debug.html

黑客培训教程

<html>
<head>
<title>Debug</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body bgcolor="#000000" text="#ffffff" link="#ffffff" vlink="#ffffff">
<table width="680" border="0" cellspacing="2" cellpadding="2" align="center">
  <tr>
    <td width="693">
      <pre>
                        :::::::::   ::::::::  :::::::::  ::::::::::
                        :+:    :+: :+:    :+: :+:    :+: :+:
                        +:+    +:+ +:+        +:+    +:+ +:+
                        +#++:++#+  +#++:++#++ +#++:++#:  :#::+::#
                        +#+    +#+        +#+ +#+    +#+ +#+
                        #+#    #+# #+#    #+# #+#    #+# #+#
                        #########   ########  ###    ### ###

              	             <a href="http://blacksun.box.sk" target="_blank">http://blacksun.box.sk</a>
                           _____________________________
    ______________________I       <b>   Topic:</b>             I_____________________
   \                      I                             I                    /
    \     HTML by:        I     <b>     debug  </b>            I   Written by:     /
    >                     I                             I                  <
   /      <a href="mailto:black_mesa@gmx.de">Martin L.</a>       I_____________________________I   Ralph           \
  /___________________________>                    <_________________________\</pre>
    </td>
  </tr>
</table>
<p>Version: 1.0<br>
Date: 8/1/00</p>
<p>Debug is a program that comes with modern versions of DOS (I do not know when I started shipping out with DOS).
   Anyway, all Windows users should have it already.<p>
<p>It's a great tool for debuging programs, unassembling and cracking, and reading "hidden" memory areas like the boot
   sector, and much more.</p>
<p>The following was copied from an assembly tutorial who's author we cannot credit, because we have no idea who he is.</p>
<p>Get into DOS and type "debug", you will get a prompt like this:</p>
<blockquote>-</blockquote>
<p>now type "?", you should get the following response:</p>
<blockquote>
<table width="500">
<tr>
  <td><a href="#assemble">assemble</a></td><td>A [address]</td>
</tr>
<tr>
  <td><a href="#compare">compare</a></td><td>C range address</td>
</tr>
<tr>
  <td><a href="#dump">dump</a></td><td>D [range]</td>
</tr>
<tr>
  <td><a href="#enter">enter</a></td><td>E address [list]</td>
</tr>
<tr>
  <td><a href="#fill">fill</a></td><td>F range list</td>
</tr>
<tr>
  <td><a href="#go">go</a></td><td>G [=address] [addresses]</td>
</tr>
<tr>
  <td><a href="#hex">hex</a></td><td>H value1 value2</td>
</tr>
<tr>
  <td><a href="#input">input</a></td><td>I port</td>
</tr>
<tr>
 <td><a href="#load">load</a></td><td>L [address] [drive] [firstsector] [number]</td>
</tr>
<tr>
  <td><a href="#move">move</a></td><td>M range address</td>
</tr>
<tr>
  <td><a href="#name">name</a></td><td>N [pathname] [arglist]</td>
</tr>
<tr>
  <td><a href="#output">output</a></td><td>O port byte</td>
</tr>
<tr>
  <td><a href="#proceed">proceed</a></td><td>P [=address] [number]</td>
</tr>
<tr>
  <td><a href="#quite">quit</a></td><td>Q</td>
</tr>
<tr>
  <td><a href="#register">register</a></td><td>R [register]</td>
</tr>
<tr>
  <td><a href="#search">search</a></td><td>S range list</td>
</tr>
<tr>
  <td><a href="#trace">trace</a></td><td>T [=address] [value]</td>
</tr>
<tr>
  <td><a href="#unassemble">unassemble</a></td><td>U [range]</td>
</tr>
<tr>
  <td><a href="#write">write</a></td><td>W [address] [drive] [firstsector] [number]</td>
</tr>
<tr>
  <td>allocate expanded memory</td><td>XA [#pages]</td>
</tr>
<tr>
  <td>deallocate expanded memory</td><td>XD [handle]</td>
</tr>
<tr>
  <td>map expanded memory pages</td><td>XM [Lpage] [Ppage] [handle]</td>
</tr>
<tr>
  <td>display expanded memory status</td><td>XS</td>
</tr>
</table>
</blockquote>
<p>Lets go through each of these commands:</p>
<a name="assemble"><h3>Assemble:</h3>
<p>-a<br>
   107A:0100</p>
<p>At this point you can start assembling some programs, just like using a assembler.
However the debug assembler is very limited as you will probably notice.  Lets try
to enter a simple program:</p>
<p>-a<br>
107A:0100 MOV AH,02<br>
107A:0102 MOV DL,41<br>
107A:0104 INT 21<br>
107A:0106 INT 20<br>
-g<br>
A</p>
<p>Program terminated normally</p>
<p>That's the same program we did at the end of the previous chapter.  Notice how you
run the program you just entered with "g", and also notice how the set-up part is not
there?  That's because debug is just too limited to support that.<br>
Another thing you can do with assemble is specify the address at which you want to start,
by default this is 0100 since that's where all .COM files start.</p>


<a name="compare"><h3>Compare:</h3>
<p>Compare takes 2 block of memory and displays them side by side, byte for byte.  Lets do
an example.  Quite out of debug if you haven't already using "q".
Now type "debug c:\command.com"</p>
<p>-c 0100 l 8 0200<br>
10A3:0100  7A  06  10A3:0200</p>
<p>This command compared offset 0100 with 0200 for a length of 8 bytes.  Debug responded
with the location that was DIFFERENT.  If 2 locations were the same, debug would just
omit them, if all are the same debug would simply return to the prompt without any
response.</p>


<a name="dump"><h3>Dump:</h3>
<p>Dump will dump a specified memory segment.  To test it, code that assembly program again:</p>
<p>C:\>debug<br>
-a<br>
107A:0100 MOV AH,02<br>
107A:0102 MOV DL,41<br>
107A:0104 INT 21<br>
107A:0106 INT 20<br>
-d 0100 l 8<br>
107A:0100  B4 02 B2 41 CD 21 CD 20</p>                             ...A.!.

<p>The "B4 02 B2 41 CD 21 CD 20" is the program you just made in machine language.</p>
<p>B4 02 = MOV AH,02<br>
B2 41 = MOV DL,41<br>
CD 21 = INT 21<br>
CD 20 = INT 20</p>
<p>The "...A.!." part is your program in ASCII.  The "." represent non-printable characters.
Notice the A in there.</p>


<a name="enter"><h3>Enter:</h3>
<p>This is one of the hard commands.  With it you can enter/change certain memory areas.
Lets change our program so that it prints a B instead of an A.</p>
<table>
<tr>
  <td>-e 0103</td>
  <td>&lt;-- edit program at segment 0103</td>
</tr>
<tr>
  <td>107A:0103  41.42</td>
  <td>&lt;-- change 41 to 42</td>
</tr>
<tr>
 <td colspan="2">-g</td>
</tr>
<tr>
  <td colspan="2">B</td>
</tr>
</table>
<p>Program terminated normally<br>
-<br>
Wasn't that amazing?</p>


<a name="fill"><h3>Fill:</h3>
<p>This command is fairly useless, but who knows....<br>
It fills the specified amount of memory with the specified data.  Lets for example clear
out all memory from segment 0100 to 0108, which happens to be our program.</p>
<table>
<tr>
  <td>-f 0100 l 8 0</td>
  <td>&lt;-- file offset 0100 for a length of 8 bytes with 0</td>
</tr>
<tr>
  <td>-d 0100 l 8</td>
  <td>&lt;-- verify that it worked</td>
</tr>
<tr>
  <td>107A:0100  00 00 00 00 00 00 00 00</td>
  <td>.......</td>
</tr>
<tr>
  <td colspan="2">Yep, it worked.</td>
</tr>
</table>
<a name="go"><h3>Go:</h3>
<p>So far we used go (g) to start the program we just created.  But Go can be used for much
more.  For example, lets say we want to execute a program at 107B:0100:</p>
<table>
<tr>
  <td>-r CS</td>
  <td>&lt;-- set the CS register to point to 107B</td>
</tr>
<tr>
  <td colspan="2">CS 107A</td>
</tr>
<tr>
  <td colspan="2">:107B</td>
</tr>
<tr>
  <td>-g =100</td>
</tr>
</table>
<p>You can also set breakpoints.</p>
<table>
<tr>
  <td>-a</td>
  <td>&lt;-- enter our original program so we have something</td>
</tr>
  <td>107A:0100 MOV AH,02</td>
  <td>to work with</td>
</tr>
<tr>
  <td colspan="2">107A:0102 MOV DL,41</td>
</tr>
<tr>
  <td colspan="2">107A:0104 INT 21</td>
</tr>
<tr>
  <td colspan="2">107A:0106 INT 20</td>
<tr>
</tr>
  <td>-g 102</td>