Viruses Like Activities-2

Deactivating Ctrl+Alt+Del

we can write a TSR which ensures that the user cannot use Ctrl-Alt-Del combination to reboot the computer. This can be achieved by letting the ROM-BIOS routine get called and then setting the Ctrl and Alt bits in 417h to 0 using the statement, *kb = *kb & 0xF3 ;

Here is a program which shows how this can be achieved.

#include "dos.h"

void interrupt ( *prev )( ) ;

void interrupt our( ) ;

char far *kb = ( char far * ) 0x417 ;

main( )

{

prev = getvect ( 9 ) ;

setvect ( 9, our ) ;

keep ( 0, 1000 ) ;

}

void interrupt our( )

{

( *prev )( ) ;

*kb = *kb & 0xF3 ;

}

Changing Screen Color

The following TSR changes the screen color every 10 seconds.

#include "dos.h"

void interrupt newroutine( ) ;

void interrupt ( *oldroutine )( ) ;

char far *s = ( char far * ) 0xB8000000 ;

int k = 0, i, color = 0 ;

main( )

{

oldroutine = getvect ( 8 ) ;

setvect ( 8, newroutine ) ;

keep ( 0, 1000 ) ;

}

void interrupt newroutine( )

{

k++ ;

if ( k > 182 )

{

for ( i = 1 ; i <= 3999 ; i += 2 )

*( s + i ) = color ;

color++ ;

}

( *oldroutine )( ) ;

}

In main( ) we first change the address in IVT corresponding to interrupt number 8 (timer) so that instead of pointing to a ROM - BIOS routine it points to our TSR. However we save the address of the ROM-BIOS routine in the variable oldroutine. Every time the timer ticks and interrupt occurs control would now reach newroutine( ) where we increment k. As soon as k exceeds 182 (that is after every 10 seconds) we assign a value color to all the color bytes in VDU memory. Consequently the color of the screen would change. Irrespective of whether the color of the screen is changed or not control is passed to ROM-BIOS routine through the statement

( * oldroutine )( ) ;

Create an EXE file, quit out of Turbo-C and then run the program and then decide for yourselves, whether you would like to do programming in C or COBOL rest of your life. These are just a few tricks that one can perform with TSR's. There are infinite more tricks! All that you have to do is let your mind soar high and heart roam free... rest believe me would be a cakewalk!

The Printer Is Virused

Yes, that is what I believed when I tried to print out a file and found that my printer is printing all gibberish. I checked the file and found it in perfect shape. I called the hardware man and got my printer checked up. It too was alright. Then I realised may be my computer is virused, and to my horror I found it was. All that this virus was doing was every time a was to be printed it printed b, everytime a b was to be printed it printed c and so on. Hence the gibberish. Here is a program that does something similar.

#include "dos.h"

void interrupt newroutine( ) ;

void interrupt ( *oldroutine )( ) ;

main( )

{

oldroutine = getvect ( 23 ) ;

setvect ( 23, newroutine ) ;

keep ( 0, 1000 ) ;

}

void interrupt newroutine( )

{

if ( _AH == 0 ) /* use underscore not minus */

_AL = _AL + 1 ; /* use underscore not minus */

( *oldroutine )( ) ;

}

To understand its working we will have to understand how normal printing is carried out. Whenever Wordstar or dBASE or whatever sends a file for printing it takes the help of ROM-BIOS routine to carry out the printing. This ROM-BIOS routine uses CPU registers called AH and AL to print a character. For example, if 'A' is to be printed then the AH register should contain a zero whereas the AL register should contain 'A'. Similarly if '+' is to be printed AH should contain zero and AL should contain '+'. The above program tinkers around with the contents of AH and AL registers using pseudo variables _AH and _AL provided by Turbo C. Any change in the pseudo variables is reflected in CPU registers. Our program is a TSR which has caught hold of the printer interrupt (interrupt number 23). Every time interrupt 23 occurs (and it would occur every time a printout is to be taken) the TSR monitors whether AH register contains a zero. If it finds so it coolly increments the contents of AL and sends it to the printer. Hence in place of 'A' a 'B' gets printed.

The Printer is Jammed

With this program on the roll, you can make the printer jam! The stationery attached to the printer advances by one line when an end of line is reached or 80 characters have been printed on the same line (assuming that we are using an 80 column printer). The end of line is signified by a \r and \n (carriage return and line feed) combination. When a \r is sent to the printer, the printer head is brought to the beginning of the same line, whereas when a \n is sent the stationery is advanced by one line. The global variable counter keeps a track of the number of characters printed in the current line. Once 80 characters have been printed in a line a \r is placed in _AL and the print routine is called. This places the printer head at the beginning of the same line. Thus the TSR sees to it that everything sent to the printer is printed on the same line.

#include "dos.h"

void interrupt newroutine( ) ;

void interrupt ( *oldroutine )( ) ;

int counter ;

main( )

{

oldroutine = getvect ( 23 ) ;

setvect ( 23, newroutine ) ;

keep ( 0, 1000 ) ;

}

void interrupt newroutine( )

{

if ( _AH == 0 )

{

counter++ ;

if ( counter == 80 )

{

counter = 0 ;

_AL != '\r' )

}

else

{

if ( _AL == '\n' )

_AL = '\r' ;

}

( *oldroutine)( ) ;

}

else

( *oldroutine)( ) ;

}

But remember the above programs have not virused the printer. Nor are they viruses in true sense. Why ? One because no virus can go and sit inside the printer. Second because these programs do not spread and infect other programs. But all in all they are pure fun. One small reminder again, compile the programs to get .EXE files and then run them at DOS prompt after quitting out of Turbo C and not through DOS shell.