" aware of the power of the ** ** various utilities (and all of their quirks) this utility could allow you ** ** to do uncontrollable damage to your system. ** ** Unless you are absolutely certain that you need to use this and know ** ** absolutely everything about the archiver/scanner you intend to invoke ** ** using this utility, be aware that the results may not always be as ** ** "controllable" as you may anticipate. ** ** ** ****************************************************************************** ** ** ** Although I will support this utility, I cannot promise to know ** ** anything about the various products you may configure for use with it. ** ** ** ****************************************************************************** THDEXARC.EXE is THD ProScan's External Archive Editor. It's purpose is to allow the user to add external archive and virus scanner support to THD ProScan Version 12.0 and later, by creating a data file with necessary information for THDPRO.EXE to use these external archives and/or virus scanners in it's normal running. Definitions found in THDEXARC.DAT (created by this utility) will only be used IF THDEXARC.DAT exists in the same directory as THDPRO.EXE and IF the archive type is not supported internally to THDPRO.EXE. An archive type "normally" supported by THDPRO.EXE which is not defined in THDINSTL will be considered unsupported for this definition and will be checked against the types supported in THDEXARC.DAT. If however they are configured in THDINSTL, the internal routines will be used. Conversion "to" external archive types is not supported by THDPRO.EXE, however conversion "from" these types using the normal convert indicators is supported. In the case of virus scanners, no comparison to internally configured scanners is made, so you can opt to run the internally supported scanners via this option with different parameters than set internally without a conflict arising with those internal to THDPRO.EXE. KEYWORDS (replaceable strings if you prefer) are as simple as the following... ~~A - use "A"rchiver instead of unarchiver ~~U - use "U"narchiver instead of archiver ~~F - "F"ilename for the current process ~~I - "I"nclude filenames or other relevant information. ~~D - "D"irectory ~~L - "L"og file (for scanners only) If any of the above is entered in lower case they will be translated to upper case prior to saving the record. The ~~A and ~~U are special keywords in that they are not actually "replaced" on the command line. Instead they are simply stripped from the command line and the archiver (~~A) or unarchiver (~~U) is used instead of the default. In order to understand this, you must realize that each of the archive processes has a default executable. In the case of the "test archive" command for instance, THDPRO.EXE will use the "path to unarchiver" by default. If for some reason THDPRO.EXE should be required to use the archiver (instead of the unarchiver) you could put ~~A on the parameter line to tell THDPRO.EXE to use the "path to archiver" instead of the "path to unarchiver". Putting ~~A in a parameter which normally uses the Archiver will have no adverse effects (except to take up a few spaces in your configurable space) The other codes are replaced at run-time by THDPRO.EXE based on the following. Codes not explained in any given entry are not supported for that entry and have no translation value. IN THE SCANNER CONFIGURATION ---------------------------- Path to Scanner - None Scan a directory - ~~D=name of the Directory to scan (no ending "\") ~~L=full path and filename of "heurist.Log" (or more accurately the temporary heuristic Log) Scan a file - ~~F=full path and filename of the File to be scanned. ~~L=full path and filename of "heurist.Log" (or more accurately the temporary heuristic Log) Success Errorlevel - None IN THE ARCHIVE CONFIGURATION ---------------------------- Archive Type - None Archive extension - None Internal/External - None Archive ID (hex) - None Archive ID (chr) - None Archive ID Offset - None Path to Archiver - None Path to Unarchiver - None Expansion - ~~F=full path and filename of the archive to be expanded ~~D=Current temporary directory used by THDPRO.EXE ~~A=Path to Archiver (use only if you wish the archiver to be used for this process instead of the unarchiver. If absent the unarchiver is used). Compression - ~~F=full path and filename of the archive to be created ~~D=Current temporary directory used by THDPRO.EXE ~~U=Path to Unarchiver (use only if you wish the Unarchiver to be used for this process instead of the archiver. If absent the archiver is used). Add a file - ~~F=full path and filename of the archive being tested ~~I=full path and filename of the file(s) to be added ~~U=Path to Unarchiver (use only if you wish the Unarchiver to be used for this process instead of the archiver. If absent the archiver is used). Add a comment - ~~F=full path and filename of the archive being tested ~~I=full path and filename of the comment to be added ~~U=Path to Unarchiver (use only if you wish the Unarchiver to be used for this process instead of the archiver. If absent the archiver is used). Test archive - ~~F=full path and filename of the archive being tested ~~I=No replacement values (will be left untouched) ~~A=Path to Archiver (use only if you wish the archiver to be used for this process instead of the unarchiver. If absent the unarchiver is used). Delete by list - ~~F=full path and filename of the archive being tested ~~I=full path and filename of the list to be removed ~~U=Path to Unarchiver (use only if you wish the Unarchiver to be used for this process instead of the archiver. If absent the archiver is used). Delete by filename - ~~F=full path and filename of the archive being tested ~~I=full path and filename of the file(s) to be removed ~~U=Path to Unarchiver (use only if you wish the Unarchiver to be used for this process instead of the archiver. If absent the archiver is used). Success Errorlevel - none The Menu Interface ------------------ The menu interface is "basic" meaning that it supports the up/down arrow keys as well as the use of the highlighted "Hot Keys". <enter> selects the highlighted option. <esc> is equivalent to the "Quit" option on each menu. To select an option move the highlight by pressing the up and down arrow keys and press the <enter> key when the correct option is highlighted. Or press the highlighted letter of your selection. Except as noted below the home key will move the highlight to the first selection on the menu and the end key will move the highlight to the last selection. In the view/edit/add modes the following keys serve a special purpose. Right = "N"ext Left = "P"revious Home = "F"irst End = "L"ast The menu commands will not be broken down in this text. Anyone incapable of understanding the meanings of the various menu options should seriously reconsider before trying to add or manipulate external archives or scanners. IMPORT - EXPORT --------------- The "Import" option available from the Main Menu allows the user to "import" definitions from a text file. This text file must contain a definition in the precise format created by the "export" function (discussed in the next paragraph) except that it will ignore any leading and/or trailing spaces. This will allow easy importation of other's settings. The text imported "from" can contain as many definitions as you like and may also contain information other than the definitions (THDEXARC will search for the definition portions and offer you the option to import each definition as it is found). The "Export" option is available from the "View" menu. If you select the "export" option you will be prompted if you wish to export the currently displayed archiver or scanner or to export "all" records. If you select the "all" option then all scanner AND archive definitions will be exported regardless of which you are viewing. The export file is a simple text file and can be edited without destroying the effectiveness as long as no lines which are "used" are removed completely. Both of these options will prompt you to enter a filename with the "default" being THDEXARC.EXP. You may supply another filename and/or a full path and filename at your option. If the file exists on an export attempt you will be asked if you wish to "overwrite" (replace the existing file), "append" (add the new info to the end of the existing file) or "abort" (stop exportation). THDEXARC.EXP ------------ Included in the distribution archive is THDEXARC.EXP. This is a text file which contains the "Export" of some archivers and scanners (most of which are already supported internally). You can Import the various definitions via the Import function from the main menu. It is distributed in this format to avoid having THDPRO.EXE use THDEXARC.DAT unless it has been specifically configured. Note that the various Paths supplied in this file are not likely to exist on your system and will almost certainly need to be corrected. This can be done with a text editor or inside THDEXARC.EXE at the time of importation. Import only those definitions that you wish to use and/or add your own. However please take great care when using this utility. I cannot stress how little control you may have if you're not fully aware of the capabilities of the archivers or scanners that can be configured through it's use. Configuration Breakdown ----------------------- The breakdown of the configuration section goes like this. On first run (or any run where a THDEXARC.DAT does not exist in the current directory), the "first" menu will only show 4 options. They are... 1 Add an Archiver 2 Add a Virus Scanner 3 Import Q Quit After at least a single record exists you will be given the following options... 1 View Current Archivers 2 View Current Scanners 3 Modify an Archiver 4 Modify a Virus Scanner 5 Add an Archiver 6 Add a Virus Scanner 7 Remove an Archiver 8 Remove a Virus Scanner 9 Import Q Quit The two "Remove" options when used result in "complete" removal of any records chosen to be removed. Records "Removed" cannot be recovered. However, all deletion is confirmed prior to any actual action. ********************************* * UNDER "ARCHIVE" CONFIGURATION * ********************************* These definitions are effective under all "archive" options except the "remove" and "quit" selections. -------------- Archive Type - -------------- The Name and version of the Archiver/Unarchiver who's action this entry is designed to account for (ie. PKZIP/PKUNZIP version 2.04g). -------------------- Archive extension - -------------------- The "normal" extension of the archive type (ZIP for Zip, LZH for Lha etc) [ capital letters are forced ] ------------------- Internal/External - ------------------- This entry is a toggle. Selecting it toggles support from External (use the info in the THDEXARC file) to Internal (use THDPRO.EXE's internal identification and handling routines). IN ALMOST ALL CASES THIS SHOULD BE SET TO EXTERNAL!!! This will signify that you are defining an archive type not supported by THDPRO.EXE. The setting of INTERNAL is a special case which tells THDPRO.EXE, that the archive type is already support internally but the search for the Identification needs to be adjusted by the number in ID_OFFSET in order for THDPRO.EXE to properly identify the archive type. In order to understand how this might be used, see the "Internal Support" notes at the end of this document. ------------------ Archive ID (hex) - Archive ID (chr) - ------------------ Either of these will allow you to "input" archive identification characters in HEXADECIMAL format (00-FF). These can usually be seen in a hex editor or other hexadecimal viewer. The "?" is a reserved character and may NOT be used in the archive id (hex 3F). The ? is used to indicate that a character in "this" position may be any character. PKZIP for instance might be entered as 50,4B,03,04,??,??,??,??,??,??,??,??,??,??,??. Which is translated into.. Only the first four characters are significant and they must be 50,4B,03,04 IN THAT ORDER. The "hex" entry is where input is made, the "chr" entry is for display purposes only and will show the actual character represented by the hex code entered. LHA archives could be identified here as... 2D,6C,68,??,2D,??,??,??,??,??,??,??,??,??,?? which would require a match for the first three and fifth character while allowing the fourth character to be anything. (The Id offset for this pattern in LHA archives is at position "2") In cases where it would be easier to enter the actual character than it's "hex" equivalent, you may do this by entering it with a preceding "=". So for PKZIP for instance one could alternately enter it as... =P,=K,03,04,??,??,??,??,??,??,??,??,??,??,??. The "=" tells the interpreter that the second character is the actual character to be entered and it in turn "translates" that character into it's appropriate hex code. So entering "=P" would result in "50" showing in the space where that was entered (as "50" is the hex equivalent of a capital "P"). The "P" itself would be displayed on the (chr) line below. This works for all "typable" characters. ------------------- Archive ID Offset - ------------------- Number of bytes from the beginning of the archive at which the Archive ID is located. The "first" byte of the archive is "0" (not 1). Thus "ZIP" archives with the above signature would have an offset of "0". ------------------ Path to Archiver - ------------------ The full path and filename of the archiver (ie C:\TOOLS\PKZIP.EXE). This entry MUST represent a full path and filename (drive preferred but not required) [ capital letters are forced ] -------------------- Path to Unarchiver - -------------------- The full path and filename of the UNarchiver (ie C:\TOOLS\PKUNZIP.EXE). This entry MUST represent a full path and filename (drive preferred but not required). An entry of "=" will cause it to match the "Path to Archiver" entry above. [ capital letters are forced ] ----------- Expansion - ----------- The parameters required by the UNARCHIVER to expand an archive of this type for PKZIP for instance, one might enter "-d -o- ~~F" (meaning to recreate directories and never overwrite existing files) ------------- Compression - ------------- Although not "currently" supported by THDPRO.EXE, this field should be defined as the parameters necessary for the ARCHIVER to create an archive including all subdirectories which may be under it. . For PKZIP, one might use "-arp ~~F" ------------ Add a file - ------------ Parameters used to "add a file" to this particular archive. The "archiver" is normally used for this purpose. For PKZIP you might use "-a ~~F ~~I". --------------- Add a comment - --------------- The parameters required by the Archiver to add an archive comment. For PKZIP one might use "-a ~~F -z > ~~I" -------------- Test archive - -------------- The parameters used by the Unarchiver to "test" the CRC of an archive. For PKZIP "-t ~~F". ---------------- Delete by list - ---------------- The parameters required by the Archiver to delete files via a list where ~~F will be replaced by the full path and name of the archive and ~~I will be replaced by the full path and filename of the "list". For PKZIP "-d ~~F @~~I" -------------------- Delete by filename - -------------------- The parameters required by the Archiver to delete files BY NAME where ~~F will be replaced by the full path and name of the archive and ~~I will be replaced by the filename(s) of the file(s) to be removed. For PKZIP "-d ~~F ~~I" -------------------- Success Errorlevel - -------------------- The errorlevel returned when the various command lines have encountered no errors in their execution (usually "0"). Note that THDPRO.EXE evaluates this errorlevel in the same way as "DOS". An errorlevel less than or equal to the value entered here is considered a "pass". ********************************* * UNDER "SCANNER" CONFIGURATION * ********************************* These definitions are effective under all "scanner" options except the "remove" and "quit" selections. --------- Scanner - --------- The Name and Version of the scanner represented by this entry. For example "McAfee's VirusScan Version 2.2.5." ----------------- Path to Scanner - ----------------- The full path and filename of the Virus Scanner (ie C:\SCAN\SCAN.EXE). This entry MUST represent a full path and filename (drive preferred but not required) [ capital letters are forced ] ------------------ Scan a directory - ------------------ The parameters required to scan all files in a directory and all of it's subdirectories. for Mcafee's SCAN you might use "/all /sub /nomem ~~D\*.*". ------------- Scan a file - ------------- The parameters required to scan a single file. for Mcafee's SCAN you might use "/all /nomem ~~F". -------------------- Success Errorlevel - -------------------- The errorlevel returned when no viruses are found. (usually "0") Note that THDPRO.EXE evaluates this errorlevel in the same way as "DOS". An errorlevel less than or equal to the value entered here is considered a "pass". Notes - Prior to saving any records, This program records the CRC of the executable file(s) of the record for use by the SECURE mode of THDPRO.EXE. The time required to do this will vary depending on the size of the executables. If running THDPRO.EXE in secure mode, the CRC's above can be "corrected" by "edit"ing the path to any one of the executable files of the record in question. This will cause the CRC's to be recalculated for the executables in that record. Running THDPRO.EXE /SEC has no effect on the THDEXARC CRC records and will not correct the CRC's stored therein. Note however that none of these CRC's should change unless you have changed the file that they point to. You should be EXTREMELY suspicious if you find yourself needing to correct a CRC contained in the THDEXARC.DAT file if you have not changed the file(s) affected. All archive records are sorted upon exit from the program in reverse order based on the archive identification strings. The sorting is required to ensure that THDPRO.EXE attempts archive identification in the correct order. No "sorting" of scanner entries is necessary. ------------------ Internal Support - ------------------ In order to understand when one might set the Internal/External toggle on an archive type to "INTERNAL" one needs to understand how THD looks for it's archive identification internally as well as what THD looks for. Under all "normal" circumstances, THD looks for the archive identification at offset "0" in any given archive type ("2" for LHA). When looking at SFX files THD reads the executable header for the "size" of the executable header and changes its starting point by that amount. This works fine for DOS SFX files since the actual archive is simply appended to an executable file. However OS/2 and Windows have a different executable structure and the "size" THD finds can simply be the size the the "dos stub". This stub is then followed by a portion of code specific to OS/2 or Windows. (Some OS/2 SFX types do return the proper size and do not need to be accounted for by this method.) THDPRO.EXE would thus not be able to identify that file as an archive as it would be searching for the ID in the OS/2 or Win executable portion instead of the archive. What is needed is a way to tell THDPRO.EXE to "skip" a specific number of bytes to locate the id header. When setting an archive type to INTERNAL, most fields are ignored. The only "significant" field in the record is the ID_OFFSET. THD will (if it fails to recognize the archive internally) check again beginning with the id_offset as specified in any internal THDEXARC entries. It will restart a new internal search using the offset provided by THDEXARC and defining the archive as whichever internal identification it matches. If it matches none of the internal archive types, it is defined as an unrecognized type. A sample of this type of use is included in THDEXARC.EXP, and I may be happy to help those who may need it for other purposes (although I may require you to send me the archiver or possibly a few sample archives of the type which needs to be defined). I have accounted for the RAR occurrences of this type. The [OS/2] LH and ZIP SFX formats I tested do not need to be accounted for as they both returned the correct size and are recognized by THDPRO.EXE without this consideration. It is important to remember that "internal" means internal to THDPRO.EXE. Those types defined as "internal" will NOT be compared to any other records stored in the THDEXARC.DAT file and therefore will ONLY work if THDINSTL.EXE has been configured to use the particular archiver you intend to support using this method. If the archiver is NOT configured internally, then make the definition an external one and fill in all necessary fields. If in doubt, ask. This option (and indeed, this tool) is not for the average user. THAT'S ALL FOLKS!! Good luck.