EVW v2.22 Copyright © 1991, 1992 Peter Stuer All rights reserved Release date March 18, 1992 FREEWARE User Manual KickStart 2.0 compatible DISCLAIMER EVW has been thoroughly tested and is the result of a constant process of changes and updates. The program has proven to be stable in everyday use. The author is not responsible for any loss of data, damages to software or hardware that may result directly or indirectly from the use of this program. PREFACE This program is freeware, this means that you can copy it freely as long as you don't ask any more money for it than a nominal fee for copying. If you want to distribute this program you should keep this document with it. This program cannot be used for commercial purposes without written permission from the author. If you have suggestions or remarks about this program, or if you find any bugs, please let me know. Write to the following address: Peter Stuer Kauwlei 21 B-2550 Kontich Belgium - Europe A MESSAGE FROM OUR SPONSORS... Our motto: "Safe Hex..." EVW can be kept up to date thanks to the energy and work put into a global anti-virus information bank founded by Erik Løvendahl Sørensen from Denmark. This group has over 120 international members now, among them some of the programmers of wellknown anti-virus programs like Steve Tibbet and Jonathan Potter. Among the activities of this group are: - Spreading information to anti-virus programmers as fast as possible. - Trying to get names and proof against virus programmers and giving the information to the justice departement of his/her country to press charges. - Writing articles in popular magazines to inform new Amiga users about viruses and how to protect themselves. All this is volunteer work. If you want some more information about this organization or you want to sponsor our work, contact Erik at the following address: Erik Løvendahl Sørensen Snaphanevej 10 4720 Præstø Denmark - Europe Phone: 00 45 53 79 25 12 Fidonet 2:230/114.26 1. Introduction =============== EVW stands for Early Virus Warning. It shows some memory locations of the Amiga operation system that are most likely to be changed by viruses. EVW checks these locations and if it finds a suspicious value it will put the message "Please Check" next to it. Else it will mark the vector as "OK". Whenever possible EVW will try to identify the program that is using the vector. This is not always possible. DON'T panic if some of the vectors have the "Please Check" message next to them. On some systems (especially the early Amiga 3000 computers) and on system with hardware expansions (such as autoboot harddisks or RAM expansion boards) the vectors are changed to cause the hardware to be reset and/or recognized after a warm start (Ctrl + Left Amiga + Right Amiga). If you are not sure what causes the change, first check for any ResModules. If there is an entry with an address that is close to any of the vector addresses, chances are that it is that ResModule that caused the change. This is not FAILSAFE method though. F.i. the TurboPrint Professional program (IrseeSoft) changes the KickMemPtr and the KickTagPtr. Only after a reset the ResModule becomes visible. Usage ----- EVW is for CLI usage only. Normally you will put this program in your startup-sequence so that it is executed every time you boot your Amiga. Simply type: 1> EVW EVW has one option, the -v (Verbose) option. If you use this option EVW will show all the resmodules it finds, even the ones in ROM. Without the -v option only the resmodules in RAM will be shown. NOTE: this is different from previous versions. 1> EVW -v A little information will be shown when you type: 1> EVW ? Known programs -------------- KickTags and ResModules will be identified by name or IdString. Arq 1.66 AssignX 1.2 by Steve Tibbett AutoCentre 1.2 by Colin Bell ClockTick 1.4 by MKSoft CPUBlit 1.00 by Eddy Carroll DoPro 1.5 by Michael Illgner EasyReqPatch by Nico François Explode library InstallBeep 1.1 KickStart 1.3 Exec Patch KickStart 2.0 SetPatch LVD x.xx by Peter Stuer NTSC4NTSC by Kai Bolay (1.2, 1.3) PatchLoadSeg v1.20 by Pieter van Leuven PatchNTSC PointerX 2.0 by Steve Tibbett R.O.M. SetPatch 1.38 SetStar TurboTopaz 1.0 by Preben Nielsen WBGauge 1.2 WShell ZKick (3.01) ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::: PROGRAM HISTORY ::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ::: Version 2.22 ::: March 18, 1992 ::::::::::::::::::::::::::::: o New recognized program in memory: Arq 1.66 ::: Version 2.21 ::: March 1, 1992 :::::::::::::::::::::::::::::: o Bug fix: SetPatch patches are now recognized OK. ::: Version 2.20 ::: January 27, 1992 ::::::::::::::::::::::::::: o New recognized programs in memory: CPUBlit 1.00 by Eddy Carroll DoPro 1.5 by Michael Illgner NTSC4NTSC 1.3 by Kai Bolay PointerX 2.0 by Steve Tibbett ZKick 3.01 Thanks go to Steffen Salzmann (Germany) for sending them to me. o Fixed a bug in the recognition of WBGauge 1.2. ::: Version 2.11 ::: December 27, 1991 :::::::::::::::::::::::::: o Aaargh, why doesn't everybody use KickStart 2.0 yet... Apparantly there was a huge bug in EVW which caused EVW to go bananas when being run under KickStart 1.3. The reason why this bug got through my tests is that I was testing a wrong version of EVW in a different path... ::: Version 2.10 ::: December 24, 1991 :::::::::::::::::::::::::: o Fixed a bug which would cause EVW to check some vectors that do not exist in KickStart 1.3. o All output is now buffered while traversing the systems lists using Forbid()/Permit() (as it should have been from the start...) o Fixed a bug in the scanning of the MemEntries. o New recognized programs in memory: AssignX 1.2 by Steve Tibbett AutoCentre 1.2 by Colin Bell ClockTick 1.4 by MKSoft InstallBeep 1.1 NTSC4NTSC 1.2 by Kai Bolay PatchNTSC SetStar TurboTopaz 1.0 by Preben Nielsen WBGauge 1.2 by Jean-Michel Forgeas Thanks go to Steffen Salzmann (Germany) for sending them to me. ::: Version 2.00 ::: December 1, 1991 ::::::::::::::::::::::::::: o EVW has been rewritten to use the same output format as BootX. Every device, resource or library in ROM is checked for possible changed vectors. o The presence or absence of an MMU is now shown in the system configuration display. o Removed the check for viruses. EVW is not ment to detect viruses by name. LVD takes care of this. EVW should be a tool to show the user unwanted changes in the system vectors. o Fixed the bug that caused EVW to crash somtimes when run under KickStart 1.3. o Added a version string. Use 'version EVW' when using KickStart 2.0 to know the version of EVW. ::: Version 1.31 ::: September 16, 1991 ::::::::::::::::::::::::: o EVW does not need the arp.library anymore ! o Optimized code and strings. o Added a check for LVD 1.50. ::: Version 1.30 ::: June 24, 1991 :::::::::::::::::::::::::::::: o The KickTag and ResModule check routines have been completely rewritten. o Change the ouput of EVW a bit. o Rewrote this doc file. ::: Version 1.22 ::: April 22, 1991 ::::::::::::::::::::::::::::: o Fixed a little bug that caused EVW to crash when LVD was installed under KickStart 1.3. ::: Version 1.21 ::: April 11, 1991 ::::::::::::::::::::::::::::: o Added a check for InitResident of the exec.library. The Saddam trojan horse uses it. o Added checks for NewLoadSeg and InternalLoadSeg (LVD 1.30 patches these too). o Fixed a little bug that caused the wrong values to be shown when checking the dos.library vectors under KickStart 2.0. ::: Version 1.20 ::: February 8, 1991 ::::::::::::::::::::::::::: o Added a check for the DOS vectors. o PatchLoadSeg and LVD are now recognized. o Added the display of several system parameters. o Added the Quick option. o Added the check of the ResModules. ::: Version 1.10 ::: January 31, 1991 ::::::::::::::::::::::::::: o Fixed the test for R.O.M. o Added checks for 3 more vectors. ::: Version 1.00 ::: January 31, 1991 ::::::::::::::::::::::::::: o Created. ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: © 1992 EVW v2.22 written by Peter Stuer thanks to Nico François for beta-testing and all the useful suggestions. _ _ // Thanks to \X/ Amiga for being the best computer ever !