Hi friends,

Can it be so difficult to do what i am doing? How can i create a windows memory resident program?
It looks harder than in DOS. I am really stucked with this. I know how to do it in DOS, but i do not find the way to translate it to Win32 format. I did it in a "literally" translation, but it does not work. I attach a fragment of my DOS program.

ORG 7C00H ;
;
TST LABEL WORD ;TOP OF STACK
BEGIN: CLI ;INITIALIZE STACK
XOR AX,AX
MOV SS,AX
MOV SP,offset TST
STI

MOV BX,0040H ;SO ES = TOP OF MEMORY - (7C00H+512)
MOV DS,BX
MOV AX,[0013H]
MUL BX
SUB AX,07E0H ; (7C00H+512)/16
MOV ES,AX ;

PUSH CS ;SO THAT DS = CS
POP DS

CMP DI,3456H ;IF PROGRAM IS REBOOTING
JNE MEMCOP
DEC Word Ptr
;
MEMCOP: MOV SI,SP ;SP=7C00 COPY TO TOP OF MEMORY
MOV DI,SI
MOV CX,512
CLD
REP MOVSB
...

this works perfectly in DOS. Thanks for any help
Posted on 2001-11-04 10:44:36 by CodeLover
CodeLover,

in windows all programs are "memory resident" until they are terminated. So whats your problem?
Posted on 2001-11-04 10:56:29 by japheth
japheth,

Of course they are, but they do not receive external messages. I mean that you can create a program and it is resident, but when you put the focus on another one, it does not receive messages. So, if you want it to receive these messages you need to have it in the top of the memory. Do you know what I mean?
Posted on 2001-11-04 11:43:14 by CodeLover
Hmm,... to move around a program in memory will not solve any problem (it will most likely give you some more problems). In good old DOS days a TSR program normally had to change at least 1 interrupt vector to communicate with programs loaded afterwards. You shouldnt do such things in ring3 win32 apps. Possibly SetWindowsHookEx() will do what you want? If not you may need to write a low level driver (vxd...)

japheth
Posted on 2001-11-04 13:17:54 by japheth
But I must use a library. Is not there a way to create it without lib files? I am trying to say, a way to store a program in memory as i just showed you?
Posted on 2001-11-04 16:32:08 by CodeLover
CodeLover,
tell us exactly what you want to do (but not in technical terms like "want to move my prog to top of memory") and we will see if there is a solution.
Posted on 2001-11-05 02:43:37 by japheth
japheth,
What i want to do is to create a program that when it is executed is saved to the memory and remains in this one. So, being in memory, it can, for example, "watch" the system clock and tell me what is the time at some moment (and print a message according to that time of the day), search for viruses, etc. Actually, I just wanna learn how to have a program of these characteristics in memory using Windows. As I told you before, I can do it in DOS, but I do not know in Windows.
In a few words i wanna create a program for Win32 platforms able to remain in memory and constantly (or depending on the time or other circunstances) being active, monitoring the system or accomplishing some kind of tasks. Got it?
Posted on 2001-11-05 14:58:37 by CodeLover

In a few words i wanna create a program for Win32 platforms able to remain in memory and constantly (or depending on the time or other circunstances) being active, monitoring the system or accomplishing some kind of tasks. Got it?


Umm, you don't seem to understand.... Windows progs are like that whether you like it or not. The only way to "halt" a windows prog is to have a gui interface, which of course is event-driven. Even without a window, you still have the message loop, although you will receive far fewer messages without the window. And if you want to intercept keyboard and mouse events, use SetWindowsHookEx(). If you just want to fire an action on a pre-determined basis, use a timer with SetTimer().
Posted on 2001-11-05 15:40:12 by sluggy
Your going to have to go with kmd nt.2k,xp and vxd for 9x. their are other ways to do it but this is probably going to be the most reliable, although more risky way.
Posted on 2001-11-05 16:17:25 by prs
CodeLover,

I think you are stuck with learning about the architecture of 32 bit windows. Where DOS is a single task environment, Windows is multitasking environment and programs run at the same time as others.

What you have described is just another win 32 program in that it runs as long as you don't close it down. A DOS tsr actually switched tasks so that you loaded the memory resident tsr program, in windows you don't have to do that, you program is ALREADY running in memory.

Where you will find differences is in the access that you have to other programs under windows, Windows programs run in their own memory space and you normally cannot access the address space of another program.

What some of the guys here have mentioned is HOOK processing to access things like the keyboard and mouse.

To do this stuff you have some work to do learning how the architecture of Windows works. Good luck with it.

Regards,

hutch@movsd.com
Posted on 2001-11-05 16:44:00 by hutch--
Thanks to everyone.
Here i attach a source of a little program i created to learn about this in Windows. It is a keylogger.
Of course i have received some help, help that was necessary to achieve the end of the program. I must say that even though i created this program beginning "from zero" i have seen other source codes that, as i said, were really helpful and maybe their creators should receive the congratulations, as i explain in my source.

Do not think that i have bad intentions with this program, is only to my learning and maybe for other people. I hope you enjoy it.

The password to extract the zip is: mvrysqpye

I accept any comments or suggestions.
I am just learning Win32ASM.
It was time to leave DOS, dont you think?

Thanks by your help.

CodeLover
Posted on 2001-11-12 20:02:47 by CodeLover
Yes, sorry, i forget the zip.
Posted on 2001-11-12 20:05:19 by CodeLover
codelover,

if you plan your code work for w9x only, you can get ring0 througt a hack(there are several ways) and hook the vxd functions, like IFS for file acesses and so on

this is the most similar way, i think, to get residence like in DOS.

ancev

ps: the code you posted in first msgs is for a resident boot code, very likely a virus(only saw such code out of virus in 2M, a 2 mega floppy formater). such code could work even in w9x, if your hooks get called(ex. deleting hsflop.pdr to force w9x use int13 for disk access)
Posted on 2001-11-13 12:23:04 by ancev
I like ur program but sorry for stupid question: How is CreateFileMapping used? Do you asign the handle you want to a file. Thanks in advance
Newvie
Posted on 2001-11-15 15:47:24 by newvie