![]() Here we found the lock file / unlock file functions:ĭocumentation for the lock function specifies:ĬX:DX file offset from start of file (CX * 65536)+DX So I checked the standard MS-DOS functions executed via INT 21h. Scanning the program I could confirm the INT 2FH vector method was not used to detect Share being installed. 40xxH Windows VDD fns for VM-aware apps.It is sometimes call the Multiplex or MUX Interrupt.īy setting AX register on CPU to a specified value many services could be called such as: The INT 2fH vector (at 0000:00bc) was a portal to many varied services some installed by DOS and others by device drivers, utility programs, Windows, etc. ![]() So if not a Windows API, maybe a MS-DOS API was used…. The problem is our VB.exe does not make any calls to an API named LockFileor UnlockFile, and I don’t think this API existed yet in Windows 3.1. Here we can see a temporary file is created, locked/unlocked, and then deleted during startup: I then used API Monitor run as local Administrator and configured to intercept new processes, monitoring for Data Access and Storage APIs.įirst I ensured no ntvdm.exe processes were currently running, then when Visual Basic 4 launched, ntvdm.exe process launched in Windows 7 to emulate the 16-bit layer, and I monitored this process. Next I tested the EXE on Windows 7 32-bit and it worked fine. However there was nothing directly calling this function, it seemed to be called by some kind of event handler set up with What I did instead is using IDA Pro, used the Assemble function to replace each CALL MESSAGEBOX with int 3 (Break into debugger)įrom the surrounding code I immediately identified which MESSAGEBOX was displaying the error message. Also I didn’t have any symbols so it was more difficult to set a breakpoint on MESSAGEBOX. However the keyboard shortcut to break into CodeView debugger from Windows 3.1 SDK wasn’t working in Windows 3.1 on DosBox. Normally I would set a breakpoint on MESSAGEBOX or break into debugger when error was displayed. The resource string containing error message would likely be loaded by a call to LOADSTRING API but there was quite a few references to this and none were immediately clear which one loaded this particular error message. Initial analysis of VB.exe startup process through IDA didn’t give immediate clues and was going to take a long time to completely walk through the startup process. ![]() Opening the DLL in IDA pro we can find the error message: Using NirSoft SearchMyFiles I searched the file contents to find files containing this error message: So the question is how does Visual Basic 4 detect share.exe installation? This was despite already extracting share.exe from MS-DOS 6.22 install files, using command ver set 6 22 to make machine believe it’s running MS-DOS v6.22, and having it run in the background. SHARE.exe must be installed in order to run Visual Basic When attempting to launch Visual Basic 4.0 from Windows 3.1 running in DosBox the following error appeared:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |