Nukacola
December 22nd, 2004, 04:30
Hi all,
My problem is that i have a BIG DOS4GW Application running under Win2k or WinXp and i wanna try to read/write the Stack of this Application with a Win32 App. (Is it possible???)
I write myself a small pure DOS (no extender) Application to point out how NTVDM.EXE is handling the Stack. Then i Debugged the Application with ollydbg but i can't find out how the stack is access.
Then i wrote a Win32 app and try ReadProcessMemory to read the memory of the Process (my testapp interpreted by ntvdm.exe) and check if it changed.
I wanted obtain the Address of the stack but didn't work. Delivered only a dump of NTVDM.EXE
After that i tried the Debug API's to access the stack, and read out ESP with GetThreadContext and check that value it is (esp=248).
Then i read the pointer from [esp]. but it also fails
Any Suggestion to get this Probleme solved or more detailed information about NTVDM.EXE i read two post about ntvdm here with some good info.
DOS APP Teststack.exe -> teststack.asm
Win32 APP Debug4.exe -> debug.asm
you can take a look a my sources under h**p://phalcon.net/masm32/
sincerly
Nukacola
My problem is that i have a BIG DOS4GW Application running under Win2k or WinXp and i wanna try to read/write the Stack of this Application with a Win32 App. (Is it possible???)
I write myself a small pure DOS (no extender) Application to point out how NTVDM.EXE is handling the Stack. Then i Debugged the Application with ollydbg but i can't find out how the stack is access.
Then i wrote a Win32 app and try ReadProcessMemory to read the memory of the Process (my testapp interpreted by ntvdm.exe) and check if it changed.
I wanted obtain the Address of the stack but didn't work. Delivered only a dump of NTVDM.EXE
After that i tried the Debug API's to access the stack, and read out ESP with GetThreadContext and check that value it is (esp=248).
Then i read the pointer from [esp]. but it also fails
Any Suggestion to get this Probleme solved or more detailed information about NTVDM.EXE i read two post about ntvdm here with some good info.
DOS APP Teststack.exe -> teststack.asm
Win32 APP Debug4.exe -> debug.asm
you can take a look a my sources under h**p://phalcon.net/masm32/
sincerly
Nukacola