Path: utzoo!yunexus!maccs!cs4g6ag From: cs4g6ag@maccs.dcss.mcmaster.ca (Stephen M. Dunn) Newsgroups: comp.sys.ibm.pc Subject: Re: .COM and .EXE files Message-ID: <253B310B.23002@maccs.dcss.mcmaster.ca> Date: 17 Oct 89 14:02:51 GMT Article-I.D.: maccs.253B310B.23002 References: <00092@citasim.UUCP> Reply-To: cs4g6ag@maccs.dcss.mcmaster.ca (Stephen M. Dunn) Organization: McMaster University, Hamilton, Ontario Lines: 43 In article <00092@citasim.UUCP> agray@citasim.UUCP (andrew gray) writes: $ I was just thinking about trojans and such that infect the COMMAND.COM $file, and I got a weird idea: $ I renamed COMMAND.COM to FIZZGIGG.FOO and placed a 'shelll=c:\fizzgigg.foo $/p' statement in my CONFIG.SYS file. $ My system booted exactly like normal. $ This got me to wondering about COM and EXE files, and whether there $would be any way to fool MS-DOS (or command.com) into using other extenders $for executable files, and ignoring COM and EXE altogether. $ Seems to me that this would add a small modicum of protection against $trojans or other programs that corrupt executable files. This will work fine as long as no programs you run have to shell out to DOS. If one of them does, though, you're in trouble. The loader in COMMAND.COM recognizes only two types of files: .COM and .EXE. When a program tries to shell out, it calls the loader, which tries to figure out what the *&$% to do with a .FOO file. You don't have this problem on bootup because it isn't the loader that's loading COMMAND.COM (or FIZZGIGG.FOO) ... at boot-time, all it does is a straight binary load of whatever file you tell it to load. It will load and try to execute a text file if you really want it to. Anyway, to get DOS to use files other than .COM and .EXE, you'd have to change COMMAND.COM to recognize your other extensions. The easiest way to do this would be just to change the bytes .COM and .EXE to whatever you want to use. Fine, until you try to run a program such as Lotus Symphony's Access which has the normal extensions built-in ... it will then complain. Alternatively, you can write your own COMMAND.COM replacement, complete with a new loader that recognizes more than just .COM and .EXE ... but that will take time on the order of man-months. Sorry. -- Stephen M. Dunn cs4g6ag@maccs.dcss.mcmaster.ca = "\nI'm only an undergraduate!!!\n"; ************************************************************************** Maybe if we're lucky they will show it again, such a terrible thing to see