| *really*
ADVANCED windows |
| |
|
|
|
| .... |
To
disable programs at startup
|
|
To
disable a program from loading during startup,
look up some of the following places
Config.sys
Preceding any line with REM and a space comments
it out. Pressing F8 after bootup when the
"loading Windows 95" prompt appears will allow
you to skip autoexec and config for that boot.
|
Autoexec.bat
Preceding any line with REM and a space
comments it out. Pressing F8 after bootup
when the "loading Windows 95" prompt appears
will allow you to skip autoexec and config
for that boot.
|
The
startup folder
(\windows\Start Menu\Programs\StartUp).
To temporarily disable the startup folder,
press and hold the shift key when you
see the Windows splash screen. Release
it when Win95 is completely finished loading.
|
|
c:\windows\win.ini
(load=, run=, etc) You can comment out any
line by preceding it with a semicolon.
|
|
Registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
try commenting things out instead of deleting
them. In regedit, on the right side you'll
see the list of value names and value data
for the run key. Right click on the value
you wish to prevent loading, and from the
dropdown choose modify. Now simply precede
its value data string with a semicolon. This
will prevent loading.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\RunServices
The recommendation is to comment things out
instead of deleting them.
In regedit, on the right side you'll see the
list of value names and value data for the
runservices key. Right click on the value
you wish to prevent loading, and from the
dropdown choose modify. Now simply precede
its value data string with a semicolon. This
will prevent loading.
|
| .... |
Understanding
memory in win 95
|
|
fOr those of you with interest in rCe
like me would have no doubt come across
this essay by Iceman or got it from
somewhere. Anyway, as a newbie to RCE
it never ceases to amaze me how you
get to know the entrails of an Operating
System and manipulate it to your advantage
with nothing but your intellect. However,
this is a very serious and highly advanced
approach to understanding the way windows
9x works. Ok, on with it. What I have
done is to give you parts of this listing
that is relevant to this page, if you
want more get it from here.
YOu will get one of four chapters as
follows
chapter
1: Short Introduction to Windows95 memory
management
chapter 2: Tweaking with virtual memory
functions
chapter 3: Short intro to Toolhelp32
functions
chapter 4: How do I
< ---- snip snip ---- >
=========================================
Short Introduction to Windows95 memory
management
-----------------------------------------------------
I
assume that the reader is familiar with
process and threads functions and have
basic knowledge on how Windows95, using
the paging mechanism on 386+ processors,
manage memory. Let's remember some facts:
1. windows 95 implements a page based
virtual memory system. It uses a 32
bit linear addressing system. Internally,
all memory is managed in 4086 bytes
segments called pages. The entire memory
that CPU can address in theory is called
"address space". That's 4Gb.
2. In Windows95 each 32 bit application
is provided with an independent 4 Gb
address space, regardless of how much
physical memory is installed in your
computer. This address space is structured
as below:
4Gb
---------------------------
| |
|
|
|
Vxd
|
3Gb ---------------------------
|
System DLLs
|
|
MMF
|
| Top
W16 Global heap
|
2Gb ---------------------------
|
|
|
|
| User
process
|
|
area
|
|
|
|
|
4Mb ---------------------------
| Base W16 Global
Heap |
0 -----------------------------
The
portion 0 to 4Mb is shared between process.
It usually contains 16 bit system DLL's.
The next region begin at 4Mb and extends
at 2Gb. This is the user process area.
Each process has code, data and resources
loaded in this region. The region is
not shared! The third region begins
at 2Gb and extends to 3Gb. This region
is shared between processes. Usually
the system loads here the system DLL's.
This region is also used to map Memory
Mapped Files (MMF). The MMF must be
in a shared region because they are
utilized to share data between processes.
Finally, the last region begins at 3Gb
and ends at 4Gb. Here the system loads
Ring0 components (Vxd).
When
an executable image is loaded, the system
loader maps the file in the user process
area starting with address 0x0040000
(4Mb). This is the base address of the
most PE files. Of course, an executable
image can be rebased, so don't relay
blindly on this address. (Microsoft
provides a set of functions for image
manipulation. These functions reside
inside imagehlp.dll. Some of them can
be quite useful, so don't miss them).
==============================================================
That's
about it for now, if you want the rest
of it mail
us, better still, why not go to
the source.
|
|
|
 |
|
