;----------------------------------------------------------------------------: ; HARD DISK SENTRY - FIXED DISK PROTECTION AGAINST TROJAN PROGRAMS : ; Copyright 1987 by Andrew M. Fried : ; : ; HDSENTRY is the copyrighted property of its author. You are free to use : ; this program without charge with my compliments. This program may be : ; freely distributed so long as the following limitations are adhered to: : ; o No charge is made for its distribution : ; o The product is distributed in unmodified form : ; o Documentation accompanies the program : ; o The author's copyright notice is left in the program : ; o No portion of this program is included into any commercial : ; package without written consent of the author : ; : ; Andrew M. Fried : ; 895 Cynthia Drive : ; Titusville, Fla. 32780 : ; (305) 268-4500 : ; : ;----------------------------------------------------------------------------: page 60,132 TITLE TITLE - HARD DISK SENTRY DISK PROTECTION UTILITY cseg segment byte public Public maincode, go, copyright, alert_msg, old_13, old_26, install, tsr Public sentry, which_disk, ok, abort, dummy, init, show_copr, get_int_13 Public set_int_13, set_int_26 maincode proc far assume cs:cseg org 100h ; used to create a com program go: jmp install copyright db 13,10 db '+-------------------------------------------+',13,10 db '| HARD DISK SENTRY 1.01 |',13,10 db '| (c) Copyright 1987 by Andrew M. Fried |',13,10 db '+-------------------------------------------+',13,10 db ' NO DESTRUCTIVE CALLS TO THE FIXED DISK',13,10 db ' WILL BE PERMITTED.',13,10,'$' alert_msg db 13,10,07,'<<< ALERT >>> Destructive disk call prevented!$' old_13 dd 0 ; address of original interrupt 13h old_26 dd 0 ; address of original interrupt 26h install: call init ; initialize system tsr: lea dx,init ; boundary of program mov cx,4 ; shift count used for division shr dx,cl ; transform from bytes to paragraphs inc dx ; add an extra paragraph for stragglers mov ax,3100h ; terminate & remain resident dos call int 21h ; ask dos to terminate & stay resident maincode endp ;---------------------------------------------------------------------------- ; This is the main guts of the program. Anytime a disk service is requested, ; this interrupt handler will be called. It acts much like a filter. Any ; calls involving the floppy disk are merely passed on to the original ; interrupt handler. If a call is made which points to a fixed disk, however, ; it is checked. If the call is destructive (write or format), the handler ; prevents it from occuring. Simple but quite effective. ;---------------------------------------------------------------------------- sentry proc which_disk: cmp dl,80h ; are we working on the hard disk? jb ok ; if not, simply continue on cmp ah,3 ; is it a write command? je abort ; if so, abort cmp ah,5 ; is it a format command? je abort ; if so, abort cmp ah,0bh ; is it an extended fd command? je abort ; if so, abort ok: jmp dword ptr [old_13] ; go back into original handler abort: push ax ; save registers push dx push ds mov ah,9 ; dos print string function request push cs ; insure ds = cs pop ds lea dx,alert_msg ; require ds:dx string addressing int 21h ; call dos to print string pop ds ; restore registers pop dx pop ax sub ah,ah ; show no error code return iret ; return to calling process sentry endp ;---------------------------------------------------------------------------- ; This procedure becomes the 'new' interrupt 26 handler. As you can see, ; when an application program makes this call they don't get much chance to ; do any damage. ;---------------------------------------------------------------------------- dummy proc sub ax,ax ; zero out the dx register push ax ; place extra word on stack iret ; return to caller with stack modified dummy endp ;---------------------------------------------------------------------------- ; This procedure sets the interrupt vectors and displays the copyright notice ; (which I ask that you leave undisturbed). ;---------------------------------------------------------------------------- init proc ; main initialization routine show_copr: mov ah,9 ; dos print string function request lea dx,copyright ; require ds:dx sstring addressing int 21h ; call dos to print string get_int_13: mov ax,3513h ; get hard disk interrupt vector int 21h ; use dos function call mov word ptr old_13,bx ; store offset mov word ptr old_13[2],es ;store segment set_int_13: mov ax,2513h ; make int 13 point to our handler lea dx,sentry ; get address of interrupt routine int 21h ; call dos to set new vector set_int_26: mov ax,2526h ; make int 26 point to our handler lea dx,dummy ; get address of interrupt routine int 21h ; call dos to set new vector ret ; installation is done init endp ;---------------------------------------------------------------------------- cseg ends end go