Fun with ALT
ASCII Table
How to make directories inaccessible from DOS (And Windoze `95!)
How to get into these directories
Phun with phile names
Renaming internal commands (Like changing DIR to ZUD)
How to make a batch file that locks an intruder into a subdirectory
Hiding text within a simple text file.
MÓrÐ TÕ Çømè
Fun with ALT

This can be a rather nifty trick if you have something that you want to keep private on your computer. Through out my directions I use the HEX character FF. It isn't displayed by DOS at all. (A third party program that's menu driven like Norton Change Directory and windoze will by-pass this trick, even if the directory is hidden). Now, if you want, you can even use mostly regular ASCII text and add just one inconspicuous extended ASCII character like an e with a dot over it.

One way to make a directory or file that cannot be accessed from DOS is to make a BATCHFILE with copy con or edlin or edit and modify it with debug.

That is the hard way to do it. I would only use this method if you are making a mess in someone's hard drive. (Read between the lines if you want to know more). Other wise use this nifty little trick: Hold down the ALT key and type an ASCII characters DECIMAL value from your keyboards number pad. You'll get that numbers ASCII value on screen. Remember, the number MUST come from the number pad, NOT FROM one of the numbers above the letter keys. After you type the number let off of the ALT key and you'll get the ASCII character. You can use this with any combination of commands, which in our case is making a directory with an extended ASCII character. Click here to see an ASCII table that converts HEX to ASCII characters.

Making Directories Kind of Inaccessible From DOS

You need to read Fun with ALT to do this. It's really simple. Type the command: CD followed by ALT 255 or whatever EXTENDED ASCII code you choose. Some control characters wont work though. An average person won't understand how to get into these directories because they will get the error: "Bad command or file name". Plus, Windoze `95's Windows Explorer will try to tell you that a directory with an extended hex character isn't a valid directory and wont let you in. The only way in from Windoze is through DOS. You could also make a batchfile that will rename that directory, and THEN you will have access from windoze. Groovy.

Getting Into These
Directories

Once again, you need to read Fun with ALT to best understand this. This is just as simple as making a directory. Type CD ALT 255 or whatever other ASCII character you choose to use. Go back up some for info on using this trick with windoze 95.

Phun With Phile Names

If you want to torment someone inexperienced with computers, you can give them a disk and tell them to run one of the programs on it like a cool game or something. But, you rename the main program something with an extended ASCII character in it like an e with a dot over it. When they type DIR and look at the disk, they will type the name of the program but will get the error `Bad command or file name'. You might also use this to hide programs on your computer. If you re name a file to something with just the HEX FF character, its name will be hidden from a directories listing. Beware, its size, date, and time will still be visible. To do this, just use the same technique as described in How to make directories inaccessible from the DOS prompt except make the batch file rename the file to the extended ASCII name that you want. Example:

C:\COPY CON RENAMEIT.BAT
REN PHILE.DOC $H1L
^Z
(Control-F6)

Then use debug to change the name the file gets renamed to.

Renaming Internal Commands

This is probably something that would be used only by the ultra paranoid person (Like me ;-). It can be fun even if not taken to the extreme measures that I'll show how to do. First of all, YOU NEED TO MAKE A BOOT-UP DISK! I probably had to boot my computer off a disk a dozen times or more while I was experimenting with this. It's also wise to keep a 'clean' copy of COMMAND.COM in a directory somewhere in case you screw it up really bad. Now to the fun stuff!
Start by making a copy of COMMAND.COM somewhere other than your root directory. You should already have an extra copy of it in your DOS directory, but it can't hurt to have extras. At the end of the DOS command interpreter (COMMAND.COM) is a list of all internal commands. Just pull COMMAND.COM into DEBUG or the HEX editor of your choice and do a search for the command you want to change. Then CAREFULLY change the name of the command to something different. It must be the same length as the original name. Then write over it and save it to disk. I am going to breakdown and give some very basic instructions on how to use DEBUG now.

Start DEBUG by typing the following: DEBUG C:\COMMAND.COM
Now you will have a new prompt, "-". Do a search for your command by typing the following, inserting the command you want to change:
-s 100 ffff "COPY"
Now Debug will give you every memory location that it found your string:
0E8F:CD16
0E8F:CEC8
-_

Ignore the 0E8F:, that is the base address that your free memory starts on (Your base address will be different). Note locations CD16 and CEC8. Those are the memory locations where DEBUG found a text string of COPY (DEBUG's search command is CASE SENSITIVE, take note). Most likely the address you want will be the last one listed (In this case IT IS NOT!. Read through the next instructions to understand how a memory dump works. To be sure you have the correct mem address for COPY view every memory location DEBUG gave you and see that there are other DOS commands along with the one you are looking for. That is the location you will want. It should make more sense after you read the following). Write down the other mem locations too, just to be safe. Now do a memory dump to see what DEBUG found:
-d cd4a
  (You type ONLY this one line)

0E8F:CD10                    43 4F-50 59 05 50 41 55 53 45         COPY.PAUSE
0E8F:CD20  04 44 41 54 45 04 54 49-4D 45 03 56 45 52 03 56   .DATE.TIME.VER.V
0E8F:CD30  4F 4C 02 43 44 05 43 48-44 49 52 02 4D 44 05 4D   OL.CD.CHDIR.MD.M
0E8F:CD40  4B 44 49 52 02 52 44 05-52 4D 44 49 52 05 42 52   KDIR.RD.RMDIR.BR
0E8F:CD50  45 41 4B 06 56 45 52 49-46 59 03 53 45 54 06 50   EAK.VERIFY.SET.P
0E8F:CD60  52 4F 4D 50 54 04 50 41-54 48 04 45 58 49 54 04   ROMPT.PATH.EXIT.
0E8F:CD70  43 54 54 59 04 45 43 48-4F 04 4C 4F 43 4B 06 55   CTTY.ECHO.LOCK.U
0E8F:CD80  4E 4C 4F 43 4B 04 47 4F-54 4F 05 53 48 49 46 54   NLOCK.GOTO.SHIFT
0E8F:CD90  02 49 46 03 46 4F                                 .IF.FO
-_
Lets break down what you now see on your screen. The far left column is the starting address for each line. The big group of double digit numbers in the middle is a Hexadecimal representation of everything in the far right column. If you see the command you are wanting to replace as the first command in the topmost line, every thing is groovy. If not, be sure you typed the address correctly and then try the other mem locations DEBUG found for you. One of them will pan out for you.

Now that we have found out where our command is hiding in memory, we must over-write it with a new one. Use DEBUG's ENTER command as follows:
-e cd16
0E8F:CD10  45._

Now DEBUG is prompting you to enter a value to replace "C". 45 is the ASCII form of a capital C. You will need to have an ASCII table so you can translate the letters (Or numbers, symbols, control characters, ect.) that you are going to replace "COPY" with. Look at the end of this section for an ASCII table. I will use DEWD as an example. Now enter a new ASCII value (Since D comes after C, 43 gets replaced with 44)
0E8F:CD16  43.44
Now, press the space bar to bring up the next ASCII value in line, which in our case will be 4F.
0E8F:CD16  43.44   4F.45
Since E's ASCII value is 45, 45 will be entered in.
0E8F:CD16  43.44   4F.45   59.44
OE8F:CD18  50.57   59.

We entered 57 for a W and 44 in place of 59. Notice that DEBUG jumped down to the next line: just ignore that if it happens. As long as you have the correct prompt everything is OK. To get back to a DEBUG prompt press the enter key after you input 44. Now you might want to check your work. Do a memory dump to see that everything has gone according to plan.
-d cd16

0E8F:CD10                    44 45-57 20 05 50 41 55 53 45         DEWD .PAUSE
0E8F:CD20  04 44 41 54 45 04 54 49-4D 45 03 56 45 52 03 56   .DATE.TIME.VER.V
0E8F:CD30  4F 4C 02 43 44 05 43 48-44 49 52 02 4D 44 05 4D   OL.CD.CHDIR.MD.M
0E8F:CD40  4B 44 49 52 02 52 44 05-52 4D 44 49 52 05 42 52   KDIR.RD.RMDIR.BR
0E8F:CD50  45 41 4B 06 56 45 52 49-46 59 03 53 45 54 06 50   EAK.VERIFY.SET.P
0E8F:CD60  52 4F 4D 50 54 04 50 41-54 48 04 45 58 49 54 04   ROMPT.PATH.EXIT.
0E8F:CD70  43 54 54 59 04 45 43 48-4F 04 4C 4F 43 4B 06 55   CTTY.ECHO.LOCK.U
0E8F:CD80  4E 4C 4F 43 4B 04 47 4F-54 4F 05 53 48 49 46 54   NLOCK.GOTO.SHIFT
0E8F:CD90  02 49 46 03 46 4F                                 .IF.FO
-

You can see that DEWD is now in place of COPY. Now you gotta save your work and get outa DEBUG.
-w
Writing 16E74 bytes
-q
Use w to write our changes to disk and q to exit DEBUG. In order to see if your changes worked, type COMMAND from your root directory (Or the directory that your modified COMMAND.COM is in). Type COPY and enter, you should get an error message. Now type DEWD. You should get something like "Required parameter missing". That means It worked. Now try to copy a file. You should be in business now!

Here's an ASCII table for you if you need one. To save it to a file and/or print it, do the following: highlight the table with the mouse and press CTRL+C. Open notepad or the text editor of your choice, make sure the cursor is blinking in the editor, and press CTRL+V. The table should be pasted into your editor. Then just save it and/or print it.

 
41 42 43 44 45 46 47 48 49 4A 4B 4C 4D 4E 4F 50 51 52 53 54 55 56 57 58 59 5A 
A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z


61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 78 79 7A
a  b  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v  w  x  y  z


31 32 33 34 35 36 37 38 39 30 60 7E 21 40 23 24 25 5E 26 2A 28 29 5F 2B 5B
1  2  3  4  5  6  7  8  9  0  `  ~  !  @  #  $  %  ^  &  *  (  )  _  +  [


5D 7B 7D 2C 2E 2F 3C 3E-3F 3A 22 2D 3D  20     1B                  07    27
]  {  }  ,  .  /  <  >  ?  :  "  -  =   SPACE  End-Of-File Marker  BELL  ESC

Notes: I have successfully used this with DOS versions 3.3 to 6.22. While writing this I discovered DOS 7 (Windoze 95 DOS) has some problems if you attempt to do this in DEBUG. I could do it with other HEX editors like Hex Workshop, but DEBUG causes some problems. If any one knows what the problem is, let me know.

Evil Genius Batch Files

Ok, so you want to know how to do things that you shouldn't be able to with a batch file hum? After renaming a few simple internal commands like DIR and COPY make batch files named DIR.BAT and COPY.BAT that an intruder might use to pillage through your PC that will throw them off track. Here we GOO00oooo...

@ECHO OFF
DATE >> C:\DOS\ \INTRDLOG < GO
TIME >> C:\DOS\ \INTRDLOG < GO
SUBST D: C:\LOCKEMIN
ASSIGN C: = D:

This is the first half of two batch files. It starts off by taking the date and time and appending them to end of a file called INTRDLOG in your "safe" directory. For more on using redirection goto Using Batch Commands. Next SUBST is used to make a virtual drive out of the subdirectory C:\LOCKEMIN. Then ASSIGN is used to "Put" drive D: on top of drive C:, locking the user or intruder into our "safe" directory designated LOCKEMIN. Enter problem 1. After this batch file ASSIGNs C: = D: DOS gives the error "Batch file missing". The way I fixed this problem was to go into the command.com file and write over that specific error message with something else like: Syntax error, Con device bad, or leave it blank. Something I should mention is that this file should be in your PATH somewhere. Within our subdirectory LOCKEMIN there should be a "virtual" replica of your root directory. By this I mean you need to have your "safe" directory located in the same place within LOCKEMIN as it is in your "real" hard drive. Example:
Your "real" hard drive C:\DOS\ \DIR.BAT
Your virtual root directory C:\LOCKEMIN\DOS\ \DIR.BAT This is so that when the switcharoo takes place, DIR.BAT and/or COPY.BAT ends up in the same path location. This way you don't have to change the path with the DIR.BAT program and so you don't waste space in your path line (You can NORMALLY only specify 127 characters within your path, but I know how to make it infinitely long, Ha Ha he he he...). You also need to have a mocked up Command.com in there as well as the "same" directory structure having DOS, WINDOWS, and whatever else you have in general on your hard drive. Also you need to hide the two directories . and .. that appear in a subdirectory (Also the directory containing this batch file). You could write your own program to do this or use something like Norton Utilities to do the hiding. Make sure that the Command.com you put in there is nearly identical to your mocked up version. Remember, an intruder might try to re-start Command.com and if you have the "real" one in there you just wasted everything this section is about. You might put one in there that has all error messages intact (To reduce suspicion) but has DIR and other commands still changed. Now you have a couple of choices as to how the second DIR.BAT works. At this point, an intruder will scratch his (or her) head because they just got a funny error message after typing DIR. They just unknowingly launched them self into a subdirectory and will now probably try the DIR command again. You can make the second batch file call the true DIR command or go all out with a system that doesn't reveal the true DIR command (If you're afraid that someone might discover your batch file and gain the name of the true DIR command). It will also be more convincing because the directories will "contain" files. The first method is preferred ( unless you have the space to put fake or even real programs into your LOCKEMIN subdirectory).



Hiding text within a simple text file.

Ok, it is possible to hide something within a simple text file. Pull up the text file in a HEX editor such as DEBUG or Norton Utilities (Goto the section about renaming internal commands for usage of DEBUG). At the point you wish to hide text in the file just insert an [End-Of-File] character. This is "1B" in HEX and "27" in decimal (Use the HEX value if you use DEBUG to accomplish this). If you use TYPE to view a file it will end at the [End-Of-File] character. There's a way around this too. Use COPY.

C:\>COPY TEST.TXT /B > CON

This copies test.txt to the CON device, which is your monitor. Notice the /B switch used with COPY. It copies everything within our test.txt file up to the specified file length, regardless of any [End-Of-File] characters it meets. Look for more on switches COPY will accept on my DOS Internal Commands page. You can also use an ESCAPE SEQUENCE to hide text from the screen.


This web page is copyrighted by Nathan Heald. Reproduction is allowed as long as this message is not removed or modified in any way. Frames site  No-frames site. How to print pages off of this site. The official URL of DOS HeadQuarters is http://dos.rsvs.net