kirsch@BRAGGVAX.ARPA (David Kirschbaum) (10/27/88)
| Date: Tue, 25 Oct 1988 19:24 MDT | From: Keith Petersen <W8SDZ@SIMTEL20.ARMY.MIL> | To: kirsch@braggvax.arpa | Subject: CONCOPY bug report | | Dave, this came from Usenet. Thought you would find it of interest. | | --Keith | | >From: farris@marlin.NOSC.MIL (Russell H. Farris) | Newsgroups: comp.binaries.ibm.pc.d | Subject: CONCOPY HANGS MY NCR-PC6 & DELETES COMMAND.COM | Date: 25 Oct 88 15:16:57 GMT | Keywords: concopy | | After decoding and de-arcing CONCOPY, I typed "concopy test | <return>." My NCR-PC6 crashed immediately, and would not reboot | from the hard drive. When I rebooted from a floppy, I found that | the COMMAND.COM file on the hard disk contained 0k. I haven't | found any evidence of a virus or other persisting problem, but I | was wondering if anyone else had had a similar experience with | this potentially useful program. | | Russ farris farris@marlin.nosc.mil Toad Hall replies: I disassembled my copy of CONCOPY.EXE (snarfed from SIMTEL20's CONCOPY.ARC). I see NO evidence of a virus. Here's what CONCOPY does: First, it parses the command line for a target output filename. If it finds one, it tries to open (for append) or create that file. If that goes well: It steals Interrupt 21H, and then executes COMMAND.COM (or whatever your system's "COMSPEC=" parameter is). On Int 21H calls, it checks for Services 2 (display output), 6 (direct keyboard/display I/O character), 9 (display message), 40H (write to file/dev). On Svcs 6 and 40H, it further checks to see if output is to Std Out (console). If the service request DOES involve console output, CONCOPY writes the output (char, string, or bytes in a DS:DX buffer) to the target filename. CONCOPY also has some checks for output file write errors, etc. All in all, I see no way CONCOPY could have blasted your COMMAND.COM. It doesn't do direct disk writes; it doesn't touch the FAT; etc. It DOES use a couple of undocumented DOS Int 21H services (50H, Set PSP Segment, and 62H, Get PSP Segment), but they're innocuous enough. I'd upload the disassembly, but (1) it isn't complete and functional; (2) it's not fully commented; and (3) I'm tired. Maybe later. Regards, David Kirschbaum Toad Hall kirsch@braggvax.ARPA