I decided to write a TSR for MS-DOS (specifically DOSBox) Why? Because I am curious as to what all that software writes to memory. DOSBox has a debugger version but I don't like it. Anyway:
It appears to set up the hook fine and I know the part that writes the memory to a file should work because I tested it separately. Does anyone see any obvious flaw? It could be any small thing I overlooked. No file is ever created.Code:; Memory Dumper TSR v1.00 - by: Peter Swinkels, ***2021*** ; This terminate and stay resident program dumps all conventional memory to a file upon request. ORG 0x100 Main: MOV AH, 0x35 ; Retrieves the keyboard interrupt vector. MOV AL, 0x16 ; INT 0x21 ; MOV AX, ES ; Redirects the retrieved keyboard interrupt vector. MOV DS, AX ; MOV DX, BX ; MOV AH, 0x25 ; MOV AL, 0xFF ; INT 0x21 ; MOV AX, CS ; Sets the original keyboard vector to this program's memory dump function. MOV DS, AX ; MOV DX, MemoryDumper ; MOV AH, 0x25 ; MOV AL, 0x16 ; INT 0x21 ; MOV AH, 0x31 ; Terminates and stays resident. INT 0x21 ; MemoryDumper: PUSHA ; Saves all registers. MOV AH, 0x01 ; Skips the memory dump unless the F12 key has been pressed. INT 0xFF ; CMP AX, 0x0086 ; JNE Done ; MOV AX, CS SUB AX, 0x0100 MOV DS, AX MOV AH, 0x3C ; Creates the output file. MOV CX, 0x00 ; MOV DX, OutputFile ; INT 0x21 ; JC Done ; MOV AH, 0x3D ; Opens the output file for writing. MOV AL, 0x01 ; MOV DX, OutputFile ; INT 0x21 ; JC Done ; MOV BX, AX ; Retrieves the filehandle. MOV AX, DS ; Saves the current data segment. MOV ES, AX ; MOV WORD [MemorySegment], 0x0000 ; Sets the first memory block. Dump: ES ; Sets the memory block to be written to the output file. MOV AX, [MemorySegment] ; MOV DS, AX ; MOV AH, 0x40 ; Writes the memory block to the output file. MOV CX, 0xFFFF ; MOV DX, 0x0000 ; INT 0x21 ; JC Done ; ES ; Checks whether the last memory block has been reached. MOV AX, [MemorySegment] ; CMP AX, 0xF000 ; JAE DumpFinished ; ADD AX, 0x1000 ; Moves to the next memory block. ES ; MOV [MemorySegment], AX ; JMP Dump DumpFinished: MOV AH, 0x3E ; Closes the output file. INT 21h ; JC Done ; Done: POPA ; Restores all registers. INT 0xFF ; Calls the redirected keyboard interrupt. IRET ; Returns. OutputFile DB "MemDump.dat", 0x00 MemorySegment DW 0x0000
EDIT:
I am using the Netwide Assembler (NASM)




Reply With Quote