How to Find which DOS Based Application is Running with NTVDM?
in [Win32 API]
|
From: sarshah20 on 19 Apr 2010 09:51 Hi All, I have the following information: - MSDOS applications are launched as threads of ntvdm. - At kernel space, CreateProcess and NtVdmControl API is called when ntvdm is launched. - When ntvdm is launched, it does not show as part of its parameters the file it is loading. Also, NtVdmControl does not provide this information. I need to do the following: When i see an ntvdm process running, is it possible to find programmatically which application(s) is running (as thread) and where on file system its MSDOS executable is located? Thanks for your help. sarshah.
From: sarshah20 on 22 Apr 2010 05:04 Here is what i have found so far. I hope that this would be helpful to those who are seeking similar knowledge This article is an excellent resource on how to monitor 16 bit and MS DOS processes. Source code for the sample application is also included. hxxp://www.microsoft.com/msj/0898/hood0898.aspx APIs are available in VDMDBG.DLL. So far my findings are that files behind 16 bit processes can be tracked back using these APIs. However, i am still looking to find a way to do this for MS DOS applications running with ntvdm.exe. I will update the post with further findings if any. sarshah. On Apr 19, 6:51 pm, sarsha...(a)yahoo.com wrote: > Hi All, > > I have the following information: > > - MSDOS applications are launched as threads of ntvdm. > - At kernel space, CreateProcess and NtVdmControl API is called when > ntvdm is launched. > - When ntvdm is launched, it does not show as part of its parameters > the file it is loading. Also, NtVdmControl does not provide this > information. > > I need to do the following: > When i see an ntvdm process running, is it possible to find > programmatically which application(s) is running (as thread) and where > on file system its MSDOS executable is located? > > Thanks for your help. > sarshah.
|
Pages: 1 Prev: lock one resource in win32 + asm Next: Enhanced handling of USB Sticks and setting "HDD" Bit |