lane@cs.dal.ca (John Wright/Dr. Pat Lane) (08/14/89)
Some time ago I posted a set of patches for COMMAND.COM to do some nice
things like increase the default environment size and make ECHO OFF the
default for all batch files. All these patches had been posted on Usenet
before but usually for a single version of DOS. I presented the patches
for several DOS versions 3.10 to 3.30, from IBM, Microsoft and Compaq.
In this posting I present the patches for versions: IBM PCDOS 3.30,
Microsoft MSDOS 3.30 and Compaq MSDOS 3.31. In a companion posting to
this one, I present patches for IBM PCDOS 4.00, Microsoft MSDOS 4.00
and Microsoft MSDOS 4.01.
Of course many of these patches are no longer as useful since DOS now
provides other means of accomplishing the same things. But some, myself
included, may still find these patches to be preferable.
Since DOS 3.10, you can set the size of the environment space by using
the /E parameter of COMMAND.COM (lest we forget, it's /E:xxxx where
xxxx is in 16 byte paragraphs for DOS 3.10 or bytes for 3.20 and up).
This is usually done by using SHELL= in the CONFIG.SYS file to specify
the string DOS uses to call COMMAND for the initial invocation. The
drawback to this is that it only applies to the first, bottom level
shell. If you run COMMAND again (without a /E) it will just use the
default size of 160 bytes (unless the environment is already bigger
than 160 bytes in which case it will use the environment size rounded
up to the next 16 bytes). If you go into another program and "drop
down" into DOS or if you use a shell program to run DOS commands you
you are actually re-running COMMAND with the default environment size
and it won't be long before you get that "Out of environment space"
message. It's amazing that DOS has gone so far without anybody doing
something about it (like making the default bigger or providing some
mechanism whereby the size specified in CONFIG.SYS would carry though
to all subsequent invocations of COMMAND).
Since DOS 3.30, you can prevent batch file lines from being displayed
by putting a '@' before them. An '@echo off' as the first line will
prevent all lines in the file (including the 'echo off') from being
echoed. This solution, while upwardly compatible, is just plain ugly.
Also it causes problems if you take you batch files to a system running
a lower version of DOS.
To produce a blank line, you can use 'echo' followed by an unprintable
character (such as DEL), which makes creating or editing the file more
difficult, but seems to work in any version of DOS. Since some version
of DOS (not sure which), 'echo.' works, though I've never seen it
documented. I include the 'echo-space' patch mainly for upward
compatibility.
Users please note that these patches have been tested rather perfunctorily
and should be used with some caution. Definitely keep an unpatched copy
of COMMAND.COM on a bootable disk. If you mess up your regular copy of
COMMAND.COM, you won't be able to boot with it; you'll have to boot from
the floppy and copy the original COMMAND.COM over the messed up one before
you can reboot normally.
Following the presentation of the patches for the various DOS versions,
I list a couple of batch files I use for effecting the patches. Following
that I list the dis-assembled code around the patched areas so that those
with DOS versions other than those shown will be able to find the proper
offsets.
Remember to add 100h to offsets when patching with DEBUG.
OFFSETS for patches to COMMAND.COM for IBM PCDOS 3.30 or COMPAQ PCDOS 3.31
Default environment size of 512 bytes
[0DB8] = 0A 00 -> 20 00
(any size environment from 160 to 32768 bytes (000A to 0800 hex) can be
made the default by coding the amount, divided by 16, in hexadecimal
digits, at the address shown with the low order byte first)
ECHO OFF for AUTOEXEC.BAT
[1204] = 03 -> 02
Echo off for batch files except AUTOEXEC.BAT
[1C68] = 01 -> 00
ECHO<space> produces blank line
[3E29] = E8 20 00 74 -> 83 F9 01 72
COMMAND.COMs in IBM 3.30 and COMPAQ 3.31 appear to be identical except
for version no., identification and copyright strings.
OFFSETS for patch to COMMAND.COM for Microsoft MSDOS 3.30
Default environment size of 512 bytes
[0DB8] = 0A 00 -> 20 00
ECHO OFF for AUTOEXEC.BAT
[1205] = 03 -> 02
Echo off for batch files except AUTOEXEC.BAT
[1C68] = 01 -> 00
ECHO<space> produces blank line
[3E29] = E8 20 00 74 -> 83 F9 01 72
Microsoft MSDOS 3.30 COMMAND.COM has some minor differences with IBM
PCDOS 3.30 (besides identification and copyright strings) and there is
one offset which is changed ([1205] instead of [1204]).
Following are two batch files PATCH.BAT and UNPATCH.BAT for installing
and un-installing the patches for IBM PC-DOS 3.30. It should be easy
enough to modify this for other DOS 3 versions.
--------------------- PATCH.BAT for IBM PCDOS 3.30 --------------------
echo off
echo INSTALL COMMAND.COM PATCHS FOR IBM PC-DOS 3.30 OR COMPAQ PC-DOS 3.31
rem usage PATCH [filespec]
rem Patch 1. Default environment size is 512 bytes
rem Patch 2. ECHO OFF default for AUTOEXEC.BAT
rem Patch 3. ECHO OFF default for batch files except AUTOEXEC.BAT
rem Patch 4. ECHO-space produces blank line
if "%1"=="" goto :default
set $s=%1
echo About to modify %$s%
goto pause
:default
set $s=COMMAND.COM
echo About to modify %$s% in the default drive and directory
:pause
pause
if not exist %$s% goto error
echo Creating PATCH.TMP...
echo e0EB8 >patch.tmp
echo 20 00 >>patch.tmp
echo e1304 >>patch.tmp
echo 02 >>patch.tmp
echo e1D68 >>patch.tmp
echo 00 >>patch.tmp
echo e3F29 >>patch.tmp
echo 83 F9 01 72 >>patch.tmp
echo w >>patch.tmp
echo q >>patch.tmp
debug %$s% <patch.tmp
echo Deleting PATCH.TMP
del patch.tmp
echo Modification complete. Reboot system . . .
pause
goto exit
:error
echo %$s% not found
:exit
----------------------- END OF PATCH.BAT ---------------------------
---------------- UNPATCH.BAT for IBM PCDOS 3.30 --------------------
echo off
echo UNINSTALL COMMAND.COM PATCHS FOR IBM PC-DOS 3.30 OR COMPAQ PC-DOS 3.31
rem usage UNPATCH [filespec]
rem Patch 1. Default environment size is 160 bytes
rem Patch 2. ECHO ON default for AUTOEXEC.BAT
rem Patch 3. ECHO ON default for batch files except AUTOEXEC.BAT
rem Patch 4. ECHO-space produces "ECHO is on|off"
if "%1"=="" goto :default
set $s=%1
echo About to modify %$s%
goto pause
:default
set $s=COMMAND.COM
echo About to modify %$s% in the default drive and directory
:pause
pause
if not exist %$s% goto error
echo Creating PATCH.TMP...
echo e0EB8 >patch.tmp
echo 0A 00 >>patch.tmp
echo e1304 >>patch.tmp
echo 03 >>patch.tmp
echo e1D68 >>patch.tmp
echo 01 >>patch.tmp
echo e3F29 >>patch.tmp
echo E8 20 00 74 >>patch.tmp
echo w >>patch.tmp
echo q >>patch.tmp
debug %$s% <patch.tmp
echo Deleting PATCH.TMP
del patch.tmp
echo Modification complete. Reboot system . . .
pause
goto exit
:error
echo %$s% not found
:exit
---------------------- END OF UNPATCH.BAT -------------------------
Below, I present sections of code from IBM PCDOS 3.30, dis-assembled with
DEBUG so that those with versions of DOS other than the ones listed above
can find the offsets for their COMMAND.COM.
As you probably know, various OEM's (IBM, Compaq, AT&T, Tandy, Olivetti,
Toshiba, etc.) all license MS-DOS from Microsoft. (I've heard something
to the effect that IBM did the development work on DOS 4.0 and sold it
back to Microsoft, but I'm not sure about that). Anyway, the OEMs are
free to make their own modifications, supposedly to tailor the system to
their hardware so, there are a multitude of MS/PC-DOS versions, all slightly
different at the code level. Since they get the source, modify it, and re-
compile, the smallest change can result in a completely different binary.
In every DOS 3 version I've seen so far, the sections of code to be patched
are unchanged, they are simply shifted in position so it's just a question
of locating the correct offsets by searching for strings of bytes from the
sections of code listed below. The main trick here is to avoid addresses
in the code which are likely to be different (most absolute addresses will
be different while relative addresses may or may not be different). Assuming
you're handy with DEBUG or a similar debugger and know some 8088 assembly,
you should be able to pull it off. If DEBUG's search command is too limited,
you might try Unassembling the whole COMMAND.COM to a text file and using
an editor or lister utility to search.
Here are the sections of code from IBM PCDOS 3.30:
First, a minor formality,
-d 1490 l9f
5BBB:1490 28 43 29 43 6F 70 79 72-69 67 68 74 20 49 6E 74 (C)Copyright Int
5BBB:14A0 65 72 6E 61 74 69 6F 6E-61 6C 20 42 75 73 69 6E ernational Busin
5BBB:14B0 65 73 73 20 4D 61 63 68-69 6E 65 73 20 43 6F 72 ess Machines Cor
5BBB:14C0 70 20 31 39 38 31 2C 20-31 39 38 37 0D 0A 20 20 p 1981, 1987..
5BBB:14D0 20 20 20 20 20 20 20 20-20 20 20 28 43 29 43 6F (C)Co
5BBB:14E0 70 79 72 69 67 68 74 20-4D 69 63 72 6F 73 6F 66 pyright Microsof
5BBB:14F0 74 20 43 6F 72 70 20 31-39 38 31 2C 20 31 39 38 t Corp 1981, 198
5BBB:1500 36 0D 0A 00 4C 69 63 65-6E 73 65 64 20 4D 61 74 6...Licensed Mat
5BBB:1510 65 72 69 61 6C 20 2D 20-50 72 6F 67 72 61 6D 20 erial - Program
5BBB:1520 50 72 6F 70 65 72 74 79-20 6F 66 20 49 42 4D Property of IBM
The environment size
-u e9c l29
3576:0E9C A10200 MOV AX,[0002]
3576:0E9F 8C1E1B0D MOV [0D1B],DS
3576:0EA3 8C1E1F0D MOV [0D1F],DS
3576:0EA7 8C1E130D MOV [0D13],DS
3576:0EAB A3E50B MOV [0BE5],AX
3576:0EAE C70652164500 MOV WORD PTR [1652],0045
3576:0EB4 C70650160A00 MOV WORD PTR [1650],000A <-- ch. to whatever
3576:0EBA BA6B4D MOV DX,4D6B
3576:0EBD B104 MOV CL,04
3576:0EBF D3EA SHR DX,CL
3576:0EC1 89165A16 MOV [165A],DX
Just searching for '0A 00' should find this one.
Echo off for AUTOEXEC.BAT
-u 12fd l27
3576:12FD A1970B MOV AX,[0B97]
3576:1300 C606ED0B03 MOV BYTE PTR [0BED],03 <-- ch. to 02
3576:1305 C706FC0B0100 MOV WORD PTR [0BFC],0001
3576:130B 8EC0 MOV ES,AX
3576:130D 33FF XOR DI,DI
3576:130F B000 MOV AL,00
3576:1311 AA STOSB
3576:1312 B001 MOV AL,01
3576:1314 AA STOSB
3576:1315 33C0 XOR AX,AX
3576:1317 AB STOSW
3576:1318 AB STOSW
3576:1319 AA STOSB
3576:131A AB STOSW
3576:131B AB STOSW
3576:131C B8FFFF MOV AX,FFFF
3576:131F B90A00 MOV CX,000A
3576:1322 F3 REPZ
3576:1323 AB STOSW
Searching for '03 C7 06' works in the 3.30 versions I've seen. Searching
for '8E C0 33 FF B0 00' worked in 3.20 - 3.30. All those STOSW/B's should
stand out pretty well.
Echo off for other batch files
-u 1d55
3576:1D55 26 ES:
3576:1D56 803EFF0B01 CMP BYTE PTR [0BFF],01
3576:1D5B 7403 JZ 1D60
3576:1D5D E8A407 CALL 2504
3576:1D60 E8AA1C CALL 3A0D
3576:1D63 26 ES:
3576:1D64 A0ED0B MOV AL,[0BED]
3576:1D67 2401 AND AL,01 <-- ch. to 00
3576:1D69 50 PUSH AX
3576:1D6A 33C0 XOR AX,AX
3576:1D6C 26 ES:
3576:1D6D F706970BFFFF TEST WORD PTR [0B97],FFFF
3576:1D73 7414 JZ 1D89
Look for '24 01 50 33 C0'.
Echo-blank produces blank line
-u 3f12 l25
3576:3F12 E89400 CALL 3FA9
3576:3F15 7212 JB 3F29
3576:3F17 8E1E9142 MOV DS,[4291]
3576:3F1B 7506 JNZ 3F23
3576:3F1D 800EED0B01 OR BYTE PTR [0BED],01
3576:3F22 C3 RET
3576:3F23 8026ED0BFE AND BYTE PTR [0BED],FE
3576:3F28 C3 RET
3576:3F29 E82000 CALL 3F4C -> 83F901 CMP CX,+01
3576:3F2C 7409 JZ 3F37 -> 7209 JB 3A26
3576:3F2E BA8200 MOV DX,0082
3576:3F31 E810F1 CALL 3044
3576:3F34 E9AFF0 JMP 2FE6
Look for 'BA 82 00 E8'.
Good luck and let me know if you have problems with these patches.
--
John Wright ////////////////// Phone: 902-424-3805 or 902-424-6527
Post: c/o Dr Pat Lane, Biology Dept, Dalhousie U, Halifax N.S., CANADA B3H-4H8
Cdn/Eannet:lane@cs.dal.cdn Uucp:lane@dalcs.uucp or {uunet watmath}!dalcs!lane
Arpa:lane%dalcs.uucp@uunet.uu.net Internet:lane@cs.dal.ca
--
John Wright ////////////////// Phone: 902-424-3805 or 902-424-6527
Post: c/o Dr Pat Lane, Biology Dept, Dalhousie U, Halifax N.S., CANADA B3H-4H8
Cdn/Eannet:lane@cs.dal.cdn Uucp:lane@dalcs.uucp or {uunet watmath}!dalcs!lane
Arpa:lane%dalcs.uucp@uunet.uu.net Internet:lane@cs.dal.ca