TIP: Click on subject to list as thread!

ANSI

echo:	power_bas
to:	ALL
from:	ANDRAS HOEFFKEN
date:	1998-03-03 00:47:00
subject:	WIN95SPY.BAS (1 of 2)
'>>> Page 1 of WIN95SPY.BAS begins here. TYPE:BAS 'WIN95SPY.BAS Ausspionieren von System-Interrupts, SHELL-Programm (kein TSR) 'Autor: Andras Hoeffken, 2:2480/13.34 @ fidonet ' email: ah@confusion.rmc.de 'Public Domain 8. Aug. 97 $COMPILE EXE $CPU 80386 'ein 386er sollte es mindestens sein! $FLOAT NPX ' " " $OPTIMIZE SPEED $STATIC 'statische Arrays wegen der ISR Routinen $DEBUG MAP OFF 'Rest: um EXE-Groesse moeglichst klein zu machen!! $DEBUG PBDEBUG OFF $DEBUG PATH OFF $ERROR ALL OFF $EVENT OFF $LIB ALL OFF $LIB IPRINT ON $OPTION CNTLBREAK OFF $OPTION GOSUB OFF $COM 0 $SOUND 1 $STACK 2048 'Minimum Stackgroesse = 2 K $STRING 1 'Minimum String-Block = 1 K $DIM ALL ' W I C H T I G %TRUE = -1 %FALSE = 0 %vector1 = &h21 '1. Vector (waehlbar, hier 21 = MS-DOS-Vector) %vector2 = &h2F '2. Vector (waehlbar, hier 2F = MULTIPLEX-Vector) %timer08 = &H08 'immer &H08 = Timer IRQ0 (fest) %DOS = 1 '5 Zustaende beim Windows-Aufruf %W_INIT = 2 : %W_INIT_CODE = &H1605 %W_READY = 3 : %W_READY_CODE = &H1608 %W_EXIT = 4 : %W_EXIT_CODE = &H1609 %W_DONE = 5 : %W_DONE_CODE = &H1606 DECLARE FUNCTION win_version () AS STRING DECLARE FUNCTION vmid () AS INTEGER declare function iopl () as integer DECLARE FUNCTION v86 () AS INTEGER DECLARE FUNCTION dos_getvect (BYVAL nummer AS BYTE) AS DWORD DECLARE SUB dos_setvect (BYVAL nummer AS BYTE, BYVAL vectorptr AS DWORD) declare function hex2 (i as integer) as string declare function screen_redir() as integer 'die folgenden Variablen sind STATIC bei default (initialisiert mit 0), 'sie sind in den inline-ASM Routinen automatisch sichtbar! DIM old_vec1 AS DWORD, old_vec2 AS DWORD, old_vec3 as dword 'alten Vektoren dim count_t as dword, CHAIN_vector as dword DIM all_int21(5) AS DWORD, v86_int21(5) as dword, status as integer DIM all_int2F(5) AS DWORD, v86_int2F(5) as dword dim int21(255) as dword, int2F(255) as dword dim iopl_int21(3) as dword, iopl_int2F(3) as dword dim vm_int21(4) as dword, vm_int2F(4) as dword dim win as integer, details as integer, file as integer, cmds as string DIM dummy AS LONG, i AS INTEGER, j as integer, k as integer, x AS STRING dim t1 as single, t2 as dword, t3 as dword, t4 as single '------ Nachbildung der C-Funktion "void main(int argc, char argv[])" ------ DECLARE SUB CmdLine (argc AS INTEGER, argv() AS STRING, amax AS INTEGER) DIM argc AS INTEGER, argv(0 to 9) AS STRING 'Begrenzung auf zB. 9 Argumente CmdLine argc, argv(), 9 'argc: 0=keine Argumente, sonst 1 bis max 9 main: '---------------------------------------------------------------------------- status = %DOS 'Beginn immer mit DOS CLS PRINT "WIN95SPY - testet, wie oft DOS/WINDOWS Interrupts aufruft" PRINT " Aufruf: 'WIN95SPY [-w[indows]] [-d[etails]] '" PRINT " MS-DOS laeuft im: "; IF v86 THEN x = "V86" ELSE x = "Pure Real" PRINT x + " Mode" PRINT " Windows Version:"; win_version; IF win_version " keine" THEN PRINT " - ID der Virtuellen Maschine:"; vmid if win then print "Windows laeuft, -w switch hat keinen Sinn": goto ini ELSE PRINT if v86 then print "V86 Modus, -w switch hat keinen Sinn": goto fini END IF PRINT print "Getestet werden INT";hex2(%vector1);" und INT";hex2(%vector2) cmds = "" 'Weitergabe-Kommando fuer SHELL win = 0 'eigene Flags details=0 file=0 for i=1 to argc 'die 2 Gruppen aussortieren select case left$(argv(i),1) case "-" 'ein eigenes Flag select case ucase$(mid$(argv(i),2,1)) case "W": win=1 case "D": details=1 case "F": file=1 end select case else 'ein Weitergabe-Argument cmds=cmds+argv(i)+" " 'Argumente fuer SHELL zusammenpacken end select next i cmds = rtrim$(cmds) print 'Kontrollanzeige print "COMMAND$: ";command$;"" print "Anzahl Argumente:";argc for i=0 to argc print tab(18);i, argv(i) next i print "Windows:";win;" Details:";details;" Fileausgabe:";file;_ " SHELL-CMD: '";cmds;"'" print if file and screen_redir then print "Fileausgabe! Screen-Umleitung nicht moeglich, EXIT!": goto fini end if '-------------------------------------------------------------------------- old_vec1 = dos_getvect (%vector1) 'alte ISR Vektoren merken old_vec2 = dos_getvect (%vector2) old_vec3 = dos_getvect (%timer08) ! call near prepare_old_timvec 'RAM minimieren (wird wohl vom SHELL Befehl automatisch gemacht?) dummy=SETMEM(0) '0 = nur ablesen PRINT "Endmem, Free, FarHeap (vorher ):";ENDMEM,FRE(-1),dummy ' mempack: dummy=setmem(0) 'a) bringt nichts ' memset endmem-fre(-1):dummy=setmem(0) 'b) bringt nichts ' dummy = setmem(-600000) 'c) bringt nichts PRINT "Endmem, Free, FarHeap (nachher):";ENDMEM,FRE(-1),dummy print if cmds="" then print "Manuelle Eingabe am DOS-Promt; zum Abschluss EXIT tippen" end if print "Fuer SHELL: Taste druecken" while inkey$="":wend for i=1 to 79:print "-";:next i:print t1 = timer ! CALL near SAVE_PB_regs ;eigene Regs merken (werden in den ISRs gebraucht) dos_setvect %vector1, CODEPTR32(INT_serv1) 'neue ISR Vektoren setzen dos_setvect %vector2, CODEPTR32(INT_serv2) dos_setvect %timer08, CODEPTR32(timer_int) SHELL cmds 'WIN95SPY bleibt lauffaehig und belegt ca. 40 KB im RAM 'ohne Argumente z.B "MEM /DEBUG \|MORE" tippen, danach "EXIT" dos_setvect %timer08, old_vec3 'alte Vektor restaurieren dos_setvect %vector2, old_vec2 dos_setvect %vector1, old_vec1 t4 = timer if file then open "win95spy.log" for output as #1 else LOCATE 25,1 'Ergebnisanzeige open "CONS:" for output as #1 'erlaubt PRINT-Umleitung in File end if for i=1 to 79:print #1, "-";:next i:print #1, print #1, "Ergebnisse von WIN95SPY:": print #1, print #1, "Timer Ticks:";count_t; " "; print #1, using "Tick-Secs: ###.## - PB-Secs: ###.##";_ count_t/18.2065;t4-t1 print #1, if win then print #1, "Vor dem Start von Windows:"; else print #1, "Nur DOS:"; end if print #1, tab(30);"INT21 Calls:";all_int21(1);tab(52);_ "- im V86-Modus:";v86_int21(1) print #1, tab(30);"INT2F Calls:";all_int2F(1);tab(52);_ "- im V86-Modus:";v86_int2F(1) if win then print #1, "Waehrend Windows startet:"; print #1, tab(30);"INT21 Calls:";all_int21(2);tab(52);_ "- im V86-Modus:";v86_int21(2) print #1, tab(30);"INT2F Calls:";all_int2F(2);tab(52);_ "- im V86-Modus:";v86_int2F(2) print #1, "Waehrend Windows laeuft:"; print #1, tab(30);"INT21 Calls:";all_int21(3);tab(52);_ "- im V86-Modus:";v86_int21(3) print #1, tab(30);"INT2F Calls:";all_int2F(3);tab(52);_ "- im V86-Modus:";v86_int2F(3) print #1, "Waehrend Windows endet:"; print #1, tab(30);"INT21 Calls:";all_int21(4);tab(52);_ "- im V86-Modus:";v86_int21(4) print #1, tab(30);"INT2F Calls:";all_int2F(4);tab(52);_ "- im V86-Modus:";v86_int2F(4) print #1, "Nach dem Ende von Windows:"; print #1, tab(30);"INT21 Calls:";all_int21(5);tab(52);_ "- im V86-Modus:";v86_int21(5) print #1, tab(30);"INT2F Calls:";all_int2F(5);tab(52);_ "- im V86-Modus:";v86_int2F(5) end if print #1, if win then print #1, "Waehrend Windows lief (";(t3-t2)/18.2065;"Sekunden):" for i=0 to 3 if iopl_int21(i) then print #1, " 21-IOPL ";i;" - ";iopl_int21(i) if iopl_int2F(i) then print #1, " 2F-IOPL ";i;" - ";iopl_int2F(i) next i for i=1 to 4 if vm_int21(i) then print #1, " 21-VM Nr";i;" - ";vm_int21(i) if vm_int2F(i) then print #1, " 2F-VM Nr";i;" - ";vm_int2F(i) next i print #1, end if if details then if win then print #1, "Waehrend Windows lief, "; print #1, " Details von INT 21:":j=0 for i=0 to 255 if int21(i) then print #1, " ";hex2(i); print #1, using ": #######";int21(i);:j=j+1 if j=6 then print #1,:j=0 end if next i print #1,: print #1, if win then print #1, "Waehrend Windows lief, "; print #1, " Details von INT 2F:":j=0 for i=0 to 255 if int2F(i) then print #1, " ";hex2(i); print #1, using ": #######";int2F(i);:j=j+1 if j=6 then print #1,:j=0 end if next i print #1,: print #1, end if close #1 if screen_redir then print "ACHTUNG, Bildschirmausgabe umgeleitet! - "; fini: if file=0 then PRINT "WIN95SPY beendet" end if END 'main '*************************************************************************** 'Nachfolgend die Inline-ASM Routinen. Sie verwenden NEAR Aufrufe und muessen ' daher (zusammen mit MAIN) in EINEM Segment compiliert werden!!! '---------- Bemerkung zu den Interupt Service Routinen (ISR): --------------- 'Jede ISR hat sich als Spion in die Aufrufschlange eingenistet. Daher wird ' beim Durchlaufen einer ISR der INT entweder am Anfang (timer_int) oder ' am Ende (int_serv1, int_serv2) zur eigentlich gerufenen ISR weitergegeben 'Beim Eintritt in die ISR ist das CS der ISR = dem CS von PowerBasic ! 'SI, DI, BP, DS muessen restauriert werden, AX, BX, CX, DX, ES sind in PB rei 'Der Aufrufer-Stack wird beibehalten, ein Stack-Switch wuerde wegen des SHELL ' Prinzips zum Absturz fuehren! '---------------------------------------------------------------------------- INT_serv1: 'ISR fuer 1. Interrupt (INT 21) ! CALL near push_for_chain ;regs retten (Aufrufer-STACK) ! CALL near READ_PB_regs ;PB Regs lesen ! mov i,ah if win then 'wenn WIN-Test: if status = %W_READY then ' nur bei laufendem Windows incr int21(i) incr iopl_int21(iopl) incr vm_int21(vmid) end if else 'sonst incr int21(i) ' immer end if '>>> Page 1 of WIN95SPY.BAS ends here. Continued on next page. --- CrossPoint v3.11 R --------------- * Origin: Fido Point of Disillusion (2:2480/13.34)
SOURCE: echomail via exec-pc

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.