> Has anyone disassembled this bogus utility?  (It purports to
 > somehow magically change your system so your 486 now runs as
 > well as a 586 .. and the most recent versions say it'll run
 > like a Pentium.)
 > It's a total fraud, of course .. but I just wondered what the
 > program is _actually_ doing (and a disassembly would be the
 > best way to find out, I suppose).
 > It's encrypted (several layers), of course.  I worked through
 > the decryption in DEBUG, saved a chunk of the "clear-text" (if
 > you can use that phrase for a binary program) out .. and it
 > looks like the original program was programmed in C.  So the
 > disassembly is gonna be ugly.
No response, so I went ahead with the project from curiousity.
Using UNP, I removed the encryption.  First layer:
D:\DISASSY>unp 486to586.exe
UNP 4.11 Executable file restore utility, written by Ben Castricum, 05/30/95
processing file : 486TO586.EXE
DOS file size   : 5594
file-structure  : executable (EXE)
EXE part sizes  : header 32 bytes, image 5562 bytes, overlay 0 bytes
processed with  : PROTECT! EXE/COM V1.0
action          : removing encryption... done
new file size   : 5312
writing to file : 486TO586.EXE
There was another layer of protection:
D:\DISASSY>unp 486to586.exe
UNP 4.11 Executable file restore utility, written by Ben Castricum, 05/30/95
processing file : 486TO586.EXE
DOS file size   : 5312
file-structure  : executable (EXE)
EXE part sizes  : header 32 bytes, image 5280 bytes, overlay 0 bytes
processed with  : LZEXE V0.91 or V1.00a
action          : decompressing... done
new file size   : 7136
writing to file : 486TO586.EXE
 > But if anyone's already done that, I'd love to see the
 > disassembled assembly language source .. or the original C
 > source, if anyone knows where it is.
Then I disassembled it.  Examination with DEBUG indicated it was probably a 
compiled C program.  Not wanting to screw with all the usual C segments, I 
just let Sourcer do its thing.  The resultant .ASM disassembly wasn't pretty, 
Sourcer missed its usual jump tables, confused code with data, etc. etc., ad 
nauseum.  However, some looking up in the .EXE with DEBUG provided enough of 
the information to edit the .ASM output, and I could figure what was going 
.
 > Or if nothing else, an authoritative (anyone out there consider
 > themselves an authority?) explanation as to what it actually
 > does.
j
What does it do?  Nothing.  It's a joke, a lie, a fraud.  Oh, it _does_ make 
a crude cursory check as to CPU type, and will abort if you don't have a 486. 
 (Maybe: I didn't check out the CPU testing code closely.)
But everything else, its reports of "Testing Co-Processor," "reading current 
bios state," "testing CPU state," etc. .. all bogus.  It displays the text, 
goes and delays for a while, and then continues.
When it's done .. it doesn't even stay TSR!  It just terminates, giving the 
final lie, "You are now capable of running Pentium-intensive software!"  
(whatever _that_ means!)
So .. the definitive answer:  486TO586.EXE is a total fraud.  But a harmless 
fraud.  Its original C code was probably no more than 50 lines long.
I fully expect its predecessor, 386TO486, to be of the same ilk.  Don't waste 
a byte space of disk storage or a second of file transfer time on this joke.
.ASM source of the Rough disassembly available on request.  But since it's 
76K long, I'll send it to you email only (in hexified, uuencoded, encrypted 
.ARJ), and you'll have to call me voice to get the password .. just because 
it's so worthless and you obviously haven't been listening to what I'm 
saying, so I'm gonna make it tough on you just to teach you a lesson.
Those of you who _have_ been listening will, of course, have no use for such 
trash.
David Kirschbaum
Toad Hall
squiretoad@ibm.net
---
---------------