'>>> Page 1 of WIN95SPY.BAS begins here. TYPE:BAS
'WIN95SPY.BAS Ausspionieren von System-Interrupts, SHELL-Programm (kein TSR)
'Autor: Andras Hoeffken, 2:2480/13.34 @ fidonet
' email: ah@confusion.rmc.de
'Public Domain 8. Aug. 97
$COMPILE EXE
$CPU 80386 'ein 386er sollte es mindestens sein!
$FLOAT NPX ' " "
$OPTIMIZE SPEED
$STATIC 'statische Arrays wegen der ISR Routinen
$DEBUG MAP OFF 'Rest: um EXE-Groesse moeglichst klein zu machen!!
$DEBUG PBDEBUG OFF
$DEBUG PATH OFF
$ERROR ALL OFF
$EVENT OFF
$LIB ALL OFF
$LIB IPRINT ON
$OPTION CNTLBREAK OFF
$OPTION GOSUB OFF
$COM 0
$SOUND 1
$STACK 2048 'Minimum Stackgroesse = 2 K
$STRING 1 'Minimum String-Block = 1 K
$DIM ALL ' *W I C H T I G*
%TRUE = -1
%FALSE = 0
%vector1 = &h21 '1. Vector (waehlbar, hier 21 = MS-DOS-Vector)
%vector2 = &h2F '2. Vector (waehlbar, hier 2F = MULTIPLEX-Vector)
%timer08 = &H08 'immer &H08 = Timer IRQ0 (fest)
%DOS = 1 '5 Zustaende beim Windows-Aufruf
%W_INIT = 2 : %W_INIT_CODE = &H1605
%W_READY = 3 : %W_READY_CODE = &H1608
%W_EXIT = 4 : %W_EXIT_CODE = &H1609
%W_DONE = 5 : %W_DONE_CODE = &H1606
DECLARE FUNCTION win_version () AS STRING
DECLARE FUNCTION vmid () AS INTEGER
declare function iopl () as integer
DECLARE FUNCTION v86 () AS INTEGER
DECLARE FUNCTION dos_getvect (BYVAL nummer AS BYTE) AS DWORD
DECLARE SUB dos_setvect (BYVAL nummer AS BYTE, BYVAL vectorptr AS DWORD)
declare function hex2 (i as integer) as string
declare function screen_redir() as integer
'die folgenden Variablen sind STATIC bei default (initialisiert mit 0),
'sie sind in den inline-ASM Routinen automatisch sichtbar!
DIM old_vec1 AS DWORD, old_vec2 AS DWORD, old_vec3 as dword 'alten Vektoren
dim count_t as dword, CHAIN_vector as dword
DIM all_int21(5) AS DWORD, v86_int21(5) as dword, status as integer
DIM all_int2F(5) AS DWORD, v86_int2F(5) as dword
dim int21(255) as dword, int2F(255) as dword
dim iopl_int21(3) as dword, iopl_int2F(3) as dword
dim vm_int21(4) as dword, vm_int2F(4) as dword
dim win as integer, details as integer, file as integer, cmds as string
DIM dummy AS LONG, i AS INTEGER, j as integer, k as integer, x AS STRING
dim t1 as single, t2 as dword, t3 as dword, t4 as single
'------ Nachbildung der C-Funktion "void main(int argc, char *argv[])" ------
DECLARE SUB CmdLine (argc AS INTEGER, argv() AS STRING, amax AS INTEGER)
DIM argc AS INTEGER, argv(0 to 9) AS STRING 'Begrenzung auf zB. 9 Argumente
CmdLine argc, argv(), 9 'argc: 0=keine Argumente, sonst 1 bis max 9
main:
'----------------------------------------------------------------------------
status = %DOS 'Beginn immer mit DOS
CLS
PRINT "WIN95SPY - testet, wie oft DOS/WINDOWS Interrupts aufruft"
PRINT " Aufruf: 'WIN95SPY [-w[indows]] [-d[etails]] '"
PRINT " MS-DOS laeuft im: ";
IF v86 THEN x = "V86" ELSE x = "Pure Real"
PRINT x + " Mode"
PRINT " Windows Version:"; win_version;
IF win_version " keine" THEN
PRINT " - ID der Virtuellen Maschine:"; vmid
if win then print "Windows laeuft, -w switch hat keinen Sinn": goto
ini
ELSE
PRINT
if v86 then print "V86 Modus, -w switch hat keinen Sinn": goto fini
END IF
PRINT
print "Getestet werden INT";hex2(%vector1);" und INT";hex2(%vector2)
cmds = "" 'Weitergabe-Kommando fuer SHELL
win = 0 'eigene Flags
details=0
file=0
for i=1 to argc 'die 2 Gruppen aussortieren
select case left$(argv(i),1)
case "-" 'ein eigenes Flag
select case ucase$(mid$(argv(i),2,1))
case "W": win=1
case "D": details=1
case "F": file=1
end select
case else 'ein Weitergabe-Argument
cmds=cmds+argv(i)+" " 'Argumente fuer SHELL zusammenpacken
end select
next i
cmds = rtrim$(cmds)
print 'Kontrollanzeige
print "COMMAND$: *";command$;"*"
print "Anzahl Argumente:";argc
for i=0 to argc
print tab(18);i, argv(i)
next i
print "Windows:";win;" Details:";details;" Fileausgabe:";file;_
" SHELL-CMD: '";cmds;"'"
print
if file and screen_redir then
print "Fileausgabe! Screen-Umleitung nicht moeglich, EXIT!": goto fini
end if
'--------------------------------------------------------------------------
old_vec1 = dos_getvect (%vector1) 'alte ISR Vektoren merken
old_vec2 = dos_getvect (%vector2)
old_vec3 = dos_getvect (%timer08)
! call near prepare_old_timvec
'RAM minimieren (wird wohl vom SHELL Befehl automatisch gemacht?)
dummy=SETMEM(0) '0 = nur ablesen
PRINT "Endmem, Free, FarHeap (vorher ):";ENDMEM,FRE(-1),dummy
' mempack: dummy=setmem(0) 'a) bringt nichts
' memset endmem-fre(-1):dummy=setmem(0) 'b) bringt nichts
' dummy = setmem(-600000) 'c) bringt nichts
PRINT "Endmem, Free, FarHeap (nachher):";ENDMEM,FRE(-1),dummy
print
if cmds="" then
print "Manuelle Eingabe am DOS-Promt; zum Abschluss EXIT tippen"
end if
print "Fuer SHELL: Taste druecken"
while inkey$="":wend
for i=1 to 79:print "-";:next i:print
t1 = timer
! CALL near SAVE_PB_regs ;eigene Regs merken (werden in den ISRs gebraucht)
dos_setvect %vector1, CODEPTR32(INT_serv1) 'neue ISR Vektoren setzen
dos_setvect %vector2, CODEPTR32(INT_serv2)
dos_setvect %timer08, CODEPTR32(timer_int)
SHELL cmds 'WIN95SPY bleibt lauffaehig und belegt ca. 40 KB im RAM
'ohne Argumente z.B "MEM /DEBUG |MORE" tippen, danach "EXIT"
dos_setvect %timer08, old_vec3 'alte Vektor restaurieren
dos_setvect %vector2, old_vec2
dos_setvect %vector1, old_vec1
t4 = timer
if file then
open "win95spy.log" for output as #1
else
LOCATE 25,1 'Ergebnisanzeige
open "CONS:" for output as #1 'erlaubt PRINT-Umleitung in File
end if
for i=1 to 79:print #1, "-";:next i:print #1,
print #1, "Ergebnisse von WIN95SPY:": print #1,
print #1, "Timer Ticks:";count_t; " ";
print #1, using "Tick-Secs: ###.## - PB-Secs: ###.##";_
count_t/18.2065;t4-t1
print #1,
if win then
print #1, "Vor dem Start von Windows:";
else
print #1, "Nur DOS:";
end if
print #1, tab(30);"INT21 Calls:";all_int21(1);tab(52);_
"- im V86-Modus:";v86_int21(1)
print #1, tab(30);"INT2F Calls:";all_int2F(1);tab(52);_
"- im V86-Modus:";v86_int2F(1)
if win then
print #1, "Waehrend Windows startet:";
print #1, tab(30);"INT21 Calls:";all_int21(2);tab(52);_
"- im V86-Modus:";v86_int21(2)
print #1, tab(30);"INT2F Calls:";all_int2F(2);tab(52);_
"- im V86-Modus:";v86_int2F(2)
print #1, "Waehrend Windows laeuft:";
print #1, tab(30);"INT21 Calls:";all_int21(3);tab(52);_
"- im V86-Modus:";v86_int21(3)
print #1, tab(30);"INT2F Calls:";all_int2F(3);tab(52);_
"- im V86-Modus:";v86_int2F(3)
print #1, "Waehrend Windows endet:";
print #1, tab(30);"INT21 Calls:";all_int21(4);tab(52);_
"- im V86-Modus:";v86_int21(4)
print #1, tab(30);"INT2F Calls:";all_int2F(4);tab(52);_
"- im V86-Modus:";v86_int2F(4)
print #1, "Nach dem Ende von Windows:";
print #1, tab(30);"INT21 Calls:";all_int21(5);tab(52);_
"- im V86-Modus:";v86_int21(5)
print #1, tab(30);"INT2F Calls:";all_int2F(5);tab(52);_
"- im V86-Modus:";v86_int2F(5)
end if
print #1,
if win then
print #1, "Waehrend Windows lief (";(t3-t2)/18.2065;"Sekunden):"
for i=0 to 3
if iopl_int21(i) then print #1, " 21-IOPL ";i;" - ";iopl_int21(i)
if iopl_int2F(i) then print #1, " 2F-IOPL ";i;" - ";iopl_int2F(i)
next i
for i=1 to 4
if vm_int21(i) then print #1, " 21-VM Nr";i;" - ";vm_int21(i)
if vm_int2F(i) then print #1, " 2F-VM Nr";i;" - ";vm_int2F(i)
next i
print #1,
end if
if details then
if win then print #1, "Waehrend Windows lief, ";
print #1, " Details von INT 21:":j=0
for i=0 to 255
if int21(i) then
print #1, " ";hex2(i);
print #1, using ": #######";int21(i);:j=j+1
if j=6 then print #1,:j=0
end if
next i
print #1,: print #1,
if win then print #1, "Waehrend Windows lief, ";
print #1, " Details von INT 2F:":j=0
for i=0 to 255
if int2F(i) then
print #1, " ";hex2(i);
print #1, using ": #######";int2F(i);:j=j+1
if j=6 then print #1,:j=0
end if
next i
print #1,: print #1,
end if
close #1
if screen_redir then print "ACHTUNG, Bildschirmausgabe umgeleitet! - ";
fini:
if file=0 then
PRINT "WIN95SPY beendet"
end if
END 'main
'****************************************************************************
'Nachfolgend die Inline-ASM Routinen. Sie verwenden NEAR Aufrufe und muessen
' daher (zusammen mit MAIN) in EINEM Segment compiliert werden!!!
'---------- Bemerkung zu den Interupt Service Routinen (ISR): ---------------
'Jede ISR hat sich als Spion in die Aufrufschlange eingenistet. Daher wird
' beim Durchlaufen einer ISR der INT entweder am Anfang (timer_int) oder
' am Ende (int_serv1, int_serv2) zur eigentlich gerufenen ISR weitergegeben
'Beim Eintritt in die ISR ist das CS der ISR = dem CS von PowerBasic !
'SI, DI, BP, DS muessen restauriert werden, AX, BX, CX, DX, ES sind in PB
rei
'Der Aufrufer-Stack wird beibehalten, ein Stack-Switch wuerde wegen des SHELL
' Prinzips zum Absturz fuehren!
'----------------------------------------------------------------------------
INT_serv1: 'ISR fuer 1. Interrupt (INT 21)
! CALL near push_for_chain ;regs retten (Aufrufer-STACK)
! CALL near READ_PB_regs ;PB Regs lesen
! mov i,ah
if win then 'wenn WIN-Test:
if status = %W_READY then ' nur bei laufendem Windows
incr int21(i)
incr iopl_int21(iopl)
incr vm_int21(vmid)
end if
else 'sonst
incr int21(i) ' immer
end if
'>>> Page 1 of WIN95SPY.BAS ends here. Continued on next page.
--- CrossPoint v3.11 R
---------------
* Origin: Fido Point of Disillusion (2:2480/13.34)
|