                            USING DEBUG

                             by

                          Renegade





 Debug is, like every other debugger, a very powerful instrument.Most of
 the "normal" users don't know that they have it on their disk or what
 could be done by using it.Working with asm you'll recognize that debug
 can be a nice and useful tool.

                         What can we do with DEBUG ?

 You can do different things, disassemble files,view the different
  registers, and you can also write your code directly without any
  assembler.Some batch virii use this method, to assemble the code within
  the batch file through debug. But it's also a "dangerous" tool, as every
  other debugger. I have to think back to that laming "jokes", like
  recursive partition,changing some bytes at offset 1DE of the partition
  table. Of course there'll be always persons with a lack of programming
  skills who have to fall back on such methods.

  Let's see the commands which we can use to work with Debug, also
  available by typing simply - ?

                -a  "Assemble"   should be clear what it does

 If you don't specify the start address, the default 100h will be used,
 since debug is written for com files.But working with debug is not as
 "easy" as using an assembler.All numbers and addresses must be in hex
 format. You cannot use any labels, so you have to use the physical
 addresses.But logically Debug is not able to distinguish if you're
 dealing with numbers or locations, so the addresses have to be in square
 brackets.Example:  ax, 5  would move the value to ax, and mov ax, [5]
 would copy the content of 5 into ax.

                 -c  "Compare"    we have also a cmp command

                     the syntax is -c "address" "lenght"
                             so let's compare...
                            -c cs:100 l 10 cs:200 

             this will compare 10 bytes starting at address 100h
   Debug will give you each byte and, if there are poitive matches it will
            leave them out, otherwise it will display every byte.

                 -d  "Dump"       displays 128 bytes of data


   The default range is, as I said, 128 bytes using DS and Debug will start
                  at 100h.So you will get a dump like this:

248F:0100 EB 21 90 0D 0A 54 75 72-6E 20 6F 66 66 20 74 68  .!...Turn off th
248F:0110 65 20 63 6F 6D 70 75 74-65 72 20 6E 6F 77 2E 2E  e computer now..
248F:0120 2E 2E 24 0E 1F BA 03 01-B4 09 CD 21 EB FE 44 FE  ..$........!..D.
248F:0130 EB E4 8B C0 5B 8B 47 06-89 47 08 F9 EB 19 5B 89  ....[.G..G....[.
248F:0140 4C FE 74 09 03 F9 2B C1-48 89 05 2B F9 03 F9 89  L.t...+.H..+....
248F:0150 7F 08 8B C6 8C DA F8 C3-8B D1 83 C2 27 80 E2 F0  ............'...
248F:0160 8B DA F7 DB F7 DB F5 D1-DB D1 EB D1 EB D1 EB B4  ................
248F:0170 48 CD 21 72 26 3B 06 40-10 76 F4 3B 06 3E 10 76  H.!r&;.@.v.;.>.v


^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^  ^^^^^^^^^^^^^^^^
 address                   hex values                              ASCII
                               range:00-70=80h


               The maximum amount of data Dump can load is 64K.


    -e  "Enter"      here you can enter your bytes replacing the old ones

  Syntax -e "address".Debug will display the corrispondig byte and entering
   a value the older one will be overwritten.To view the next byte, without
                changing anything, simply press the space key.


              -f  "Fill"       fills the memory with your values

         Fills a specific range of memory with the same data.Example:

                 -f 100 l 1F4 FF        What does this mean ?

                             -f = command "FILL"

                         100= start at address 0100h

                        l 1F4 = lenght 1F4 = 500 bytes

                              FF = fill with FF

  So after executing this command the first 500 bytes of the file will have
                                the value FF.

                                   Before: 

248F:0100 B8 E0 30 BA FA 14 3B C4-73 69 8B C4 2D 44 03 90  ..0...;.si..-D..
248F:0110 25 F0 FF 8B F8 B9 A2 00-90 BE 7E 01 FC F3 A5 8B  %.........~.....
248F:0120 D8 B1 04 D3 EB 8C D9 03-D9 53 33 DB 53 CB 0E 01  .........S3.S...
248F:0130 7D 29 41 4E 0F 93 B6 CE-A2 BC FC 99 10 86 85 81  })AN............
248F:0140 0D 1A 99 32 33 60 05 D1-48 BF 00 D5 D1 16 5D 25  ...23`..H.....]%
248F:0150 DD FB F8 73 0B 33 5A D8-DD 72 AF B0 42 54 EA B8  ...s.3Z..r..BT..
248F:0160 5E 4E 6F 74 20 65 6E 6F-75 67 68 20 6D 65 6D 6F  ^Not enough memo
248F:0170 72 79 24 B8 00 09 BA 61-01 CD 21 CD 20 90 FD 8B  ry$....a..!. ...

                                    After:

248F:0100 FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF  ................
248F:0110 FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF  ................
248F:0120 FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF  ................
248F:0130 FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF  ................
248F:0140 FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF  ................
248F:0150 FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF  ................
248F:0160 FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF  ................
248F:0170 FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF  ................

                      -g  "Go"         executes the file

  g simply executes the program.By default it starts at offset 100h.You can
   set also breakpoints but I think that would be too specific for now.The
          important thing is that using g the file will be executed.


                  -h  "Hex"        performs hex calculations

                                   Example:

                                  -h 150 50

   Debug will give you two results, 01A0 and 0100.The first one is achieved
           by calculating 150+50 = 1A0, the second by 150-50 =100.

                 -i  "Input"      reads a byte of a I/O port

     Syntax: i "port".Debug will display the data from the selected port.


                  -l  "Load"       loads a file into memory

Loads a file using the command "n" before, or loads disksectors into memory

                        -m  "Move"       the known mov

                nothing to say, move just does what it means..

                        -n  "Name"       name of file
                   -o  "Output"     sends a byte to a port

                            the opposite of input

                 -p  "Proceed"    is used to execute routines

    using Proceed a subroutine will be executed til the end, exactly like
                              a simple command.

                               -q  "Quit"      
                   -r  "Register"   displays the registers

                    displays the flags and the registers:

    AX=0000  BX=0000  CX=16BC  DX=0000  SP=FFFE  BP=0000  SI=0000  DI=0000
    DS=248F  ES=248F  SS=248F  CS=248F  IP=0100   NV UP EI PL NZ NA PO NC
    248F:0100 B8E030        MOV     AX,30E0       ^^^^^^^^^^^^^^^^^^^^^^^^


                     Here are the flags: NV= no overflow
                       The direction flag is set to UP
                          EI enables the interrupts
                         The sign flag is set to PLUS
                             zero flag = No Zero
                              NA = No Auxiliary
                                PO=Parity ODD
                             and NC for No Carry


    AX=0000  BX=0000  CX=16BC  DX=0000  SP=FFFE  BP=0000  SI=0000  DI=0000
    DS=248F  ES=248F  SS=248F  CS=248F  IP=0100   NV UP EI PL NZ NA PO NC
                248F:0100 B8E030        MOV     AX,30E0       
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

     here we have the start address and the next command, mov ax,30E0.
   "Translated" also in hex, B8E030.The beginning offset is again 0100h.



    AX=0000  BX=0000  CX=16BC  DX=0000  SP=FFFE  BP=0000  SI=0000  DI=0000
                                   ^^^^^^^^^^^^^^^^
    DS=248F  ES=248F  SS=248F  CS=248F  IP=0100   NV UP EI PL NZ NA PO NC
                 248F:0100 B8E030        MOV     AX,30E0    


   in CX we have always the size of the file.That means, in this case, the
   file has a size of 5820 bytes, which would be 16BC in hex.If you load a 
  file that is larger than 64K the BX register will also be used to display
                                  the size.

      So the BX and CX registers of a 95254 large command.com would be:

    AX=0000  BX=0001  CX=7416  DX=0000  SP=0000  BP=0000  SI=0000  DI=0000
                                        ^^^^^^^

                  BX is also used.So 17416 in dec is 95254.


                                 -s  "Search"

 The syntax is the same as using the compare command.You can search either
    for ASCII or hex strings, but must be carefully since everything you
 type in is considerd case sensitive.If nothing is found, nothing won't be
                            displayed,of course...

        -t  "Trace"      Displays regs after executing an instruction

 executes each time only one command and displays then registers and flags.

                     -u  "Unassamble" Let's see the code
                    -w  "Write"      writes a file to disk


        Now we want to display a text assembling directly with Debug:

        -a 100                                   ; start at offset 100h
          246B:0100 jmp 10E                      ; jump to our code
          246B:0102 db "ASM RULEZ",0a,0d,"$"     ; here's the data
          246B:010E mov ah,9                     ; display text
          246B:0110 mov dx,102                   ; load the text
          246B:0113 int 21                       ; execute it
          246B:0115 mov ah,4c                    ; quit to DOS
          246B:0117 int 21

    This will display ASM RULEZ and finally return to Dos quitting Debug.


                       Converting numbers - BIN-HEX-DEC

  Of course you do this with a pocket calculator but it's quite interesting
                          how it is done without it.

                           Converting BIN to DEC: 

 let's take 111011 for example.First of all we have to "turn" the number,in 
      this way we'll make the things easier to calculate.The "syntax" is
 "figure" multiplied by 2 and then squared,cubed and so on depending on the
                     place of the figure.Ok, let's begin

                1. we change the whole number 111011 => 110111
                                                  
                         2.Now we have to calculate.

    The first figure is a 1, so we'd write 1 multiplied by 2 in the first
    power, and that's 2.But the first figure is considered as a 0, so the
    correct calculation is 1 multiplied by 2 in the 0 power..and that's 1
      To get the complete number in dec, we have to add all the results
                               of each figure.
  The second figure is a 1, so let's calculate the dec value.Think back to
   the syntax.1 multiplied by 2 in the 1st power(normally it would be the
second, but, as I told you, the first figure is considered as a 0).2 in the
        1st power...that's 2.Now let's add the first two results..1+2
  Next number: 0  that is  0 multiplied by 2 in the 2nd power..= 0,since 0 
  multiplied by fuck will remain 0.( only calculating the first figure the 
               result of 0 is 0,because 0 in the 0 power is 1).
                           so for now we have 1+2+0
        The next number is a 1: 1 multiplied by 2 in the 3rd power = 8
                       so the result for now is 1+2+0+8
         the next one is a 1: 1 multiplied by 2 in the 4th power =16
                              result: 1+2+0+8+16
              another 1: 1 multiplied by 2 in the 5th power = 32
                           so we have 1+2+0+8+16+32
                   The correct result is 1+2+0+8+16+32 = 59

                           Converting BIN to HEX :

              First of all, the hex values are: 0123456789ABCDEF

    Our number was 111011.Now we must devide it after every fourth figure 
    beginning from the right.This would correspond to  0011:1011 .To fill
                     all the figures we have to add  0's.
   The next step is to convert both sides into dec, what you would be able
                     to do now also without a calculator.
                               left side: 0011 
    Working with four figures, there's also another way to convert it into
                   dec without any calc.Here's the syntax:

                                       XXXX
                                       8421

     simply divide the number and count it if there's a 1.Example: 1101 

                                1   1   0   1

                                8   4  (2)  1
                                        

     we don't count the 2 because there's a 0, so let's add the figures:
                                   8+4+1=13

     Now let's go back to our hex example.The left side was 0011,which
  corresponds to 3 in dec.And the right side is 1011, which is 11.So let's
   give a look to the valid hex values: 3 corresponds to 3, and 11 would
                         be B.  111011 in hex is 3B.
                                       
                           Converting HEX to DEC :

Let's take for example ABCD.You have to know that 16 is the base of the hex
                                   system.
                           1.Turn the figures: DCBA
   D= 1 multiplied by D,which corresponds to: 1 multiplied by 13 (D=13) =13
              C= 16 multiplied by C => 16 multiplied by 12 = 192
               B= 16x16= 256 multiplied by B => 256 x 11 = 2816
                A= 256x16=4096 => 4096 x A = 4096 x 10 = 40960

          now we have to add all values : 13+192+2816+40960 = 43981

                           Converting DEC to BIN :

             example: 100 .Now me must simply devide each result:

                         100:2  = 50 no residue => 0
                          50:2  = 25     "      => 0
                          25:2  = 12 residue 1  => 1
                          12:2  =  6 no residue => 0
                           6:2  =  3     "      => 0
                           3:2  =  1 residue 1  => 1
                           1:2  =  1     "   1  => 1


                      So 100 in dec is: 1100100  in bin

                      A useful help could be this table:

                 BIN                    DEC                      HEX
        ______________________________________________________________
                 0000                     0                        0
                 0001                     1                        1
                 0010                     2                        2
                 0011                     3                        3
                 0100                     4                        4
                 0101                     5                        5
                 0110                     6                        6
                 0111                     7                        7
                 1000                     8                        8
                 1001                     9                        9
                 1010                    10                        A
                 1011                    11                        B
                 1100                    12                        C
                 1101                    13                        D
                 1110                    14                        E
                 1111                    15                        F

                               
