000001
`
`Symantec 1030
`IPR of U.S. Pat. No. 7,757,298
`
`

`
`SpwmR9fiLx¢EEBRF...WNWMAWWSMMU70DNW0
`FNAA/_.|.OJP4ROROWR2.9S11.Eu-IORGRU0
`[IP30NullJ7DESWMoo
`
`000002
`
`
`
`

`
`000003
`
`
`

`
`l\i.V.-P."l:i
`Ex}? 1 91998
`1
`LS,._l.__|i.LZ'_'J
`
`000004
`
`000004
`
`

`
`#251 JANUARY 1997
`
`50//'1/M/9f
`
`/OOZS /On“ /7/“[
`/7/90f.-55/0/W
`
`"IE DBIIIII/El’ /II'I'flUI't Baggage Fl-H500
`
`m_ Dobbss journal of
`
`software tools for the
`
`5f°§:S$i0"a1 Pfo9rammer-
`no,
`1
`Jan 1997
`~
`
`P/306PM//A//M’
`
`on conn£cnoNgIA
`0MPRESSIOg
`
`1
`
`
`
`3 I'll! IIIPEMD-180
`¢ .
`cl-yntoul-anlnlc Iléslu
`Functlon — A sum T
`lmlnccmnt Inr
`mnuunsr
`
`‘ <. *
`
`
`
`-—
`
`I IIIII-sllflflllll
`
`El'I'IIl' CIPIWGUIIII
`‘ - Exalnlnlnu no znn
`1
`conpruslon ulra-y
`
`$4.95 ($5.95 CANADA)
`
`..‘.’...‘.>
`Ill Illllll II III
`SE22-E9IOI
`£933‘
`L6 NH?
`
`
`
`
`
`AMmerF“,
`
`D
`
`_
`
`HUOA MEN
`AN
`us 1v§i§§a"8§vS§'
`911 3I1flfld NEDA MEN
`
`_
`jig
`
`[
`
`I
`
`.
`
`I60H9DdM3N1#
`9DOO9Sti
`I0
`IIII
`I
`IIIIII
`III
`II I II I III
`III
`I
`II I
`II
`II II
`III!
`I
`I
`I
`I
`I
`II
`I II
`I
`I
`IOI LISIO-E i**x*****fl1PPflXflt
`
`
`
`_
`
`_
`
`__ _O,QO,,O05_
`
`000005
`
`

`
`Dr. Dobb’s
`
`$0F7M4M’[
`
`f‘l’06l'AMM£A’
`
`A CONVERSATION WITH EVA BOZOKI
`byjack Woebr
`Network security is a concept whose time clearly has come, and, as Jack finds out this
`month, DSNT chief scientist Eva Bozoki is in the thick of things, security wise.
`
`THE RIPEMD-160 CRYPTOGRAPHIC HASH FUNCTION
`by Antoon Bosselaers, Hans Dobbertin, and Bart Preneel
`Cryptographic hash functions are an essential building block for applications that require
`data integrity. In this article, our authors propose that the RIPEMD-160 hash function is a
`secure replacement for MD4 and MDS.
`
`REED-SOLOMON ERROR CORRECTION
`by Hugo Lyppens
`For any number of reasons, Reed—Solomon error correction is commonly implemented in
`hardware. Here, Hugo presents a highly optimized software implementation of Reed-
`Solomon error correction, written in C++ and assembly language.
`
`THE ZLIB COMPRESSION LIBRARY
`by Mark R. Nelson
`Mark examines zlib, a library of C routines that can be used to compress or expand files
`using the same deflate algorithm popularized by PKZJP 2.0.
`
`WINDOWS NT SYSTEM-CALL IIOOKING
`by Marie Russinovicb and Bryce Cogswell
`Mark and Bryce present the design and implementation of NI'Regmon, a tool that uses
`hooking to show detailed infomtation about each and every registry access that occurs
`on a Windows NT system.
`
`STEGANOGRAPHY FOR DOS PROGRAMMERS
`by Alan Johnson
`Steganography is a branch of cryptography that deals with concealing messages.
`
`30
`
`36
`
`42
`
`48
`
`
`
`in." ‘w
`
`;~=-."~
`.-Jigs‘
`
`IMULA'l‘IONANDDEVICE-DRIVER DEVELOPMENT
`by Eddy Quicksall and Ken Gibson
`To ease the process of writing device drivers for new hardware designs, our authors
`present a simulation environment. To illustrate its use, they use the sample Adaptec
`AHA-1540 SCSI miniport driver that comes with the Windows NT DDK.
`SIMULATING THE DENVER AIRPORT AUTOMATED BAGGAGE SYSTEM
`byjohn Swartz
`John uses Xlisp to implement a computer simulation of the essential components of the
`Denver airport automated baggage fiasco, er... system.
`
`52
`
`2
`
`000006
`
`Dr. Dobbisjournal, January 1997
`
`—
`
`000006
`
`

`
`V
`
`JANUARY 1997
`VOLUME 22, ISSUE 1
`
`
`llElW0llllEll SYSIEMS
`
`EXAMINING EXTENDED MAP] 1.0
`by Les Tbaler
`The Extended Messaging Application Programming Interface 1.0, not to be confused
`with the previous-generation “Simple MAPI," was created to standardize the interfaces
`between messaging applications and the underlying messaging systems.
`
`M
`
`l’ll0GllAMMEll’S T00l(HEST
`
`
`PUBLISHING DYNAMIC DATA ON THE INTERNET
`by Lauren Hzgbtower
`Allaire's Cold Fusion is a development tool that provides access (via the Web) to any
`database the web server can access using ODBC. Cold Fusion runs as a multithreaded
`Windows NT system service and works with any 0DBC—compliant database.
`INSIDE ITERATED SYSTEMS’ FRACTAL DEVELOPMENTKIT
`by Dino Esposito
`The Fractal Development Kit front Iterated Systems is a library that makes it possible for
`you to embed fractal—imaging capabilities into C/C++ Wmdows and Macintosh applications.
`
`70
`
`74
`
`
`town“
`PROGRAMMING PARADIGMS
`by Michael Swaine
`Michael looks at paradigms past, focusing this month on spreadsheets.
`CPROGRAMMING
`by /11 5‘9V€"5
`Users expect standard Windows Help for all applications, no matter how small or how
`1 intuitive the procedures. To that end, Al updates a property page dialog-based
`application to include context-sensitive help for the controls on the dialog pages.
`
`92
`
`88
`
`
`
`F 0 R u M
`_
`i
`[Tom-AL
`by/°"“"’“" E"“"°"
`
`LETIERS
`bum
`NEWS&VlEWS
`""’”°"’ "'4"
`IN-I-E
`g,FEugme;;cs;,.m
`swm.Smm
`byMlcbaeI Stmlne
`
`( 0 0 E
`S 0 “ I ( E
`Hllllllllll
`
`5
`
`3
`
`I2
`
`In
`m
`
`JAVA Q&A
`by C]WBag
`Cliff examines how you can use java to implement a CORBA application that is
`representative of the way CORBA is likely to be used. In doing so, he revisits the chat
`application introduced in a previous column.
`
`wobneoyer
`Heaps are usually implemented via binary trees, with the property that for every subtree,
`the root is the minimum item. Here, john describes how to implement exceptionally fast
`“Fib°"3Cd" he3P5~
`
`UNDOCUMENTED CORNER
`by Robert R. Collins
`Robert launches an examination of the Intel System Management Mode (SMM), comparing
`the SMM’s RSM instruction to the ICE mode’s undocumented LOADALL instruction.
`
`PROGRAMMEWSBOOKSHELF
`by Ron van der W/al and William Stallmgs
`Ron examines Stanley Lippman’s Inside the C+f Object Model, while William looks at
`Peter Wayners Drsappeanng Crtptogmpby: Being and Nothingness on the Net.
`
`I00
`
`ll0
`
`II6
`
`to our readers, all source
`As a
`C0“? '5 3"““"bl° °" 3 _5“‘8'€ disk and
`°""{‘°- T_° °"d_°' ""3 d‘5"- 5'3"‘! 51495
`E31151‘:'“"sgn‘° D"
`
`2’§£§°sa’.‘;‘7’2;"§‘3“,...‘?,‘“t.:?.§'.§‘:.§.‘.3Z.‘2‘.;i
`dam code “"3150 available “mush the
`DD] Forum on Oompusem (type 00
`DDJ), via anonymous Fl? from site
`ftp.mv.com (192.80.8-1.3) in the /pub/ddj
`directory, on the World Wide Web at
`http://www.ddj.com, and through DD]
`Online, 2 free service accessible via direct
`dial 3‘ 415-35343357 (14-4 kbps. 3-1“)-
`
`H“ “om.
`T:
`sofiwm quality, debugging_ and mm-ng
`3“, in the spomgm in 0“, pebmm. issue.
`
`Dr. Doblfsjournal, January 1997
`
`000007
`
`3
`
`000007
`
`

`
`D D bl)’
`I‘ 0
`S raozsromr
`
`O
`N
`R
`U
`0
`.I
`PUBLISHER Peter Weslermari
`
`A
`
`L
`
`FWOFISS/0//Al
`P/(’0(z'.l’/I/14/145!’
`
`EDITORIAL
`EDITOR-IN-CHIEF Jonathan Erickson
`MANAGING EDITOR Ker/in Carlson
`TECHNICAL EDITOR Tim Kientzle
`ASSOCIATE TECHNICAL EDITOR Eugene Eric Kim
`SENIOR PRODUCTION EDITOR Monica E. Berg
`ASSISTANT MANAGING EDITOR Deirdre Blake
`EDITORIAL ASSISTANT Amy Wu
`COPY EDITOR Maureen Nelson
`ART DIRECTOR Bruce Gardner
`CONTRIBUTING EDITORS Al Stevens, Tom Genereaux,
`Scot Wingo, George Shqzherd, Robert Collins, Clzfl‘Berg,
`Steve Alexander; David Betz, Bruce Schneier, Mark
`Russinouich, Bryce Cogswell
`EDITOR-AT—I.ARGE Michael Swaine
`GROUP PUBLISHER Peter Hutchinson
`PRODUCTION MANAGER Lisa Mancin
`
`(|RCUI.AII0IN
`DIRECTOR or CI2RCUI.A’IION ferry Okabe
`CIRCULATION MANAGER Michael Poplardo
`
`MARKETING/ADVERTISING
`ADVERTISING DIRECTOR Charles P. Shively
`BUSINESS MANAGER fenmfer Christen
`DIRECTOR OF MARKETING Valerie Dow
`DIRECTOR OF ELECTRONIC PUBLISHING Stan Barnes
`SALES AND MARKETING MANAGER Holly Vessicbelli
`MARKETING ART DIRECTOR Lynn LaRocca
`ACCOUNT MANAGERS see page 121
`
`MILLER FREEMAN INC.
`CHAIRMAN/CEO Marshall W Freeman
`SENIOR VICE PRESIDENT/CFO Warren "Andy”AmI7mse
`SENIOR VICE PRESIDENTS Dm21dNussbaum,
`Darnell Denny, Donald A. Pazour, Wini D. Ragus
`SENIOR VICE PRESIDENT/SOFTWARE Regina Starr Ri'a'lej/
`VICE PRESIDENT/PRODUCTION AndrewA. Mickus
`VICE PRESIDENT/CIRCULATION Jerry Oleahe
`
`DR. DOBB'S]Ol/RNAZ ISSN 1044-789X is published monthly by
`Miller Freeman, Inc., 600 Harrison Street, San Francisco, CA 94107;
`415-905-2200. Periodicals Postage Paid at San Francisco and at
`additional mailing offices.
`ARTICLE SUBMISSIONS: Send manuscript and disk (with article,
`listings, and leuer [O the editor) to DD_/Submissions, 411 Borel Ave.,
`San Mateo, CA 9440243522.
`DD] ON COMPUSERVE: Type GO DD}.
`DD] ON THE INTERNET: editors@ddj.com or hltp:/, www.ddj.com
`SUBSCRIPTION: $34.95 for 1 year; $69.90 for 2 years. International
`orders must be prepaid. Payment may be made via Mastercard, Visa,
`or American Express; or via US. funds drawn on a US bank. Canada
`and Mexico: $45.00 per year. All other foreign: $70.00 per year.
`FOR SUBSCRIPTION QUESTIONS, change of address, and orders,
`call toll-free 800-456-1215 (US and Canada). For all other countries,
`call 303-678-0439 or fax 303-661-1885. On CompuServe, the
`customer-service number is 71572541. Or Write, Dr. Dobb’sjournal,
`P.O. Box 55188. Boulder, CO 80522-6188.
`BACK ISSUES may be purchased for $9.00 per copy (includes
`shipping and handling). For Issue availability, call 800-444-4881 in
`the US. and Canada. All other countries call 913-838-7500 or fax
`913-341-2624. Send e-mail to orders@mfi.com. Back issue orders
`must be prepaid. Please send payment (0 Dr. Dobblsjournul, 1601
`W. 23rd Street, Suite 200, Izwrence, KS 66046-2700.
`P0s'lMA5['ER: Send addrms changes to Dr. Dabb’s_/uumal, P.O. Box
`56188, Boulder, CO 805226188. ISSN 1044-739X. GST (Canada)
`# R12/$771239.
`Canada Post International Publications Mail Product (Canadian
`Distribution) Sales Ag:-eanent No. 0548677.
`FORHGN NEWSSTAND DISTRIBUTOR: Worldwide Media SE!‘/ICE
`Inc, 30 Montgomery SL, Jersey City, NJ 07302; 212-332-7100.
`Entire contents copyright © 1997 by Miller Freeman, Inc., unless
`otherwise noted on specific articles. All rights reserved.
`
`Estimated print run 172,000.
`
`m Miller Freeman
`A United News & Media publication
`
`IWP Printed in the
`American Buisness Press
`
`V’/BPA
`
`Dr. Dohb ‘sfozzmal, January 1997
`
`FOFIIVIS: WINDOWS NT - WINDOWS 55 - OS/2 - NLIVI 0
`
`
`
`
`
`
`
`ODDS/SI:I0OOOGCIH0ODDS/St!INSI0Sll::lV1OS'OUVdSNl"'IS'USSVNVININELSAS-OOS'XNA'I-Xn/V3'IddVISOC!
`
`D: What does it take to deploy a
`superior c|ient/server application?
`A: A SUPERIOR SERVER
`
`START with the most
`advanced client-side SDK on
`the market: c-tree” Plus at
`$895.
`- Complete “C” Source code
`0 ROYALTY FREE (Client Side)
`0 Multiple supported protocols
`0 Fast, portable, reliable
`- Powerful features like
`
`transaction processing
`0 Win95, NT, and
`Windows 3.1 ready
`
`ADD a strong. multi-
`platform, industrial-strength
`Server that supports.
`0 File mirroring
`- Heterogeneous networking
`- Automatic disaster recovery
`- Multi-threaded design
`- Best price/performance
`available: from $445- $3745
`
`RESUL T? A solid.
`economical, easily
`deployable product that fits
`your needs.
`0 Portable
`- Scalable
`
`0 Exceptional Performance
`- Flexible
`- Easy Server distribution
`0 Convenient OEM terms
`
`Heterogeneous TCF’/IF’ Network
`
`You can’t find a better client SDK with these features!
`
`Over sixteen years of proven reliability and performance.
`No one else supports over 30 platforms in this price range!
`
`c-tree P|us®
`- Complete C Source
`0 Single/Multi User
`0 Client/Server (optional)
`0 Full [SAM functionality
`0 No Royalties
`0 Transaction Processing
`0 Fixed/Variable Length Records
`- High Speed Data/Index Caching
`0 Batch Operations
`- File Mirroring
`- Multiple Contexts
`- Unsurpassed Portability
`
`FairCom Server®
`‘ Client/Server Model
`0 Transaction Processing
`- Requires <2MB RAM
`- Online Backup
`- Disaster Recovery
`- Rollback — Forward
`0 Anti—Deadlock Resolution
`I Client—side “C" Source
`0 Multi-threading
`I Heterogeneous networking
`- File Mirroring
`0 OEM/Source Available
`CIRCLE NO. 84 ON HEADER SERVICE CARD
`FOR YOUR NEXT PROJECT CALL FAIFICOM: YOU
`CAN'T FIND A BEITEFI HETEFIOGENEDUS
`CLIENT/SEFIVEFI SOLUTION!
`Also inquire about these FairCom products:
`
`d-tree“
`
`r-tree© ODBC Driver
`
`FA|RCDM®
`
`(3CJI:%F’(DI:2AT|(3I\I
`
`\I\NV\Neb Address: http://www.faircom.com/
`BOD-E34-B1 BO
`U.S.A. 4006 W. Broadway - Columbia, MO 65203-0100
`phone (573)445-6833 fax (573) 445-9698
`EUROPE Via Patrioti. 6-24021 Albino (BG) - ITALY
`phone (035) 773-464 fax (035) 773-806
`JAPAN IKEDA Bldg. #3.4f-112-5. Komel-chou - Tau-city,M|E 514 Japan
`phone (0592) 29-7504 fax (0592) 24-9723
`
`SUN O/S 4.X 0
`
`SUN O/S 5.X '
`
`IVIIPS A.SI SSGIJ
`
`G 0
`
`
`
`NIOTOROLABBOPEN
`
`0LINUX
`
`’>_<
`
`2 u
`
`l 2l
`
`-0 <I
`
`I
`III
`I-
`
`2 B
`
`ANYAN
`-ATSTUNIX
`
`APPLESYSTEIVI7
`
`000008
`
`

`
`
`
`Steganography for
`DOS Programmers
`
`
`
`Hiding a tree
`inside a forest
`
`
`Alan Johnson
`
`teganography is a branch of cryp-
`tography that deals with concealing
`messages. It has unique possibilities,
`particularly when you have terabytes
`of information —— much of it mundane or
`infrequently accessed —— that offer hiding
`places for important information. The tech—
`niques I present here will enable you to
`effectively hide critical information with-
`in a large volume of data.
`
`Text Versus Binary Files
`The difference between DOS text and bi-
`nary files is at the heart of this approach
`to steganography. A DOS text file is gen-
`erally composed of text, control charac-
`ters, and maybe graphics characters. It is
`a “last-record—check” type of file, mean—
`ing that the last record is a flag or sentinel
`that marks the end of the file. When
`opened for listing or reading, the system
`keeps reading data until it hits the end-
`
`
`Alanfobnson bas studied at Holland Parle
`Comprehensive in London, England, and
`[ms been educated in computerprogram-
`ming at Humboldt State University in
`Northern California, He has recently com-
`pleted a boo/e on private /eey—encryptz'on
`programming.
`
`48
`
`of-file (EOF) flag, then stops. For an or-
`dinary DOS text file, this EOF marker is
`control-Z (ASCII 26).
`A binary file, on the other hand, can
`contain characters in any order, since
`there is no EOF flag in binary mode.
`End-of-file is calculated from the direc-
`
`
`
`tory. The system reads the file specs to
`see how many bytes are in the file
`(recorded at the last write to the file) and
`stops reading when it has read that many
`characters. Binary files are necessary for
`.COM and .EXE files, as machine-
`language files may end up having an
`ASCII character 26 (or any other char-
`acter) anywhere.
`A file on disk can be opened for read-
`ing or writing in either binary or text
`mode, regardless of whether its internal
`format is text or binary. You can read a
`text file in binary mode, or a binary file
`in text mode.
`
`Enter DOS
`Since DOS usually stores files without
`an EOF marker, the operating system
`must calculate EOF from the directory.
`However, many DOS utilities also check
`for control-Z. The DOS TYPE, MORE,
`and FIND commands open files for read-
`ing in text mode. COPY, XCOPY, and
`MOVE, on the other hand, open a file in
`binary mode (they may be copying or
`moving a .COM or .EXE file). The COPY
`command has a /A switch for copying
`ASCII (text) files, but defaults to binary
`mode—— except when a file is created
`using the COPY command from the con-
`sole (COPY CON filename). This copies
`from the keyboard (stdin) to the file un-
`til control-Z is typed. Stdin and stdout
`are text files.
`
`What if you were to open a text file in
`binary mode, and append another file to
`the end of the first while explicitly writ-
`ing the EOF flag at the end of the first file?
`The result is that the second text is hid-
`den beyond the EOF flag. The only way
`to get to it is to read the file again in bi-
`nary mode. Remember, TYPE reads in text
`mode. The data beyond EOF is hidden
`from anyone looking around in your hard
`drive. If you use this technique to add a
`small amount of data, say 1 or 2 KB, to a
`large file (say 100 KB), the extra length
`will likely not be noticed if the file is
`TYPEed to the screen. For even better se-
`curity, you can encrypt the hidden part
`and it will look like random garbage at
`the end of the text file. Most people would
`consider this just a system or disk error,
`even if they found it.
`It is best to choose a text file that is
`used only for reading. If another program
`
`Dr. Dobb’sjournal, January 2997
`
`
`
`000009
`
`

`
`FITS IN YGUF.
`
`A PROTOTYPE
`
`SEND NIB THE DETAILS!
`
`1 am interested in: E] Attending E] Exhibiting
`El Receiving conference e-mail updates
`
`City
`
`Phone
`
`E-Mafl
`
`E M B E D D E D
`5 Y S T EM 5
`E A S
`1-
`
`.
`
`mhflnflw svsmms
`v
`n
`n
`r.
`R
`.2 M M x
`n
`r.
`
`\
`
`Please fax coupon to: 617-828-8198
`Or mail to: Embedded Systems Conference East,
`P'°‘ Box
`Canton, MA 02021
`
`000010
`
`

`
`
`
`(continuedfrom page 48)
`opens the host file in text mode for up-
`dating, the hidden data will likely be lost.
`Use reference files as the host files, and
`consider using ATTRIB to make them
`read-only.
`
`The Source Code
`Because XCOPY and COPY do not sup-
`port the kind of appending I’ve just de-
`scribed, you must write special programs
`to implement this technique under DOS.
`Listing One (listings begin on page 51) is
`LLIST.C, a program that lists binary files
`to the screen. (LLIST stands for “long-list,”
`implying a long listing beyond EOF.) LUST
`will list a text file, then list the hidden data
`after EOF.
`
`Listing Two, LAPPEND.C (short for “long-
`appen ”) tacks a second file onto the first
`with a control-Z between them to keep the
`second file hidden. Be aware, however, that
`the second file is not automatically delet-
`ed from the disk. You must manually delete
`it, or a copy of the hidden data will be left
`in the open. (Or, you can use the option-
`al remoue() command supplied in a com-
`ment line in LAPPEND.)
`Listing Three, ISPLIT.C, copies the hid-
`den data to the temporary file TEMP.1 This
`canbemodifiedtoplacethedatainafile
`supplied by the user as the second com-
`mand-line argument. Change the fopen
`statement for tbedata to use paramslzl as
`the filename, and change if (rt == 2 ) to
`rf(n == 3 ). Remove the #define statement
`and change the error-message prinys to
`show the new command format [split
`<9ource> <destinatton>.
`Hidden data can be removed from the
`host file by redirecting the output of TYPE.
`For example, type host > dummy. To re-
`turn the data to the host, copy dummy
`bost. Then delete dummy. The same re-
`sult can be obtained using the COPY com-
`and with the /A switch, except that the
`_ F flag is retained. Of course, you
`should do this after recovering the hid-
`den data with LSPLIT.
`Listing Four, LWRI'I‘E.C, allows the writ-
`ing of data from the keyboard to the far
`end of EOF of the target file, and requires
`a bit of extra explanation. DOS uses two
`characters -—— a carriage return (ASCII 13,
`CR) and a line feed (ASCII 10, LF)—to
`separate the lines of a text file on disk.
`In contrast, when you type on a key-
`board, you obviously only press one key,
`the Enter key. To make things consistent,
`and to simplify the processing of text files,
`the C library getc() function converts all
`line separators to newline characters
`(ASCII 10, LF). This ensures that whether
`you read text from the keyboard or a disk
`file, you’ll see one newline character at
`the end of each line. This conversion is
`only performed if you open the file as a
`
`50
`
`text file. If you read from a file opened
`as text, and write to a file opened as bi-
`nary— as LWRITE does-—-you must man-
`ually convert each newline to a CR-LF
`combination.
`
`‘The purpose of Listing Five, T*'INDH.C,‘ is
`tofindhiddendataintztseyouforgetwhich
`is the host file(s).' FIND}-LC looks for con-
`trol-Z in the file at a point before the phys-
`ical end of the file, and prints the filename
`to the screen. The wildcard characters “*”
`and“?"canbeused, andallthefilesina
`directory can be scanned for possible hid-
`
`The dzfierence
`between a text and
`
`binaryfile is at the
`heart of this
`approach to
`steganography
`
`den data. Each directory must be searched
`individually. Ifyou use “*.*”, any .COM or
`.EXE file may show up as a false possibil-
`ity if it happens to contain a control-Z at
`some point
`To read the directory, FINDH uses the
`findfr'rst() and f1'ndnext() functions.
`These are not completely standard, so
`you may have to rewrite them to work
`with alternate compilers. I am using
`Powerc 1.1.6 from MIX Software. Most
`compilers should support some equiva-
`lent of these two functions; Microsoft
`QuickC, for instance, has _dos__finaflrst()
`and _dos_findnext().
`LAPPEND and I.SPI.IT offer another in-
`teresting possibility. You are not limited
`to placing only one hidden file beyond
`EOF; they can be stacked up behind each
`other. LAPPEND will keep adding new
`hidden files onto the end of the host file,
`and LSPLIT splits off everything behind
`the FIRST EOF to TEMP.1. You can have
`a hidden part, hidden on the end of an-
`other hidden part, which is hidden itself,
`and so on. To recover the next layer of
`hidden data, use LSPLIT on a renamed
`T'EMP.1.
`
`You cannot stack up hidden files if
`they are individually encrypted with
`pseudorandom numbers. I advise LAP-
`PENDing multiple files together, then en-
`crypting, then placing the cipher at the
`
`
`
`00001 1
`
`end of the host file. The reason is that
`if you are encrypting with pseudoran-
`dom numbers to generate a random ci-
`pher byte for each byte of cleartext,
`sooner or later an encrypted byte will
`fall on control-Z. If just one such cipher
`file is hidden beyond EOF, LSPLIT will
`find it, as an EOF. precedes all the ci-
`pher. If LSPLIT is used to try to separate
`appended cipher files, eventually it will
`split a cipher file. If your encryption
`scheme disallows a value of integer 26
`(control-Z), then hidden cipher files can
`be directly stacked beyond EOF. Other-
`wise, LAPPEND all the files to be hidden
`while they are still text, then encrypt them
`as one file—-EOFs and all —— then LAP-
`PEND that one cipher file to the host file.
`When using LSPLIT and decrypting, all the
`files will be cleartext and LAPPENDed to-
`gether. Subsequent files will still be hid-
`den beyond EOF, even though they are
`decrypted. If the actual data to be kept
`confidential is in one of the following
`hidden files, it may remain undiscovered,
`even if decrypted. You can leave the fol-
`lowing ones as hidden, or split them off
`with LSPLIT.
`
`You also could super encipher mes-
`sages by using LAPPEND to join a cipher
`file to a text, encrypting both, then LAP-
`PENDing the cipher to a host file. The
`first cipher file is now super enciphered,
`possibly with a different key the second
`time. This could be used to give en-
`crypted instructions for using the first ci-
`pher file to an intermediary, without the
`intermediary necessarily knowing the key
`to the first cipher. Be careful, however,
`that your plans and protocols don’t be-
`come too complicated.
`
`_
`
`Conclusion
`Other steganography techniques hide
`data by altering one bit-per-pixel- record
`in a high-resolution graphic, or one-bit-
`per-sound record in digitized music or
`speech. You can hide data that's on your
`own system, sent over phone lines, or
`mailed on a disk. These methods can be
`used to distribute keys for more-rapid
`encrypted communication and are use-
`ful for couriers.
`
`Remember to encrypt the hidden data
`for the best security, and to erase the LAP-
`PENDed.files, or program LAPPEND to do
`so automatically by including the remove()
`statement supplied with LAPPEND. Don’t
`forget that an erased file on disk still con-
`tains data until something new is written
`over that portion of disk, so creating an
`overwrite-erase utility is advisable. Or, just
`work on a Ramdisk, and keep the cipher
`on the hard drive.
`
`DD]
`
`Dr. Dobb Lrfoumal, januaty 1997
`
`000011
`
`

`
`
`
`STEGANOGRAPHY
`
`itéiaw
`
`Ii ....this program lists a file in binary mode: */
`/3
`ALL characters are shmm.
`#/
`
`I3§'h,g chic
`/1' 111st.c ‘I
`fiinclude "stdio.h"
`nain(atgc.a:gv)
`int
`argc:
`char
`4a:-gv[]:
`int byte:
`long caunt=01:
`FILE 1inf1:
`if ( argc == 2 )
`I
`
`(
`
`!= EOE )
`
`infl = fopem(argv[1]."rB"):
`i£(( infl != NULL )
`uhileé ( byte = getcfinfl) )
`count++:
`remove these comment marks to
`if ( byte Y= 26 )
`avoid display of cnttl-Z. Hriting
`cntrl-Z ta stdout tarninntes the
`pragra on name systems.
`*/
`putc(byte.:tdout):
`c1ose(inf1):
`
`/*
`
`)
`else
`C
`
`printf("\n\n...cannot open input fi1e...\n\n”);
`
`1
`else
`C
`
`p:intf("\n\n. . . aauat supply one file name. . .\n"):
`
`isting Two
`/* lappem-Lc */
`Jtinclude "stdio.h"
`main(n.params)
`int :2:
`char fiaarams U ;
`FILE *thef11a.#thadnta;
`int ch=6:
`if ( n == 3 )
`I
`
`,
`thefile = fopen( paramslll. "ab" );
`thedata I fopen( patanalz}. "rb" ):
`if ( thafile != NULL 55 thedata 1': NULL )
`C
`fseeldthefile. 0. 2);
`putc(26 nchefile):
`while (
`(ch = getc(thedata)) In 30? J
`I
`putc (ch.thef1'le) :
`
`
`_ Jelse
`I
`
`printf("\ncannot open .9. file. .\n"):
`fclosekhadnta) :
`fcloaekhefile):
`
`{
`
`printf(”\ncannat opan a fiIe..\n");
`felon (thedata) :
`
`fclosemmfile):
`
`]
`else
`(
`
`prim:f("\nproper format is:\nlsp1it (datafi1e)\n"):
`) printf("hidden data (if any) will be in tup.1\n"):
`I
`
`J
`
`I
`
`hshng Four
`II lwxitmc */
`Hnclude "atdio.h"
`nain(n.purans)
`int n:
`
`I chi: ¢pnrau[]:
`FILE *tha£i1e:
`int ch=¢:
`
`if(( 1: == 2 )
`putu("type central-Z to finnisb"):
`thefile = fopen( pannatll. "ab" ):
`if C thafile != NULL )
`I
`fleek(thefi1e. E. 2):
`putc(Z6.the£i1e): /N-add new EOP...¢/
`whfile (
`(ch = getc(stdin)) 1: E0! )
`if ( ch == 1D )
`putc(13.thafi1e): /* explicitly add cxwl
`putc(ch.thefi1e) :
`
`3
`
`01::
`ptintf("\ncannot open ii1e..\n"):
`fclane (thafilel :
`
`J
`else
`(
`
`print£(“\np:ope: fox-mat is:\n1vx.-it: <f:'L1ename>\n"):
`
`I
`
`C
`
`C
`
`hshng Five
`/‘ t1ndh.c */
`iinclude "ntdio.h"
`Hnclude "di:ect.h"
`flnclude "domh"
`r¢Ad_fi1¢(f11enane)
`gnu ifilenalell:
`FILE *re|di.ngthil:
`int inbyce=D.ntop1oop=0:
`long countval . fi1e1ength=D1:
`readingthis = fopen(f:l1enmu."rb");
`9/
`!seek(rendingthia.D1.2): /H-find end of file
`4/
`filelength = fte11(readingthis):/N-find filelength
`fuek(rudi.ngthia.D1.0):/N-return to begining: Revindltl
`
`vh:Ele( (inbyte = getc(reading:his) )
`count“:
`
`l= EOE‘ ii lltaploop )
`
`1 l
`
`;!
`else
`f
`
`)
`
`0
`
`J
`
`I
`
`:eucve(paurn5(2]):
`
`option to erase the source of the hidden data */
`
`ptint£("\nproper format is:\nlappend (file appended to) ");
`prim:f("<fi1e to append>\n"):
`
`J
`
`)
`1f[(inbyte == 26 as ( count < filelength-1 )
`stop1oop++:
`p:int!'("\n/a has pouible hidden datn ". filenue):
`p:intf("
`/1d bytes from the be5ining...".count):
`
`listing Three
`/1 lsp1it.c !/
`lfiinnlude "ntdio.h"
`itdefine TKMPFILE "temp.1"
`nain(n.pa:am)
`int n;
`
`‘ chat fiparamsllz
`FILE 3thefi1e.#thedatn;
`int ch=0,hiddendatn=¢:
`
`if(( n == 2 )
`thefile = fop2n( panmflll. "tb“ ):
`thedata = fopen( TEHPFILE. "wh" );
`if ( thefile I= NULL )
`C
`
`(ch = getc(thefi1e)) != E0? )
`whfle (
`if (ch == 26 ) hiddendata+*:
`if (hiddendata)
`(
`
`(ch = getc(thefile))
`whfle (
`put: (ch. thedata):
`
`l= BOF )
`
`J
`
`J
`
`3
`else
`
`, fc1au(rend1ngchi.n) :
`min (:1 . puma)
`int
`n:
`
`fihax tpnrum U ;
`attucz ffblk fldnta:
`int :1:
`if ( n >= 2 )
`{
`for(cl-1:c1<n:c1**)
`(
`
`(
`if (findfinc(parau[c1]Jfldatn,(FAJIORHAI.
`reud-fi1e(f1dat¢.ff.nane):
`vhi1e( £indnext(&f1data)
`!= -I)
`(
`read_f11e(f1dnta.ff_nue) :
`)
`
`1
`
`{ FA_RDONl.Y))
`
`is -1)
`
`21:2
`1 printf("\n..no matching fi1e(s) for /s\n".pauma[c1]):
`Jlnenarazsl
`
`J
`2151
`K
`
`findh filunmeu) \n"):
`yrint£("\nprope: format is:
`ptintfl" uildcards ‘*‘ and '7' may be uaed.\n"):
`
`000012
`
`DD]
`
`,
`
`
`
`51
`
`000012
`
`

`
`#265 MAY 1997 ” —
`3' 42 mm J
`
` 4,
`
`I nnirvarting Windows Metalilas In Java
`I Inside Windnws cabinet I
`-
`:
`-
`T I abject File Formats
`
`
`
`|
`
`1F IVC
`
`
`
`§§§§i"‘°‘
`szz%"'§26a"3'J
`“‘
`as anv
`ax¥‘§:¥EHfi”§3oE"¥§3
`I0
`I"I'I'II"'I|?'7'?3W'I --9-f",-M3-'5-’35'°°-‘-'-"
`2
`70992 35566
`a
`II
`III!
`llll
`I
`
`,v<
`,
`’t0I 11910-2 *
`V
`_
`"E*****’f*°1r“x°*
`A Miller Freeman Pubhtnon
`
`
`‘
`I I
`
`‘W
`
`I
`
`.
`
`
`
`,
`
`I
`
`70015/‘OA’/'h’[
`./’A’0F[55/UA//ll
`
`‘WmM’
`
`http://www.ddj.com
`
`.
`
`I I
`
`‘
`
`000013
`
`

`
`
`
`OOOO14
`
`000014
`
`

`
`000015