Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Thunderbyte Residency Test

Rhincewind
Vlad [3]
February 1995

[Back to index] [Comments]

As you may or may not know, the Thunderbyte resident av utilities hook themselves to the device driver chain using the following device names: TBDRVXXX, TBFILXXX, TBDSKXXX, TBMEMXXX, TBCHKXXX and TBLOGXXX. Now, by doing trial handle opens you can detect if those devices do or do not exist et voila, you have a method for testing residency. TBAV itself scans the actual device driver chain for the TB???XXX devices which is unlike this method, pretty much impossible to confuse, but also undocumented and thus it's not guaranteed to work under future versions of DOS! Yes, Frans Veldman calls vile and unsafe functions in his battle against replicating codefragments.

Added note: Just recently I was looking at the EMM virus written by the author of the OneHalf family and found that it traces the device chain to detect thunderbyte residency. This means that this kind of detection isn't exactly new. Oh well, what the heck.

                .model tiny

                .code

                org 100h

start:
                mov ah, 09
                mov dx, offset startmsg
                int 21h
                mov cx,6
                mov dx, offset tbdrvxxx
detect_loop:
                mov ah,09
                int 21h
                mov ax, 3d00h
                add dx,9
                int 21h
                push dx
                mov dx, offset not_resident
                jc dont_add
                add dx, (resident-not_resident)
                mov bh,3eh
                xchg ax,bx
                int 21h
dont_add:
                mov ah, 09
                int 21h
                pop dx
                add dx,9
                loop detect_loop
                int 20h
startmsg        db 'Thunderbyte Residency Test by Rhincewind [Vlad]'
                db 0dh,0ah,0dh,0ah,'$'
tbdrvxxx        db 'TbDriver$'
                db 'TBDRVXXX',0
tbfilxxx        db 'TbFile$',0,0
                db 'TBFILXXX',0
tbdskxxx        db 'TbDisk$',0,0
                db 'TBDSKXXX',0
tbmemxxx        db 'TbMem$',0,0,0
                db 'TBMEMXXX',0
tbchkxxx        db 'TbCheck$',0
                db 'TBCHKXXX',0
tblogxxx        db 'TbLog$',0,0,0
                db 'TBLOGXXX',0
not_resident    db ' - Not Resident',0dh,0ah,'$'
resident        db ' - Resident',0dh,0ah,'$'

                end start
By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxheaven.org aka vx.netlux.org
deenesitfrplruua