Hello everybody :)

I'm need to open Win386.swp under windows 98. (I don't want to do this under DOS) I wait for WM_ENDSESSION then use CreateFile like this:

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;Path is a pointer to D:\Win368.swp

invoke CreateFile,Path,GENERIC_WRITE or GENERIC_READ,\
FILE_SHARE_READ or FILE_SHARE_WRITE,\
NULL,OPEN_ALWAYS,NULL,NULL

.if eax==-1
invoke GetLastError
jmp @f

.endif
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

Every time GetLastError indicates a sharing vilolation (20h). The reason I wait for ENDSESSION is because I hoped file had been closed by operating system. But maybe it isn't.

I've played with the dwShareMode options and the dwCreationDisposition values but of course that doesn't help.

Does anybody know of a method of opening a file using a method other than CreateFile? Is it possible to read and write the disk sectors directly?

I've googled and search this board and read all the data in the SDK but have found no answers. I know what causes a share violation but I don't know how to proceed from here.

Any links or suggestions would be much appreciated.

best regards,

czDrillard
Posted on 2002-08-11 01:40:06 by czDrillard
Hi czDrillard,

If the swap file is shareable under Windows 98 it's certainly not shared
for writing. I never coded a vxd so I'm not sure if writing one would give
you more access to it. Maybe writing something like a harddisk driver ?
Posted on 2002-08-11 06:25:13 by goofee
Oh, sorry, didn't read your post thoroughly enough.

DeviceIoControl can read sectors.
Posted on 2002-08-11 06:31:18 by goofee
Hello everybody,

Thanks for the suggestions goofee, I neither have wrote a VxD but maybe it is time to start. Interesting about 'DeviceIoControl'. I'm going to look into that now. There's been lots of posts in the past about ring 0 and VxD's and I study them to. I will post more on this as I learn more.

best regards,

czDrillard
Posted on 2002-08-11 12:32:00 by czDrillard
You shouldn't write to the pagefile while windows is active - this is a *very* dangerous operation. You'll want to do this in realmode dos (for 9x), or some phase of system startup before swap is activated (NT; I dunno if such a phase exists, but I assume so). If you just want to read, I guess that's possible while windows is running, but it probably requires ring0 code - or perhaps direct sector access and filesystem parsing ;).

What do you need this for?
Posted on 2002-08-11 13:05:48 by f0dder
hello everybody,

______________________________
f0dder: "What do you need this for?"
______________________________

I wrote a program that deletes/edits specified files including index.dat files also program can overwrite file space for security reasons. I overwrite with cz's of course, hehe, instead of 0's and 1's. It is to help all paranoid people in the world,like me, sleep good at night:) The Swap file or Page file in nt has much data that can be accessed by unscrupulous people. This data includes passwords, credit card numbers URL's etc. Data can be recovered with forensic techniques. Data is persistent and there seems to be no way to remove it from the hard drive other than overwrite it. That is what I want to do.

I think changing contents of swap file at shutdown is not dangerous because data page into swap file is not required or used at system start up. I'm using win 98 at this time and can erase file from dos with no problem. but what about people what have nt/xp? DOS won't be there for them and I would like to make this work from within the windows operating system.

best regards,

czDrillard
Posted on 2002-08-11 13:31:19 by czDrillard