Help, how to get the value from 0000h:046Ch address in memory?
I tryed but my program halt right at mov eax,es:[046Ch],
and is it the same as GetTickCount ?


push es
xor ax,ax
mov es,ax
mov eax,es:[046Ch]
pop es


p.s.: This is done in Win32 not in DOS.
Posted on 2003-11-24 06:01:40 by zabnik
win32 is protected mode 32 bit, you cant access memory like that, also i think the 0000->1mb range isnt accessable and will probably cause a crash, debug gettickcount and you'll see it reads from a completely different area
Posted on 2003-11-24 07:35:21 by evlncrn8
that is priviledge level zero. What is that parameter? The mouse position? because I get different values from the video buffer.


00000000 16 E8 00 F0 16 E8 00 F0-C3 E2 00 F0 16 E8 00 F0 ................
00000010 16 E8 00 F0 54 FF 00 F0-68 7E 00 F0 16 E8 00 F0 ....T...h~......
00000020 A5 FE 00 F0 87 E9 00 F0-6F EF 00 F0 6F EF 00 F0 ........o...o...
00000030 6F EF 00 F0 6F EF 00 F0-57 EF 00 F0 6F EF 00 F0 o...o...W...o...
00000040 DD 10 00 C0 4D F8 00 F0-41 F8 00 F0 34 98 00 F0 ....M...A...4...
00000050 39 E7 00 F0 59 F8 00 F0-2E E8 00 F0 D2 EF 00 F0 9...Y...........
00000060 A4 E7 00 F0 F2 E6 00 F0-6E FE 00 F0 53 FF 00 F0 ........n...S...
00000070 53 FF 00 F0 A4 F0 00 F0-C7 EF 00 F0 D4 51 00 C0 S............Q..
00000080 F2 E6 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................
00000090 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................
000000A0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................
000000B0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................
000000C0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................
000000D0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................
000000E0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................
000000F0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................
00000100 59 EC 00 F0 E5 EF 00 F0-65 F0 00 F0 D4 63 00 C0 Y.......e....c..
00000110 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................
00000120 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................
00000130 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................
00000140 6F EF 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 o...............
00000150 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................
00000160 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................
00000170 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................
00000180 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000190 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
000001A0 16 E8 00 F0 16 E8 00 F0-16 E8 00 F0 16 E8 00 F0 ................
000001B0 16 E8 00 F0 DD 10 00 C0-16 E8 00 F0 16 E8 00 F0 ................
000001C0 60 BA 00 F0 F3 EC 00 F0-6F EF 00 F0 6F EF 00 F0 `.......o...o...
000001D0 89 EE 00 F0 FC F0 00 F0-00 ED 00 F0 24 ED 00 F0 ............$...
000001E0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
000001F0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000200 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000210 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000220 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000230 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000240 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000250 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000260 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000270 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000280 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000290 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
000002A0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
000002B0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
000002C0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
000002D0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
000002E0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
000002F0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000300 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000310 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000320 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000330 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000340 00 00 00 00 00 00 00 00-00 00 00 00 6E 89 A9 89 ............n...
00000350 1A EF 00 60 06 E8 00 80-E6 4B 00 00 70 03 00 00 ...`.....K..p...
00000360 19 EF 00 80 81 01 00 00-01 00 53 F7 B7 89 1A EF ..........S.....
00000370 00 60 07 E8 00 80 E6 00-00 22 ED 00 F0 86 00 3C .`.......".....<
00000380 08 82 ED 00 F0 02 02 B0-08 8E 00 9B 03 D8 03 0A ................
00000390 05 0A 05 22 ED 00 F0 86-00 3C C0 4E ED 00 F0 02 ...".....<.N....
000003A0 02 BF A2 72 A3 98 99 54-BA 0A 05 22 ED 00 F0 86 ...r...T..."....
000003B0 00 2C C0 56 ED 00 F0 46-02 B0 A2 BF A2 87 9F 00 .,.V...F........
000003C0 00 80 00 00 00 01 00 00-00 00 7C 00 80 01 02 00 ..........|.....
000003D0 80 02 00 10 C4 00 02 01-E6 4B 00 00 00 7C 01 00 .........K...|..
000003E0 80 00 00 00 00 00 00 00-05 00 01 00 80 00 01 00 ................
000003F0 00 7C 92 4F 8E 4D 00 F0-02 05 37 4D 25 4D 02 00 .|.O.M....7M%M..
00000400 F8 03 F8 02 00 00 00 00-78 03 00 00 00 00 C0 9F ........x.......
00000410 27 44 00 7F 02 00 00 20-00 00 22 00 22 00 E0 50 'D.... .."."..P
00000420 0D 1C 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000430 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000440 00 00 C0 00 00 00 00 00-4D 12 50 00 00 A0 00 00 ........M.P.....
00000450 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00000460 00 00 00 D4 03 29 30 F4-03 00 F0 04 C6 58 0B 00 .....)0......X..
Posted on 2003-11-24 10:52:42 by mrgone

Help, how to get the value from 0000h:046Ch address in memory?
I tryed but my program halt right at mov eax,es:[046Ch],
and is it the same as GetTickCount ?


push es
xor ax,ax
mov es,ax
mov eax,es:[046Ch]
pop es


p.s.: This is done in Win32 not in DOS.


You have to remember that win32 is operating in protected mode. So ds,es,fs and gs are not used as in real mode, where they point directly to memory. Instead they hold a descriptor, that indirectly points to a place in memory. As such, you'll need to find a descriptor with the right security attributes ... and make sure that the page you want to read from is accesible. In fact, unless you want to do a driver, or do some dirty ring0 hack, you should stay away from manually trying to read memory like that. I should probably modify that and say: unless you're willing to study some system architecture, stay away from low-level programming, just use GetTickCount.

Fake
Posted on 2003-11-24 11:26:14 by Fake51
stay away from low-level programming


hmmm ...isn't that what this forum is all about :grin:
Posted on 2003-11-24 11:38:50 by The SharK


push ds
mov ax,01677h
mov ds,ax
mov ax,word ptr ds:[0002h]
mov ds,ax
mov eax,dword ptr ds:[00000000h]
pop ds


I removed some unknown cmp and jmp and it works!
BUT! only at Win98SE in Win2000 it halts at mov ds,ax

It can be minimized more:



push ds
mov ax,010Bh
mov ds,ax
mov eax,dword ptr ds:[00000000h]
pop ds


Same value, I also compared it with GetTickCount, exactly same value :p

PS: h8 XP
Posted on 2003-11-25 09:50:07 by zabnik
Why don't you just use rdtsc?
Posted on 2003-11-25 10:13:06 by Aaro