logo - Click here to go to the site home page... Click here to go to the site home page... Click here to go to the Blog page... Click here to go to the archives page... Click here to go to the about page...
"extremely impressive work"
- Mark Russinovich,
(referring to my BugChecker)
my face...
Homepage of Vito Plantamura (@), Windows Researcher, VPC Technologies SRL CEO. [user=Guest] - updated: August 08, 2007

Here you can find some screenshots of a bunch of software program I developed when I was in between the ages of 10 and 13. The vast majority of the software I developed in those days was lost with time except for a few 720 and 360 diskettes I have found recently along with some hand-written notes about my researches.


I got my first 8086 computer when I was 10: as soon as I discovered that I was better at programming rather than playing soccer, I started writing all sorts of software programs, every time I was able to do it (i.e. when not at school), either with the Microsoft Basic Compiler 7 or in Raw Assembler (using the good Turbo Assembler from Borland) and even with Visual Basic 1.0 for Windows. It was pure passion, no need to make money or to deliver to a schedule. The most interesting thing is that I had no documentation at all about BASIC, DOS, BIOS, ASSEMBLER etc. except for one or two user manuals (included with the PC) that constituted a very poor starting point for my "research". I had no access to internet or to specialized journals or books. But that lack of knowledge just increased my pathological curiosity; that same curiosity that (to a certain extent) propels me today (as you can imagine, other interests, like money, have grown up since then...). Pretty soon I was faced with the need to learn (myself) the obscure art of reverse engineering in order to make progress in my programming activities: in fact 50% of my time was spent with Turbo Debugger trying to make out how that video interrupt or DOS extender was working. Tipically, once one program was finished, I was used to handle it to a local computer store receiving other software as payment...

I hope that you will find this journey in the past at least entertaining as it is for me writing about it... For running most of the programs, as you can guess, I have used a VMWare image with Windows 95 installed on it. Just remember, when reading, that the programs I have inserted here were written by a boy of 12: if you can read Italian, you will find that most help strings and comments are somewhat hilarious... However, as I tested recently for taking the screenshots, the programs actually work... One nice thing I noted during my tests was the names I used for "signing" my programs: they range from "Plantamura Associates", "Plantamura Computing", "Plantamura Software" and "Plantamura Entertainment" to "Plantamura Leisure Products"...

The programs are presented roughly in a chronological order.


I wrote it in 1992. At that age, I was extremely fascinated by PC viruses in general and by the way they were working in order to infect other executable files. Well, what this program was intended to do, was to "extract" the virus body from an infected executable and then to save it in a separate file. I was maintaining a frequently updated library of such stripped virus files in order to study and disassemble them.


I developed this program for calculating the speed of the running machine. The program required an initial phase of analysis where it sampled the execution time of several language iterations in order to calculate the final result in megahertzs.


This is a collection of various utilities I developed in 1992.

Convert Machine 1.0 is able to convert ASCII text files into .COM ones for immediate viewing. The principle is simple: the specified text file is appended to a small .COM program that simply outputs that text to the screen. Just for the sake of curiosity, I have disassembled that .COM file in order to see, after 13 years, how it was intended to work. Well, this is the result:

Link Heat Dos Shell is a sort of telnet client/server system for DOS. After having established the connection through the serial port it is possible to remote-control the other machine sending DOS commands to it.

The Professional Batch Maker is a program that converts ordinary BATCH files into .EXE ones. It uses internally an interpreter that converts the BATCH commands and statements into conditional and print actions carried by the .EXE program. The .EXE interpreter and the BATCH file are linked together to form the final executable.


At one point in 1992 I needed a BACKUP program for securing my development works so I decided to program one myself. It comes in two versions: the standard DOS version and the Windows one. Nothing special to say: the source files are read and appended one to the other in the backup archive. It supports multi-disk span and the index file is written to the last disk of the set.


This is another collection of software programs, complete with a nice installation utility.

SMACdisk is a security utility that I created for cancelling the contents of old unused clusters on a specified hard drive or diskette. It is useful for cancelling the physical data still present on disk associated to erased files.

Pc Clinic is an other security tool I developed that iterates through all the directories and files of a specified drive registering the sizes of each file present on that disk. The size information so collected is saved in a separate archive for future reference. Later that same disk can be scanned again and the new sizes are compared with the old ones highlighting the differences. Tipically it is useful for detecting virus infections.

GetClock 3.0 is the DOS version of the Get Clock! Windows program described earlier.

VideoSave is an utility that dumps the contents of the current text-mode screen into a text file.


This is essentially a full-featured text editor with support for source code editing. It includes also an installation program and a complete (separate) configuration tool for setting up various options in the main program.


Kleptomaniac is a TSR DOS program. After lauching the .COM file in DOS, you will be able to popup Klep pressing an hotkey in order to configure its grabbing features. You can capture a .PCX file from a graphics framebuffer or you can save the contents of the graphics palette to a standard .PAL file. It is also possible to capture the text-mode screen contents in a standard .TXT file.

I remember that, for making out the format of the .PCX files, I was forced to hex-edit a simple image file and then to open it in Deluxe Paint in order to determine the layout and meaning of each field of the file header.


I remember that one thing I was extremely motivated to achieve in my programs was a fascinating text mode effect that I was used to see in software programs such as Norton Antivirus, if I remember correctly. Essentially manipulating the CRTC registers (interacting with the I/O ports of the VGA adapter) it was possible to modify the bitmaps that were applied to the text mode characters. I remember that this same effect could be achieved using the services of the video interrupt but, although the implementation of the underlying interrupt was simply addressing the VGA registers and ports, when calling repeatedly that interrupt for drawing on screen a graphics mouse pointer ala Windows (in place of the simple blocky one that you get in standard DOS text mode) the video began flickering resulting in a very unpleasant final effect. Evidently the video interrupt implementation was doing something more than simply manipulating the VGA registers for changing the character bitmaps. I knew that the effect could be achieved perfectly (because Norton Antivirus was able to draw that graphics cursor without any flickering) so I guessed that programming directly the VGA registers (bypassing the interrupt) was definitely the way to go. Unfortunately, as in the case of the video interrupt numbers and services, I had no documentation at all about the video registers and how to program them. So, as usual, I was forced to load Turbo Debugger and then to step into the code of the video interrupt in order to collect on paper the various accesses that were being made to the video I/O ports, in order to identify the ones that were usuful for reprogramming the aspect and bitmaps of the text-mode characters. As I discovered later, the video interrupt was resetting something in the begin or in the end of the service call before or after the actual code that modified the bitmap, thus causing that flickering problem. After having isolated the minimum calls to the CRTC required to achieve the desired effect, I was able to change the character bitmaps on the fly and repeatedly without any flickering effect.

The mouse cursor is not shown in those screenshots because I was not able to make it work with VMWare. However you can see the completely text-mode interface with several graphics additions achieved with the trick described earlier.

The program itself is a disk copier, as you can guess by its name and actually it works very well, also inside a VMWare virtual environment.


Despite the fancy and abused name, GENESIS was the first compiler I ever wrote. Actually it was targeted toward a general type of programming but with a particular focus on 2D graphics development. You can see a screenshot of a graphics demo developed with GENESIS.

Actually it was a compiler/interpreter program. In a screenshot, you can see a listing of an example application written for GENESIS. When the program source file was finished, it had to be compiled with GENESIS in order to produce a .COD byte code file whose format and layout were proprietary. Then the program could be lauched simply starting the interpreter specifying in the command line the name of the final .COD module so produced.

The GENESIS language was able to manage automatically the allocation of local variables and it provided directly, as native language calls, services for loading and rendering font files, drawing 2D images and managing the state and position of the mouse.


This is somewhat a milestone in my programming career because this is the first game I ever created. Before it, I had written a lot of 2D graphics code, both in BASIC and in raw assembler, but never a complete game. I remember that, during a school trip, I saw a tetris arcade game and I immediately fell in love with it: so, I decided to program a clone of that game giving it my name.

An interesting thing is that it supported Sound Blaster compatible cards, playing several MIDI files in between the game action (with VMWare I was unable to activate this feature). The graphics content was created by myself with Deluxe Paint. This is the first and last 2D game I ever produced; after its completion I have dedicated myself completely to system development (first) and three dimensional programming (then).


In that same period, I conducted various studies about several different subjects. The main tool I used for extracting the desired knowledge from various programs and technologies of interest was the aforementioned Turbo Debugger from Borland. I LOVED to grow my knowledge and understanding of things in this way (however, actually I had no other way to achieve the same results). I used to collect the results of that research on paper for later reference when writing actual code. In this section I have collected a bunch of those notes that I have found recently and that I decided to scan in order to present here.

One of the most intriguing topics I ever researched at the age of 13/14 was 80386 protected mode and DOS extending systems. It was the time of DOS4GW programs (compiled with Watcom C++ v.10) and CWSDPMI (used for executing DJGPP applications). I remember that even with the Turbo Pascal executables, Borland was used to distribute a 80286 extender for internal use by its proprietary tools (namely DPMIINST.EXE). I was extremely fascinated by the opportunity to run my own flat memory images without the limitations of the 640KB of DOS real-mode execution. In that period, I began to concentrate myself entirely on 16-bit Assembler programming using Extended and Expanded memory services in order to transcend the limits of conventional memory. The problem was that I wanted to make the big leap and start programming in a full 32-bit environment. Some time earlied I disassembled the HIMEM.SYS file in order to discover the secrets of the extended memory access and how to interact with the A20 line (below there is a scan of the note I wrote about those disassembling efforts). In this way, with no type of documentation or knowledge at all about the subject, I discovered how to enable the A20 line (I knew about its name by tracking down the related error messages in the HIMEM manager file) and that the extended memory access could then be achieved in real-mode activating 32-bit addressing on a per-instruction basis. However, pretty soon, I began needing more space also for my code modules and the solution of mixing 16-bit and 32-bit addressing code was in no way ideal. So not knowing C/C++ and not owning a copy of the Watcom or DJGPP compilers, I decided to program myself a DOS extender stub for use with my TASM compiled programs. Not having access to any type of specific documentation about protected mode or DPMI, I started to disassemble and live debug the CWSDPMI and DOS4GW files in order to make out the meaning of those strange LGDT, LIDT and CR0 instructions. Some time later, after having gathered the results of that research in the notes scanned below, I was able to program a tiny DOS extender stub module that, when prefixed to a flat-memory image compiled with TASM, allowed me to run my games in a true 32-bit linear memory environment.

These are some of those notes I wrote at that time about protected mode and DPMI. Even if you cannot read Italian, in those notes you can see references to the CWSDPMI and DOS4GW names and internal structures. The meaning and functioning (guessed through reverse engineering) of DPMI functions and of architecture specific resources such as CR0, CR2, CR3, TSS and LDT are explained as deduced from my research:

Disassembling results of HIMEM.SYS:

Activation of the A20 line:

These are instead some notes I collected disassembling a Sound Blaster enabled game. As you can guess, one of the major achievements I wished to reach in my games was to introduce music and sound effects. To accomplish this, I was forced to disassemble and live debug a program that already was able to do that:

The format of an hard drive partition table and boot record, achieved hex-editing the sectors of a test drive and then seeing the results lauching various DOS and NORTON utilities:

The format of PCX files achieved through the same method of hex-editing and testing described above:

The format of EXE files, achieved as above:

This is a still taken from a set of notes (40 pages) describing the 16-bit instruction set format of Intel processors. I used that information for writing a 16-bit TSR debugger under DOS (ala SoftICE, you could popup the debugger with an hotkey and then trace through the native instructions pressing a key). The method I used in this case was the same hex-edit/test approach described earlier (using Turbo Debugger as the test application): unfortunately I had no other way for obtaining that same information (i.e. with the Intel manuals). This notes set and the final TSR debugger supported also the decoding of FPU and system instructions. For discovering the magics of the trace bit in the flags in order to write the debugger itself, I live-debugged CodeView using Turbo Debugger...

"Among the Windows experts I know personally, no one can beat Vito Plantamura."
- Francesco Balena, Code Architects SRL

"Your NDIS Monitor application, is amongst the most impressive networking code I have seen on the .Net framework."
- Ben Hakim.
Various images from italian conferences and events (keep the mouse on a thumbnail for a short description):
Me at the Microsoft/HP/Intel organized Route64 event in Milan in May 2005, explaining how COM+ behaves on 64-bit Microsoft operating systems. I was there with the friends of Code Architects.
Me at the Microsoft Security Roadshow event in Bari in April 2006, explaining how the logon process works in Windows NT. There were 250 attendees.
Microsoft Security Roadshow 2006 in Treviso. This is an image of the huge 700-seats conference room.
Me at the Microsoft Security Roadshow 2006 in Treviso. This is a moment of the 3-hours session.
 Site login
NOTE: Actually the login feature is used only for administrative and content management purposes.


Everything here (code, binaries, text, graphics, design, html) is © 2010 Vito Plantamura and VPC Technologies SRL (VATID: IT06203700965).
If you download something (compilable or not) from the site, you should read the license policy file.
If you want to contact me via email, write at this address.