[Combining several replies into one.] > I'm not sure how you detect that another app has patched a trap - > do you intend to search the memory of all apps for a stored value > that equals the address of your own routine?
I didn't mean to detect that an application has patched a trap in general. I meant to detect that an application is trying to patch a trap that my application has patched - after my application is installed. Can't this be done by intercepting the SysSetTrapAddress trap? As soon as some application tries to use it, my application (which has intercepted it) will get control. It will check whether the trap number that the other application is trying to patch is one of those my application has patched and, if that is the case, my application could act accordingly (e.g., deactivate itself). Is there a way to patch a trap that doesn't involve a call to SysSetTrapAddress? In MS-DOS, there was a special interrupt to set an interrupt vector (which was interceptable) - but it was also possible to do it directly, by writing at particular addresses in memory (which was not interceptable, unless you were willing to check these addresses on every clock tick). Does PalmOS have the equivalent dirty trick? Also, when my application is deactivated (e.g., in order to be removed), it could check (via SysGetTrapAddress) whether the traps it has patched still point to the same addresses as when they have been patched. If not, it means that somebody else has patched them after my application was installed. > > 3) By intercepting SysSetTrapAddress, the application can detect > > if some other application is trying to intercept one of the > > system traps it has intercepted. When this happens, it can > > disable itself by restoring the original system trap address, > > effectively removing itself from the chain. > > I like this because it provides good information to the user. My > only concern would be that hackmaster programs are likely to hook > the same trap so you'll still have to be able to reliably detect > and manage multiple patches on the same trap. That shouldn't matter. If a hack was installed before my application, that's not a problem. If a hack tries to install (and patch a trap) after my application, I should be able to detect that and disable my application first. The only problem is that my application would be "too polite". That is, as soon as somebody tries to intercept the same trap(s) it is intercepting, it will stop intercepting them and will give control to that somebody, possibly after a warning. Hmm, what if, after removing itself from the trap chain, my application lets the other application's trap interception finish (i.e., letting the other application intercept the trap as if mine isn't present) and *afterwards* my application intercepts the same trap again? This way my application will always be on the top of the chain, meaning that uninstalling it shouldn't cause problems. > What's it called? "Avast! AntiVirus for PalmOS", from Alwil Software. You need version 4.1; version 4.0 didn't intercept any traps. > Alternatively it's a competing app. What is a "competing app"? It's developed by a competitor, yes - but I have the impression that you mean something else. I know the owner of that company rather well, BTW; despite being a competitor, he's a fellow techie and a friend. I dropped him a note; maybe he'll share some ideas. > I didn't want to keep the whole app in memory so I built a code > segment that just does the background stuff and left that behind > when the rest of the app unloaded. Oh, I see. That's clever, but probably not worth the effort in my case. Most of my application's code will be invoked during the interception too; not just from the user interface. > I'll mail you off-list on this, as I need to investigate the > extent to which I'm limited by an NDA on my original Palm OS 5 > work in regards to my giving away my Palm OS 4 work. Excellent, thanks. I presume you can see an e-mail address from my posts here? I post through a rather awkward Web interface and am not sure what exactly goes in the headers of the post. If not, use [EMAIL PROTECTED] - it's a sort of "public trash bin address" and gets enough spam already anyway. Once you contact me, I'll give you a more serious e-mail address, although my official e-mail address isn't difficult to find (and gets plenty of spam too). :-) Regards, Vesselin -- For information on using the Palm Developer Forums, or to unsubscribe, please see http://www.palmos.com/dev/support/forums/
