Category : Dbase (Clipper, FoxBase, etc) Languages Source Code
Archive   : BULLETIN.ZIP
Filename : 1204.007

Output of file : 1204.007 contained in archive : BULLETIN.ZIP

Blink Inc. 3/12/92
Blinker Error 1204
Possible Virus

Blinker run time error 1204: "overlay file does not match .EXE file".

The conditions leading to this error can be most easily described for an
application created with external overlay files. When the first
overlaid procedure is about to be executed, the Blinker overlay manager
will open the appropriate overlay file. As the .OVL file is opened,
the header information inside the file(date and time the file was
created) is compared to the .EXE file header information. The 1204
error will occur if the header information for the .EXE and the .OVL do
not match. Blinker insists that the entire application be created at
one time.

In the case of an internally overlaid application, the overlaid
procedures are grouped together at the end of the .EXE, with the
equivalent of the .OVL file header information positioned just before
the overlay portion of the .EXE. The equivalent file header data is
compared to the .EXE file header when the first overlaid procedure is
about to be executed.

Possible causes:

(1). For externally overlaid applications, the .EXE file was created at
a different time than the .OVL file(s). The .OVL files must be
created by the same link as the .EXE file.

(2). A different version of the application has overwritten the
currently executing application.

(3). The .EXE file and/or the .OVL files have been modified since they
were created.

This last possibility can be the result of a virus. By coincidence, on
one day recently we received calls from three sites that had different
viruses. In each case the first indication of a problem was a Blinker
error message 1204 while running a Blinkered application.

It has been suggested that this error message intentionally be used to
check for the existence of a virus. This message would occur with an
internally or externally overlaid application whenever the first
overlaid procedure is attempted to be executed, if the .EXE had been
modified since the link was executed (as had occurred in these virus
contaminated situations).

An extraneous call to a (dummy) overlaid procedure could be placed at
the start of an application, before any DBF's are opened. Then if the
1204 error is encountered, the application will shut down, avoiding any
potential spread of the virus. For this condition, the text of the 1204
message could be modified to warn of a possible virus.

DATE 3/12/92
Copyright Blink, Inc. May not be reproduced without permission.