From: NETOPRWA@ncsuvm.ncsu.edu (Wayne Aiken)
Newsgroups: comp.sys.ibm.pc.misc
Subject: Larry Rainey's DOS 5.0 patches
Date: 1 Jul 91 04:17:44 GMT

This is from StarFleet BBS  (919) 782-3095  24 hrs  14.4HST/DS

------------------------------cut here----------------------------------


Below, I present sections of code from MicroSoft MSDOS 5.00,
dis-assembled with DEBUG so that those with versions of DOS other than
the ones listed above can find the offsets for their COMMAND.COM.

In every most DOS versions, most of the sections of code to be patched
are unchanged, they are simply shifted in position so it's just a
question of locating the correct offsets by searching for strings of
bytes from the sections of code listed below.  The main trick here is
to avoid addresses in the code which are likely to be different (most
absolute addresses will be different while relative addresses may or
may not be different).  Assuming you're handy with DEBUG or a similar
debugger and know some 8088 assembly, you should be able to pull it
off.  If DEBUG's search command is too limited, you might try
Unassembling the whole COMMAND.COM to a text file and using an editor
or lister utility to search.


Here are the sections of code from MicroSoft MSDOS 5.00:


The environment size

-u 165b

1111:165B 58            POP   AX
1111:165C C706C01E5100  MOV   WORD PTR [1EC0],0051
1111:1662 C706BE1E1000  MOV   WORD PTR [1EBE],0010  <<default envir. size>>
1111:1668 BAD498        MOV   DX,98D4
1111:166B B104          MOV   CL,04
1111:166D D3EA          SHR   DX,CL
1111:166F 8916CE1E      MOV   [1ECE],DX
1111:1673 2BC2          SUB   AX,DX
1111:1675 A39802        MOV   [0298],AX
1111:1678 A12C00        MOV   AX,[002C]

Just searching for '10 00' should find this one.


Echo off for AUTOEXEC.BAT

-u 1a7d

1111:1A7D A15202        MOV   AX,[0252]
1111:1A80 C606A60203    MOV   BYTE PTR [02A6],03   <<Change 03 to 02 for
1111:1A85 C706B5020100  MOV   WORD PTR [02B5],0001   ECHO OFF in AUTOEXEC.BAT>>
1111:1A8B 8EC0          MOV   ES,AX
1111:1A8D 33FF          XOR   DI,DI
1111:1A8F B000          MOV   AL,00
1111:1A91 AA            STOSB
1111:1A92 B001          MOV   AL,01
1111:1A94 AA            STOSB
1111:1A95 33C0          XOR   AX,AX
1111:1A97 AA            STOSB
1111:1A98 AB            STOSW
1111:1A99 AB            STOSW
1111:1A9A AA            STOSB
1111:1A9B AB            STOSW
1111:1A9C AB            STOSW

Searching for '03 C7 06' works or 'AA AB AB AA' should find this


Echo off for other batch files

-u 2ace

1111:2ACE 26            ES:
1111:2ACF A0A602        MOV   AL,[02A6]
1111:2AD2 2401          AND   AL,01         <<change 01 to 00 for ECHO OFF
1111:2AD4 50            PUSH  AX              in regular bat files>>
1111:2AD5 33C0          XOR   AX,AX
1111:2AD7 26            ES:
1111:2AD8 F7065202FFFF  TEST  WORD PTR [0252],FFFF
1111:2ADE 7414          JZ    2AF4
1111:2AE0 26            ES:
1111:2AE1 A15202        MOV   AX,[0252]
1111:2AE4 26            ES:
1111:2AE5 803EB80201    CMP   BYTE PTR [02B8],01
1111:2AEA 7408          JZ    2AF4
1111:2AEC 06            PUSH  ES
1111:2AED 8EC0          MOV   ES,AX

Look for '24 01 50 33 C0'.

Larry Rainey  6/11/91

Recapped in easy keyin format:


DEBUG COMMAND.COM
-E 1666 10 20
-E 1A84 03 02
-E 2AD3 01 00
-W
-Q

will make echo off the default and set you environment to 512 (x'20')



Wayne Aiken             netoprwa@ncsuvm.bitnet         "You can BE what
PO Box 30904            netoprwa@ncsuvm.cc.ncsu.edu     you WON'T!!"
Raleigh, NC  27622      slack@ncsu.edu                   --"Bob"
(919) 782-8171          StarFleet BBS: (919) 782-3095