Basic Debugging knowledge

Debug is a command line-based 16-bit debugger that can be used as a debugging tool for 16-bit assembly language programs, but does not support 32-bit commands.

1. Go to debug

The executable file for debug.exe is debug.exe. The command format for starting debug is:

Debug [<Executable File Path Name> [<parameter table>]

<Executable File Path Name> is the executable file name (.exe or. com) to be deleted. The extension cannot be omitted. <Parameter table> is the command line parameter required by the program to be debugged. For example, type A command

Debug demo.exe

Mount the specified program demo.exe to the memory for debugging.

If no file name is provided when debug is started, Only debug is run. When necessary, run the N and l commands to mount the program to be debugged.

After entering debug, the prompt "-" appears. If the file name is provided when debug is started, Bx: Cx contains the number of bytes of the file to be debugged. Run the DEBUG command at the debug prompt.

Ii. Debug Command Format

Each DEBUG command is a letter followed by one or more parameters. The following describes the debug commands.

· Letters are case-insensitive.

· Only hexadecimal numbers are used, and the suffix H is not allowed.

· Use space or comma as the separator between commands. The Delimiter is required only between two values.

· You can use ctrl-C or Ctrl-break to terminate command execution.

· If the entered command has a syntax error, the system prompts "error" and uses "^" to indicate the error location.

Iii. Debug Command Parameters

In debug, the parameters of many commands are address and address range 〉. The address format is as follows:

· Segment address: Offset address 〉;

· <OFFSET address> 〉.

Here, the "segment address" can be a value or segment register, and the "offset address" is a value. If the segment address is not specified, the default value of the command is used. For data-related commands such as D, E, C, and F, the default segment address is the DS value. for code-related commands such as A, U, G, T, and P, the default segment address is the value of CS. For example:

; Segment address: 2000 h, offset address: 1000 h

DS: 2000; the segment address is the DS value, and the offset address is 200 h.

200; the segment address is the default value of the command (Cs or ds), and the offset address is 200 h.

The address range is used to indicate a memory area. The format is as follows:

· <Start address> <End address> 〉;

· <Start address> L <length> 〉.

The <End address> cannot contain segments. The <length> parameter indicates the number of bytes, and the specified address range does not span segments. For example, the memory area 2000: 2000 h to: 1010h can be expressed

2000:1000 1010

Or

2000:1000 L 11

Thu. DEBUG command

At the debug prompt, run the Help Command "?", The DEBUG command list is displayed. Among the many debug commands, the commonly used commands are u, D, E, R, G, T, P, and Q.

1. Memory display command (dump command)

The D command is used to display the value of the memory unit, which includes the following two formats:

(1) d [<address>]

Displays the memory unit values starting from the specified address. For the display mode of 80 columns, the display is 128 bytes. If no parameter is specified, the end address of a D command is displayed. If the D command is not used before, it is displayed from CS: IP by default.

(2) d <address range>

This command displays the values of all memory units specified by <address range>.

After the D command is executed, the memory address is displayed on the left of the screen, with several bytes starting from the address in the middle (in hexadecimal format), and the ASCII characters corresponding to each byte on the right, ". "indicates that the characters cannot be printed.

If only the offset address is given, the current value of DS is used as the segment address. For example:

D; Display memory unit value starting from 2000: 0100h

D 100; Display memory unit values starting from DS: H

D Cs: 100; Display memory unit values starting from CS: H

D. display the memory unit value starting from CS: IP

2. memory modification command e (Enter command)

The E command is used to set the value of the specified memory unit, which includes the following two formats:

(1) e <address>;

(2) E <address> <byte table>.

If only the offset address is given, the current value of DS is used as the segment address.

The first format modifies the continuous memory units one by one in interactive mode. After you type this command, debug displays the specified address and the value of the corresponding memory unit, waiting for the user to modify. You can perform the following operations:

· Enter a new value;

· Enter a space to jump to the next address unit;

· Input "_" to return the previous address unit;

· Press enter to end the e command.

The second format uses <byte table> to modify the memory region starting from the specified address. Debug writes these values to the continuous memory units starting from the specified address in sequence. The <byte table> is a number of hexadecimal bytes or strings separated by spaces or commas. For example:

E 0 1 '000000' 0a; set the value of memory unit DS: 0--ds: 4 to 01 H, 31 H, 32 h, 33 H, 0ah

Note: The memory address must be specified after the e command.

3. Register command R (register command)

The R command is used to display and modify the value of a register, including the following two formats.

(1) r

Displays the values of all registers and 8 flag bits, and disassembles the commands specified by CS: IP.

(2) r <register Name>

Display the value of the specified register, wait for the user to type a new value, and press enter to end the R command. Where, the <register Name> can only be 8086 16-bit registers ax, BX, CX, dx, SP, BP, Si, Di, DS, es, SS, Cs, IP and F (flag register ).

The displayed 8 flag signs are (0/1): Of = NV/OV, df = up/dn, if = di/EI, Sf = PL/ng, ZF = nz/Zr, AF = Na/AC, pF = po/PE, cf = nC/cy. For example

R F

The value of 8 flag bits will be displayed, and then wait for the user to modify. You only need to enter these symbols to set the value of the corresponding flag. The number and sequence of the symbols can be arbitrary.

4. Assembly command a (assemble command)

Command Format:

A [<address>]

The function of this command is to assemble user-input assembly language commands into machine code and store them into memory units starting from the specified address.

If only the offset address is given, the current Cs value is used as the segment address. If no address is specified, it starts from the last unit of command a. If command a is not used before, the default value is Cs: IP.

When executing command a, debug waits for the user to input the command sequence. Enter each command and press enter to end command. Debug stores the machine code of the input command sequence in the memory unit starting with the specified address.

When using the command, pay attention to the following points.

· The long-returned message is retf.

· In addition to assembly language commands, you can also use pseudo-designated dB and DW to send bytes or words to corresponding memory units. However, DB and DW cannot use "?" , Expression, or DUP clause.

· You cannot use a symbolic address.

· To distinguish the immediate number from the memory operand, the address must be placed in square brackets. For example:

MoV ax, 1234; count ax now

MoV ax, [1234]; The number of memory unit values is ax

· The segment exceeding the prefix must be input in front of the instruction or in a separate line. For example, commands

MoV ax, ES: [100 H]

The correct form in debug is:

ES: mov ax, [100]

Or

ES:

MoV ax, [100]

5. disassembly command U (unassemble command)

The U command is used to disassemble binary code into symbolic commands of the assembly language, including the following two formats.

(1) U [<address>]

Disassembles several bytes from the specified address. For the 80-column mode, 32 bytes are decompiled (to ensure the integrity of the last instruction, it may be more than 32 bytes ). If no address is specified, the last unit of the previous U command starts. If the previous U command is not used, the default address is Cs: IP.

(2) U [<address range>]

Disassemble the memory area of the specified range. If only the offset address is given, the current Cs value is used as the segment address.

After the U command is executed, the memory address is displayed on the left of the screen, the machine code is in the middle, and the assembly language instruction is displayed on the right.

6. Run the command g (go command)

G command format:

G [= <address>] [<breakpoint address 1> <breakpoint address 2> · <breakpoint address 10>]

The <address> after the equal sign "=" indicates the starting address of the program execution. If not specified, the default address is Cs: IP. A maximum of 10 breakpoints can be specified. If only the offset address is given, the current Cs value is used as the segment address.

The G command starts to run the program in memory from the specified address until the program ends or the execution stops when any specified breakpoint occurs. If a breakpoint is encountered, the current values of all registers and flags and the next instruction to be executed are displayed. If the program ends normally, "Program terminated normally" is displayed ".

Note:

· The Order of breakpoint addresses is arbitrary. The advantage of setting multiple breakpoints is that when the program to be debugged has multiple possible execution paths, it may stop at the breakpoint no matter which path it is executed, to check program execution.

· Once the breakpoint is set, debug uses an int3 command to replace the operation code of the breakpoint command. When the program executes a breakpoint address, it immediately stops, restores the commands at all breakpoints, cancels all breakpoints, and returns debug. If the set breakpoint is not encountered during the execution of the G command, the program is executed completely and the command at the breakpoint is not restored.

· Once the program is executed, re-load the program if you want to execute it again.

· For G and the T and P commands described below, the <address> after the equal sign "=" must be a valid 8086 command code. Otherwise, unexpected results are generated.

7. TRACE command T (TRACE command)

T command format:

T [= <address>] [<Number of commands>]

The <address> after the equal sign "=" indicates the start address of the program execution. If not specified, the default value is Cs: IP. If only the offset address is given, the current Cs value is used as the segment address.

The T command starts a single step from the specified address. The number of executed commands is determined by the number of commands. After each instruction is executed, the values of all registers and flag spaces and the next instruction are displayed. If no <Number of command lines> is provided, the default value is 1.

T command execution, if the call or Int command is encountered, it will be tracked into the corresponding process or interrupt the service program. For commands with repeated prefixes (such as REP), perform one step at a time.

8. Continue the command P (proceed command)

The format of the p command is:

P [= <address>] [<Number of commands>]

The p command is similar to the T command, but the execution of call, Int, or with a duplicate prefix (such as Rep) command is treated as a step and will not be tracked into the corresponding process or interrupt the service program.

9. Exit command Q (quit command)

Q command format:

Q

Run this command to exit debug.

10. Memory comparison command C (compare command)

The C command is used to compare the values of two memory blocks. The format is as follows:

C <address range> <address>

The <address range> indicates the first memory block, and the <address> indicates the starting address of the second memory block. The number of bytes to be compared is determined by <address range>. If only the offset address is given, the current value of DS is used as the segment address.

The C command compares each byte of two memory blocks in sequence. If the two blocks are equal, no information is output. If there are not equal bytes, their addresses and values are displayed. The screen goes from left to right: the first memory block address and the corresponding value, the second memory block value and its address. For example:

C 2000:0 100 80; compare memory block 2000: 0h--2000: 180 h with DS: 80h--ds: H

C 2000:0 l 20 3000: 0; compare memory block 2000: 0h--2000: 1fh and 3000: 0h--3000: 1fh

11. Memory filling command F (fill command)

The format of the F command is:

F <address range> <byte table>

Use this command to write the bytes in the <byte table> to the memory area specified by <address range>. If only the offset address is given, the current value of DS is used as the segment address.

If the number of bytes in the <byte table> exceeds the <address range>, the redundant bytes are ignored. If the number of bytes in the <byte table> is small, the data is reused, until the specified <address range> is filled. For example:

F 7 0; set the 8 bytes of 2000: Running h--2000: 0007h to 0

F 0 7 1 2 3; set the 8 bytes of DS: 0000h--ds: 0007h to 1, 2, 3, 1, 2

12. Memory transfer command M (move command)

The m command is used to copy data (or code) from one memory area to another. The format is as follows:

M <address range> <address>

The <address range> indicates the source memory block to be copied, And the <address> is the starting address of the target memory block. The number of copied bytes is determined by <address range>. If only the offset address is given, the current value of DS is used as the segment address.

For example:

M 2000:0 100 80; copy the memory block 2000: 0h--2000: 180 H value to DS: 80h--ds: H

M 2000:0 l 20 3000: 0; copy the memory block 2000: 0h--2000: 1fh value to 3000: 0h--3000: 1fh

If the source block overlaps with the target block, debug can also handle it correctly.

13. SEARCH Command S (SEARCH Command)

The S command is used to search for a specific byte string in a specified memory area. The format is as follows:

S <address range> <byte table>

If only the offset address is given, the current value of DS is used as the segment address. If the required byte string is not found, no information is displayed; otherwise, the address displayed each time is displayed.

14. HEX command)

The format of the H command is:

H <value 1> <value 2>

Calculate the sum and difference of two hexadecimal (16 bits.

15. File naming command N (name command)

The format of the N command is:

N [Drive] [path] file name [. Extension]

This command saves the specified file path name to the FCB file control block of debug, so that the files can be loaded or stored on disks using the L or W command. <Parameter table> provides command line parameters for running executable files. For example, the following command

Debug; Start debug

N filename

L

Equivalent

Debug filename

16. Load command)

The l command is used to load the content of a file or disk in the memory of a specified sector, including the following two formats.

(1) L [<address>]

Load the file that has used the N command into the specified memory unit, and set Bx: Cx to the number of bytes of the mounted file. For executable files. EXE or. com, usually do not specify the memory to be loaded, allocated by Debug. After loading, the Cs: IP address is automatically set. Generally, the IP address is 0 (. EXE file) or 100 h (. COM file ). If the address is specified, the load address of the executable file must be Cs: 100 h.

(2) L <address> <drive letter> <start logical sector number> <number of sectors>

Load several sectors of the disk (up to 80 h) to the specified memory address. If only the offset address is given, the current Cs value is used as the segment address. 0 indicates disk A, 1 indicates disk B, 2 indicates disk C, and so on. For example, load the content of the boot sector (the logical sector number is 0) of drive C to the memory address Cs: 0, and then view it. The following command can be used:

L 0 2 0 1

D Cs: 0

17. Write disk command W (write command)

The W command has two formats.

(1) W [<address>]

Write the Bx: Cx bytes starting with the specified address to the file named after the N command. If only the offset address is given, the current Cs value is used as the segment address. If no address is specified, the default value is Cs: 100 h.

Note: Before executing the W command, you must correctly set the values of BX and Cx. In addition, the. exe file cannot be written, because the. exe file must be written in a specific format. debug does not support this write method.

(2) W <address> <drive letter> <start logical sector number> <number of sectors>

Write Data from the specified memory address to several sectors of the disk (up to 80 h. If only the offset address is given, the current Cs value is used as the segment address. The meaning of each parameter is the same as that of the l command.

The W command in the second format directly writes data to the specified sector. Be careful when using the command. Otherwise, the file system on the disk and the boot sector will be damaged.

18. Port input command I (input command)

The I command format is:

I <port address>

This command reads a byte from the specified I/O port and displays it.

19. Port output command O (output command)

O command format:

O <port address> <byte>

Outputs a byte to the specified I/O port.