USING DEBUG
by
Renegade
Debug is, like every other debugger, a very powerful instrument.Most of the "normal" users don't know that they have it on their disk or what could be done by using it.Working with asm you'll recognize that debug can be a nice and useful tool. What can we do with DEBUG ? You can do different things, disassemble files,view the different registers, and you can also write your code directly without any assembler.Some batch virii use this method, to assemble the code within the batch file through debug.But it's also a "dangerous" tool, as every other debugger.I have to think back to that laming "jokes", like recursive partition,changing some bytes at offset 1DE of the partition table.Of course there'll be always persons with a lack of programming skills who have to fall back on such methods. Let's see the commands which we can use to work with Debug, also available by typing simply - ? -a "Assemble" should be clear what it does If you don't specify the start address, the default 100h will be used,since debug is written for com files.But working with debug is not as "easy" as using an assembler.All numbers and addresses must be in hex format.You cannot use any labels, so you have to use the physical addresses.But logically Debug is not able to distinguish if you're dealing with numbers or locations, so the addresses have to be in square brackets.Example: ax, 5 would move the value to ax, and mov ax, [5] would copy the content of 5 into ax. -c "Compare" we have also a cmp command the syntax is -c "address" "lenght" so let's compare... -c cs:100 l 10 cs:200 this will compare 10 bytes starting at address 100h Debug will give you each byte and, if there are poitive matches it will leave them out, otherwise it will display every byte. -d "Dump" displays 128 bytes of data The default range is, as I said, 128 bytes using DS and Debug will start at 100h.So you will get a dump like this: 248F:0100 EB 21 90 0D 0A 54 75 72-6E 20 6F 66 66 20 74 68 .!...Turn off th 248F:0110 65 20 63 6F 6D 70 75 74-65 72 20 6E 6F 77 2E 2E e computer now.. 248F:0120 2E 2E 24 0E 1F BA 03 01-B4 09 CD 21 EB FE 44 FE ..$........!..D. 248F:0130 EB E4 8B C0 5B 8B 47 06-89 47 08 F9 EB 19 5B 89 ....[.G..G....[. 248F:0140 4C FE 74 09 03 F9 2B C1-48 89 05 2B F9 03 F9 89 L.t...+.H..+.... 248F:0150 7F 08 8B C6 8C DA F8 C3-8B D1 83 C2 27 80 E2 F0 ............'... 248F:0160 8B DA F7 DB F7 DB F5 D1-DB D1 EB D1 EB D1 EB B4 ................ 248F:0170 48 CD 21 72 26 3B 06 40-10 76 F4 3B 06 3E 10 76 H.!r&;.@.v.;.>.v ^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^ address hex values ASCII range:00-70=80h The maximum amount of data Dump can load is 64K. -e "Enter" here you can enter your bytes replacing the old ones Syntax -e "address".Debug will display the corrispondig byte and entering a value the older one will be overwritten.To view the next byte, without changing anything, simply press the space key. -f "Fill" fills the memory with your values Fills a specific range of memory with the same data.Example: -f 100 l 1F4 FF What does this mean ? -f = command "FILL" 100= start at address 0100h l 1F4 = lenght 1F4 = 500 bytes FF = fill with FF So after executing this command the first 500 bytes of the file will have the value FF. Before: 248F:0100 B8 E0 30 BA FA 14 3B C4-73 69 8B C4 2D 44 03 90 ..0...;.si..-D.. 248F:0110 25 F0 FF 8B F8 B9 A2 00-90 BE 7E 01 FC F3 A5 8B %.........~..... 248F:0120 D8 B1 04 D3 EB 8C D9 03-D9 53 33 DB 53 CB 0E 01 .........S3.S... 248F:0130 7D 29 41 4E 0F 93 B6 CE-A2 BC FC 99 10 86 85 81 })AN............ 248F:0140 0D 1A 99 32 33 60 05 D1-48 BF 00 D5 D1 16 5D 25 ...23`..H.....]% 248F:0150 DD FB F8 73 0B 33 5A D8-DD 72 AF B0 42 54 EA B8 ...s.3Z..r..BT.. 248F:0160 5E 4E 6F 74 20 65 6E 6F-75 67 68 20 6D 65 6D 6F ^Not enough memo 248F:0170 72 79 24 B8 00 09 BA 61-01 CD 21 CD 20 90 FD 8B ry$....a..!. ... After: 248F:0100 FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF ................ 248F:0110 FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF ................ 248F:0120 FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF ................ 248F:0130 FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF ................ 248F:0140 FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF ................ 248F:0150 FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF ................ 248F:0160 FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF ................ 248F:0170 FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF ................ -g "Go" executes the file g simply executes the program.By default it starts at offset 100h.You can set also breakpoints but I think that would be too specific for now.The important thing is that using g the file will be executed. -h "Hex" performs hex calculations Example: -h 150 50 Debug will give you two results, 01A0 and 0100.The first one is achieved by calculating 150+50 = 1A0, the second by 150-50 =100. -i "Input" reads a byte of a I/O port Syntax: i "port".Debug will display the data from the selected port. -l "Load" loads a file into memory Loads a file using the command "n" before, or loads disksectors into memory
-m "Move" the known mov
nothing to say, move just does what it means..
-n "Name" name of file
-o "Output" sends a byte to a port
the opposite of input
-p "Proceed" is used to execute routines
using Proceed a subroutine will be executed til the end, exactly like
a simple command.
-q "Quit"
-r "Register" displays the registers
displays the flags and the registers:
AX=0000 BX=0000 CX=16BC DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=248F ES=248F SS=248F CS=248F IP=0100 NV UP EI PL NZ NA PO NC
248F:0100 B8E030 MOV AX,30E0 ^^^^^^^^^^^^^^^^^^^^^^^^
Here are the flags: NV= no overflow
The direction flag is set to UP
EI enables the interrupts
The sign flag is set to PLUS
zero flag = No Zero
NA = No Auxiliary
PO=Parity ODD
and NC for No Carry
AX=0000 BX=0000 CX=16BC DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=248F ES=248F SS=248F CS=248F IP=0100 NV UP EI PL NZ NA PO NC
248F:0100 B8E030 MOV AX,30E0
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
here we have the start address and the next command, mov ax,30E0."Translated"
also in hex, B8E030.The beginning offset is again 0100h.
AX=0000 BX=0000 CX=16BC DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
^^^^^^^^^^^^^^^^
DS=248F ES=248F SS=248F CS=248F IP=0100 NV UP EI PL NZ NA PO NC
248F:0100 B8E030 MOV AX,30E0
in CX we have always the size of the file.That means, in this case, the
file has a size of 5820 bytes, which would be 16BC in hex.If you load a
file that is larger than 64K the BX register will also be used to display
the size.
So the BX and CX registers of a 95254 large command.com would be:
AX=0000 BX=0001 CX=7416 DX=0000 SP=0000 BP=0000 SI=0000 DI=0000
^^^^^^^
BX is also used.So 17416 in dec is 95254.
-s "Search"
The syntax is the same as using the compare command.You can search either
for ASCII or hex strings, but must be carefully since everything you
type in is considerd case sensitive.If nothing is found, nothing won't be
displayed,of course...
-t "Trace" Displays regs after executing an instruction
executes each time only one command and displays then registers and flags.
-u "Unassamble" Let's see the code
-w "Write" writes a file to disk
Now we want to display a text assembling directly with Debug:
-a 100 ; start at offset 100h
246B:0100 jmp 10E ; jump to our code
246B:0102 db "ASM RULEZ",0a,0d,"$" ; here's the data
246B:010E mov ah,9 ; display text
246B:0110 mov dx,102 ; load the text
246B:0113 int 21 ; execute it
246B:0115 mov ah,4c ; quit to DOS
246B:0117 int 21
This will display ASM RULEZ and finally return to Dos quitting Debug.
Converting numbers - BIN-HEX-DEC
Of course you do this with a pocket calculator but it's quite interesting
how it is done without it.
Converting BIN to DEC:
let's take 111011 for example.First of all we have to "turn" the number,in
this way we'll make the things easier to calculate.The "syntax" is
"figure" multiplied by 2 and then squared,cubed and so on depending on the
place of the figure.Ok, let's begin
1. we change the whole number 111011 => 110111
2.Now we have to calculate.
The first figure is a 1, so we'd write 1 multiplied by 2 in the first power,
and that's 2.But the first figure is considered as a 0, so the correct
calculation is 1 multiplied by 2 in the 0 power..and that's 1.
To get the complete number in dec, we have to add all the results
of each figure.
The second figure is a 1, so let's calculate the dec value.Think back to
the syntax.1 multiplied by 2 in the 1st power(normally it would be the second,
but, as I told you, the first figure is considered as a 0).2 in the 1st
power...that's 2.Now let's add the first two results..1+2
Next number: 0 that is 0 multiplied by 2 in the 2nd power..= 0,since 0
multiplied by fuck will remain 0.( only calculating the first figure the
result of 0 is 0,because 0 in the 0 power is 1).
so for now we have 1+2+0
The next number is a 1: 1 multiplied by 2 in the 3rd power = 8
so the result for now is 1+2+0+8
the next one is a 1: 1 multiplied by 2 in the 4th power =16
result: 1+2+0+8+16
another 1: 1 multiplied by 2 in the 5th power = 32
so we have 1+2+0+8+16+32
The correct result is 1+2+0+8+16+32 = 59
Converting BIN to HEX :
First of all, the hex values are: 0123456789ABCDEF
Our number was 111011.Now we must devide it after every fourth figure
beginning from the right.This would correspond to 0011:1011 .To fill
all the figures we have to add 0's.
The next step is to convert both sides into dec, what you would be able
to do now also without a calculator.
left side: 0011
Working with four figures, there's also another way to convert it into
dec without any calc.Here's the syntax:
XXXX
8421
simply divide the number and count it if there's a 1.Example: 1101
1 1 0 1
8 4 (2) 1
we don't count the 2 because there's a 0, so let's add the figures:
8+4+1=13
Now let's go back to our hex example.The left side was 0011,which corresponds
to 3 in dec.And the right side is 1011, which is 11.So let's give a look
to the valid hex values: 3 corresponds to 3, and 11 would be B.
111011 in hex is 3B.
Converting HEX to DEC :
Let's take for example ABCD.You have to know that 16 is the base of the hex
system.
1.Turn the figures: DCBA
D= 1 multiplied by D,which corresponds to: 1 multiplied by 13 (D=13) =13
C= 16 multiplied by C => 16 multiplied by 12 = 192
B= 16x16= 256 multiplied by B => 256 x 11 = 2816
A= 256x16=4096 => 4096 x A = 4096 x 10 = 40960
now we have to add all values : 13+192+2816+40960 = 43981
Converting DEC to BIN :
example: 100 .Now me must simply devide each result:
100:2 = 50 no residue => 0
50:2 = 25 " => 0
25:2 = 12 residue 1 => 1
12:2 = 6 no residue => 0
6:2 = 3 " => 0
3:2 = 1 residue 1 => 1
1:2 = 1 " 1 => 1
So 100 in dec is: 1100100 in bin
A useful help could be this table:
BIN DEC HEX
______________________________________________________________
0000 0 0
0001 1 1
0010 2 2
0011 3 3
0100 4 4
0101 5 5
0110 6 6
0111 7 7
1000 8 8
1001 9 9
1010 10 A
1011 11 B
1100 12 C
1101 13 D
1110 14 E
1111 15 F
That's all...
cya