home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Cream of the Crop 1
/
Cream of the Crop 1.iso
/
VIRUS
/
TIMEBM10.ARJ
/
TIMEBOMB.DOC
< prev
next >
Wrap
Text File
|
1992-03-13
|
51KB
|
1,131 lines
TIMEBOMB.EXE (against time-bombs and memory resident virus)
======= ===
version 1.0 (c) copy right 1992 All Rights Reserved
no edition date.
You bought a data base from a respected dealer, but on Friday
the 7, it deleted your files: Unknown to the dealer, the
software was sold to someone who added a time bomb and
returned it to the dealer who shrink-wrapped it and resold it
to you, or some other virus is duplicating itself in memory.
Why can't you be told when (and where in the software codes)
the date is accessed and feed fake dates selectively if needed
so that the time bomb never explodes? AND, since most virus
infect by becoming memory resident, why can't you be warned
when something becomes memory resident and disable it then?
If you type "N" to avoid making something memory
resident, reboot as soon as possible since your system
memory is in an unstable state.
Whether you unwittingly use a software infected by a time bomb
or something tries to become memory resident, this pops up and
either tells you the software code location which requested
the date or warns that it wanted to become memory resident.
If not allowing access to the date or allowing something to
become memory resident doesn't do anything, why let it?
If a time bomb hides in a software, the correct date is
given to the selected software locations which you allow.
Anti-virus softwares which look for known virus codes
are useless, since the person who made one virus can
write a thousand variations, one of which is different
enough that the anti-virus software ignored it.
This program does not depend on known virus patterns.
The included TIMEBUG.COM will become memory resident if
TIMEBOMB.EXE is not in memory or if you used -M parameter.
The set up of this document is as follows:
IN-LINE COMMAND PARAMETERS
HELP
RUNNING WITH DEFAULTS ONLY
NORMAL PROCEDURE
TURNING ON/OFF TIMEBOMB.EXE
TURNING THIS ON
TURNING THIS OFF
PREVENTING UTILITIES FROM BECOMING MEMORY RESIDENT
CODE YES and CODE NO
CODE YES LIST
CODE NO LIST
RUNNING WITH DIFFERENT LISTS
WHICH CODE LOCATIONS WERE YES AND NO?
FAKE DATE
DIRECT CONTROL
THIS DOES NOT WORK ON
HOW TIMEBOMB.EXE WORKS
CHAT IN A HAT
PROMPTS AND MESSAGES
DISCLAIMERS, INFO FOR SYSOPS ETC
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
IN-LINE COMMAND PARAMETERS
TIMEBOMB parameters<ntr> explanations
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
HELP
If you simply type
TIMEBOMB<ntr>
then you get the help page built into this program for quick
reference so that you can avoid reading documents such as
this. Typing incorrect parameters also gives you similar
helps, but are explained in this document as well.
It's not essential that you read this document file, because
when you type parameters with incorrect or missing values,
they usually give detailed context sensitive help messages
which will substitute for this, but skimming through this
first will help you.
The "<ntr>" is our way of saying <CR>, ^M, ^13, <ENTER>,
carriage return, <ENTER> etc which all mean the same thing.
We also use <bks> for backspace, <esc> for the escape key,
and "any key" to mean any function key, cursor key, letters,
etc etc. There is no one key with the word "any", but if we
say "space bar" or "space key", we mean the big long key.
There is no <tab>, control code or extended ascii in this
file, should you print this to paper. There is no form feed
here, so if you use single sheets, you must add them yourself.
If you use a daisy wheel printer without the less than sign
"<" or the greater than sign ">", change them to the left
parenthesis "(" and right parenthesis ")" respectively.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
RUNNING WITH DEFAULTS ONLY
To run this with defaults, simply type
TIMEBOMB RUN<ntr>
Just the letter "r" in "run" will work also. There is no
difference between the capital letters and small letters,
unless it is specifically stated otherwise.
Any other command or text after the Run parameter is
ignored. The Run parameter is used when you run
TIMEBOMB.EXE without setting any other parameter or for
commenting purpose:
TIMEBOMB R anything else here becomes comments <ntr>
The defaults used are as follows:
1) This program is in the ON state once you run it. In other
words, you will get a pop up warning whenever something
requests the date. Turn this OFF with the "OFF" parameter.
2) This program will warn you if something becomes memory
resident. Turn this OFF with the -M parameter.
2) Any request for the current date, including any date which
appear at the DOS prompt causes the pop up to ask for your
permission to allow it.
3) When a Fake date is to be given, the date fed is year 1980,
January 1.
4) This program becomes memory resident indirectly via DOS.
If you set up DOS so that you can see the current date/time at
the DOS prompt A>, B>, C> etc, then you must answer "Y" to the
pop up menu which will pop up as soon as you run this program.
Once you get the pop up, it tells you the date request
location which can be fed to the Code Yes parameter so
that the next time you do not have to answer with a "Y"
until you change to another DOS version.
If you try to make this memory resident when there was already
a first copy of this in memory, then this parameter will exit
and set errorlevel = 1.
Often some details are reworded in a later section to help
you grasp the meaning better. So rapidly scan through the
document first, before concentrating on a section which
interests you.
NORMAL PROCEDURE
Normally, your AUTOEXEC.BAT will contain something like this
softwares to become memory resident<ntr>
TIMEBOMB RUN<ntr>
The first line will make your utilities memory resident
without interference from TIMEBOMB.EXE.
The next line will now turn TIMEBOMB.EXE ON to intercept
anything further from becoming memory resident or requesting
the current date.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
TURNING ON/OFF TIMEBOMB.EXE
TURNING THIS ON
If you run this program, the date request is automatically
turned ON. For example, these will all run TIMEBOMB.EXE into
memory and turn it ON also:
TIMEBOMB RUN<ntr> (1)
TIMEBOMB ON<ntr> (2)
TIMEBOMB F 1990 1 12<ntr> (3)
TIMEBOMB CY 3897<ntr> (4)
(1) is the default and is equivalent to (2) when first
making this memory resident. But once a first copy of
this program is in memory, (1) will tell you that there
is already a first copy of this in memory and exit. If
there is a first copy of this in memory, then (2) will
turn that first copy ON if it was turned OFF before.
(3) will set the Fake date to year 1990, January 12.
If you use DOS 5.0 and you set the date to display at the
DOS level prompt, (4) allows it to get the correct date.
The ON option is allowed when first making this program memory
resident so that instead of the default Run option, you can
use the above ON option to make this memory resident.
If you try to run this into memory when there was already
a first copy of this in memory, then "ON" parameter does
not set errorlevel = 0.
If you set up DOS prompt (A>, B>, C> etc) so that the current
date will also display, then you will get a short beep and a
pop up message telling you the code location which requested
the date and your permission to allow it access to the correct
date. Type "Y" (or "y", of course) so that DOS will get the
correct date to display. You can use the Code Yes parameter
to avoid typing "Y" the next time.
TURNING THIS OFF
If there was any reason why this program is not convenient or
seems to make your software act strange, turn it OFF with
TIMEBOMB OFF<ntr>
This turns off the date request check, but not the checking
for memory residency. To turn OFF checking if anything will
become memory resident, use the -M option.
You can type only one "F", instead of "FF" as in
TIMEBOMB OF<ntr>
If you type
TIMEBOMB OFX<ntr>
then the "X" is accepted as the next parameter, but since
there is no such parameter, this is an error: The parameters
up to and including the "X" will be displayed and a message
telling you that this is an unknown parameter.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
PREVENTING UTILITIES FROM BECOMING MEMORY RESIDENT
Many virus softwares duplicate themselves by becoming memory
resident, so this will also tell you when something
unexpectedly tries to make itself memory resident.
When you used the RUN, ON and other parameters, the default
was to check to see if anything became memory resident. In
other words, this was in effect
TIMEBOMB +M<ntr>
to prevent utilities from becoming memory resident without
your permission.
Now, if anything wants to become memory resident, this will
pop up with a menu to ask you for your permission to allow it
to become memory resident.
If you type "N" to prevent a utility from becoming memory
resident, you should save any file in a virtual RAM disk
and reboot as soon as you can: The utility has probably
changed interrupts values and other changes which has now
left your computer's system memory in an unstable
condition which can cause a lock up.
TIMEBOMB -M<ntr>
will now allow utilities to become memory resident without
asking for your permission.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
CODE YES and CODE NO
CODE YES LIST
When you first ran this into memory and you set up DOS prompt
to display the correct date, you had to type "Y" to allow DOS
access to the correct date. The next time, you can use the
Code Yes parameter with the displayed code location so that
this code will get the correct date.
Assuming that you got the display
"Date request from 3897. Allow it? (Y/N)"
then run TIMEBOMB.EXE into memory the next time by typing
TIMEBOMB CY 3897<ntr>
If you ran software ABC.EXE which display the date, you may
have to type "Y" to allow it access to the date as well. If
your software caused TIMEBOMB.EXE to display code location
0ab3 for example, type
TIMEBOMB CY 3897 0ab3<ntr>
to allow both access to the correct date.
If you had to type "Y" more than once in your software,
it means that your software is requesting the current
date from two or more different locations. Since this
redundancy is a strange behavior, you may want to type
"N" to the pop up menu prompt and see if your software
behaves correctly or not. If it behaves normally, there
may be a time bomb hidden inside. If it does not record
or display the correct date in certain program segments,
then the software was simply not designed modularly.
You must type four numbers and/or letters which displayed on
the pop up menu for Code Yes parameter, even if the first
character was a zero as in "0ab3". These are not allowed:
TIMEBOMB CY ab3<ntr> (1)
TIMEBOMB CY 3897ab3<ntr> (2)
TIMEBOMB CY 3897 CY 0ab3<ntr> (3)
TIMEBOMBCY 3897<ntr> (4)
TIMEBOMB CY<ntr> (5)
(1) is not allowed because you typed only three numbers/
letters, instead of the required four.
With (2), you can avoid any space or tab between the
first value "3897" and the next, but the next one had
only three characters "ab3", instead of four.
(3) may seem fine, but this defines the Code Yes list to
3897 and then redefine it to 0ab3.
(4) will be accepted by DOS, since DOS only understand
eight characters, but DOS will also truncate every
character after the eighth character "B" of "TIMEBOMB"<--
so that the "CY" is not sent to this program.
(5) is not allowed because you did not specify what Code
Yes values you want to use.
All these error types are checked and appropriate
error messages given to you.
The following are allowed:
TIMEBOMB CY 38970ab3<ntr> (1)
TIMEBOMB CY3897 0AB3<ntr> (2)
(1) is allowed because you do not have to separate the
Code Yes values by any space or tab. Since there is a
strict requirement that you must type four characters,
the program can separate them apart. This is useful only
if you're running TIMEBOMB.EXE with so many parameters
that you cannot fit them into one line without this.
(2) is allowed. There is no need to separate the CY
parameter with its Code values. You can type letters in
capital or in small letters.
To clear the list, enter four zeros "0000" as in
TIMEBOMB CY 0000<ntr>
CODE NO LIST
If you typed "N" to the pop up menu prompt, those Code values
may be run in the same manner as the Code Yes values:
TIMEBOMB CN 02ab<ntr>
TIMEBOMB CN 2af9 8afe<ntr>
To clear the list, enter "0000" as in
TIMEBOMB CN 0000<ntr>
RUNNING WITH DIFFERENT LISTS
Although up to 32 CY and CN values may be used at the same
time, chances are good that you do not have to use so many
within one software anyway. In that case, you can make simple
batch files to run different softwares as follows, assuming
that software A.EXE requires "CY 03ae" and B.COM requires
"CY 0fa3 ff97 CN a52d". DOS requires "CY 3897".
example A
TIMEBOMB CY 03ae<ntr> batch file XX.BAT
A.EXE<ntr>
TIMEBOMB CY 3897<ntr>
With XX.BAT, before running A.EXE, TIMEBOMB.EXE turns OFF the
"CY 3897" required for DOS and allows the date request from
A.EXE at its code location 03ae. Once you exit A.EXE, the
date request is set to DOS again.
example B
TIMEBOMB CY 0fa3 ff97 3897 CN a52d<ntr> batch file YY.BAT
B.COM<ntr>
TIMEBOMB CY 3897<ntr>
With YY.BAT, the B.COM's request for date at its program code
location "0fa3" and "ff97" are allowed, as does the DOS date
request, but you didn't trust the date request from B.COM's
code location "a52d" whose absence did not affect anything
which you did, so you decided not to let it get the correct
current date.
Having the DOS code location in the CY list like this is
useful if your B.COM temporarily lets you go back to DOS
to do something else and go back to your software by
typing "EXIT<ntr>".
Without the "3897" in the CY list, as soon as you get
back to DOS with date display, this will cause
TIMEBOMB.EXE to pop up its menu and asks you if you want
this to get the correct current date or not.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
WHICH CODE LOCATIONS WERE YES AND NO?
After you type Y/N to allowing date request from one location
within your software, the pop up message remains on screen so
that you can write down the code location value on a piece of
paper, but you don't need to if you type
TIMEBOMB ?<ntr>
This will tell you the list of Code Yes and Code No locations
to which you typed Y/N. This does not contain the listing to
which you typed <esc>, since that sends the fake date to your
software just once on that occasion so that you can see what
happens, if anything.
Up to 32 CY and 32 CN location values will display.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
FAKE DATE
When you type "N" at the pop up prompt or add the code value
with the CN parameter, the default is to send this code
segment of your software(s) the year 1980, January 1.
If you like, you can set it for (for example) 1992, March 1
by typing
TIMEBOMB F 1992 3 1<ntr>
You must separate the year, month and the day of the month by
one space or tab, preferably a space. The year must be
between 1980 to 2099. The month value must be between 1 to
12. The day of the month value must be 1 to 31.
1 = January 5 = May 9 = September
2 = February 6 = June 10 = October
3 = March 7 = July 11 = November
4 = April 8 = August 12 = December
There is no check done if you set for a month which does not
have 31 days or even 30 days (February). Consequently, there
is no check done for leap year value either.
These following are allowed
TIMEBOMB F1992 1 2<ntr> (1)
TIMEBOMB F 1992 1 2 <ntr> (2)
(1) is allowed because you do not have to have a space or
tab separating the Fake parameter from its values.
(2) is allowed because the minimum requirement is one
space or tab separating the values, but more than one is
allowed.
These following are not allowed
TIMEBOMB F 1908<ntr> (1)
TIMEBOMB F 198913<ntr> (2)
TIMEBOMB F 1989 13 1<ntr> ................ (3)
TIMEBOMB F 95<ntr> (4)
TIMEBOMB F 123456789<ntr> (5)
TIMEBOMB F 1992 1 32<ntr> (6)
TIMEBOMB F 1989 1 RUN<ntr> ............... (7)
(1) is not allowed because this year is not in the range
of 1980 - 2099. If it was within the range, it is still
not allowed because there is no month or day of the month
following it.
(2) is not allowed because this does not separate the
year, month and the day of the month by one or more
spaces.
(3) specifies a 13th month which is outside the range of
1 to 12.
(4) specifies the year 95, which is not allowed, since it
could be 1995 or 2095. (if this sounds too finicky, you
can always ask for an update which corrects it)
(5) is too confusing, but it also lacks the month and
day of the month.
(6) specifies a day of the month outside the range of 1
to 31.
(7) also lacks a day of the month.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
DIRECT CONTROL
Normally, TIMEBOMB.EXE becomes memory resident with the help
of DOS to take over control. If you think that this is not
allowing the pop up to appear (in other words, it's not
running), try making it take over control DiReCtly by
TIMEBOMB DRC<ntr>
This can only be used when first making TIMEBOMB.EXE memory
resident, not later when there is already a first copy of
TIMEBOMB.EXE in memory.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
HOW TIMEBOMB.EXE WORKS
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
The method of date access is not discussed since it provides
help to virus makers. A test virus which just occupy system
memory is included. It will run and use up your memory if
TIMEBOMB.EXE is not in memory or if -M parameter was used.
Otherwise, you will get a message asking you if you want to
make this memory resident or not.
Run TIMEBOMB.EXE with the following
TIMEBOMB RUN<ntr>
TIMEBOMB.EXE will now check if anything else becomes memory
resident or requests the current date. Turn OFF checking
memory residency with "-M" and date request with "OFF".
If anything tries either, then type "Y" to the prompt which is
accompanied by a short beep to allow it. Type "N" to prevent
it from becoming memory resident or to prevent it from getting
the correct date.
If you type "N" to becoming memory resident, reboot by
turning off your computer as soon as you can. Your
system memory is now in an unstable state because the
virus has prepared itself to become memory resident by
writing unknown things into your system memory.
If you set up DOS to display the current date, you must type
"Y" at the pop up prompt. Note the strange code location
value in the prompt to a piece of paper. If the value was
"29ca", the next time you turn on your computer, instead of
the default RUN parameter, use the Code Yes parameter as
TIMEBOMB CY 29ca<ntr>
Now the current date will display without a pop up prompt
asking your permission to do so. When you change to another
version of DOS, you must use the new value displayed.
When you run a software which displays the current date, it
will cause this program to pop up its prompt again, asking for
your permission to give it the correct date. Type "Y" and add
it to the Code Yes list the next time.
A sloppy software may request the date from two or more
code locations, but normally, you should not expect to
get the pop up again.
If your software requests the date from two or more
locations or a software which does not display the
current date requests it, try typing <esc> to see what
happens. With <esc>, the Fake date is given to see if
your software behaves any differently. If this same
location asks for the date again, the pop up will appear
again as well.
If you load your memory resident utilities in different order,
this will not affect the CY values.
This program will work on most virus softwares which either
tried to run on a given date or duplicate itself by becoming
memory resident because a virus has to be small.
Perhaps you would like this incorporated into JLOCK.EXE or
some other program in the series? JLOCK.EXE can prevent each
listed file from being renamed, copied, deleted etc.
Since you're probably the only person in the world using this
program, chances are that no one else benefits from this. The
rest of the people just get surprised on Friday the 13,
Christmas, New Year, Einstein's birthday etc.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
CHAT in a HAT
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
It is always the top politician who makes or breaks his
country, not its citizens who only follow what he said:
Some J politicians said that US workers are lazy and a third
of its workers can't read or write. I don't know where this
data came from, but it's said that here in Canada, a quarter
of our CITY folks can't read or write (I DIDN'T say "ALSO").
The US managers are criticized for earning millions while
firing its employees by the millions (thou top J managers
who hire, earn only half a million). If the J politician
had substituted "manager" for "worker" what would happen?
It is always the top management which makes, or breaks its
company, not its employees who only follow what they said.
Think about it, whether you earn millions, or nil like us.
Nine 98 pound weaklings can beat up one he-man anytime:
IBM knew in 1981 that its future was in trouble, and in
1991, it bled red. It was mostly due to the recession,
but also because more countries thought J computers are
more reliable, faster and cheaper and bought them. IBM
took steps since 1981 to change its destiny, but did so
by focusing on small groups, thinking that the U.S. has
small groups of super-geniuses and that the rest of the
population are not worth bothering with. In J, there's
no focus on small groups, but every single child get to
see animations and comic books depicting robots and the
associated super computers. (some of them became famous
in Quebec in circa 1980) Some of those J children said,
"I'm going to build them!" before entering universities
in 1981. Their friends laughed, but did IBM laugh too?
Can you say who'll be crying and haemorrhaging in 2002,
and who'll be laughing and calling you lazy and stupid?
(It's relative: Kor/Tai may call US & J lazy by 2102.)
According to one US mag, J contributed $13B and minesweepers
to the Gulf: Kor, $50m. Tai, 0, though it had almost $100B
cash. The same magazine criticized J's non-participation in
the Gulf but silent on K & T. Can you tell friend from foe?
Twenty 98 pound weaklings can beat up US & J he-men anytime.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
PROMPTS AND MESSAGES
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=
Unknown parameter on the command line
=-=-=
The parameter lists up till the one in question is displayed
prior to this message.
Something not recognized was found on the line when you ran
the program. If you ran this program from a batch file,
error messages are followed by errorlevel = 1 so that you
can have your batch file take appropriate actions.
The list of parameters will be listed up to the erroneous
parameter so that you know which one was incorrect.
=-=-=
You don't have to do it, TIMEBOMB.EXE is already in memory
=-=-=
You tried to RUN this program when a copy of this was
already in memory.
If you only want to change the parameters of the first copy of
this program in memory, do not use the RUN parameter. Simply
typing the required new parameters will cause the second copy
of this program which you just typed to send the parameters to
the first copy already in memory.
=-=-=
DOS 2 or above needed.
=-=-=
You tried to use DOS 1.0 or DOS 1.1 to run this program.
This message should not appear, since DOS 2.0 and above has
been used for almost ten years by the time you're reading this
document.
=-=-=
There is a first copy of TIMEBOMB.EXE in memory, but the
version number is not the same as this one. Aborting.
=-=-=
You tried to change the settings of the first copy of
TIMEBOMB.EXE in memory using the second copy running now, but
the two were not the same version. The second copy will abort
without doing anything to prevent corrupting the first copy in
memory.
Please delete the older one and use only the newer version.
=-=-=
Date request from ____ . Allow it? (Y/N)
=-=-=
A software requested the current date. The "____" is the code
location in hexadecimal within the software which requested
the current date. This value will be used in either the Code
Yes/No list, depending on whether you type "Y" or "N" at this
prompt.
If you type "Y", then this code location goes into the CY list
so that the next time this code location within the software
requests the current date, it will be allowed to get it
without bothering you with this prompt again.
If you type "N", then this code location goes into the CN list
so that the next time this code location within the software
requests the current date, it will be given a Fake date
without bothering you with this prompt again.
If you type <esc>, then a fake date is given just once this
time around so that you can see if your software behaves as it
should or not. If your software is not supposed to show the
date and you get this prompt, it is a good idea to try <esc>
to see if it does anything incorrectly.
You don't have to write down the hexadecimal value, since
typing "?" parameter will tell you the values.
The values are in hexadecimal rather than in decimal because
DEBUG.COM requires hexadecimal values: If you have some
knowledge on how to use DEBUG.COM, you can try looking in a
software by using this value to see if it looks alright.
You cannot use this to check with DEBUG.COM if the
software in question relocates the code segment register,
since the code segment register which requested the date
is not displayed.
Normally, softwares which display hexadecimals display the
letters in capitals, but this program will display them in
small letters since bee "B" is easy to mistake for eight "8".
=-=-=
Allow MEMORY RESIDENCY? (Y/N)
=-=-=
A software tried to become memory resident so TIMEBOMB.EXE is
asking for your permission to allow it to become memory
resident.
Type "Y" if you know that you just ran a software which is
supposed to become memory resident.
Type "N" if you didn't know that something was about to become
memory resident.
If you type "N" to prevent a utility from becoming memory
resident, you should save any file in a virtual RAM disk
and reboot as soon as you can: The utility has probably
left your computer's system memory in an unstable
condition which can cause a lock up.
TIMEBOMB +M<ntr>
Normally, your AUTOEXEC.BAT will contain something like this
softwares to become memory resident<ntr>
TIMEBOMB RUN<ntr>
The first line will make your utilities memory resident
without interference from TIMEBOMB.EXE.
The next line will now turn TIMEBOMB.EXE ON to intercept
anything further from becoming memory resident or requesting
the current date.
Note that the following messages are very explanatory and
often require no explanation, but brief explanations are
included since these documents often look like a dozen people
in a dozen cities wrote separate sections. (Programmers are
often accused of writing cryptic documents: It's because
every change in the program requires a change in the document
as well, resulting in patched up documentation. Either that,
or three dozen people in a dozen cities wrote this program.)
The idea of using explained examples come from Digital
Equipment Corp. manuals for the PDP/VAX minicomputers,
but the extensive nature of error messages is our idea,
after reading about computer operators who killed some
people because they ignored cryptic number error
messages without words to explain them.
These error messages are meant to be context sensitive help
messages so that you can avoid referring back to this
document everytime you forgot to do something.
They are listed here so that you don't have to try to
recreate all the error conditions in order to see what types
of errors are generated by this program. They are in order of
likely to occur, rather than alphabetic order, since your
editor or word processor can scan this document faster than
you can scan an alphabetic list by eye.
=-=-=
The changes were made. Bye.
=-=-=
If you already have a first copy of TIMEBOMB.EXE in memory,
then when you run the second copy, the parameters which you
typed here will be sent to the first copy already in memory
and will give you this message to tell you that there was no
error and that the first copy was changed as required.
=-=-=
I was expecting to find four numbers/letters, but
was missing it. code values such as 0ab1 af0f are correct
because they consist of "0" - "9" and "a" - "f" and there
four of them.
" ab1" is INcorrect because there are only three.
"af0g" is INcorrect because "g" is beyond the range.
"0ab1af0f" is correct and is taken as "0ab1" and "af0f".
"0ab1af0" is INcorrect since it is "0ab1" and "af0".
"0Ab1A" is correct because you can use capital/small letter.
"0ab1r" is correct: It is taken as "0ab1" and Run.
=-=-=
You typed the Code Yes or the Code No parameter for a list of
software code locations for which you want to give the correct
or the fake dates.
For some reason, you forgot to type four numbers/letters
required for each code location.
Correct and incorrect examples are provided so that you can
tell what type of values should have been typed and how you's
compare to them.
=-=-=
I was expecting the Code parameter to be followed by
either "Y" or "N" for Codes allowed Yes/No.
"CY" should be followed by the four numbers/letters which
you saw on the pop up asking your permission and to which
you responded with a "Y". For example,
TIMEBOMB CY 29ca ab12 23fe<ntr>
TIMEBOMB CY29CA ab1223fe<ntr>
"CN" should be followed by the four numbers/letters which
you saw on the pop up asking your permission and to which
you responded with a "N". For example,
TIMEBOMB CN 231a 34a9 25da ba2c<ntr>
TIMEBOMB CN231a 34A9 25DabA2c<ntr>
"TIMEBOMB CN 0000<ntr>" turns CN OFF. Similar for CY.
Once the software code values are in the Yes list, those
locations asking for the current date gets the correct date.
Once the software code values are in the No list, those
locations asking for the current date gets a Fake date.
You will still get the pop up for your permission if other
locations ask for the current date.
=-=-=
You typed the Code parameter, but did not follow it with
either the Yes or the No as in CY/CN to include a list of
allowed code locations and not allowed code locations.
There must be no space or tab between the "C" and the "Y" or
the "N".
=-=-=
I was expecting a list of hexadecimal numbers consisting
of "0" to "9" and "a" to "f" or "A" to "F" as code locations
from your software(s) which access the current date as in
TIMEBOMB CY 29ca 25da<ntr>
These locations are allowed to access the true current date.
=-=-=
You used the Code Yes parameter but was not followed by
hexadecimal code values.
=-=-=
I was expecting a list of hexadecimal numbers consisting
of "0" to "9" and "a" to "f" or "A" to "F" as code locations
from your software(s) which access the current date as in
TIMEBOMB CN 29ca 25da<ntr>
These locations are NOT allowed to access true current date.
=-=-=
You used the Code No parameter but was not followed by
hexadecimal code values.
=-=-=
You already used a Code Yes parameter.
To define multiple code values, simply enter them as in
TIMEBOMB CY 0123 4567 89ab cdef<ntr>
You must enter four characters per code value, even if
it begins with a zero "0".
=-=-=
You tried to use more than one Code Yes parameter, even though
one CY will allow as many code values as you like.
=-=-=
You already used a Code No parameter.
To define multiple code values, simply enter them as in
TIMEBOMB CN 0123 4567 89ab cdef<ntr>
You must enter four characters per code value, even if
it begins with a zero "0".
=-=-=
You tried to use more than one Code No parameter, even though
one CN will allow as many code values as you like.
=-=-=
After the "+" option, I was expecting to find the letter
"M" to turn ON (+) checking if anything becomes memory
resident. Or "+ST" to use internal stack.
With -M, TIMEBOMB.EXE will allow utilities to become
memory resident WITHOUT your permission.
=-=-=
You used the plus option "+", but did not follow it with the
required M option to check if anything wants to become memory
resident, or "ST" to use internal stack.
The use of internal stack by typing "+ST" is not essential
since this program does not make extensive use, but if you do
get some trouble at unexpected times, try it and see if it
makes any difference.
If a software was about to become memory resident and
this program asked you whether to allow it or not, to
which you answered with a "N" to avoid making it memory
resident, reboot as soon as you can because you system
memory is not in a stable condition.
There must be no space or tab between "+" and "M" or "ST".
=-=-=
After the "-" option, I was expecting to find the letter
"M" to turn OFF (-) checkinf if anything becomes memory
resident. Or "-ST" to use available stack.
With +M, TIMEBOMB.EXE will NOT allow small utilities to be
memory resident unless you type "Y" at the pop up menu.
=-=-=
You used the plus option "-", but did not follow it with the
required M option to turn OFF checking to see if anything
became resident, or "ST" to use available stack (default).
If you get a pop up message prompt to allow a utility to
become memory resident and you type "N", reboot as soon as you
can, since the utility has made changes to the system memory
which has left it in an unstable condition. This program (or
at least this version) cannot correct this situation.
There must be no space or tab between "-" and "M" or "ST".
=-=-=
There is no first copy of TIMEBOMB.EXE in memory.
I cannot give you the code values.
=-=-=
You used the "?" option to find what code locations you typed
Y/N on the pop up prompt, but you did not have a first copy of
TIMEBOMB.EXE in memory yet.
=-=-=
The Fake date parameter must be followed by the date in
order of year, month and day as in the following:
TIMEBOMB F 1993 1 20<ntr>
for Fake date set to year 1993 January 20.
(default is 1980 January 1)
The year must be between 1980 to 2099.
The month must be between 1 to 12 for January to December.
The day must be between 1 to 31. (no check done if you
try to set for February 31 (2 31) and other nonsense dates.
You must separate the "1993", "1" and "20" by one space,
not connected as in "1980112", "19801 12" or "1980 112"
=-=-=
You typed only the Fake parameter without following it with
the required year, month and the day of the month. (the last
has to be called the "day of the month", because there is also
a "day of the week" which this program (this version at least)
does not alter.
You will also get this error message if you typed the year,
but it was not within the correct range of 1980 to 2099.
Chances are 100% that you will not be using this program
anywhere near the year 2099, but at least you can, if you
descendants want to see what their great grandfather or
grandmother used to do.
=-=-=
I was expecting to find either a space or a tab after this.
=-=-=
The three values must be separated by at least one space or
tab. One space is preferred, though you can use several
spaces if there is a need for it.
=-=-=
I was expecting to find the month value 1 to 12 for
January to December here after the year value.
January = 1, February = 2, March = 3, April = 4, May = 5
June = 6, July = 7, August = 8, September = 9, October = 10
November = 11 and December = 12
Type "TIMEBOMB F<ntr>" for general help on Fake date.
=-=-=
You followed the Fake parameter with the correct year, but it
was not followed by the month or the correct month value.
=-=-=
I was expecting to find the day value 1 to 31 after
the year and the month values.
Type "TIMEBOMB F<ntr>" for general help.
=-=-=
You had the year and the month value for the Fake parameter,
but you did not have a correct day of the month value.
=-=-=
I cannot use the DiReCt mode to become memory resident
because there is already a copy of this which became memory
resident. Please reboot your computer to use this.
=-=-=
You experienced some difficulty with the regular method to
make this memory resident, so you tried to use the DiReCt
method to make this memory resident, but there was already a
first copy of this program in memory using the inDiReCt
method.
You must reboot your computer to try using the DiReCt method.
=-=-=
I was expecting to find "DRC" to make TIMEBOMB.EXE memory
resident by taking over the interrupts DiReCtly, by-passing
DOS interrupt handling routine.
=-=-=
You typed one of the following
TIMEBOMB D<ntr>
TIMEBOMB DR<ntr>
TIMEBOMB DX<ntr>
TIMEBOMB DRX<ntr>
where "X" is anything but the required letters.
The need to type three letters prevents you from doing this
accidentally.
=-=-=
I was expecting either the parameter "ON" or "OFF"
This is not either of them.
=-=-=
You typed one of the following
TIMEBOMB O<ntr>
TIMEBOMB OX<ntr>
where "X" is anything but the letter "N" or "F" for "ON" or
"OFF".
=-=-=
Internal stack is now ON.
=-=-=
The internal stack is used now, instead of relying on whatever
stack space was available before.
=-=-=
Internal stack is now OFF.
=-=-=
Now, the available stack is used. On DOS 3 and above, there
is a set of stack spaces allocated for such a purpose, so
there is usually not much need for these features.
Hopefully all the important messages were covered. Now for
the information to users:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
DISCLAIMERS, INFO FOR SYSOPS ETC
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
All products and names mentioned are Trademarks or
Registered Trademarks of their respective corporations or
companies. That includes my group or any other group's
programs, of course. Some products may have patent
protections as well.
All enclosed programs, documents and other files are
provided AS IS, without any warranty, expressed or implied,
including but not limited to fitness for a particular
purpose.
A contribution of $10 (Cdn$10 if you're from Canada and
US$10 if from the US and others) is appreciated, or $20 for
an update as it becomes available. Default diskette sent
to you is 5-1/4" double-sided 360kb diskette unless you
specify otherwise. Shipping and handling are included.
Please indicate what version and any edition date you
have: Sometimes, the same version number & date is
kept, but the edition month/year differs.
In hard times, anything perceived as having resell value is
a target for theft, including diskettes in nice containers:
While disk mailers cost $2+tax etc, they're easy to tamper,
as we've noticed, so if you got your diskette in cardboard,
it was for your security, not our cheapness. But if you do
insist on a mailer, we'll comply. (but you were warned...)
NAME OF THE PROGRAM: TIMEBOMB.EXE $10-$20
PURPOSE OF THE PROGRAM:
Prevent possible time bombs or time bombs hiding in software
from exploding on a certain date by telling you when a
software requests the date and lets you selectively turn
on/off date access by various code locations within a
software. AND tells you when something is about to become
memory resident so that you can avoid virus multiplying.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
c/o Dr. M. Sawada & Mr. H. Sawada & Assoc.
P.O. Box 956
Outremont, Quebec
Canada H2V 4R8
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
