                       Come Out of Hiding
       (PC Magazine Vol 4 No 22 October 29, 1985 PC Tutor)

     Copy-protected software that can be installed on a hard disk
often creates "hidden" files.  These files do not show up in a DIR
listing, so they cannot be deleted with the DEL command, but they
prevent RMDIR from removing the directory.  You can see these files
by running CHKDSK with the /V parameter.  Microsoft Word's installation
program creates four hidden files in a subdirectory names \MSTOOLS.
These are MW.COM, MW.COD, MW.DAT and MWA.
     REVEAL.COM, created with DEBUG, will turn hidden files into
normal files.  You can then delete them.  When running REVEAL, one
and only one space must separate the word REVEAL from the filename
(with optional drive and path indicators), thus:
          REVEAL C:\MSTOOLS\MW.COM
The program does not report errors -- if you see the file when you do
a DIR listing, you know the program worked.
     To summarize: run CHKDSK/V to see the hidden files; use REVEAL
to change them to normal files; get rid of them with DEL; and finally
remove the subdirectory with RMDIR.
     You must use this technique with caution for other copy-protected
programs.  Since some such programs cannot be installed on a hard disk
a second time, you should be absolutely sure that removing the hidden
files from your hard disk is really what you want.

A>DEBUG
-A 100
xxxx:0100  MOV SI,0080
xxxx:0103  MOV BL,[SI]
xxxx:0105  SUB BH,BH
xxxx:0107  MOV BP [SI+BX+1],0
xxxx:010C  MOV DX,0082
xxxx:010F  MOV CX,0000
xxxx:0112  MOV AL,01
xxxx:0114  MOV AH,43
xxxx:0116  INT 21
xxxx:0118  INT 20
xxxx:011A
-N REVEAL.COM
-R CX
CX 0000
:001A
-W
Writing 001A bytes
-Q

-----------------------------------------------------------------
                         File Protector
       (PC Magazine Vol 4 No 25 Dec 10, 1985 User-to-User)

     Hidden files are immune to deletion, but they're also invisible
to the DIR command, and you can't tell that they're there unless you
have access to a special utility.  The routine below uses DOS Interrupt
43h to alter the attribute byte of a file and make it read-only.  The
protection is not infallible (you can easily write over a file with a
program that has the same name).  However, any file protected this way
can be listed by DIR but is invisible to the DEL command.  This trick
protects files only; to create another utility that will unprotect
them, change the  MOV CX,21  line to  MOV CX,20  and the  N PERM.COM
line to  N UNPERM.COM.
     If you turn on the hidden file attribute for a subdirectory entry,
the subdirectory remains hidden to casual users, but you can still CD
to it, add or delete files in it, place it on your PATH, and execute
programs in it from other subdirectories.  This can be useful when you
want to keep several programs in a semi-protected state.
     Editor's Note:  You don't need a special utility to see what
hidden files are on your disk.  Just type CHKDSK/V and they'll all
show up (along with all the other files on your disk).  To create the
PERM.COM and UNPERM.COM files, type the instructions into a file called
SCRIPT, then make the two changes in the text above and create another
file called SCRIPT2.  Then use DEBUG 2.0 or later and type
DEBUG < SCRIPT.  Then, on the next line, type  DEBUG < SCRIPT2  to
create the files.  To use them, type  PERM filename  to protect the
file, and  UNPERM filename  to unprotect it.  Trying to delete a
PERMed file will result in the message, "Access denied."

A 100
MOV BX,80
INC BX
CMP BYTE PTR [BX],20
JZ 103
MOV DX,BX
INC BX
CMP BYTE PTR [BX],0D
JZ 116
CMP BYTE PTR [BX],20
JNZ 10B
MOV BYTE PTR [BX],0
MOV CX,21             (Change to  MOV CX,20  for UNPERM.COM)
MOV AL,1
MOV AH,43
INT 21
INT 20

RCX
24
N PERM.COM   (Change to  N UNPERM.COM  for UNPERM.COM)
W
Q

-----------------------------------------------------------------
                         Security Trick
       (PC Magazine Vol 4 No 24 Nov 26, 1985 User-to-User)

     It's fairly simple to prevent a nonexpert from using your system.
The trick involves using DEBUG to patch COMMAND.COM.
     When DOS boots, it looks to see whether an AUTOEXEC.BAT file is in
your root directory; if it is, DOS passes control to it.  So the first
thing you have to do is patch COMMAND.COM so it looks for another .BAT
file, such as SAMPLE.BAT:

DEBUG COMMAND.COM
E 1078 "SAMPLE.BAT  "
W
Q
     Note that there are two blank spaces between the .BAT and the
second set of quotation marks.  These spaces are needed, since
SAMPLE.BAT is two letters shorter than AUTOEXEC.BAT.  If the name of
your new boot program is shorter than 11 characters (actually 12
including the period), be sure to pad the new name with enough extra
spaces to add up to all 12 characters.
     An example of a new SAMPLE.BAT boot program that would shock an
unauthorized user is:

ECHO OFF
CLS
ECHO Unauthorized Access !!
ECHO Damage will result
ECHO if you do not turn
ECHO this computer off
ECHO immediately !!
ECHO 5
ECHO 4
ECHO 3
ECHO 2
ECHO 1
ECHO 0
CLS
PROMPT Error

     If the user manages to get through this shock, further tricks can
thwart access to your files.  Since the first thing most users do with
an unfamiliar system is execute a DIR command, you can alter
COMMAND.COM to change DIR to CAT (for CATalog), and change the error
message that will result when DOS sees the now unknown command DIR.
At the DOS prompt, type:

DEBUG COMMAND.COM
E 3ADD "CAT"
E 367C "Unauthorized Access !  "
W
Q
     As with the previous example, if your new message is shorter than
the existing one, add trailing blanks.  You can use the CAT command
yourself to replace the standard DIR command; all an unauthorized user
will get by typing in DIR is an "Error" prompt and the new error
message you've created.
     Editor's Note:  The addresses given above are for DOS 2.1 only,
but it's simple to use the DEBUG S (Search) command to find the
patching locations in other versions of DOS.  First type:  DEBUG
COMMAND.COM.  At the DEBUG prompt, type RXC <Enter>.  DEBUG will print
out the length of your COMMAND.COM file in hex notation.  Hit the
Enter key again to get the prompt back.  Then, to search for the
location of AUTOEXEC.BAT, type:  S 100 xxxx "AUTOEXEC" (but be sure
to substitute the hex length RCX specified in place of the xxxx).  Use
the same trick to search for the DIR command and the "Bad command or
filename" message.
     DEBUG will search through your file and print out the address of
any matching strings of characters it finds.  In the case of something
liek DIR, it will find several occurrences, so you have to figure out
which one to replace.  You can do this by using the DEBUG D (Dump)
command.  Just type D yyyy (substituting an address the S command
specified in place of the yyyy).  The proper DIR is the one immediately
followed by other DOS commands such as RENAME and REN.  In DOS 3.1,
for instance, AUTOEXEC.BAT is at address 130F, DIR at 4D11, and the
"Bad command ..." message at 4750.
     Using the PROMPT Error trick is indeed nasty, but especially
with a fast machine like the AT, the SAMPLE.BAT batch file goes by
almost too quickly to read.  In addition, the initial ECHO OFF is a
tipoff that a batch file is doing the mischief.  This trick is
presumably for a hard disk system; all an experienced user has to do
to circumvent it is stick a normal DOS disk in drive A: and boot the
system with a conventional COMMAND.COM.  Still, the CAT trick is a
good one, and it will keep the quick snoops away.
                                                                                                                                