Reverse engineering

... which they can't be. The reason giveio.sys exists, rather than just a cut-n-paste C snippet to put in your own ring 3 code, is because those calls require ring 0 access.

Reply to
larwe
Loading thread data ...

Debug won't do much good if TouchDrv.exe is a PE file. :-) I didn't see anything that looked like a program debugger in a default install of NT4. Probably need the resource kit or SDK or DDK to find one.

And, I really wouldn't expect to find INs or OUTs in any exe for NT4. Protected mode and all that. :-)

--
ArarghMail912 at [drop the 'http://www.' from ->] http://www.arargh.com
BCET Basic Compiler Page: http://www.arargh.com/basic/index.html
 Click to see the full signature
Reply to
ArarghMail912NOSPAM

Giveio is used by a lot more than just hobbyists - almost anything that connects to a PC by parallel port (other than printers) uses some variant of giveio. Parallel ports may be "legacy", but parallel port jtag-type debuggers and programmers are often a fraction of the price of USB devices, and are faster to start up (though slower in bandwidth).

A related driver is "totalio" - that lets /any/ program access ports directly. It's very useful for real legacy setups, where you have a parallel port interface and pre-NT software (Win9x or Win3.x).

Reply to
David Brown

Good point. Ok it looks like the mystery .exe is NOT doing that then.

My first reaction would be to grab the mystery .exe onto a 'normal' system and see if it has any interesting strings in it that are googlable.

--
Ian Malcolm.   London, ENGLAND.  (NEWSGROUP REPLY PREFERRED)
ianm[at]the[dash]malcolms[dot]freeserve[dot]co[dot]uk
 Click to see the full signature
Reply to
IanM

Ah, interesting idea. It would be a bit of a challenge with this hardware -- I could pull the *single* ISA card and, assuming it *is* a genuine ISA slot, throw in something like an AHA1542 with an external CD-ROM and let the BIOS make it look like a disk... I will keep that in mind. Thanks!

However, a friend demonstrated some tools he has that do exactly what I want -- let you examine MS executables in gory detail (they even do some back annotation, exploit labels from the shared object's -- DLL's? -- to give you a better feel for what is happening). Apparently, they don't have to run "native" so that's an even nicer win (obviously, I would need to eventually run them under the target's OS just to be able to see what the hardware is "saying" back!).

Hopefully, he'll have some time to walk me through the process later this month -- maybe during the holiday break. Of course, I will take copious notes for The Next Time!

I'm at a loss as to the motivation for *developing* such tools, however. They seem to be quite "gr[ea]y area" in nature... :< Whatever works! ;-)

Reply to
D Yuniskis

ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.