Page 1 of 1

Can anyone help me hack command.com's reentry point?

Posted: Wed Oct 07, 2020 2:53 am
by OgreVorbis
OK, so that's the best way I could think of saying it.

I am modifying MS-DOS to better suit my needs. I have a .com file that I wrote that changes the layout a bit, text mode, colors, box cursor. I have this in my autoexec.bat. The problem is when I run a program and quit, it returns back to command.com in the original mode, so I have to run my .com file each time.

So I need to find the part in command.com (I assume it's in there) where the reentry point is so I can inject some code to execute my .com file. Can anyone help me with this?

I would REALLY appreciate it cause I love the way my program makes DOS look and I want to make it seamless so I don't have to keep typing it. Maybe there's a way to do this without hacking the file?

Re: Can anyone help me hack command.com's reentry point?

Posted: Wed Oct 07, 2020 7:09 am
by bzt
OgreVorbis wrote:changes the layout a bit, text mode, colors, box cursor.
Just load the already existing ANSI.SYS, all of these can be set with it.
OgreVorbis wrote:Maybe there's a way to do this without hacking the file?
You can write your own driver (.SYS) and load it from CONFIG.SYS.

Cheers,
bzt

Re: Can anyone help me hack command.com's reentry point?

Posted: Wed Oct 07, 2020 12:52 pm
by alexfru
There used to be a number of TSR (Terminate and Stay Resident) programs that allowed one to reprogram the fonts (on EGA and VGA cards) and change the keyboard layout to support various national languages. They hooked several ISRs: to intercept keyboard input (IRQ 1 / INT 9) and video mode switches (INT 10H) and to check for presence (INT 2FH) before uninstallation.

You can do something similar as well.

Re: Can anyone help me hack command.com's reentry point?

Posted: Wed Oct 07, 2020 1:52 pm
by Gigasoft
In version 6.22, offset 108dh is where the main loop starts. It ends up back here after executing a program, after pressing control break, or after a critical error.

The transient portion of command.com begins at offset 26e0h in the file, and at offset 100h from the segment base. It is 0af95h bytes long. The main loop starts at 12ch.

Expanding either portion requires changing all of the places where their length appears.

Re: Can anyone help me hack command.com's reentry point?

Posted: Wed Oct 07, 2020 3:30 pm
by foliagecanine
Gigasoft wrote:Expanding either portion requires changing all of the places where their length appears.
Do you mean you would have to change the header to accommodate the larger amount of code, or the addresses of everything past the point changed? I don't think COM files have a header.

In theory, wouldn't you be able to do something like this:

Code: Select all

    CODE
{main_loop starts here}
    CODE
    SOMECODE -> replace with jmp MY_CODE. Surround with NOPs if necessary.
GO_BACK:
    CODE...
{at the end of the binary}
MY_CODE:
    SOMECODE
    CUSTOM_CODE
    jmp GO_BACK
or even just find any references to address 0x108D and update it with the address of MY_CODE. Then add a jmp to main_loop:

Code: Select all

    CODE
    call 0x108D -> call MY_CODE
main_loop:
    MAINLOOPCODE
    CODE...
    call main_loop -> call MY_CODE
    CODE...
{at the end of the binary}
MY_CODE:
    CUSTOM_CODE
    jmp main_loop
This second one would probably be harder because of segments though.
I don't know. Just throwing out random ideas.

EDIT: I just hexdumped the FreeDOS command.com and it starts with "MZ." Maybe it is just an EXE in disguise and does actually have a header.
EDIT: ... But the MSDOS 6.22 COMMAND.COM is a .COM. No header