This is a short report on my investigations using the DEBUG command in Windows.
CAUTION! Debug can cause serious damage to your machine, use with caution. We are NOT responsible for any damage that could occur.
Debug is used to look at sections in the computer's memory, and can also be used to create, run and test assembly language code¹ created by the user. Debug is available on all version of Microsoft Windows starting at Windows 95. It is also available in all versions of MS-DOS. To use the debug command, open a command window and type debug See figure 1.1 below. Use caution when loading a program into memory, make sure you don't overwrite an existing program. See below how to check if the memory sector is empty².
To load a program, use the following syntax along with the debug command:
DEBUG [[drive:][path]filename [-parameters]]
where [drive:][path]filename is used to specify the file that you want to load to memory and [-parameters]] specifies the parameters to be used.
Example: DEBUG A:\FolderName\FileName
The debug window will open, it looks like a black window with a dash " - " in the top left corner. Before going any further, type ? to see a list of the parameters available with a short description of what they do and how to use them. Figure 1.2 shows all the different parameters mentioned above
In the debug command, we will refer to address and offsets. The address is the first part, and is the location of the memory, the offset is where the code under hexadecimal format is located. The address and the offset are separated by a colon. Example: 2000:0 is address 2000 at offset 0
Before beginning to test debug commands or parameters, find a empty place in memory, where each sector is represented by 0's (zeros). To find an empty stop, you will need to use the dump parameter. In the debug window, type: d 2000:0 which will dump the sectors beginning at 2000. type d again a few times to ensure that there is a lot of free empty space. Figure 1.3 shows what empty memory sectors look like. The sectors and offsets many differ from yours, depending where you find free memory.
The registers are a very important part to be aware of when using debug. They are what will show you the results of calculation, when returning the information after completing the instructions. Using the registers, you can see what is going on, step by step, in the CPU's operations. Figure 1.4 shows the registers along with their values.
Each segment in the registers has 16 bits to hold values. Along with the segments, are flags, the two letter symbols represent important data. Below is a table explaining what the registry segments are used for.
|AX, BX, CX, DX||Store numbers or values, they can be seen as variables|
|DS||Holds Data Segment that the program accesses|
|ES||Extra Segment for far pointers, like video memory|
|SS||Holds Stack Segment that the program uses|
|CS||Holds Program Code in which the program runs|
Here is the table for the registry flags
ov | no
Overflow | No overflow
dn | up
Decrement | Increment
ei | di
Input enable | Input disable
ng | pl
Sign: Negative | Positive
zr | nz
Zero | Not zero
ac | na
Auxiliary carry | No auxiliary carry
pe | po
Parity even | Parity odd
cy | nc
Carry | No carry
Let's look at an example of assembly code that will add to hexadecimal numbers. Make sure you use a free location in memory². In this example, we are using the memory address 2000:0, however if yours is not free, replace the values of 2000:0 with a free sector. Figure 1.5, located after the instruction and code, shows you what your screen should look like. Follow these steps to create the short program.
To see the registers before the program runs, type: r . After that, we will use our free space.
r cs <- changes that start location of the program
(current value of cs displayed)
:2000 <- inputs the new value for the start location (where we have free memory)
The following is to code the program
a cs:0 <- begins to assemble at address 2000, offset 0
2000:0000 mov ax,2 <- place the value 2 into the segment AX
2000:0003 add ax,3 <- adds the value 3 into the segment AX
2000:0006 hlt <- Halt command for the program
2000:0007 (hit enter) <-ends the assembly code input
To see the code in the memory, dump it by typing: d 2000:0
To execute the code, type: g=cs:0000 cs:0007
We can see that the segment AX has changed from 0 to 5. That is because we have added the values 2 and 3 together and stored the result in AX.
Now that we have our program, you may be wondering how we decompile a program to the the assembly code script. Below is the instruction necessary to decompile the program we have made.
u cs:0000 00006
The following is what should be returned
2000:0000 B80200 MOV AX,0002
2000:0003 050300 ADD AX,0003
2000:5006 F4 HLT
Now you can assemble, and decompile a program, so I'll show you how to save your program to be able to use it again. Here are the steps you will need to do.
Give a name to the file.
n a:\addprog <- It will be called addprog, and saved to drive A: (floppy)
r cx <-change the CX segment, used to say the length of the program
CX 0000 <-original settings
:7 <-Length of our program, calculatable in the offsets used by the program
w cs:0000 <-Write the program
Writing 00007 bytes <-message displaying the file is being written
Finally, we need to know how to open up a file and load it into the memory at a free location. You should review the general command to load up a file in memory³. Once you foung a free space in memory, follow these instrcutions.
In the command window, type: debug A:\addprog
d <- To dump the memory location where the file was loaded
0B48:0100 B8 02 00 05 03 00 F4 BF-B8 01 00 D3 E0 0B E8 59 ...............Y.
Note down that the program was loaded at CS:0100
u cs:0100 0l07
0F6B:0100 B80200 MOV AX,0002
0F6B:0103 050300 ADD AX,0003
0F6B:0106 F4 HLT
Now your program is loaded into memory, if you want to can run it or study it. The topics covered in this report are very basic, and are help to understand how the debug command works. If you are interested you can search for more information, or use the example in this report to try and explore different options and discover what in memory.
¹Assembly code is used to code instructions that are easy for people to remember and used by the CPU to perform operations.The mnemonics of each assembly instruction creates an easier working interval between the computer and a person. Each assembly instruction refers to a specific operation that the CPU must perform. Combining multiple assembly instructions together in a orderly way will produce code that the CPU will interpret to be able calculate, display results
PC Assembly Language: http://www.drpaulcarter.com/pcasm/
MS-DOS Debug Command Help: http://www.computerhope.com/debughlp.htm
How Computers Works, 7th Edition: http://quepublishing.com/title/0789730332
Copyright© 2005 - Matthew Stevens, RemoteLAN.net firstname.lastname@example.org