Hi everyone,
Newbie to the forum here. My query is this; I have a requirement to erase either all or almost all(resident OS withstanding) physical RAM content either just prior to or after OS shutdown. The reason being that the sensitive RAM content might be at risk of being recovered. Now as I am actually more of a managed VC++ kinda guy this is somewhat unfamiliar and in fact forbidden territory to me, hence the reason why I am turning to you guys for help. Now I'm guessing that this could be possible to achieve with an assembly language program executed either directly from the OS environment or perhaps more likely from a DOS command prompt say. I might also add that I'm aware that most PC BIOS would erase RAM contents during a POST memory test, however I still require to be able to wipe the RAM at shutdown.
Any thoughts/code samples/or alternatives method suggestions very much appreciated.
Thanks,
Kevin
Shut everything down then allocate as much memory as possible, then zero fill it.
I have doubts about the requirement, turn the power off and you lose the memory content. You still have not addressed the contents of the page file either.
Hi Hutch,
Thanks for the prompt reply! Ok well the requirement comes from the customer and I agree that it is perhaps a little bit paranoid of them but the customer is always right as they say...Ha! So as I said I've little experience with writing assembler for the PC so can you provide a sample program on how to do this?
Thanks,
Kevin
Hi kjm,
Welcome to the forum.
If I remember well, there is an option in windows deleting the page file at shutdown.
For this application, I would probably try creating a pseudo-"TSR" more-or-less, which ran on system startup. A bare-bones app with a message loop that did absolutely nothing---except intercept the Windows shutdown message. Then (while the system is shutting down) it would determine the available RAM (perhaps include the free pagefile size), allocate that much, and fill it with nulls. I have NOT tried this, it could be messy (tm). Windows would display "Waiting for application to terminate..." or similar while it was running, especially after the disk cache and pagefile were overwritten, and would present a "Terminate" or "Wait" button if it didn't finish quickly enough.
A (better but much more complex) solution would be a kernel-mode driver or system service, but that is essentially overkill. Perhaps the customer is confused about hard disk magnetic hysteresis? If so, perhaps explaining that only hard disks posess that inherent flaw, while RAM does not, would suffice. Of course, if they are willing to pay for a RAM eraser, why not give it a shot. :bg
now days, if they are willing to pay you to write it, don't try too hard to talk yourself out of work - lol
of course, to be ethical, you have to try to explain it to them - you did that
Yeah there's an option in the registry for clearing the pagefile on shutdown, most registry tweakers will allow you to set it. It does make shutdown longer tho'
Good morning folks,
Thanks to everyone for all your suggestions, a very friendly and helpful bunch you are...most welcome. Especially liked your attitude dedndave.
Cheers,
Kevin
Quote from: Mark Jones on July 13, 2009, 05:51:30 PM
I have NOT tried this, it could be messy (tm). Windows would display...
messy (tm) - is
messy a Windows/Microsoft trademark?? :wink
When deleting the pagefile, don't forget that a real delete implies some effort: Perhaps you must overwrite the existing pagefile with an arbitrary pattern, using the same filename, then close it and delete it. Otherwise a geek might be able to restore the contents...
lol "messy" is what we sometimes call yahoo messenger
i think you have to start by releasing the memory
windows keeps much of it as cache in case you reload the same program/data you were using a little while ago
i have seen programs that do this - i think one is called MemClear
i don't think it actually clears the memory, but it can release much of it for you
once that is done, then you can write a program to allocate and clear it as Hutch suggested
EDIT
i couldn't find "MemClear", but i found several freeware programs by googling "RamClear"
http://www.freedownloadscenter.com/Best/free-ram-clear.html