Hi Wonko
And so if we Luk at the Geoff Chappell analyst web-page lots of info regarding the Windows 3.11 VxdLDR more so from a dynamic retro viewpoint but then if the dynamic VxDs are easier to identify whats left must be of the static kind via process of elimination is that what you are implying Sherlock?
Re Apsoft - I had previously sent an email to Apsoft asking them regarding the static *.VxDs & they stated that unless you are familiar with .Vxd structure & design the tool is more akin to live systems if mem serves me right I think what they are tactfully saying is their software is for shall we say, professional practitioners, not wanna bee lamers like me.
Although, I have to say, at the time, I huffed & puffed a lot when I first read their reply, later on, upon reflection I had to concede maybe there was a wee bit of truth in their reply.
I think we are getting into the realms of "Numega SoftICE" IDAPro & programming which is WHhoooosh right over my head sorry! I was hoping for a simple, this is a StaticVxD or this Not a StaticVxD in the header or possibly a flag indicator that the VMM manager uses to recognize its status when accessing these mysterious files, a false assumption.
Another approach I also thought about was to run the VMM.VxD or a windows file (Win.com) that sets up VMM32.Vxd through "Dependency Walker". It might not be as lazy crazy as it sounds in the respect that when Windows begins to setup VMM32.vxd it is merely a skeleton container file prior to extraction, it is only populated through the installation setup process, maybe those dependencies maybe programmed in any thoughts? (Depends - Version 2.2.6000 for x86 (Windows 95 / 98 / Me / NT / 2000 / XP / 2003 / Vista / 7 / 8) [610k]
Edit: One further consideration but this idea is a bit blurry around the edges is that according to various sources VMM or the (Virtual Memory Manager) thingy that converts from 16Bit real-mode to 32Bit protected mode goes about its business & the real mode 1stly, static drivers are presumably 16bit in architecture, & then the VMM then switches to loading dynamic device drivers in 32Bit protected Mode therefore static*.vxds = 16bit & Dynamic *.vxds = 32Bit not sure in respect of the vmm util as this is embedded within the Vmm32.vxd container file which is 16Bit. I believe win.com runs VMM32.VXD which is actually a simple DOS EXE file as is claimed. So long story short maybe there is a way of distinguishing a 16bit v 32Bit program in its structure, I will investigate further, possibly dependency walker may also be able to distinguish both types?
Nope Dependency Walker NO-GO on 16bit programs & I suspect the same possibly with *.VxDs
Edit: Many thanks for the links Wonko I will read offline - I may have found a gizmo that might fit the bill in terms of obtaining the information, it is called SCANBIN, (From the 90's era) it apparently scans any Binary files, its freeware, & although it is slightly buggy on XP it works (designed more for 2K). I found it when looking for a 16-bit alternative to Dependancy Walker see here Website (however the link stated was dead so used WaybackMachine). I tried to use Uniextract on it so it was not an installer but failed however.
https://stackoverflo...for-16-bit-dlls
It comes with quite a few options like General info Addresses table Hex dump etc along with other useful info
So I did the WayBack Option several options as so for Version 6:
https://web.archive....load/scanb6.exe
The FTP Server link was dead for me. The FTP server links if you can find one you will be able to download SCANBIN.ZIP
Also found it at this link on SAC website:
https://www.sac.sk/f...es.php?d=17&l=S
Comes in zip format but older version V4.4 (See 6th link down from the top of the menu selection)
Edit 2: Another candidate, License Free to use for private, educational and non-commercial purposes.
For other usage you should buy commercial license.
MiTec EXE Explorer
Can be obtained from: http://www.mitec.cz/exe.html
MiTec EXE Explorer is a third-party program that reads and displays executable file properties and structure. It is compatible with PE32 (Portable Executable), PE32+ (64bit), NE (Windows 3.x New Executable), and VxD (Windows 9x Virtual Device Driver) file types. .NET executables are supported too.
This info is posted just in case someone else is looking for something similar
Best Regards,
I