Category : System Diagnostics for your computer
Archive   : TRPDSK1.ZIP
Filename : TRAPDISK.DOC

 
Output of file : TRAPDISK.DOC contained in archive : TRPDSK1.ZIP
TRAPDISK.COM
Version 1.0

PURPOSE

"Trap Disk" (TRAPDISK.COM) is NOT a game! It is a further attempt to
prevent pranksters from destroying your data. The proliferation of the
"Trojan Horse" type programs which proport to be games but actually plant
bombs in your system which format your hard disk or erase the disk
directory, has prompted the writing of this program, as well as
CHK4BOMB.EXE ("Check for Bomb"). This program is based on BOMBSQAD.COM by
Andy Hopkins.

CHK4BOMB.EXE reads the program file from disk and attempts to spot dangerous
code and suspicious messages, but since code is often a function of run
time memory situations, it could miss spotting the "bombs".

TRAPDISK.COM is a program that intercepts calls to the BIOS code in ROM as a
suspicious program is run, displays what is going to happen during the
call, and asks if you want to continue. You can abort or continue as you
see fit.

INSTRUCTIONS FOR RUNNING TRAPDISK.COM

Type "TRAPDISK" and one or more of the following letters (upper or lower):
"R" to stop on a request to READ a sector
"W" to stop on a request to WRITE to a sector
"V" to stop on a request to VERIFY a sector
"F" to stop on a request to FORMAT a track
"U" to 'UNINSTALL' TRAPDISK - note that program will not be
active, but memory can not be reused until the system
is rebooted.
"H" or "?" to display a brief command summary (will not install
TRAPDISK).

To change any of the instructions, just run the program again with the new
letters; although TRAPDISK is a memory-resident program, once
installed it will not attempt to re-install itself.

Remember that TRAPDISK will stop only on those requests specified the last
time it was invoked. If you start it with "F" only to stop on a FORMAT
call, and later want to add "W" to stop on a WRITE call, you must specify:
TRAPDISK FW on the DOS command line.

IF NO LETTERS ARE SPECIFIED: TRAPDISK will remain active but will not stop
on any disk calls. If TRAPDISK is not installed, a "blank" call will
install it in memory.

SUGGESTION: Try TRAPDISK R to stop on a READ request and then try a DIR
command. Watch the operation on TRAPDISK when disk READS are called. This
will give you an indication of how the program works.



MESSAGES

When TRAPDISK detects a call to the BIOS routines, it checks to see if the
stop condition is met. If the function has not been selected, TRAPDISK
will pass control directly to the BIOS disk routine. If, however, a stop
has been requested before a disk function occurs, TRAPDISK will display the
following message:

|--------------------------------------|
| DISK MONITOR |
|--------------------------------------|
| Break on request to READ |
| |
| DRIVE HEAD TRACK SECTOR NUMBER |
| A: 0 26 1 9 |
| Data address 0BA9:00F0 |
| Return address 0070:0143 |
| |
| to Abort to Perform |
| to perform & disable trapdisk |
|--------------------------------------|

DRIVE is the requested drive (A-D).
HEAD is the side or head (0-1) for diskette (0-3 or more) for
hard disk.
TRACK is the cylinder or track in decimal (0-39 or more).
SECTOR is the starting sector number in decimal (1-8 or 1-9 or
more).
NUMBER is the number of sectors involved in the operation.
DATA ADDRESS (in HEX) is where the data is stored or read from.
RETURN ADDRESS (in Hex) is the return address for the calling program (i.e.
the address where execution will resume after Int 13
completes).

PRESSING THE ESCAPE KEY causes TRAPDISK to return to the calling program
with the error code for time out. The disk operation is NOT performed.
The action the program may take on this error will vary, but the requested
disk function will NOT take place.

PRESSING THE RETURN KEY causes the program to carry on as if TRAPDISK did
not exist for this call. Be warned that if you request a stop on a READ
operation, you will press the Return key many times just to read one file
as DOS searches directories and the FAT! Instructive, but not too useful.

PRESSING THE DEL KEY causes the program to carry on (just like RETURN), but
there is a difference. DEL will shut down any further checking. The only
way to enable checking again is to call TRAPDISK with command-line
arguments (as described above). This key is very useful in cases where you
have forgotten that TRAPDISK is installed and want to disable it so you can
get on with your work!


CHANGES & IMPROVEMENTS versus BOMBSQAD.EXE

"TRAPDISK" has added a command-line help that functions without installing
the resident code. It corrects a bug in "BOMBSQAD" that incorrectly
reported hard disk drive letters. It extends the BIOS calls beyond the
diskette interrupt calls to some of the hard disk specific calls (Read
Long, Write Long, Format Bad Sector, Format Whole Disk) that "BOMBSQAD"
does not handle. And it has added the "RETURN ADDRESS" information and the
"Del" key to the pop-up window.


TECHNICAL NOTES

This program can only trap access requests that go through Int 13h.
All of the DOS disk calls for standard disk/diskette devices are routed
through this interrupt. However, access to installed devices (like some RAM
disks or OEM add-on packages like TALLGRASS & SYSGEN) is often through
vendor-sipplied device drivers. These drivers are known to DOS and are
used in lieu of Int 13h to access these devices. TRAPDISK CAN ONLY CAPTURE
ACCESS REQUESTS FOR DEVICES THAT ARE CONTROLLED VIA INT 13h!!! Ergo, any
"devices" that use installed device drivers could be compromised by a well-
placed trojan horse program, even if TRAPDISK is active.

The moral: DO NOT depend on TRAPDISK to protect your add-on hard disks from
damage from a trojan horse algorhythm!


COPYRIGHT AND DISTRIBUTION

In the spirit of Mr. Hopkins original program, feel free to copy and
distribute this program. We make no claim on any sort of copyright, since
this program is based on BOMBSQAD!



  3 Responses to “Category : System Diagnostics for your computer
Archive   : TRPDSK1.ZIP
Filename : TRAPDISK.DOC

  1. Very nice! Thank you for this wonderful archive. I wonder why I found it only now. Long live the BBS file archives!

  2. This is so awesome! 😀 I’d be cool if you could download an entire archive of this at once, though.

  3. But one thing that puzzles me is the “mtswslnkmcjklsdlsbdmMICROSOFT” string. There is an article about it here. It is definitely worth a read: http://www.os2museum.com/wp/mtswslnk/