PROVIEW (tm) Integrated System Analyzer and Viewer Copyright (C) 1992 - 1993 by McAfee Associates All rights reserved BETA TEST VERSION Documentation by Glenn Sullivan McAfee Associates (408) 988-3832 office 3350 Scott Blvd, Bldg. 14 (408) 970-9727 fax Santa Clara, CA 95054 (408) 988-4004 BBS (25 lines) U.S.A. USR HST/v.32/v.42bis/MNP1-5 CompuServe GO MCAFEE InterNet support@mcafee.COM Overview PROVIEW is a menu driven program used to analyze, view and edit the basic components of a system, including the system memory, system interrupts, device drivers, and installed disk drive sectors and file contents. PROVIEW will allow you to view system elements in HEX, ASCII or disassembled code format. Full searching and editing functions are included. PROVIEW displays data in real time. For example, if you are viewing a memory location that is being updated by the system (the clock interrupt, for example), PROVIEW will display the changes as they occur. Using The Menus After you have entered the PROVIEW menu system (type PROVIEW at the DOS prompt), you will be able to move about the PROVIEW menus to access all of the system information. To pull down one of the available menus, press the ALT key and the highlighted letter of the menu you want or use the mouse to select the pulldown list. For example, to access the Memory menu, press ALT-M. To access the functions within the pulldown list, you can either use the arrow keys to move the highlight to the option you want and press ENTER, select the option with the mouse, or press the letter that is highlighted in that option. For example, in the Memory menu to access the list of interrupt vectors, press I. The PROVIEW menu system allows you to open more than one window at a time to view the system parameters. Using the PROVIEW Windows The Window menu contains commands to close, move and perform other window-management commands. Most of the windows in this program have all the standard window elements, including scroll bars, a close box, and zoom icons. Size/Move (Ctrl-F5) When you choose Size/Move, the active window moves in response to the arrow keys. Once you've moved the window to where you want it, press Enter. If you press Shift while you use the arrow keys, you can change the size of the active window. Once you've adjusted its size or position, press Enter. You can also move a window by dragging its title bar with the mouse. If a window has a Resize corner, you can drag that corner with the mouse to resize the window. Zoom (F5) Choose Zoom to resize the active window to the maximum size. If the window is already zoomed, you can choose this command to restore it to its previous size. You can also double-click anywhere on the window's title bar (except where an icon appears) to zoom or unzoom the window. Next (Ctrl-F6) Choose Next to cycle forwards through the windows on the desktop. Close (Ctrl-F4) Choose Close to close the active window. You can also click the Close box in the upper right corner to close a window. Cascade Choose Cascade to stack all file viewers on the desktop. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ1Ä¿ ³ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ2Ä¿ ³³ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ3Ä¿ ³³³ÉÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ4Í» ³³³º º ³³³º º ³³³º º ³³³º º ³³³º º ÀÀÀÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼ Cascaded Windows Tile Choose Tile to tile all file viewers on the desktop. ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ÉÍÍÍÍÍÍÍÍÍÍÍÍ1ÍÍ»ÚÄÄÄÄÄÄÄÄÄÄÄÄ2ÄÄ¿ ³ ³ º º³ ³ ³ ³ º º³ ³ ³ ³ º º³ ³ ³ ³ º º³ ³ ³ ³ ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍͼÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ³ ³ ÚÄÄÄÄÄÄÄÄÄÄÄÄ3ÄÄ¿ÚÄÄÄÄÄÄÄÄÄÄÄÄ4ÄÄ¿ ³ ³ ³ ³³ ³ ³ ³ ³ ³³ ³ ³ ³ ³ ³³ ³ ³ ³ ³ ³³ ³ ³ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Tiled Windows Using the Edit Functions The Edit menu contains all the commands you need to edit or change the system elements that are accessed with the Memory and Disk menus. Undo (Backspace) To undo any change that you have made. Note that any values that have been changed are highlighted. Set Mask/Value (F3) The mask/value may be set to any hex byte value for XOR/Negate or Add/Subtract operations. XOR/Negate (F7/Shift-F7) XOR/Negate the selected byte using the mask value. Add/Subtract (F8/Shift-F8) Add/subtract the Mask/Value to the highlighted field. Rotate Left/Right (F9/Shift-F9) Rotate selected byte left or right. Using the PROVIEW Menus FILE Menu The file menu has three options: Save Edited Object Permits saving any changes you have made without having to exit the current edit in process. Read only (Default = No) This options allows you to enable or disable the Read Only function. When enabled (ON), you will not be able to change or edit any system data with the PROVIEW program. To make changes, and be able to save them, toggle this option to read NO. Exit to DOS Returns you to the DOS prompt. Be sure to save any changes that you have made before exiting. MEMORY Menu System memory may be viewed and edited by PROVIEW. Memory may be viewed in HEX, ASCII or disassembled code format. If viewing in assembler format, you may follow the control of the program by selecting the numbers in parenthesis to the right of each branch instruction that is displayed on the screen. to reverse the flow of control, press (0) to return to the previous branch instruction. The following options are available in the Memory Menu: DOS System Area View/Edit the DOS System Area, starting at 0K and taking up as much as space as necessary for all the information loaded. Information stored here includes the BIOS DATA Area, DOS Communication Area, IO and DOS code, System File Tables, FCB Tables, Disk Buffers, System STACKS (CODE and DATA), as well as devices loaded with the CONFIG.SYS file (e.g., HIMEM.SYS, SETVER driver, MOUSE driver). Program Area View/Edit the Program Area, starting at the end of the DOS System Area and reserving all needed and unused space up to 640K. Information stored here includes the COMMAND.COM code, as well as any TSR programs loaded by the system (e.g., SMARTDRV, DOSKEY). Upper Memory Area View/Edit the Upper Memory Area, starting at 640K and reserving all the needed and unused space up to 1MB. Information stored here includes the Graphic and Text Video RAM, Video ROM BIOS, and System ROM BIOS. Interrupts View/Edit the List of Interrupts Vectors and indicates which ones are currently in use, its address and its pointer. Drivers View/Edit the List of Installed Drivers and indicate their address and memory area. Absolute Memory View View/Edit a user selectable memory address range within the system absolute system memory. WARNING!! Changes made to system memory can cause system crashes or data loss. Make sure that you understand any change that you wish to make to any memory location. DISK Menu File View View/Edit files on the default hard disk drive. You can view the file in either HEX, ASM or ASCII format. Sector View View/Edit logical sectors on any installed disk drive, hard or floppy. Physical Sector View View/Edit physical sectors on any disk drive. Boot Record View/Edit the boot record on any installed drive. Master Boot Record View Edit the Master Boot record on any drive. WARNING!! Changes made to the Boot sector, Master Boot Record or File allocation table area of the hard disk or floppy disk can cause system crashes and/or loss of data. Make sure that you understand any changes made to these areas. HELP Function The help menu displays help on using PROVIEW. Press F1 to access the help menu and then use the arrow keys to move about Help. In the Help Menu is also a section on Help On Help. If you are having trouble finding anything in Help, or using Help, Press Alt-H to access the Help Menu list, the press H to access the Help On Help. When you are finished with Help, press Enter or select OK with the Mouse to return to the PROVIEW menu. AUTHENTICITY Before using PROVIEW for the first time, verify that it has not been tampered with or infected by a virus by using the the enclosed VALIDATE program. For instructions on using VALIDATE, please read the VALIDATE.DOC file. The validation results for Version BETA should be: FILE NAME: PROVIEW.EXE SIZE: 92,892 DATE: 01-22-1993 FILE AUTHENTICATION Check Method 1: 199F Check Method 2: 1113 If your copy of PROVIEW differs, it may have been damaged. Run Always obtain your copy of PROVIEW from a known source. The latest version of PROVIEW and validation data for PROVIEW.EXE can be obtained from McAfee Associates' bulletin board system at (408) 988-4004 or from the McAfee Virus Help Forum on CompuServe (GO MCAFEE), or the mcafee.COM anonymous ftp site on the Internet. PROVIEW series are archived with PKWare's PKZIP Authentic File Verification. If you do not see an "-AV" after every file is unzipped and receive the "Authentic Files Verified! # NWN405 Zip Source: McAFEE ASSOCIATES" message when you unzip the files then do not use them. If your version of PKUNZIP does not have verification ability, then this message may not be displayed. Please contact us if you believe tampering has occurred to the .ZIP file.