flat assembler
Message board for the users of flat assembler.

Index > Windows > Small C program to exclude bad RAM address?

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi
your best shot on this is to go to rootkit.com and ask there, but seriously I think it's impossible to do within win9x Sad
Post 07 Aug 2006, 23:30
View user's profile Send private message MSN Messenger Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
I had an idea some days ago, what about installing a hook in the MBR for Int 15/AX=E820h? I can't remember where I read that Windows uses it at boot time so it can be more successful than a driver which is possibly loaded too late to prevent that something be loaded at bad ram addresses.

The person owner of the computer has resolved to buy new RAM so I don't need this anymore...

Regards,
Hernán
Post 08 Aug 2006, 00:42
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
HAHAHAHAHAHA, http://www.ctyme.com/intr/rb-1741.htm here I read that about Windows Razz
Post 08 Aug 2006, 00:50
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
OK, here the proof of concept. I tested it on Virtual PC and on my REAL computer (MSI K8N Planitum SLI motherboard). The screenshots are from the real computer, where it says "Memoria física (KB)" it means physical memory and "total" well, total... If you want to test it open boot.asm and press F9 on FASMW. Note that it will write on the floppy disk so make sure that the data on the floppy disk is useless because you will loose it.

Regards,
Hernán


Description: E820 BadRAM proof of concept
Download
Filename: Int15 Hooker.zip
Filesize: 30.36 KB
Downloaded: 115 Time(s)



Last edited by LocoDelAssembly on 26 Aug 2006, 21:28; edited 1 time in total
Post 08 Aug 2006, 04:12
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Oh, so windows does use E820 to find the usable memory map? Nice!
Post 08 Aug 2006, 10:54
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Miserably fails on Win95 and Win98. In both the system hangs, however on WinMe the bootdisk works fine but since it doesn't include "mem" utility I can't know if it recognizes the memory correctly.

This problem is possibly due to the fact that the badRAM range overlaps the usable range reported by the BIOS so E820 BadRAM must be written more intelligently...

Regards

PS: On Win95 I tested an installed Win95 OSR2 but while its loading it reports a divide overflow error and hangs... The tested Win98 is a bootdisk that hangs just after RAMDrive is loaded.
Post 08 Aug 2006, 18:42
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
should it work on NT?
Post 08 Aug 2006, 21:05
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
At least works on WinXP. But it must be coded in a better way, right now Windows is reported that the whole RAM is available and then the last entry (added by my hook) says that a memory range included in the available range is unavailable. This doesn't confuse Windows XP but Win95/98 dislikes it very much. When I have time I'll try to prevent int 15/e820 from reporting whole ranges as available when them includes bad RAM ranges to prevent overlapping.
Post 08 Aug 2006, 23:56
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Code:
    int15Handler IntHandler 0

        cmp     ax, $E820
        je      .serviceHandler
        jmp     far dword [cs:originalHandler]

     .serviceHandler:    


The problem actually was that I forgot to give the control to the original handler when the service is not E820...

I edited the post with the fixed version, now Win95 doesn't crash anymore but it uses all the physical available memory anyway... WinXP doesn't reports the badRAM range with msinfo32.exe but the task manager shows that the physical memory is decreased (see the screenshots).

BTW, anybody here saw my mistake with the handler? ¬¬
Post 26 Aug 2006, 21:36
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
OK, I give up...

I tested with a hardcoded map but Win98SE enjoys the whole 256 MB of the Virtual PC... WinXP doesn't reports the badRAM range but reports that I have just 184 MB of physical memory in both "My PC" and task manager. I tested an Ubuntu dapper drake 32-bit with this but grub says that there is not enough memory to load kernel it's just capable to boot memtest (which also reports 184 MB of RAM).

Now I don't know why Win98SE doesn't see the range marked as ROM because it actually calls E820 but seems that it does nothing with it...

Anyway I'm tired of this and I don't need it working because I have no defective RAMs right now so I post it in the hope that it can be useful for someone.

Regards,
Hernán


Description: Test with hardcoded memory map for a Virtual PC with 256 MB RAM
Download
Filename: test.zip
Filesize: 2.87 KB
Downloaded: 109 Time(s)



Last edited by LocoDelAssembly on 27 Aug 2006, 15:50; edited 1 time in total
Post 27 Aug 2006, 05:01
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Quote:

I tested an Ubuntu dapper drake 64-bit


Actually 32-bit.
Post 27 Aug 2006, 14:04
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Before Int15/E820 hook:Image

After Int15/E820 hook:Image

Works in WinMe.

PS: http://board.flatassembler.net/topic.php?p=42174#42174 doesn't have any effect on WinMe, possible due to the hook reports the bad range after the BIOS reported all the memory as available for use. The solution is spliting the RAM range to exclude the bad range in order to prevent overlapping with the bad ram range (like the hardcoded table does).
Post 27 Aug 2006, 15:46
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.