home *** CD-ROM | disk | FTP | other *** search
-
- ***************************************************
- *** Pirate Magazine Issue III-3 / File 7 of 9 ***
- *** Cracking Tips (Part 5) ***
- ***************************************************
-
- In this file: Graphwriter 4.21
- TheDraw
- SideKick 1.00A
- PFS Report
- PCDRAW 1.4
- Signmaster
-
-
- FOR THE USERS THAT HAVE 'GRAPHWRITER' VER 4.21
- -------------------------------------------------------------------
- FROM : THE A.S.P ; (Against Software Protection)
-
- DATED : OCT 19,1984 (FIRST RELEASE)
- ORIGINALLY SUBMITTED TO ASA FULTONS BBS (THE SHINING SUN -305-273-0020)
- AND TO
- LEE NELSONS BBS (PC-FORUM -404-761-3635)
-
- PLEASE NOTE THAT THESE UNPROTECT PROCEDURES INVOLVE FROM 4 HOURS TO
- ___________________________________________________________________
-
- 40 OR MORE HOURS ( 8+ HOURS FOR 'GRAPHWRITER' ) OF
- SINGLE STEPPING THRU CODE AND FIGURING OUT THE
- INTENT OF THE ORIGINAL CODE.. SO I WOULD APPRECIATE IT WHEN U PASS
-
- THIS ON TO OTHER BOARDS YOU DO NOT ALTER THIS OR TRY TO TAKE CREDIT
- FOR MY LOST SLEEP.... THE A.S.P... (J.P. TO HIS FRIENDS)
-
- OH, AS A FURTHER NOTE. I SEE SOME BBS'S ARE NOW CHARGING U TO BE REGISTERED
- TO USE THEIR SYSTEM. FIRST OF ALL I GIVE U FROM 4 TO 60 HOURS OF MY TIME
- AT NO COST TO YOU AND I DO NOT LOOK TO KINDLY TO SUCH BBS'S PUTTING ON
- in. Thanks John Roswick, Bismarck.
- Keywords: SIDEKICK PROKEY PATCH FIX BUGS COMPATIBILITY BORLAND
- <> <> <> <> <> <> <> <> <> <> <>
- UNPROTECT FOR -SIDEKICK-
- Attention Sidekick/Prokey users ! We at Borland were having
- trouble getting Sidekick to be compatible with Rosesoft's Prokey and
- as many of you Prokey users out there know everything locked up when the
- two got together. The reason Prokey does not work is because it trashes
- some of the registers when running and confuses Sidekick as to make your
- terminal go down. Enclosed is the portion of Prokey which does this.
-
- 0730 2EF606D402FF TEST CS:BYTE PTR [02D4H],OFFH
- 0736 7409 JE 0741H
- 0738 2EFF2EC602 JMP CS:DWORD PTR [02C6H]
- 073D 5B POP BX
- 073E 1F POP DS
- 073F EBF7 JMP SHORT 0738H
- 0741 1E PUSH DS
- 0742 53 PUSH BX
- 0743 8CCB MOV BX,CS
- 0745 8EDB MOV DS,BX
- 0747 FB STI
- 0748 C5053D0100 MOV BYTE PTR [013DH],00H
- 074D 803E660400 CMP BYTE PTR [0466H],00H
- 0752 7420 JE 0774H
- 0754 833E670400 CMP WORD PTR [0469H],00H
- 0759 7507 JNE 0762H
- 075B 833E670400 CMP WORD PTR [0467H],00H
- 0760 740D JE 076FH
- 0762 832E670401 SUB WORD PTR [0467H],01H
- 0767 831E690400 SBB WORD PTR [0469H],00H
- 076C EB06 JMP SHORT 0774H
- 076E 90 NOP
- 076F C606660400 MOV BYTE PTR [0466H],00H
- 0774 803E530400 CMP BYTE PTR [0466H],00H
- 0779 74C2 JE 037DH
- 077B 833E662400 CMP WORD PTR [2466H],00H
- 0780 7507 JNE 0789H
- 0782 833E682400 CMP WORD PTR [2468H],00H
- 0787 740C JE 0795H
- 0789 832E682401 SUB WORD PTR [2468H],01H
- 078E 831E662400 SBB WORD PTR [2466H],00H
- 0793 EBA8 JMP SHORT 073DH
- 0795 E8841D CALL 251CH ;HMMM !
- 0798 EBA3 JMP SHORT 073DH
-
- THE SAGA CONTINUES ...
-
- 251C 50 PUSH AX
- 251D 1E PUSH DS
- 251E A05304 MOV AL,[0453H]
- 2521 3C01 CMP AL,01H
- 2523 7407 JE 252CH
- 2525 3C02 CMP AL,02H
- 2527 743F JE 2568H
- 2529 1F POP DS
- 252A 58 POP AX
- 252B C3 RET ?NEAR
- 252C BD9D2D MOV BP,2D9DH BP DESTROYED
- 252F E8480E CALL 337AH
- 2532 A16C24 MOV AX,[246CH]
- 2535 A39D2D MOV [2D9DH],AX
- 2538 BD9D2D MOV BP,2D9DH
- 253B E8E30D CALL 3321H
- 253E BD9D2D MOV BP,2D9DH
- 2541 BEE023 MOV SI,23E0H SI DESTROYED
- 2544 B601 MOV DH,01H DX DESTROYED
- 2546 B201 MOV DL,01H (BUT WILL BE RESTORED
- 2548 E8230C CALL 317FH BY THE BIOS)
- 254B E88407 CALL 2CD2H
- 254E 8B366024 MOV SI,[2460H]
- 2552 387D07 CALL 2CD2H
- 2555 A16224 MOV AX,[2462H]
- 2558 A36824 MOV [2468H],AX
- 255B C70666240000 MOV WORD PTR [2466H],000H
- 2561 C606530402 MOV BYTE PTR [0453H],02H
- 2566 EBC1 JMP SHORT 2529H
- 2568 BD9D2D MOV BP,2D9DH
- 256B E80C0E CALL 337AH
- 256E C606530400 MOV BYTE PTR [0453H],00H
- 2573 EBB4 JMP SHORT 2529H
- .
- .
-
- Prokey does not save and restore all registers when trapping interrupt
- 1C. The reason why this error occurs at a higher frequency when using
- Sidekick is beyond this discussion. However, to verify the error try the
- following:
-
- 1. Start Prokey
- 2. Define a key recursively
- 3. Notice prokey now issues an error message
- 4. terminate definition (fast...)
- 5. press return 100 times
- 6. if prokey did not crash repeat step 2-6
-
- Register destroying occurs when Prokey is flashing error message. You must
- terminate and press return as fast as possible, and be logged on a floppy
- drive (important: let your prompt show the active directory in order to let
- dos read on the disk).
-
- The following program establishes a trap at interrupt 8 (to make sure Prokey
- or others does not overwrite it, bios int 8 then activates 1C).
-
- CODE SEGMENT
- ASSUME CS:CODE
- ORG 100H
- START PROC
- JMP SHORT SETUP
- START ENDP
- INT08SAVE DD
- INT08TRAP PROC FAR
- PUSH AX
- PUSH BX
- PUSH CX
- PUSH DX
- PUSH SI
- PUSH DI
- PUSH BP
- PUSH DS
- PUSH ES
- PUSHF
- CALL INT08SAVE
- POP ES
- POP DS
- POP BP
- POP DI
- POP SI
- POP DX
- POP CX
- POP BX
- POP AX
- IRET
- INT08TRAP ENDP
- EOTRAP:
- SETUP PROC
-
- MOV DS,AX
- MOV SI,20H
- CLI
- LES AX,DWORD PTR[SI]
- MOV WORD PTR INT08SAVE,AX
- MOV WORD PT
- MOV WORD PTR [SI],OFFSET INT08TRAP
- MOV [SI+2],CS
- STI
- MOV DX,OFFSET EOTRAP+1
-
- SETUP ENDP
- CODE ENDS
- END START
-
- It may be faster to enter the following bytes using debug and writing them
- to the file profix.com, thus saving your original prokey file:
-
-
- e100
- 0100: EB 1D 00 00 00 00 50 53 51 52 56 57 55 1E 06 9C
- 0110: 2E FF 1E 02 01 07 1F 5D 5F 5E 5A 59 5B 58 CF 33
- 0120: C0 8E D8 BE 20 00 FA C4 04 2E A3 02 01 2E 8C 06
- 0130: 04 01 C7 04 06 01 8C 4C 02 FB BA 20 01 CD 27
- RCX
- 3F
- NPROFIX.COM
- W
-
- NOW USE PROFIX INSTEAD OF PROKEY
-
- NOTE: THIS MAY NOT BE THE COMPLETE SOLUTION AS THE WORD STILL DOES NOT
- WORK WITH PROKEY. FURTHERMORE THIS HAS ONLY BEEN TESTED USING PROKEY
- VERSION 3.0 - OLDER VERSIONS MAY HAVE OTHER BUGS!
- INSTRUCTIONS FOR UNPROTECTING PFS-FILE AND PFS-REPORT.
-
- IMPORTANT! COPY FILE.EXE AND/OR REPORT.EXE TO ANOTHER DISK FIRST.
- DON'T MAKE THESE PATCHES ON YOUR ORIGINAL DISK! (USE THE USUAL DOS
- COPY COMMAND)
-
- FOR PFS-FILE:
- RENAME FILE.EXE TO FILE.ZAP
- HAVE DEBUG.COM HANDY
- TYPE -> DEBUG FILE.ZAP
- TYPE -> U 9243
- YOU SHOULD SEE, AMONG OTHER THINGS: PUSH BP
- MOV AX,DS
- MOV ES,AX
- (ETC)
- IF YOU DON'T SEE THIS, TYPE -> Q (YOU DON'T HAVE THE RIGHT VERSION)
- OTHERWISE,
- TYPE -> E 9248 EB 2B
- TYPE -> W
- TYPE -> Q
- BACK IN DOS, RENAME FILE.ZAP TO FILE.EXE. YOU NOW HAVE AN UNPROTECTED
- COPY OF PFS-FILE.
-
- FOR PFS-REPORT:
- RENAME REPORT.EXE TO REPORT.ZAP
- HAVE DEBUG.COM HANDY, AND TYPE -> DEBUG REPORT.ZAP
- TYPE -> U 98BF
- YOU SHOULD SEE, AMONG OTHER THINGS: PUSH BP
- MOV AX,DS
- MOV ES,AX
- (ETC)
- IF YOU DON'T SEE THIS, TYPE -> Q (YOU DON'T HAVE THE RIGHT VERSION)
- OTHERWISE,
- TYPE -> E 98C4 EB 2B
- TYPE -> W
- TYPE -> Q
- BACK IN DOS, RENAME REPORT.ZAP TO REPORT.EXE. YOU NOW HAVE AN
- UNPROTECTED COPY OF PFS-REPORT.
-
- For those of you whose PFS:FILE and PFS:REPORT do not match the other
- PFS zaps on this board, try these:
-
- ----------------------------------------------------------------------
-
- For PFS:FILE, copy FILE.EXE to another disk, and do:
-
- RENAME FILE.EXE FILE.ZAP
- DEBUG FILE.ZAP
- U 9213
- should show ... PUSH BP
- MOV CX,0004
- which is the first part of a timing loop.
- if it doesn't, quit; else do:
- E 9217 EB 18
- U 9213
- should show ... PUSH BP
- MOV CX,0004
- JMP 9231
- if so, do:
- W
- Q
- RENAME FILE.ZAP FILE.EXE
-
- ----------------------------------------------------------------------
-
- For PFS:REPORT, copy REPORT.EXE to another disk, and do:
-
- RENAME REPORT.EXE REPORT.ZAP
- DEBUG REPORT.ZAP
- U 9875
- should show ... PUSH BP
- MOV AX,DS
- MOV ES,AX
- if it doesn't, quit; else do:
- E 987A EB 11
- U 9875
- should show ... PUSH BP
- MOV AX,DS
- MOV ES,AX
- JMP 988D
- if so, do:
- W
- Q
- RENAME REPORT.ZAP REPORT.EXE
-
- ----------------------------------------------------------------------
-
- if everything was OK, your new versions of PFS:FILE and PFS:REPORT
- should run just fine without the original diskettes.
-
- ----------------------------------------------------------------------
-
- Zaps provided by Lazarus Associates
-
- <> <> <> <> <> <> <> <> <> <> <>
- ----------------------------------------------------------UNPROTECT IBM PERSONAL
-
- 1. REN MCEMAIL.EXE X
- 2. DEBUG X DOS 2.xx Version
- 3. A EB47 JMP EB4F (was JNZ EB4F)
- 4. A EBEF NOP NOP (was JZ EC0B)
- 5. A EC06 NOP NOP (was JNZ EC0B)
- 6. W
- 7. Q
- 8. REN X MCEMAIL.EXE
-
- IMPORTANT! All copies of PCM must have this patch
- (i.e. the programs on both ends of a connection).
- This has been tested on a PCjr and PC.
-
- <> <> <> <> <> <> <> <> <> <> <>
- FOR THE USERS THAT HAVE 'PC-DRAW' V1.4
- ------------------------------------------
- FROM : THE A.S.P ; (Against Software Protection)
-
- ORIGINALLY SUBMITTED TO ASA FULTONS BBS - SHINING SUN :305-273-0020
- AND WHIT WYANTS BBS - PC-CONNECT :203-966-8869
- PLEASE NOTE THAT THESE UNPROTECT PROCEDURES INVOLVE FROM 4 HOURS TO
- (+1 HOURS FOR PC-DRAW V1.4)
- 40 OR MORE HOURS OF SINGLE STEPPING THRU CODE AND FIGURING OUT THE
- INTENT OF THE ORIGINAL CODE.. SO I WOULD APPRECIATE IT WHEN U PASS
- THIS ON TO OTHER BOARDS YOU DO NOT ALTER THIS OR TRY TO TAKE CREDIT
- FOR MY LOST SLEEP.... THE A.S.P... ORLANDO FLA. (J P , TO HIS FRIENDS)
- IF YOU HAVE A HARD DISK OR WANT TO CREATE A BACKUP COPY THAT IS NOT
- TIED INTO THE PC-DRAW DISKETTE...IN CASE YOUR ONLY COPY GOES BAD
- . THIS PATCH WILL REMOVE THE COPY PROTECTION COMPLETELY....
- AS ALWAYS THIS IS FOR YOUR PERSONAL PEACE OF MIND ONLY
- IT IS NOT MEANT TO BYPASS ANY COPYRIGHTS..YOU ARE BY LAW BOUND BY
- YOUR PURCHASE LICENSE AGREEMENT.
- IF YOU HAVE A HARD DISK AND WANT TO PUT THE PROGRAM ON SUCH
- WHY SHOULD YOU BE TIED TO A FLOPPY. YOU HAD TO GIVE UP A LOT OF
- 'BIG MACS' TO GET YOUR HARD DISK.
-
- THIS WRITE UP ASSUMES THAT YOU ARE FAMILIAR WITH DEBUG,
-
- 1). FORMAT A CORRESPONDING EQUAL NUMBER OF DOS2.0 OR 2.1 DISKS
- AS SYSTEM DISKS
-
- 2). LABEL EACH OF THE 2.X FORMATTED DISKS THE SAME AS EACH ONE OF
- THE ORIGINAL 'PC-DRAW' DISKS
-
- 3). COPY THE FILES FROM THE ORIGINAL DISKS TO THE 2.X FORMATTED DISK
- ON A ONE FOR ONE BASIS, USING 'COPY' COMMAND
-
- 4). PLACE THE ORIGINAL DISKS IN A SAFE PLACE, WE DONT NEED THEM ANY MORE.
-
- 5). PLACE 'DISK 1' IN THE 'A' DRIVE
- 6). RENAME PC-DRAW.EXE PC-DRAW
- 7). DEBUG PC-DRAW
- 8) ENTER -S CS:100 L EFFF CD 13
- 9). FIRST YOU SHOULD SEE THE FOLLOWING CODE AT ADDRESS
- CS:4D45 CD 13 INT 13
- IF U DONT U MAY HAVE A DIFFERENT VERSION SO DONT PROCEED ANY FARTHER,
- ENTER THE CHANGE TO CHANGE "INT 13" TO "NOP" AND "STC", AND FORCE A JUMP
- 10). ENTER -E 4D45 90 F9 EB 28
- 11). ENTER -W
- 12). ENTER -Q
- 13). RENAME PC-DRAW PC-DRAW.EXE
-
- NOTE: PC-DRAW IS NOW COMPLETELY UNPROTECTED.
- IF U WANT TO USE 'PC-DRAW' FROM HARD DISK OR RAM DISK U MUST USE THE
- CORRECT 'ASSIGN=', SINCE 'PC-DRAW' APPEARS TO HAVE DRIVES HARD CODED.
-
-
- ALSO FOR V1.2 AND 1.3 THE BAD TRACK CHECK WAS IN DIAGRAM.EXE,
- NOTE THAT THE CHECK IS NOW DONE IN PC-DRAW.EXE.
-
- ENJOY YOUR NEW FOUND FREEDOM..HARD DISKS FOREVER!!!!!
- END OF TRANSFER - PRESS ENTER TO RETURN TO MENU
- This procedure will unprotect the version 1.10A of SIDEKICK.
-
- Many thanks to the individual who provided the procedure
- for the version 1.00A.
-
- The only major difference between the two versions is the offset
- address of the instructions to be modified.
-
- Using DEBUG on SK.COM, NOP out the CALL 8C1E at location 07CA ----+
- |
- Change the OR AL,AL at 07D9 to OR AL,01 --------+ |
- | |
- .....and that's it! | |
- | |
- (BEFORE ZAP) | |
- 78A7:07CA E85184 CALL 8C1E <----------------------------+
- 78A7:07CD 2E CS: | |
- 78A7:07CE 8E163E02 MOV SS,[023E] | |
- 78A7:07D2 2E CS: | |
- 78A7:07D3 8B264002 MOV SP,[0240] | |
- 78A7:07D7 1F POP DS | |
- 78A7:07D8 59 POP CX | |
- 78A7:07D9 0AC0 OR AL,AL <----------+ |
- | |
- (AFTER ZAP) | |
- 78A7:07CA 90 NOP <-----------------------------+
- 78A7:07CB 90 NOP <-----------------------------+
- 78A7:07CC 90 NOP <-----------------------------+
- 78A7:07CD 2E CS: |
- 78A7:07CE 8E163E02 MOV SS,[023E] |
- 78A7:07D2 2E CS: |
- 78A7:07D3 8B264002 MOV SP,[0240] |
- 78A7:07D7 1F POP DS |
- 78A7:07D8 59 POP CX |
- 78A7:07D9 0C01 OR AL,01 <----------+
- -------------------------------------------------------------------
- <> <> <> <> <> <> <> <> <> <> <>
-
- UNPROTECT FOR -SIGNMASTER
- FROM : THE A.S.P ; (Against Software Protection)
-
- 1). FORMAT 1 SYSTEM DISK UNDER DOS 2.0 OR 2.1 OR 3.0
- 2). LABEL IT ACCORDING TO THE ORIGINAL 'SIGNMASTER' SYSTEM DISKETTE
- 3). COPY THE (UNHIDDEN) FILES FROM THE ORIGINAL DISKETTE TO THE CORRESPONDING
- 2.X OR 3.X FORMATTED DISKETTE
- 4). I WONT TELL U HOW TO USE DEBUG OR ANY 'PATCHER' PROGRAMS
- ON THE BBS'S, I ASSUME U HAVE A BASIC UNDERSTANDING.
- 5). RENAME SIGN.EXE SIGN
- 6). DEBUG SIGN
- 7). D CS:99C
- YOU SHOULD SEE 75 03 E9 09
- E CS:99C 90 90 EB 1F
- D CS:D407
- YOU SHOULD SEE 5F
- E CS:D407 CB
- W
- Q
- 8). RENAME SIGN SIGN.EXE
-
- OTHER NOTES:
- -------------------------------------------------------------------------
-
- 1). CHECKS FOR SPECIALLY FORMATTED TRACKS COMPLETELY REMOVED
-
- 2). U MAY LOAD ALL THE FILES ON THE NEWLY FORMATTED AND UNPROTECTED
- DISKETTE DIRECTLY TO HARD OR RAM DISK, IN ANY SUB-DIRECTORY U
- SET UP
-
- 3). SOMEONE WANTED TO KNOW WHY I USED UPPER CASE FOR EVERYTHING. FIRST
- AFTER ABOUT 8 TO 20 HOURS OF STARING AT THE TUBE., I AM NOT ABOUT
- TO SHIFT THE CHARACTERS, AND SECONDLY I AM SO EXCITED , AFTER DOING
- SOMETHING THAT AT FIRST SEEMED IMPOSSIBLE, AND IN A HURRY TO GET IT OUT
- ON A BBS, SO THAT U MAY USE THE NEWLY GLEAMED KNOWLEDGE.
-
- This is the procedure for bypassing the copy protection scheme used by
- SIDEKICK, version 1.00A.
-
- Using DEBUG on SK.COM, NOP out the CALL 8780 at location 071A ----+
- |
- Change the OR AL,AL at 072D to OR AL,01 --------+ |
- | |
- .....and that's it! | |
- | |
- (BEFORE ZAP) | |
- 78A7:071A E86380 CALL 8780 <----------------------------+
- 78A7:071D 2E CS: | |
- 78A7:071E 8E163D02 MOV SS,[023D] | |
- 78A7:0722 2E CS: | |
- 78A7:0723 8B263F02 MOV SP,[023F] | |
- 78A7:0727 1F POP DS | |
- 78A7:0728 59 POP CX | |
- 78A7:0729 880E1300 MOV [0013],CL | |
- 78A7:072D 0AC0 OR AL,AL <----------+ |
- | |
- (AFTER ZAP) | |
- 78A7:071A 90 NOP <-----------------------------+
- 78A7:071B 90 NOP <-----------------------------+
- 78A7:071C 90 NOP <-----------------------------+
- 78A7:071D 2E CS: |
- 78A7:071E 8E163D02 MOV SS,[023D] |
- 78A7:0722 2E CS: |
- 78A7:0723 8B263F02 MOV SP,[023F] |
- 78A7:0727 1F POP DS |
- 78A7:0728 59 POP CX |
- 78A7:0729 880E1300 MOV [0013],CL |
- 78A7:072D 0C01 OR AL,01 <----------+
- <> <> <> <> <> <> <> <> <> <> <>
-
- What follows is an unprotect scheme for version 1.11C of Borland
- International's Sidekick. The basic procedure is the same as
- that for version 1.1A with just location differences. So the
- only credit I can take is for finding the new locations! This is
- (of course), provided only for legal owners of Sidekick!! Also,
- make sure you 'DEBUG' a copy NOT the original!
- DEBUG SK.COM <ENTER>
- -U 801 <ENTER>
- -E 801 <ENTER>
- you will then see:
- 25E5:0801 E8.
- 90 <ENTER>
- repeat for 802 and 803:
- -E 802 <ENTER>
- 90 <ENTER>
- -E 803 <ENTER>
- 90 <ENTER>
- then:
- -A 810 <ENTER>
- OR AL,01 <ENTER>
- <ENTER>
- -U 801 <ENTER>
- you should then see (among other things):
- XXXX:801 90 NOP
- XXXX:802 90 NOP
- XXXX:803 90 NOP
-
- XXXX:810 0C01 OR AL,01
- if so:
- -W <ENTER>
- -Q <ENTER>
- if not:
- -Q <ENTER>
-
- +++++++++++++++++++++++++++++++++++++++++++++++++++++
-
- For SKN.COM, SKM.COM and SKC.COM the unprotect is the same
- but at the following locations:
-
- SK SKN SKM SKC
- --- --- --- ---
- 801 7DF 76F 7BC
- 802 7E0 770 7BD
- 803 7E1 771 7BE
- 810 7EE 77E 7CB
-
- To unprotect SKC.COM you would 'DEBUG SKC.COM' and then replace
- any occurence of '801' with '7BC'; '802' with '7BD' and so on.
- GOOD LUCK!
- * * * * * * * * * * * *
- * * * * * * * * * * * *
-
- This is an explanation of the internal workings of Print.Com, a file
- included in DOS for the IBM PC and compatibles. It explains how this
- program fails to do its part to insure integrity of all registers. For
- this reason some trouble was being experienced while using both SideKick
- and Print.
-
- op
- The timer tick generates an interrupt 8 18.2 per second. When SK
- is not active, this interrupt is handled by the Bios as follows:
-
- It pushes all registers used by the routine (AX among others.)
- It updates the system timer count.
- It updates the disk motor timer count.
- It generates an int 1C.
-
- When the spooler is active, it has placed a vector at int 1C,
- pointing at the spooler's code. The spooler is therefore
- activated in the middle of the int 8 handling. The cause of the
- SK received the int 8 and calls the bios int 8 routine to make
- sure that the timer tick is properly handles. The bios int 8
- me as above:
-
- It pushes all registers used by the routine (AX among others).
- It updates the system timer count.
- It updates the disk motor timer count.
- It generates an int 10.
- SK has replaced the vector that the spooler placed here with a
- IRET, so nothing happens. This is because we cannot allow the
- timer tick to pass through to programs which use it, for example
- to write on the screen.
- It generates an end-of-interrupt to the interrupt controler.
- It pops the registers that were pushed.
- It does an interrupt return.
-
- Back in SK's int 8 routine we make a call to the address that was
- stored at int 10 when SK was first started. In this way he still
- services any resident programs that were loaded before SK. With
- the spooler active we therefore make a call to the spooler.
-
- The spooler again corrupts the AX register because it uses it
- without saving it first.
- Back in SK we have no way of restoring the original contents of
- the AX register because we did not save it (why should we, we
- don't use it.)
-
- In short, the root of the trouble is that the spooler destroys
- the AX register. The fact that the Bio's int 8 routine saves and
- stores it is pure coincidence.
-
- I quote from the Technical Reference Manual, Pages 2-5, Section
- Interrupt Hex 1C-timer tick:
-
- "It is the responsibility of the application to save and restore
- all registers that will be modified."
-
- Relying on a version of the Bios which happens to save register
- AX is bad programming practice. However, the guy who wrote the
- print spooler did not rely on this because at another point in
- his program he does correctly save AX. Obviously he simply
- forgot and fortunately for him the Bios saved him.
-
- The following patch will fix the problem:
-
- SK.COM unprotected version change 7F8: 55 to 7F8: 50
- SK.COM unprotected version change 805: 5D to 805: 58
-
- SK.COM protected version change 801: 55 to 801: 50
- SK.COM protected version change 80E: 5D to 80E: 58
-
- Also on both above change 012C: 41 to 012C: 42
-
- UNPROTECT IBM TIME MANAGER (80 Column Version) Version 1.00 -
-
- 1. Have a formatted, blank disk ready if copying to a floppy. Hard
- disk is OK, also.
-
- 2. Startup DEBUG from drive A. Just type DEBUG <enter>
-
- 3. Place the TIME MANAGER program disk in drive A.
- 4. Type L 600 0 A5 40 <enter>
- 5. Type F 100,600 90 <enter>
- 6. Type RCX <enter>
- 7. Type 8000 <enter>
- 8. Place the formated, blank floppy in drive B
-
- 9. Type NTM.COM <enter>
- 10. Type W <enter>
- 11. Type Q <enter>
-
- That's it. You now have the 80-column version of Time Manager on the
- disk in Drive B. It is called TM.COM and can be started by simply
- typing TM.
-
- BE AWARE!!! - the data diskette is non-dos and cannot be placed on a
- hard disk. Also, while the program itself can be loaded from any drive
- letter (A-Z), the data disk can only be on drives A or B.
- The data disk is not protected and may be copied with DISKCOPY.
-
-
- For the 40-column version, replace line4 with:
-
- 4. Type L 600 0 65 40 <enter>
-
- All others steps are the same.
-
- If you wish to have both a 40 and 80 column version, change line 9
- so that the name is descriptive of the version, i.e. NTM40.COM or
- NTM80.COM.
-
- <-----<<END>>----->
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++
- !
-
-