AARD code

This XOR-encrypted, self-modifying, and deliberately obfuscated x86 assembly code used a variety of undocumented MS-DOS structures and functions to detect if a machine was running DR DOS.

[1] The AARD code was discovered by Geoff Chappell on 17 April 1992 and further analyzed and documented in a joint research effort with Andrew Schulman.

[7][8][9] Microsoft disabled the AARD code for the final release of Windows 3.1, but did not remove it so it could be later reactivated by the change of a single byte.

[5] DR DOS publisher Digital Research released a patch named "business update" in 1992 to bypass the AARD code.

"[12][15] Microsoft Senior Vice President Brad Silverberg later sent another memo, saying, "What the [user] is supposed to do is feel uncomfortable, and when he has bugs, suspect that the problem is dr-dos and then go out to buy ms-dos.

An example of the error message the AARD code would produce