Let the Devil Wear Black - Memoirs of an analyst

James F. Linden - Writer ...
This site:
Let the Devil
Wear Black:
James Linden:


Resources - INTRLIST

Programmer's interrupt encyclopaedia.

Chapter 14

INTRLIST is a respected programmer's encyclopaedia that tells you how to access processes that your program might need to know about such as printing a character on the screen or knowing where the mouse is.

The latter is all that I was using it for and it was very good at that - I could find out where the mouse was and after I had left the company, I used it to change the mouse cursor from an arrow to an hour glass or even something that I had designed myself that was more appropriate to the program that I was writing, move the mouse around the screen so that it would automatically appear over the most appropriate button, ready to press when going through routine form-filling and so on.

To call it a virus writer's encyclopaedia is a slander.

Below is a composite screenshot (the top half of one screen with the rest of the text as the bottom half so that you can see it in one image) showing the text that appears in the encyclopaedia. To scroll the screen around in the program so that you get to see all of the text for a given entry, you use the up and down arrow keys or page-up and page-down keys. A three-year-old can do that.

I cannot image a scenario where somebody has loaded up this program and arrived at this screen, found the 'dismissophor' word 'virus' and then not looked down the rest of the page.

The claim was that it was 'coincidence' that led to:

  • the quote being truncated at all;
  • that it was truncated in the same place;
  • that the position of where the quote was truncated changed its meaning;
  • that the change in meaning was wholly negative;
  • by the only two people involved in quoting it.

| INTERVUE  1.5                           Thursday  October 25, 2012  12:35 pm |
|                           C:\INTRLIST\INTERRUP.F                             |
        AH = 13h
        DS:DX -> interrupt handler disk driver calls on read/write
        ES:BX = address to restore INT 13 to on system halt (exit from root
                 shell) or warm boot (INT 19)
Return: DS:DX from previous invocation of this function
        ES:BX from previous invocation of this function
Notes:  IO.SYS hooks INT 13 and inserts one or more filters ahead of the
          original INT 13 handler.  The first is for disk change detection
          on floppy drives, the second is for tracking formatting calls and
          correcting DMA boundary errors, the third is for working around
          problems in a particular version of IBM's ROM BIOS
        before the first call, ES:BX points at the original BIOS INT 13; DS:DX
          also points there unless IO.SYS has installed a special filter for
          hard disk reads (on systems with model byte FCh and BIOS date
          "01/10/84" only), in which case it points at the special filter
        most DOS 3.3+ disk access is via the vector in DS:DX, although a few
          functions are still invoked via an INT 13 instruction
        this is a dangerous security loophole for any virus-monitoring software
          which does not trap this call ("INT13", "Nomenklatura", and many
          Bulgarian viruses are known to use it to get the original ROM entry
SeeAlso: INT 13/AH=01h,INT 19,INT 9D"VIRUS"
                    F1 for Help   F2 to Search   Esc to Exit              03567

Clearly, there was collusion.

I'm not going to spoil what happens in the book by telling any more so read on.

As the next hearing date approached, we started to get a lot of taxis that we hadn’t ordered.

Copyright © 2012-2014 James F Linden. All Rights Reserved.