Solved

How to search conventional memory

Posted on 1998-11-04
14
425 Views
Last Modified: 2013-12-29
Hi,

I have hex workshop and was told that I should check the conventional memory for a particular info.  First of, what is conventional memory. Secondly, how do I check it?

Thanks,

bb
0
Comment
Question by:b_branford
  • 3
  • 3
  • 3
  • +4
14 Comments
 
LVL 1

Expert Comment

by:skylab060398
Comment Utility
Conventional Memory:
The portion of memory that is available to standard DOS programs. DOS systems have an address space of 1MB (megabyte), but the top 384K (called high memory) is reserved for system use. This leaves 640K of "conventional memory". Everything above 1MB is either extended or expanded memory.

To Check it:
In DOS type "mem /c /p" (without quotes) then hit the "Enter" key.
It will plainly show you how much conventional memory you have available.

Hope this helps.

0
 

Author Comment

by:b_branford
Comment Utility
Hi Skylab,

Actually, I'm trying to check the conventional memory for a particular text string. How do i do that?
0
 
LVL 1

Expert Comment

by:skylab060398
Comment Utility
Ooops.

You should reject my answer here so others can join in.

0
 
LVL 3

Expert Comment

by:czpczp
Comment Utility
b_branford -- can you provide more information?  Firstly, did skylab's suggestion work or display any info?  Because depending on your version of DOS, the /p cannot be coupled with /c "classify" parameter (you'd have to use the pipe char. "|" and the "more"  command) though the /p "page" parameter became available with Win95 and 98 (not NT -- /p in NT means "program" and it also must be used by itself) -- in other words, you cannot use them together in any version of DOS prior to version 7.0 (the equiv to W95).  Also, exactly what "string" from what kind of program are you trying to display and what is your working environment outside of DOS (Windows 3.x with Dos 6.22, Win95, 98....).  Aside from windows, if you are using it, you can check your DOS version by getting to a DOS prompt and typing the "ver" (w/o quotes) and pressing enter.


0
 
LVL 1

Expert Comment

by:skylab060398
Comment Utility
Not true czpczp
The /c /p worked with DOS 6.0 and up.
0
 
LVL 2

Expert Comment

by:Laphroaig
Comment Utility
You can carry out string comparison checks on all of your conventional memory using search command in 'Debug'. Is this what you are trying to do?
0
 
LVL 2

Expert Comment

by:Laphroaig
Comment Utility
Because of a quirk in the way that Dos addresses memory, nearly 64kb above the 1 Mb mark can be directly accessed. This 64kb is called the High Memory Area. The area between 640kb and 1mb is the Upper Memory Area. It is confusing especially when the Loadhigh command actually loads devices into Upper memory.
0
Too many email signature updates to deal with?

Do you feel like you are taking up all of your time constantly visiting users’ desks to make changes to email signatures? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

 

Author Comment

by:b_branford
Comment Utility
Hi,

Where I am studying, we have foolproof installed. I was told that I could find out the password by looking for it by doing a string search in conventional memory using a hex editor.

Thanks,

Brad
0
 

Expert Comment

by:mcaddan
Comment Utility
- there is no other way besides in DOS to check what is loaded in memory! The command I use is 'mem /d/p' that shows what is loading and at what address - also tells you how much conventional mem is available in DOS. I use DOS v 7
Obviously if a program requires all of the 640k and you dont got that much available you must edit the command files for DOS and remove or redirect drivers to other memory locations - That is usually done with the LH command etc.,
0
 

Expert Comment

by:fuson
Comment Utility
I assume you forgot the password to foolproof, now you want to get at some files?

Foolproof encrypts the boot sector so that you cannot use a floppy to boot and recover your files.

1. If you have access to the important data files that you need, I would copy them off and reload the computer.  That is the easiest solution.  This means that you need to do an Fdisk and reformat, since the boot sector is encryted.  You can try a virus scanner, it might be able to rebuild the boot sector for you, and allow you to access the drive with a bootable disk, since the program is essentially acting like a boot virus.

2. If you are trying to crack the password that resides in the DOS conventional memory, forget it.  That isn't really a password, it is an encyption key for the boot sector.  The password you are probably looking for is to disable the security features of the Windows part of foolproof.  Since Windows uses "Protected Memory" and accessing this protected memory usually leads to a "General Protection Fault"(GPF) or an "Illegal Operation" as they are called now.  However if you are sure that you can find the password with a memory editor we have to turn to the Cutting Edge of memory editors.  This leads us to Game Cheat Editors... probably the best sorce of memory editors for windows.  Here is a list, search on the internet for the URLs and download locations:

Cheat O Matic
Cheat32
Fix People Expert
Game Buster
Game Master
GameHack
GameWiz
GameWizard
Magic Trainer Creator
Master Cheater
TinkerBell
WinHack http://ourworld.compuserve.com/homepages/grantmalinverni/

You will have to try them out and read up on them...  You can do your own searching on the internet for other editors too.  I haven't tried any of them, but most claim to be able to search and edit memory contents, which is what you are looking for.  If you are intent on searching DOS conventional memory from Windows, you can do that with some of those programs.  Pretty amazing stuff actually, I don't know how they manage to do it. :)

3. You might be able to disable foolproof by corrupting or renaming some of the Windows portions of the program.  This can be risky as you may lock yourself out of Windows entirely.  If you have no access to Explorer, try running a web browser.  In the URL location type in c:\ and enter and see if you can browse the drive.  See if you can get access to the Foolproof directory and rename a file that is accociated with windows, like a dll file.  I have no idea how foolproof works, and I am not even sure what it does... but you that might give you something to work from, SO DO SO AT YOUR OWN RISK.  Make sure you don't wreck the DOS side of the Foolproof security, you need it running so you can access the info on the Harddrive.

Good luck.
0
 

Author Comment

by:b_branford
Comment Utility
I've found out that all I need is to read the win386.swp file. How do I read it? I tried to copy it but it didn't work since it's a dynamic file and neither windows nor dos allows you to copy it.

thanks,

bb
0
 

Expert Comment

by:fuson
Comment Utility
Well that is simply incorrect.  Your win386.swp file is what windows uses when there isn't enough RAM in your system to be able to run programs. (Simplified Explaination)  So in order for a hex editor to load the file to edit it, it would require more ram, and the swap file would get bigger and the program would require more ram.  So you couldn't load that file with a hex editor even if you wanted to.

What you need is a disk editor, this allows you to view to contents of the disk, and of particular files, it loads them chunks at a time so you are able to view the contents of such files.  I haven't actually used one for windows, but Norton might have such a treat in thier package.

And just to make things clear, the answer you are looking for in the swap file may not be there, since it is just memory.  Depending on how many programs you are running, and the amount of RAM that is in your system, there may not be much at all in the swap file.  So searching the memory is actually what you want to do, but you might luck out and find it in the swap file, but it will not work all the time.

Trevor.
0
 

Accepted Solution

by:
bam87 earned 100 total points
Comment Utility
go to a dos prompt and start the debugger:

debug
s 0:0 FFFF "test string"

or u can user turbo debugger which is much easier or even softice
0
 

Expert Comment

by:fuson
Comment Utility
bam87, that doesn't make any sense.  When you start a DOS prompt in Windows it runs it in a Virtual Machine.  Any access outside of the VM would result in a Illegal Operation or a General Protection Fault.  All you are doing is seaching a small random chunk of memory that was allocated to the VM.  I am not sure if the memory is cleared before the VM runs or not, but even if it is not cleared there is little to no chance of randomly getting allocated a chunk of memory that was deallocated by the security program which the cleartext password is stored.

If you can shutdown to DOS after running windows it might work, as long as the password isn't stored in the swap file.... if it is then it is gone.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

For a variety of reasons, it sometimes makes sense to reboot a Windows-based computer on a regular, perhaps daily basis. This "cures" a lot of ills by resetting processes, flushing caches, refreshing memory, and reestablish network connections. In a…
A few months ago I had an issue with LaserJet 1020 printer which was installed to XP and Windows 7.  It was installed to XP and working, but when I tried to connect from a Windows 7 PC, it would attempt connection and then fail.  Sometimes the Spool…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now