?
Solved

How to search conventional memory

Posted on 1998-11-04
14
Medium Priority
?
453 Views
Last Modified: 2013-12-29
Hi,

I have hex workshop and was told that I should check the conventional memory for a particular info.  First of, what is conventional memory. Secondly, how do I check it?

Thanks,

bb
0
Comment
Question by:b_branford
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 3
  • +4
14 Comments
 
LVL 1

Expert Comment

by:skylab060398
ID: 1726951
Conventional Memory:
The portion of memory that is available to standard DOS programs. DOS systems have an address space of 1MB (megabyte), but the top 384K (called high memory) is reserved for system use. This leaves 640K of "conventional memory". Everything above 1MB is either extended or expanded memory.

To Check it:
In DOS type "mem /c /p" (without quotes) then hit the "Enter" key.
It will plainly show you how much conventional memory you have available.

Hope this helps.

0
 

Author Comment

by:b_branford
ID: 1726952
Hi Skylab,

Actually, I'm trying to check the conventional memory for a particular text string. How do i do that?
0
 
LVL 1

Expert Comment

by:skylab060398
ID: 1726953
Ooops.

You should reject my answer here so others can join in.

0
WordPress Tutorial 4: Recommended Plugins

Now that you have WordPress installed, understand the interface, and know how to install new parts, let’s take a look at our recommended plugins.

 
LVL 3

Expert Comment

by:czpczp
ID: 1726954
b_branford -- can you provide more information?  Firstly, did skylab's suggestion work or display any info?  Because depending on your version of DOS, the /p cannot be coupled with /c "classify" parameter (you'd have to use the pipe char. "|" and the "more"  command) though the /p "page" parameter became available with Win95 and 98 (not NT -- /p in NT means "program" and it also must be used by itself) -- in other words, you cannot use them together in any version of DOS prior to version 7.0 (the equiv to W95).  Also, exactly what "string" from what kind of program are you trying to display and what is your working environment outside of DOS (Windows 3.x with Dos 6.22, Win95, 98....).  Aside from windows, if you are using it, you can check your DOS version by getting to a DOS prompt and typing the "ver" (w/o quotes) and pressing enter.


0
 
LVL 1

Expert Comment

by:skylab060398
ID: 1726955
Not true czpczp
The /c /p worked with DOS 6.0 and up.
0
 
LVL 2

Expert Comment

by:Laphroaig
ID: 1726956
You can carry out string comparison checks on all of your conventional memory using search command in 'Debug'. Is this what you are trying to do?
0
 
LVL 2

Expert Comment

by:Laphroaig
ID: 1726957
Because of a quirk in the way that Dos addresses memory, nearly 64kb above the 1 Mb mark can be directly accessed. This 64kb is called the High Memory Area. The area between 640kb and 1mb is the Upper Memory Area. It is confusing especially when the Loadhigh command actually loads devices into Upper memory.
0
 

Author Comment

by:b_branford
ID: 1726958
Hi,

Where I am studying, we have foolproof installed. I was told that I could find out the password by looking for it by doing a string search in conventional memory using a hex editor.

Thanks,

Brad
0
 

Expert Comment

by:mcaddan
ID: 1726959
- there is no other way besides in DOS to check what is loaded in memory! The command I use is 'mem /d/p' that shows what is loading and at what address - also tells you how much conventional mem is available in DOS. I use DOS v 7
Obviously if a program requires all of the 640k and you dont got that much available you must edit the command files for DOS and remove or redirect drivers to other memory locations - That is usually done with the LH command etc.,
0
 

Expert Comment

by:fuson
ID: 1726960
I assume you forgot the password to foolproof, now you want to get at some files?

Foolproof encrypts the boot sector so that you cannot use a floppy to boot and recover your files.

1. If you have access to the important data files that you need, I would copy them off and reload the computer.  That is the easiest solution.  This means that you need to do an Fdisk and reformat, since the boot sector is encryted.  You can try a virus scanner, it might be able to rebuild the boot sector for you, and allow you to access the drive with a bootable disk, since the program is essentially acting like a boot virus.

2. If you are trying to crack the password that resides in the DOS conventional memory, forget it.  That isn't really a password, it is an encyption key for the boot sector.  The password you are probably looking for is to disable the security features of the Windows part of foolproof.  Since Windows uses "Protected Memory" and accessing this protected memory usually leads to a "General Protection Fault"(GPF) or an "Illegal Operation" as they are called now.  However if you are sure that you can find the password with a memory editor we have to turn to the Cutting Edge of memory editors.  This leads us to Game Cheat Editors... probably the best sorce of memory editors for windows.  Here is a list, search on the internet for the URLs and download locations:

Cheat O Matic
Cheat32
Fix People Expert
Game Buster
Game Master
GameHack
GameWiz
GameWizard
Magic Trainer Creator
Master Cheater
TinkerBell
WinHack http://ourworld.compuserve.com/homepages/grantmalinverni/

You will have to try them out and read up on them...  You can do your own searching on the internet for other editors too.  I haven't tried any of them, but most claim to be able to search and edit memory contents, which is what you are looking for.  If you are intent on searching DOS conventional memory from Windows, you can do that with some of those programs.  Pretty amazing stuff actually, I don't know how they manage to do it. :)

3. You might be able to disable foolproof by corrupting or renaming some of the Windows portions of the program.  This can be risky as you may lock yourself out of Windows entirely.  If you have no access to Explorer, try running a web browser.  In the URL location type in c:\ and enter and see if you can browse the drive.  See if you can get access to the Foolproof directory and rename a file that is accociated with windows, like a dll file.  I have no idea how foolproof works, and I am not even sure what it does... but you that might give you something to work from, SO DO SO AT YOUR OWN RISK.  Make sure you don't wreck the DOS side of the Foolproof security, you need it running so you can access the info on the Harddrive.

Good luck.
0
 

Author Comment

by:b_branford
ID: 1726961
I've found out that all I need is to read the win386.swp file. How do I read it? I tried to copy it but it didn't work since it's a dynamic file and neither windows nor dos allows you to copy it.

thanks,

bb
0
 

Expert Comment

by:fuson
ID: 1726962
Well that is simply incorrect.  Your win386.swp file is what windows uses when there isn't enough RAM in your system to be able to run programs. (Simplified Explaination)  So in order for a hex editor to load the file to edit it, it would require more ram, and the swap file would get bigger and the program would require more ram.  So you couldn't load that file with a hex editor even if you wanted to.

What you need is a disk editor, this allows you to view to contents of the disk, and of particular files, it loads them chunks at a time so you are able to view the contents of such files.  I haven't actually used one for windows, but Norton might have such a treat in thier package.

And just to make things clear, the answer you are looking for in the swap file may not be there, since it is just memory.  Depending on how many programs you are running, and the amount of RAM that is in your system, there may not be much at all in the swap file.  So searching the memory is actually what you want to do, but you might luck out and find it in the swap file, but it will not work all the time.

Trevor.
0
 

Accepted Solution

by:
bam87 earned 200 total points
ID: 1726963
go to a dos prompt and start the debugger:

debug
s 0:0 FFFF "test string"

or u can user turbo debugger which is much easier or even softice
0
 

Expert Comment

by:fuson
ID: 1726964
bam87, that doesn't make any sense.  When you start a DOS prompt in Windows it runs it in a Virtual Machine.  Any access outside of the VM would result in a Illegal Operation or a General Protection Fault.  All you are doing is seaching a small random chunk of memory that was allocated to the VM.  I am not sure if the memory is cleared before the VM runs or not, but even if it is not cleared there is little to no chance of randomly getting allocated a chunk of memory that was deallocated by the security program which the cleartext password is stored.

If you can shutdown to DOS after running windows it might work, as long as the password isn't stored in the swap file.... if it is then it is gone.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A small collection of useful tips and tricks for Windows 10 users that I decided to write as a result of recent questions that were asked and answered at Experts Exchange. Two short video tutorials included. Enjoy..
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question