home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Cream of the Crop 1
/
Cream of the Crop 1.iso
/
UTILITY
/
REVEAL11.ARJ
/
REVEAL.DOC
< prev
next >
Wrap
Text File
|
1991-05-05
|
7KB
|
172 lines
REVEAL!
A Learning Tool
EbSoft
8 Darnock Court,
Brampton, Ontario,
L6Z 2X3
CANADA
Please see the README.DOC file for information on how to register
this shareware program and how to receive the source code so you
can see how this program works.
REVEAL!
Given a little knowledge and the right tools, you can persuade DOS
to reveal its innermost secrets. With REVEAL as your guide, you
will be able to understand exactly how it is that DOS allows
programs and data to coexist in its memory workspace, in what
order they are loaded, and how they interact. You can then use
this information to squeeze every last drop of RAM power from your
machine!
USING THE PROGRAM:
When you run the program, by entering REVEAL <Enter> at the DOS
prompt, you will be presented with the main screen. At the left,
a flashing message informs you that the program is scanning the
DOS memory workspace for memory control blocks. When this is
done, the total number of blocks found is displayed at the top
left, with a summary of the first 20 blocks below. The highlight
bar is over the first block. The right side of the screen
contains detailed information about the highlighted block.
You may select a memory block for analysis by using the cursor
movement keys. The up and down keys move the highlight bar by
one, while the PgUp and PgDn keys move in steps of 20. The Home
and End keys take you to the first and last blocks respectively.
The <Esc> key will return you to DOS, and <F1> will bring up a
help screen.
The Summary line for each block contains the following data:
# - The block number
Seg - The segment where the memory block's Memory Control
Block header is found. The actual memory block starts
at the next segment
Use - What DOS uses this block for - values are:
Data, Program, Environment, Batch, Unallocated
Filespec - The filename associated with this block
Len - The hex length of the block in paragraphs of 16 bytes
The Analysis Box on the right contains this information and more
details, such as the full filespec associated with the current
block and the parameters entered on the command line when the
program was invoked.
If you want to inspect the actual memory occupied by the current
block, press <Enter>. You will be presented with the Inspect
screen. The first 20 paragraphs of memory are displayed in both
hexadecimal and ASCII format, starting with the MCB header. You
can move through the memory segment 16 paragraphs at a time with
the PgUp or PgDn keys, or go to the start and end of the current
memory segment with the Home and End keys.
To specify a new address to inspect, press "A". You will be asked
to enter a segmented address in hexadecimal.
The <ESC> key will return you to the main screen.
HOW THE PROGRAM WORKS:
Reveal analyzes your PC's memory by tracing DOS' linked chain of
Memory Control Blocks (MCBs) and looking for known characteristics
to determine how DOS is using the various blocks of memory.
An MCB is a 16-byte structure marking the beginning of an
allocated block of memory. MCBs are always paragraph-aligned,
which means they begin at an offset divisible by 16. The layout
of these structures is as follows:
Offset: Contents:
0 (1 byte) "M" or "Z". "Z" means this is the last MCB.
(Mark Zbikowski was one of the DOS developers.)
1 (2 bytes) Owner - The segment of the Program Segment Prefix for
the program that owns this memory block. If this is
0000, the block is unallocated.
3 (2 bytes) Length of the memory block in 16-byte paragraphs.
4 (11 bytes) This area is not used until DOS 4.0, where a
filename can be found here. REVEAL uses other
methods to find this information and so remains
compatible for DOS 3.X users.
Since each MCB contains the block length, the next MCB can be
found by calculating its segment from the present MCB segment and
the block length. This makes the MCBs link to each other in a
chain. There is a DOS function (undocumented by Microsoft) which
will return a pointer to a table of DOS system information which
contains the address of the first MCB in the chain. If you call
INT 21H, service 52H, the segment of the first MCB will be found
at the location pointed to by ES:[BX-2].
There are 5 distinct types of memory blocks in a DOS system. They
are as follows:
Unallocated - The block is not in use and is available to be
allocated.
Environment - A copy of the DOS environment strings is loaded into
memory with each program.
Program - DOS loads the program into memory, preceded by a
Program Segment Prefix (PSP) of 256 bytes, which
contains system information and default data areas.
Batch - While a batch file is executing, DOS keeps
information including its disk location in memory.
Data - An allocated block that isn't used for the purposes
listed above.
With examination, each block's type can be determined. The
following methods are used by REVEAL to determine block usage:
- An Unallocated block will have 0000 as its owner's segment
address.
- Each program has its own Environment block, pointed to by a word
at offset 2Ch of the program's PSP. If a block's owner's PSP
environment pointer points back to that block, it is an
Environment block.
- A Program Block will always start with the two bytes CD 20 or
CD 27 - the first two bytes of the PSP.
- The full path specification of the batch file is found at offset
2Fh from the start of the block. This means that the characters
":\" will always be found at offset 30h.
- Otherwise, it's a data block.
Sometimes, the tests REVEAL uses can fail to properly identify
some memory blocks, but the vast majority of cases will be covered
by these rules. Manual inspection of the memory locations with
REVEAL's Inspect feature will allow you to make the final decision.
You can also find the full pathname of each program and the
parameters entered at the DOS command line when it was invoked
(the command tail). The pathname of the program is stored at the
end of the DOS environment block, after the environment strings.
The command tail is found at offset 81 within the program's PSP,
with its length specified at offset 80. This space is also used,
however, as the default Disk Transfer Area for the program, and
unless the program defines its own DTA (which most do), the
command tail could be overwritten.
Batch blocks contain information about a BAT file which has not
yet finished executing. At offset 07h of the block, a 2-byte
pointer is found that specifies the byte location of the next
command to be executed in the batch file. After the full pathname
of the file, delimited by a 00h byte and found at offset 30h in
the block, the list of command line parameters is kept, starting
with %0. Parameters are separated by 0Dh and the list ends with a
00h byte.
For exact implementation of these principles, order the source
code for REVEAL - see README.DOC for instructions.