| Volume Number: | 6 | |
| Issue Number: | 4 | |
| Column Tag: | Assembly Lab |
Dialog Quake For April Fools 
By Mike Scanlin, Mountain View, CA
It started off much like any other day. By 11 AM it was obvious that today would be little different. Our accountant, who is annoying to begin with, was being especially antagonistic today. There I was peacefully coding away when all of a sudden about 210 little 3-hole punch droppings come floating down to land on my computer, on my desk, in my open drawers, etc. I turn around and see our accountant standing on tippy-toes peering over my five foot divider with a manly swoosh and a silly grin on his face saying “Gotcha, Prophead! Ha, ha, ha ” So I say to myself “Looks like Goobs’ immaturity is flaring up this morning. Hope it goes away by noon.” I manage to get in a couple of serene hours of blissful programming before Goobs’ maturity level nose dives to the 3rd grade for the second time that day. Just as I was typing in an especially efficient arithmetic shift right instruction about 29 triangular pieces of yellow paper sift through the air and land on their smaller round brothers. And I hear the maniacal laughter of an obviously sexually frustrated person behind me “Gotcha again, Dweeb. Heh, heh, heh ” I look up the number for Rent-An-Accountant but the line is busy. I brush the yellow triangles off my keyboard and make an optimization that has to do with the number three. Like any child not getting the attention it wants, Goobs resorts to more direct methods of assault. If you’ve ever been in the middle of a tricky piece of self-modifying, recursive, threaded code while having soccer balls and volleyballs bounced off your head then you can appreciate the kind of nuisance a bored accountant can be. I was counting the microseconds until 5 PM. It came. Goobs left. I laughed. I laughed again. Little did Goobs, the living embodiment of a feeble minded user, realize that the one thing you don’t want to do in a software company is mess with a hacker.
DIALOG QUAKE
I needed to do something to his system that would be annoying but not render it useless. I considered installing TMON on his system and turning on heap scramble but he works with multi-megabyte data files over a network and I figured that would make his system too unusable. Besides, he’s slow enough anyways that he wouldn’t realize I had done anything. It had to be more obvious. I thought about remapping his keyboard but that would definitely make it unusable. After experimenting with patches to _NewControl and _SizeControl that made all of his scroll bars 6 pixels wide I decided to go with a patch to _ModalDialog instead (there were problems with some applications in resizing their controls behind their back -- it did look cool in the Finder, though). The code that follows is an INIT written in Lightspeed C 3.0 (actually, Lightspeed Asm 3.0) that patches _ModalDialog. The effect of this patch is that all modal dialogs will shake around a bit. This patch does not make modal dialogs useless, but it does make them somewhat difficult to use (How’s your mouse coordination, Goobs?).
The _ModalDialog patch is a pre-patch and a tail patch. Once the patch has been installed, a call to _ModalDialog will temporarily patch _GetNextEvent, set up the tail patch, call the real _ModalDialog, return to the tail patch, remove the _GetNextEvent patch and exit normally (if anyone can use the word “patch” more times in a sentence, please let me know). All of the real work is done by the _GetNextEvent patch.
The new _GetNextEvent calls the existing _GetNextEvent and then does some additional work. It keeps track of a counter so that a random amount of time passes between calls to _MoveWindow (to give the movement more of a jagged, quake-like feel). The window is moved by a random amount in both directions in the range -7 to +7. There is a mildly interesting problem in generating this range of random numbers. It would be easier to generate the range -8 to +7 because that is the range that can be expressed with 4 bit signed number. However, I needed a mean of zero in my randomness so that the window wouldn’t have a tendency to shake itself off the screen. One solution would be to generate the range 0 to 14 (with a DIVU instruction) and subtract 7 but like most conscientious programmers, I stay as far away as possible from 150 cycle instructions. Here’s what I ended up doing (say there are random bits in D0):
;1 ;preserve the sign bit and the low 3 bits andi #0x8007,D0 ;if it’s positive, then we’re done (0..+7) bpl.s @1 ;clear the sign bit bclr #15,D0 ;negate it (0..-7) neg D0 @1
If anyone has a better way, please write in.
SATISFACTION
It was thoroughly satisfying to watch Goobs try and use his system the next day. Every time he went to print something he’d come over and whine that I had to fix his computer. I hadn’t yet admitted that I had done anything to his system and when I saw a shaking dialog on his screen I said “Looks like a virus to me. What’s it worth to you?” After his relentless whimpering I told him “You need to replace the Easy Access file in your System Folder with a newer version because the old version isn’t 32 bit clean or 100% compatible with Color Quickdraw and can cause problems with dialogs.” Wouldn’t you know it, that fixed the problem.
Hackers of the world, unite! You have nothing to loose but your sense of humor.
CREDITS
However much I would like to take all the credit for the ideas and the code presented here, I cannot. Were it not for my boss, Andy Jeffrey, none of this would have been possible. Thank you for having a sense of humor and maybe with a lot of hard work I can be just like you someday.
/* DialogQuakeINIT.c 5 June 89
*
* written by Mike Scanlin
* inspiration by Andy Jeffrey
* unwilling testing by Mr. “Goobs” Galvan
*
* INIT that installs a patch on _ModalDialog that
* will, when _ModalDialog is called, install a
* tail patch on _GetNextEvent that causes the
* frontmost window to move around a bit (making
* it hard to click on items with any real
* accuracy). The patch to _GetNextEvent is
* removed before _ModalDialog returns and the
* patch to _ModalDialog can be removed by typing
* cmd-option-shift-tab while a modal dialog is
* frontmost.
*/
/* traps we patch */
#define ModalDialog0xA991
#define GetNextEvent 0xA970
/* uses a bit of self-modifying code */
#define JMP 0x4EF9
#define TAB_KEY 0x09
#define memFullErr -108
void main(void);
void main()
{
asm {
/* the next 20 or so lines are the only ones that
* get executed during installation. They get some
* space in the system heap for the patches and
* then patch _ModalDialog. */
/* save register */
move.l D4,-(SP)
/* get the old trap address */
move #ModalDialog,D0
_GetTrapAddress
/* set the address for the JMP instruction that
* calls the original trap */
lea @origMD,A1
move.l A0,(A1)
/* get some space in the system heap for our
* patches (note that this space is for both
* patches) */
lea @last,A0
lea @modalDialogPatch,A1
suba.l A1,A0
move.l A0,D0
move.l D0,D4
_NewPtrSYS
/* if there’s not enough memory then abort installation */
cmpi #memFullErr,D0
beq.s @noPatch
/* save address for _BlockMove */
move.l A0,-(SP)
/* set the trap address to the space we just got */
move #ModalDialog,D0
_SetTrapAddress
/* now move our patch into place */
lea @modalDialogPatch,A0
move.l (SP)+,A1
move.l D4,D0
_BlockMove
@noPatch
/* restore register and exit installation code */
move.l (SP)+,D4
rts
/********************************************
* Here’s the new _ModalDialog. It first installs
* a tail patch on _GetNextEvent and then calls
* the existing _ModalDialog. On exit this patch
* will unpatch the _GetNextEvent patch.
*******************************************/
@modalDialogPatch
/* save the original _GetNextEvent address */
move #GetNextEvent,D0
_GetTrapAddress
/* set the address for the JMP instruction that
* calls the original trap */
lea @origGNE,A1
move.l A0,(A1)
/* patch _GetNextEvent */
lea @getNextEventPatch,A0
move #GetNextEvent,D0
_SetTrapAddress
/* pop the original return address and save it */
lea @exitMD,A0
move.l (SP)+,(A0)
/* set the return address to our patch */
pea @tailMDPatch
/* the nops get filled with the address of the
* original _ModalDialog */
dcJMP
@origMD nop
nop
/* _ModalDialog returns here */
@tailMDPatch
/* remove the patch to _GetNextEvent */
lea @origGNE,A0
move.l (A0),A0
move #GetNextEvent,D0
_SetTrapAddress
/* return to the place that called _ModalDialog */
dcJMP
@exitMD nop
nop
/********************************************
* Here’s the new _GetNextEvent. If a random
* amount of time has passed then call
* _MoveWindow to move the frontmost window
* (a modal dialog) in a random direction.
*******************************************/
@getNextEventPatch
/* pop the original return address and save it */
lea @exitGNE,A0
move.l (SP)+,(A0)
/* save pointer to the event record so we can get
* to it when the real _GetNextEvent returns */
lea @eventRecPtr,A0
move.l (SP),(A0)
/* set the return address to our patch */
pea @tailGNEPatch
/* the nops get filled with the address of the
* original _GetNextEvent */
dcJMP
@origGNEnop
nop
/* _GetNextEvent returns here */
@tailGNEPatch
/* save registers */
movem.lD0-D2/A0-A2,-(SP)
/* if they don’t want us around, then exit */
lea @noMoreHassle,A0
tst (A0)
bne @goodBye
/* check if the event is a keyDown event */
lea @eventRecPtr,A0
move.l (A0),A0
move OFFSET(EventRecord,what)(A0),D0
cmpi #keyDown,D0
bne.s @noKeyDown
/* it’s a keydown, but is it the special remove-us key? */
move.l OFFSET(EventRecord,message)(A0),D0
cmpi.b #TAB_KEY,D0
bne.s @noKeyDown
move OFFSET(EventRecord,modifiers)(A0),D0
andi #cmdKey + optionKey + shiftKey,D0
eori #cmdKey + optionKey + shiftKey,D0
bne.s @noKeyDown
/* they don’t like us any more so remove ourself.
* First beep to let them know that we got the
* message to go away */
move #1,-(SP)
_SysBeep
/* set a flag so we know not to bother the nice
* user any more */
lea @noMoreHassle,A0
move #1,(A0)
/* move the frontmost window to a nice place in
* case it was partially moved off the screen by
* _MoveWindow */
move.l WindowList,-(SP)
move #30,-(SP)
move #30,-(SP)
bra.s @moveToUpperLeft
@noKeyDown
/* has the timer expired? */
lea @timer,A0
subi #1,(A0)
bpl.s @goodBye
/* reset the timer to wait a random amount of time
* before expiring again */
subq #2,SP
_Random
move (SP)+,D0
/* note: make the 0x3F smaller to move the window more often */
andi #0x3F,D0
lea @timer,A0
move D0,(A0)
/* push a WindowPtr for _MoveWindow. Note: this
* does not check for Ghost Windows */
move.l WindowList,A2
move.l A2,-(SP)
/* get a couple of random numbers in the range [-7..+7] */
subq #2,SP
_Random
move (SP)+,D1
move D1,D2
asr #8,D1
andi #0x8007,D1
bpl.s @2
bclr #15,D1
neg D1
@2 ext D2
andi #0x8007,D2
bpl.s @3
bclr #15,D2
neg D2
@3
/* push a random h coordinate */
move OFFSET(GrafPort,portBits)+
OFFSET(BitMap,bounds)+
OFFSET(Rect,left)(A2),D0
neg D0
add D1,D0
move D0,-(SP)
/* push a random v coordinate */
move OFFSET(GrafPort,portBits)+
OFFSET(BitMap,bounds)+
OFFSET(Rect,top)(A2),D0
neg D0
add D2,D0
move D0,-(SP)
@moveToUpperLeft
sf-(SP)
_MoveWindow
@goodBye
/* restore registers */
movem.l(SP)+,D0-D2/A0-A2
/* return to _ModalDialog */
dcJMP
@exitGNEnop
nop
/* variables */
@noMoreHassle dc0
@eventRecPtrdc.l 0
@timer dc0
@last
}
}
