Jump to content











Photo
- - - - -

VxDs & the diff between Static & Dynamic types


  • Please log in to reply
6 replies to this topic

#1 ispy

ispy

    Silver Member

  • Tutorial Writer
  • 646 posts
  • Location:PILGRIM

Posted 17 January 2022 - 04:23 PM

Hi everyone :) ,

 

Can someone help with this request please, I am trying to find a program (preferably freeware) that is able to load, distinguish & report if the *.VxD is a Win9X Static Vxds or Dynamic VxDs, what do I mean by that blurb, well Static Vxds are usually loaded at boot time & are usually (Edit)  linked to contained within the VMM32.VxD file, a monolithic specifically built file found within Win9X systems & the files remain memory resident until the OS is closed down.

In contrast dynamic VxDs can be opened post boot time and can be loaded on demand or as needed, then closed as & when required?

I was just wondering whether anyone has come across such a program in their experience or travels please?

 

Best wishes,

 

I ;)



#2 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 17 January 2022 - 07:12 PM

IF such a program or method exists, likely it is mentioned in one of the links here:

 

https://msfn.org/boa...ted-stuff-help/

 

Only for the record, they are not "linked to" they are downright "written to" VMM32.VXD

 

Most probably :unsure: there is a difference in the header, as this linker has separate provisions for static and dynamic:

 

https://baron-von-ri..._Device_Driver 

 

:duff:

Wonko



#3 ispy

ispy

    Silver Member

  • Tutorial Writer
  • 646 posts
  • Location:PILGRIM

Posted 17 January 2022 - 10:34 PM

Hi W :D nko,

 

Thanks for posting your comments & lots of yummy links & yes you are right, wrong choice of vocabulary in respect of VMM32.vxd file being linked. I will edit and change my post#1. A lot of the links are broken understandably, in light of the amount of water that has gone under the bridge since the era of Win9X being prominent. Will try Wayback & current links that maybe have re-posted the information therein

 

Yes, in respect of the header information & possibly the structure. Was hoping to identify the *.vxds in their respective classifications to zero in on  a list of files classified as Static vxds through a process of elimination or identify those that are allocated & contained within the Vmm32.vxd file after installation (the overall list of static vxds). They will differ slightly for the versions of the 9X genre & there location within the cab files are different also.

 

Also the Layout.inf file might reveal some clues as to a complete list, worth a perusal?

 

Many Thanks

 

I :)



#4 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 18 January 2022 - 11:06 AM

You can list the files in VMM32.VXD just fine, read here:

http://www.techtalk....topic.php?t=519

 

(in the thread, besides some info there is a copy of VXDLIB attached)

 

:duff:

Wonko



#5 ispy

ispy

    Silver Member

  • Tutorial Writer
  • 646 posts
  • Location:PILGRIM

Posted 18 January 2022 - 02:16 PM

Yes Wonko :D  you are right & I am aware of that but dependent on your hardware configuration etc the list will/could be different for different systems within 9X family from a generic perspective. I know for example there are a total of 199 *.vxd files within Windows95 (as per the version I have sifted through) some will be static some will be dynamic & I know which cab-files they are located in also. The *static ones are used to compile the vmm32.vxd file during setup or initial install, the dynamic ones can be loaded or unloaded post boot up.

You can find the list (static)within the registry as "Roy Lehrer" outlines within his article "the truth about vmm32" (I think you will be aware of that article) but the list will be slightly different for different hardware configs. Truthfully I am not really interested in the dynamic ones really in nature for this projects objective. I suppose in a nutshell it would have been easier for me to know the definitive total list of static vxds for 95/98&SE/ME. I suspect the total cannot be more than 80No per given OS as an arbitrary guess, as vmm32.vxd chokes if any more than that are used according to M$.

Yes VXDLIB is a program I hope to use to compile the whatever collection of static vxds that are eventually selected to build the VMM32.vxd. It allegedly gives better compression ratio according to the author but I cannot at this stage confirm that info. I am looking at the big picture in this respect not the specifics relating to my own particular setup situation.

I am trying to look at troubleshooting the VMM32.vxd from a slightly different angle than Roy does. My hope is in this way of looking at it there is more than one way of skinning a cat, however I could be wrong as so often I am.

Just as a side note I have discovered this that might help in troubleshooting vxd files that might help others but in my case I think it is suitable for an active 9X system not an offline scenario as in my case, its freeware 2 it looks quite good.

https://www.tssc.de/site/default.aspx#

 

Look for a progey called VxDView within tools & Utilities

 

All the Best

 

:cheers:



#6 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 18 January 2022 - 07:12 PM

Well, seemingly that thingy shows, see here:

https://www.tssc.de/...w/prop_ddb.aspx

 

https://www.tssc.de/...ew/prop_ddb.gif

 

A field in the VXD Device flags that seems a lot like what you were looking for.

0x2+0x2000+0x8000=0xA002 very near the 0xA006 (it is weel possible that 4 is *something else* that the tool does not consider) but it seems like the DDN_DYNAMIC_VXD is set "on the fly".

 

I would rather check, see here:

https://www.geoffcha...hive/vxdldr.htm

 

the 00038000h at offset 0x10.

 

and/or a non-zero value at offset 0xBC:

http://www.ctyme.com...9.htm#Table1609

 

:duff:

Wonko



#7 ispy

ispy

    Silver Member

  • Tutorial Writer
  • 646 posts
  • Location:PILGRIM

Posted 18 January 2022 - 08:41 PM

Hi Wonko :D

 

And so if we Luk at the Geoff Chappell analyst web-page lots of info regarding the Windows 3.11 VxdLDR more so from a dynamic retro viewpoint but then if the dynamic VxDs are easier to identify whats left must be of the static kind via process of elimination is that what you are implying Sherlock?

Re Apsoft - I had previously sent an email to Apsoft asking them regarding the static *.VxDs & they stated that unless you are familiar with .Vxd structure & design the tool is more akin to live systems if mem serves me right I think what they are tactfully saying is their software is for shall we say, professional practitioners, not wanna bee lamers like me. :ouch:

Although, I have to say, at the time, I huffed & puffed a lot when I first read their reply, later on, upon reflection I had to concede maybe there was a wee bit of truth in their reply.

I think we are getting into the realms of "Numega SoftICE" IDAPro & programming which is WHhoooosh right over my head sorry! I was hoping for a simple, this is a StaticVxD or this Not a StaticVxD in the header or possibly a flag indicator that the VMM manager uses to recognize its status when accessing these mysterious files, a false assumption. :wub:

Another approach I also thought about was to run the VMM.VxD or a windows file (Win.com) that sets up VMM32.Vxd through "Dependency Walker". It might not be as lazy crazy as it sounds in the respect that when Windows begins to setup VMM32.vxd it is merely a skeleton container file prior to extraction, it is only populated through the installation setup process, maybe those dependencies maybe programmed in any thoughts? (Depends - Version 2.2.6000 for x86 (Windows 95 / 98 / Me / NT / 2000 / XP / 2003 / Vista / 7 / 8) [610k] :questionmark:

 

Edit: One further consideration but this idea is a bit blurry around the edges is that according to various sources VMM or the (Virtual Memory Manager) thingy that converts from 16Bit real-mode to 32Bit protected mode goes about its business & the real mode 1stly, static drivers are presumably 16bit in architecture, & then the VMM then switches to loading dynamic device drivers in 32Bit protected Mode therefore static*.vxds = 16bit & Dynamic *.vxds = 32Bit not sure in respect of the vmm util as this is embedded within the Vmm32.vxd container file which is 16Bit.  I believe win.com runs VMM32.VXD which is actually a simple DOS EXE file as is claimed. So long story short maybe there is a way of distinguishing a 16bit v 32Bit program in its structure, I will investigate further, possibly dependency walker may also be able to distinguish both types?

 

Nope Dependency Walker NO-GO on 16bit programs & I suspect the same possibly with *.VxDs

 

Edit: Many thanks for the links Wonko I will read offline - I may have found a gizmo that might fit the bill in terms of obtaining the information, it is called SCANBIN, (From the 90's era) it apparently scans any Binary files, its freeware, & although it is slightly buggy on XP it works (designed more for 2K). I found it when looking for a 16-bit alternative to Dependancy Walker see here Website (however the link stated was dead so used WaybackMachine). I tried to use Uniextract on it so it was not an installer but failed however.

 

https://stackoverflo...for-16-bit-dlls

 

It comes with quite a few options like General info Addresses table Hex dump etc along with other useful info

 

So I did the WayBack Option several options as so for Version 6:

 

https://web.archive....load/scanb6.exe

The FTP Server link was dead for me. The FTP server links if you can find one you will be able to download SCANBIN.ZIP

 

Also found it at this link on SAC website:

https://www.sac.sk/f...es.php?d=17&l=S
Comes in zip format but older version V4.4 (See 6th link down from the top of the menu selection)

 

Edit 2: Another candidate, License Free to use for private, educational and non-commercial purposes.
For other usage you should buy commercial license.

 

MiTec EXE Explorer

Can be obtained from: http://www.mitec.cz/exe.html

MiTec EXE Explorer is a third-party program that reads and displays executable file properties and structure. It is compatible with PE32 (Portable Executable), PE32+ (64bit), NE (Windows 3.x New Executable), and VxD (Windows 9x Virtual Device Driver) file types. .NET executables are supported too.

 

This info is posted just in case someone else is looking for something similar

 

Best Regards,

 

I :unsure:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users