ACCOUNT The PC Control Program Copyright 1991 Thomas Kellar Introduction Account is a collection of four programs that can work together to help you gain a better understanding of how your Personal Computer works and to help you gain control over it by collecting data about how it runs and controlling aspects of its operation. The programs were written in assembler and C for MS-DOS compatible microcomputers running versions 2.1 through 5.0 of MS-DOS. The programs require at most 128K of memory and have no display adapter requirements except that you should have one. account.exe collects and timestamps virtually all operations on an MS-DOS based computer. Requires 3K bytes of memory to run. accblock.exe disables specific operations on a PC. Requires 3K bytes of memory to run. accstop.exe is a separate program used to stop the previous two programs from running. Requires 1K memory to run. accdisp.exe formats and displays the data collected by account.exe into a readable format. Requires 128K memory to run. The Programs ACCOUNT.EXE Description This program keeps a list of all files that were accessed after it is started. It records-in a file-the type of access, the time and date of the access and, of course, the name of the file. Access means all opens, deletes, file attribute changes, file closes and renames, it also includes all disk directory deletes and creations as well as the names of all files that were run or executed. account.exe must be started from the MS-DOS prompt but will run concurrently with any multi-tasking programs such as Windows 3.0 or DESQview without any problems. account.exe is a terminate and stay resident program. Program Running Change to the directory that contains the program account.exe and type account at the prompt. A file name can be given on the command line for an output file but: If a file name is given on the command line then a complete path name must be given (including the drive name). However, a drive name (only) can be given (e.g. D:) which will change the drive the default file will reside on, but not the path. To run account.exe type account [drive: | filename] Examples of Running A>account a:account.act Running the account program account.exe from a floppy disk with a floppy disk file named account.act as the file to store the collected data. or C>a:account a:account.act Running the account program account.exe from a floppy disk with a floppy disk file named account.act as the file to store the collected data. The same the prior example but the logged on disk drive is C:. or C>account d: Running account.exe from C: drive with the output data going to the default directory path but on drive D: so that the complete path to the account data file is d:\act\account.act. or C>c:\etc\account c:\temp\acdata.act The executable program resides in directory etc of drive c: and the data file will become acdata.act in the directory temp on drive c:. or C>account c:\msd\account\account.act Running account.exe from the current directory (or on the current PATH) and placing the output data in a file named account.act in directory msd\account on c: drive. or C>account Running account from the current directory (or the current PATH) and placing the output file in the default path and name which is c:\act\account.act. Program Notes The account program records all file opens, file deletes, file renames, file creates, new file creates, and temporary file creates. The account program records all FCB type file closes but not file handle type file closes for handles of number greater than 4 because of an interesting thing that MS-DOS does at the termination of a program or command: 14 close files are automatically generated at the end of each internal and external MS-DOS command (this is true for versions 3.1 through 5.0). The handle numbers are from 5 to 19 inclusive and it is suspected they are sent out as a precaution-it must be pointed out that the files that are closed are not opened (they are not opened normally) and that the closes must have no effect and it is suspected that they are done because of a software fix that was installed years ago and never removed. The 14 closes are in addition to the closes that reflect opens that were done in the program that was run. The 14 closes also occur after each command execution of any type (e.g., a dir command). As this number is inordinately large they are not recorded. The account.act file that stores the records of disk/file accesses can become large very fast and probably should be looked at fairly often to see if there is any danger of it filling up the disk. When the account program is run, it zeros out (or blanks) the file that it records data in prior to starting. So if there is data in the file that needs to be saved, it will need to be copied to another file name, e.g., echo copy old account file to saved file copy c:\act\account.act c:\act\account.old rem copy works better than rename in this rem context echo starting up account in \act\account.act c:\act\account c:\act\account.act When recording file closes that use file handles, account has no access to the file name so only the file handle is recorded in the output file, You should not run two versions of the program at the same time (although they will not fail). The default name and path for the data file is c:\act\account.act. ACCSTOP.EXE Program Description Is a program that is run to stop account.exe from collecting data or to stop accblock.exe from blocking system functions. Program Running From the directory that the program accstop.exe resides in type accstop Examples of Running C>c:\act\accstop Means run the program accstop.exe in directory act from the logged on c drive. Program Notes accstop.exe needs to be run to stop the accounting program account.exe from collecting data or to stop accblock.exe from blocking system calls. It should be run prior to examining the accounting data file (generally account.act) but that is not absolutely required. Also accstop.exe can be run even it neither of those two programs is running. ACCBLOCK.EXE Program Description Is a program that when run will terminate itself but prevent certain type of disk file manipulations from occurring in the future. Manipulations or changes such as file deletes or file renames. The blockage will continue until the computer is re-booted or the program accstop.exe is run. Program Running Log on to the drive containing the program and change to its directory. Type the accblock followed by a Return. Examples of Running C>c:\act\accblock Causes accblock.exe in the directory act to be run. Program Notes accblock.exe stops delete files (both FCB and file handle types), rename files (both FCB and file handle types), rmdir (remove directory), and change/get file attributes. Use accstop.exe to stop accblock.exe from blocking system calls. ACCDISP.EXE Program Description accdisp.exe is a program that is run to format and display the data that was collected by account.exe over the span of its run. The program has three exclusive ways it can run. They are indicated by switches on the command line: A -1 indicates to the program that it is to display time and type ordered output only. A -2 indicates to the program that it is to display a time ordered output only and no type or name ordered outputs. Nothing but blanks or a filename means display in all three formats. The meaning of the display formats is discussed below. Program Running From the directory that the program accdisp.exe resides in type accdisp [-1 | -2] [filename] Examples of Running C>c:\act\accdisp Means run the program accdisp.exe in directory act from the logged on c drive using the default input file. The default input file is account.act in the current directory. C>c:\act\accdisp -2 acc.act >acc.out Means run accdisp.exe in directory act on c drive using acc.act in the current directory as the input file and only display the time-ordered data and send the output to the file acc.out in the current directory. Program Notes The program displays the output in three formats: The first is a list of all that was recorded by account.exe displayed in a time- ordered format. The second is a list of all that was recorded by account.exe in type ordered format (what that means is that all file deletes are grouped together and separated from all file creations which are grouped together, and so on). The third is a list of all that was recorded by account.exe in a file ordered format (i.e., everything recorded for a particular file name is grouped together). Registration All four programs and their documentation are copyrighted and are distributed and intended as shareware. The programs are not free. It is expected that if you decide to use them that you should register for their use. The registration process enables you to use the programs on one computer with what ever number of backup copies (i.e., backup only) are required for your operation. In order to become a registered user send your name along with the registration fee to the author listed below. The registration fee is $20 and should be sent in check form to the author Thomas Kellar at 807 Saint Nicholas Avenue Dayton, Ohio 45410 Any questions or comments should be directed to the same. If you want for an additional $3, a 5.25 inch floppy disk containing a copy of the programs and documentation will be sent to you ($23 total). Warranty There are no explicit or implicit warranties given for this product. The author disclaims any responsibility for its effects. The user of the program is the one who should claim responsibility for any adverse effects due to its use. All effort has been made by the author to make the program reflect the documentation and the documentation reflect the program . Copying the Program These programs and their documentation shall not be copied for distribution purposes except in the packed compressed form they started in: they were initially distributed in a single file named accnts.exe which when run on an MS-DOS based computer self-extracts a number of files of which this documentation is one. Use of this product implies agreement with the above conditions. Appendix Installation It is best that the account programs be installed on a hard disk inside a directory dedicated to their own use. If this is done, then operational procedures become fairly simple. To install this program in a directory named act on a hard drive letter c: To create the directory, from the MS-DOS prompt type mkdir c:\act To copy the files from where ever the account programs currently reside type copy acc* c:\act If the programs reside on a floppy disk, then type copy a:*.* c:\act Operation The following control files can be used to run the account programs. They must be typed in to a batch file (.bat) using a text editor and named with appropriate names. To start up the accounting program and decode the account.exe program output and delete the old output file (it is assumed that all the programs listed exist in a directory named act on C drive): rem stop accounting, save old, restart rem accounting, analyze output, delete old file accstop copy account.act account.old account c:\act\account.act accdisp -2 c:\act\account.old >account.out del c:\act\account.old copy account.out con: echo done! MS-DOS and Windows are trademarks of Microsoft Corporation and DESQview is a trademark of Quarterdeck Office Systems PC Accounting Program V1.1 Copyright 1991 Thomas Kellar