readme.txt

比dos下的debug更好的debug程序源码

1) general info

	GRDB is a real-mode debugger which supports up to the Pentium
	instruction set.

	GRDB is intended as a program development tool; certain features
	will make it hard to use for reverse-engineering.  But you have
	the sources and can fix that if you want...

	GRDB is similar to debug in many ways.  The major departure to the
	basic interface has been in making some of the commands less
	archaic.  Also a variety of status commands have been added to
	help you see what is going on.

	for questions or comments contact the author at:

	camille@bluegrass.net

2) Disclaimer

	GRDB is copyright (c) ladsoft and is FREEWARE- 
	you may redistrubute it freely
	as long as the sources go along with it, however you may NOT
	charge a fee that is more than the costs of redistribution
	media.

	By running the program you assume all risks associated with
	using it.  The author is not responsible for any damages
	resulting from use of this program, either direct or consequential,
	including but not limited to loss of life, profit, data,
	or other injuries. If you do not accept this, do not run the program.

	If you like this program you are welcome to send me $10 or $20
	so I can go out and see a movie.  You do not have to send me money
	if you just want to use the program, but I appreciate donations :)

	David Lindauer
	1428 Hepburn Ave Apt #1
	Louisville,KY 40204

3) Features

	GRDB is similar to debug in many ways.  The syntax of the following
	commands departs from the DEBUG syntax:

	h,l,w

	and some of the l & w functionality has been split to new
	commands.  In addition the 'n' command is now used for FPU status; 
	the name of a program is set in the l or w commands if necessary.

	In addition the following features have been added:

	a) software breakpoints

	b) interrupt status screen

	c) configuration options screen

	d) memory (arena) display screen

	e) program information screen

	f) session logging
	
	g) allows loading EXEs without the EXE parsing mechanism

	h) hardware breakpoints

	i) command line history

	j) New!  PCI read/write

4) command line interface

	the command line interface is similar to that of debug.  However,
	some enhancements have been made:

	a) knows the names of ALL registers and allows you to use them
	   anywhere a number is allowed.  It knows 8, 16, and 32-bit
	   register names...

	b) it knows how to parse string values and convert them to hex.
	   so, a quoted string can be used anywhere a non-address value
	   can be used.  HOWEVER, in most cases strings longer than
	   4 characters will be truncated.  Also, some commands
	   (notably fill) will only use the least significant value
	   of the number and will truncate it to one character

	c) commas are always treated like spaces.

	d) CTRL-BREAK is routed to the debugger, and will normally
	   cause the program to halt at its present position as if there
	   were an int 3 in the program stream.  However:

	   if interrupts get disabled you are out of luck.

	   if there is a runaway condition that never returns control to
	   memory belonging to your program you are out of luck

	   if DOS is executing, the break will not happen until the
	   end of the current DOS call.  However it IS (remotely) possible
	   that your break will come in between the int 21h and the
	   time the indos flag gets set, in which case you will break
	   early in the int 21h routine.

	   DOS won't receive a break notification.

	e) you may use up-arrow, and down-arrow to move through previous
	   commands, or F3 to grab the last command you issued.  Old
	   commands will automatically be flushed as needed.  If a new
	   command matches an old command it will not be added to
	   the command list again.  Only primary commands will be logged,
	   for example assembly language statements will not be logged.

5) Commands

Here is a brief list of commands:

a  [addr]                      - assemble
b  [d][#]                      - Show breakpoint(s)
b  [d][-]#,addr[,r/w/x[,len]]  - set or clear a breakpoint
c  block1, block2, len         - compare memory
d  [start [,end]]              - dump memory
e  start [,list]               - examine memory
f  start,end [,val]            - fill memory
g  [=start] [,break]           - run from start (or pos) to break
h  val1 [+-*/] val2            - hex arithmetic
i[bwd]  port                   - read from port
l  [@] [-] [name[ command]]    - read from file
m  start,end,start2            - move memory
n  [s]                         - show fp regs/status
o[bwd]  port,val               - write to port
p  [r][n]                      - step through
q                              - quit
r  [reg[:val]]                 - show/modify regs
s  start,end [,list]           - search for a byte pattern
t  [n] [count]                 - step into
u  [start [,end]]              - unassemble
w  [@addr] [name] [,len]       - write to file
y  pfa, reg [,val]             - read/[write] PCI info
y? bus, dev, func              - get PFA from bus, dev, func
?                              - this help
??                             - extended commands
xr drive: addr,start [,len]    - read logical disk sector
xw drive: addr,start [,len]    - write logical disk sector
@  [a] [logfile]               - start/stop logging to a file
?i                             - view interrupt info
?m [x]                         - view arena tags
?o [+-option]                  - view/set options
?p                             - view program status

Many of the commands are similar to what DEBUG does.  Note that
the ',' character is always optional.  Following is a detailed description 
of each command:

a <CR>
	assemble from CS:IP
	this is quite a bit different from debug.  You may NOT specify
	segments on a line by themselves, but you may put them either
	before the instruction or before the operand.  instructions up to
	the pentium may be assembled.  You can force any of the prefixes
	if you want, or the assembler will figure out what is needed
	based on the addressing mode.

a addr <CR>
	assemble from address.  This assembler can assemble up to
	pentium instructions, but, it is slightly different from debug.
	First, prefixes may NOT be placed on a line alone, you must
	place them either before the instruction or before a bracketted
	operand.  If you need to force the addrsiz or opsiz prefixes
	they are called 'as' and 'os', but these must be before the
	mnemonic.  Most of the time you won't need this as the assembler
	figures out what prefixes to use based on the operands.
	Second, it will accept either the NASM or the MASM syntax
	for fpregs and sizing.  Third, sizing is optional on things
	like 'mov [5],33', but, you
	may not like the defaults so put it on if in doubt.  Much of the time
	the assembler will choose constant sizing based on the size
	of the constant if it can, but this is not true if not even
	the size of the operand is specified.
	Fourth, it does NOT know forms of FP instructions that imply
	fwait, for example use the sequence 'fwait fnstsw' if you need
	fstsw.

	assembler known bugs:
	sizing - not strict most of the time.  Entering an invalid
		size will usually result in it using a valid size that
		you don't want.  Sometimes it checks though :)
	setcc instructions don't even check register sizing...

	note: a few ppro instructions have been implemented.  Should be
	everything but the new floating point, which I probably won't
	implement as they are discontinuing the ppro.


b <CR>  
	show active breakpoints.  
	this Does nothing if no breakpoints are active.

b# <CR>  
	where '#" is any number from 0-0F.  
	this Shows the value of that breakpint.

b # , address <CR> 
	where '#' is a hex number from 0 to 0F and
	address is any valid address.  Sets a breakpoint.  At run time
	an 'int 3' will be inserted at the address.  Note that breakpoint
	0 is a special breakpoint used by the 'go' command; it will be
	automatically cleared at the end of the next go/trace/proceed.

b-# <CR>
	clears a breakpoint

b-* <CR>
	clear all breakpoints

bd <CR>
	show all hardware breakpoints

	Note: hardware breakpoints are not available while in a windows
	shell as paging is non-linear.  The program will remind you.

bd# <CR>
	where '#" is any number from 0-3.  
	this Shows the value of that hardware breakpint.

bd# , address <CR> 
	where '#' is a hex number from 0 to 4 and
	address is any valid address.  Sets a hardware breakpoint with
	style 'execution' and length 1.  Hardware breakpoints use the
	386 hardware breakpoint mechanism and do NOT result in modification
	of code or tracing.  I/O breakpoints which were allowed
	beginning with the pentium pro are not supported.

	note: hardware breakpoints stop immediately AFTER the
	instruction which caused the breakpoint activity.  This is in
	contrast to software breakpoints, which stop before.

bd#, address, w <CR>
	sets hardware breakpoint for write memory accesses, with length 1

bd#, address, w, len <CR>
	sets hardware breakpoint for write memory accesses, with length 1,2,4

bd#, address, r <CR>
	sets hardware breakpoint for read/write memory accesses, with length 1
	note that the debugger does NOT allow read-only breakpoints.

bd#, address, r, len <CR>
	sets hardware breakpoint for read/write memory accesses, with length 1,2,4

bd#, address, x <CR>
	sets hardware breakpoint for execute memory accesses, with length 1

bd#, address, r, 1 <CR>
	sets hardware breakpoint for execute memory accesses, with length 1
	cannot use other lengths with execute-style access trapping

bd-# <CR>
	clear the hardware breakpoint

bd-* <CR>
	clear all hardware breakpoints

c start, end, start2 <CR>
	compare memory.  Like DEBUG version.  you may use segment qualifiers
	on both addresses
	
d <CR>	
	disply 80h bytes starting at the current location

d addr <CR> 
	display 80H bytes starting at addr

d addr,addr <CR>  
	display all the bytes between the two addresses.  The
	second address may NOT be qualified with a segment.

e addr	<CR> 
	start prompting for data.  Note: you CAN quote a character
	here.

e addr , list of data <CR>
	put the indicated data at the address.

f addr , addr <CR>
	fills all the bytes between the two addresses with 0.
	the second address may NOT be qualified with a segment

f addr , addr , value <CR>
	fills all the bytes between the two addresses with value

g = addr <CR>
	start executing at address

g addr <CR>
	start executing at current IP, set a temporary breakpoint
	at addr (overwrites breakpoint 0)

g =addr , addr <CR>
	start executing at the first address, set a breakpoint at the
	second address

h val [op] val <CR>
	do some math.  Valid operators are : +-*/%.  If no operator
	is given, it will act like debug.

i port <CR>
	show the (byte) value at the port
	There must be no space between the command and the size
	qualifier so as to distinguish it from the port value

ib port <CR>
	show the value of a byte-sized port
	There must be no space between the command and the size
	qualifier so as to distinguish it from the port value

iw port <CR>
	show the value of a word-sized prot
	There must be no space between the command and the size
	qualifier so as to distinguish it from the port value

id port <CR>
	show the value of a dword-sized port
	There must be no space between the command and the size
	qualifier so as to distinguish it from the port value

l filename command <CR>
	load a file, setting its command line.  The command is optional.

l @ filename <CR>
	load an EXE file without using the normal EXE load mechanism
	(e.g. as a COM file).  Note, you CANNOT run EXEs that are loaded
	this way.

l - <CR>
	unload file

l <CR>
	reload last file

m start,end,start2 <CR>
	move memory from start to start2.  Both start and start2
	may be qualified with segment values.

n <CR>
	show fp registers.  The TOS register will have a star next to
	it.  Note: if you have a 386 with no coprocessor you will get an
	error message.  Also, my version of TASM puts an FWAIT in front
	of the frstor statement used in this command and the next.  This
	could cause problems if you've got exceptions vectored through
	an interrupt and show fp status while an exception is active.
	Older versions of TASM apparantly don't do this.

ns <CR>
	show fp status.  Shows masked exceptions, active exceptions,