This makes a memory dump, forgot what it does ??
Is the dump simulated and if not, can the whole RAM be dumped ?
;-------------------------------------------------1996 Andrew Kennedy---------
; dumpmem.asm Dump first meg of memory to a file
; Works thru Win XP
.model tiny
.code
org 100h
start:
xor cx,cx
mov dx,offset m
mov ah,3ch
int 21h
xchg ax,bx
mov ch,80h
xor dx,dx
xor si,si
mark:
mov ds,si
mov ah,40h
int 21h
add si,800h
jnb mark
int 20h
m db '1stMgRam.txt',0
end start
I forgot to attach the com file on the prev. post.
Quote from: Magnum on January 27, 2013, 02:03:51 PM
Is the dump simulated and if not, can the whole RAM be dumped ?
In my tests, accessing the bottom 1MB of address space of my Windows 2000 system from a Windows app with the aid of the WinIO driver, what I get looks like the bottom 1MB of address space. Although I did not do a detailed comparison, the BIOS data area looks correct for the system, as does the BIOS date at the top of the address space. Under Windows 2000 I can access at least 2MB into the address space (I have not tried to go further). In my tests under Windows XP only the bottom 4096 bytes were accessible. I intended to attach a dump for my Windows 2000 system, but even zipped it is too large.
For a RM app to access beyond the first MB it would need to first switch to PM and increase the segment limit, and I can't see any way to do this under Windows.
Thanks for the info.
Did you try my app under Win 2000?
I was curious as the what you would get.
Andy
The result of a virtual memory dump for a NTVDM on XP SP3 on my machine is:
Region Size(hex) State AllocBase AllocProtect
00000000 10000 commit 0 execute_readwrite
00010000 90000 commit 10000 execute_readwrite
000A0000 20000 commit A0000 execute_readwrite
000C0000 F000 commit C0000 readonly
000CF000 11000 commit CF000 execute_readwrite
000E0000 20000 commit E0000 readonly
00100000 10000 commit 100000 execute_readwrite
00110000 B000 commit 110000 execute_readwrite
0011B000 1EE5000 reserve 110000 execute_readwrite
02000000 1000 commit 2000000 readwrite
02001000 F000 free
02010000 1000 commit 2010000 readwrite
02011000 F000 free
02020000 3C000 reserve 2020000 readwrite
0205C000 1000 commit 2020000 readwrite
0205D000 3000 commit 2020000 readwrite
02060000 3000 commit 2060000 readonly
02063000 D000 free
02070000 7000 commit 2070000 readwrite
02077000 F9000 reserve 2070000 readwrite
02170000 6000 commit 2170000 readwrite
02176000 A000 reserve 2170000 readwrite
02180000 7000 commit 2180000 readwrite
02187000 9000 reserve 2180000 readwrite
02190000 16000 commit 2190000 readonly
021A6000 A000 free
021B0000 41000 commit 21B0000 readonly
021F1000 F000 free
02200000 41000 commit 2200000 readonly
02241000 F000 free
02250000 6000 commit 2250000 readonly
02256000 A000 free
02260000 2000 commit 2260000 execute_read
02262000 BE000 reserve 2260000 execute_read
02320000 2000 commit 2260000 execute_read
02322000 6000 reserve 2260000 execute_read
02328000 8000 free
02330000 103000 commit 2330000 readonly
02433000 D000 free
02440000 1000 commit 2440000 readwrite
02441000 F000 free
02450000 34000 commit 2450000 execute_read
02484000 2CC000 reserve 2450000 execute_read
02750000 1000 commit 2750000 readwrite
02751000 F000 free
02760000 C000 commit 2760000 readwrite
0276C000 4000 reserve 2760000 readwrite
02770000 3000 commit 2770000 readonly
02773000 D000 free
02780000 3D000 reserve 2780000 readwrite
027BD000 1000 commit 2780000 readwrite
027BE000 2000 commit 2780000 readwrite
027C0000 53000 commit 27C0000 readwrite
02813000 AD000 reserve 27C0000 readwrite
028C0000 3D000 reserve 28C0000 readwrite
028FD000 1000 commit 28C0000 readwrite
028FE000 2000 commit 28C0000 readwrite
02900000 1000 commit 2900000 readwrite
02901000 7F000 reserve 2900000 readwrite
02980000 C680000 free
0F000000 1000 commit F000000 execute_writecopy
0F001000 60000 commit F000000 execute_writecopy
...
So memory from 0-11AFFFh can be dumped ( beyond 110000h you'll need to call Int 15h, ah=87h ).
I guess the 110000-11AFFFh regiion is used by DOSX.EXE - some memory there looks like a protected-mode IDT.
NTVDM apparently reserves the first 32 MB for the DOS stuff.
At 0F000000 starts the NTVDM.EXE image and other Win32 dlls.
Andy,
Your program produces a dump that looks like what I would expect from a 16-bit DOS app running under Windows. One of the obvious differences between it and my dump is that the BIOS data area shows the full complement of serial and parallel ports, when the system actually has only one of each:
00000400 F8 03 F8 02 E8 03 E8 02 - BC 03 78 03 78 02 C0 9F
The attachment contains a modification of some old code that does a quick test of Interrupt 15h, Function 87h. Under Window 2000 it can read 16 bytes starting at 11aff0h no problem, but starting at 11aff1h triggers an exception.
under DOS, you can use DEBUG to dump your way through memory
after the BIOS data area, you can see how IO.SYS and MSDOS.SYS loaded
you can also see any drivers loaded during boot via CONFIG.SYS
and, you can see the little 16-byte heap allocation headers in between each item
for the fun of it, i once replaced COMMAND.COM with DEBUG.COM :P
you can see the state as it is just before COMMAND.COM loads
Super Dave,
Do you mean real DOS or the fake DOS in XP ?
Seems like I remember changing some strings in command.com.
i was talking about real DOS
i haven't played as much with the emulated version under N
Michael,
This is what I got when I ran test_mod.exe using cmd.exe and command.com
C:\MASM32\SOURCE>test_mod
0
00000000000000000000000000000000
0
C:\MASM32\SOURCE>
00000400 F8 03 F8 02 E8 03 E8 02 - BC 03 78 03 78 02 C0 9F
I installed the Kasper... rescue disk on a CD.
Would prefer it work on a pendrive though.
I can't figure out how to set up the network so I can download updates while using the Rescue disk.
I have setup wireless before, but this is a challenge.
I use a Zoom Combination Router and cable box modem.
It detects eth0 which I saw when using a Linux CD.
I am looking for recommendations for anti virus rescue disks that you have used sucessfully on a pen drive.
I have not had much luck with creating a boot pendrive with a O.S. on it.
I got one working on a Verbatim pendrive, but it stopped working.
I have tried around 6 versions including Puppy Slax, Mint, Debian, etc.
Thanks,
Andy
The attachment contains a modification of some old code that does a quick test of Interrupt 15h, Function 87h. Under Window 2000 it can read 16 bytes starting at 11aff0h no problem, but starting at 11aff1h triggers an exception.
[/quote]
long ago, i wrote a replacement for COMMAND.COM for a specific application
it was used in public schools to run their AV/CCTV system
we sold them a copy of dos as part of the package to cover the legal end of it
i used IO.SYS and MSDOS.SYS, as provided by ms dos 3.3
then, i wrote my own "shell" to run the system under, and named it COMMAND.COM