USING DEBUG
                             by
                          Renegade




Debug is, like every other debugger, a very powerful instrument.Most of the
"normal" users don't know that they have it on their disk or what could be
done by using it.Working with asm you'll recognize that debug can be a nice
and useful tool.

What can we do with DEBUG ?

You can do different things, disassemble files,view the different registers,
and you can also write your code directly without any assembler.Some batch
virii use this method, to assemble the code within the batch file through
debug.But it's also a "dangerous" tool, as every other debugger.I have to
think back to that laming "jokes", like recursive partition,changing some
bytes at offset 1DE of the partition table.Of course there'll be always 
persons with a lack of programming skills who have to fall back on such
methods.

Let's see the commands which we can use to work with Debug, also available
by typing simply - ?

-a  "Assemble"   should be clear what it does

If you don't specify the start address, the default 100h will be used,since
debug is written for com files.But working with debug is not as "easy" as
using an assembler.All numbers and addresses must be in hex format.You 
cannot use any labels, so you have to use the physical addresses.But logically
Debug is not able to distinguish if you're dealing with numbers or locations,
so the addresses have to be in square brackets.Example:  ax, 5  would move
the value to ax, and mov ax, [5] would copy the content of 5 into ax.

-c  "Compare"    we have also a cmp command

the syntax is -c "address" "lenght"
so let's compare...
-c cs:100 l 10 cs:200 

this will compare 10 bytes starting at address 100h
Debug will give you each byte and, if there are poitive matches it will
leave them out, otherwise it will display every byte.

-d  "Dump"       displays 128 bytes of data


The default range is, as I said, 128 bytes using DS and Debug will start
at 100h.So you will get a dump like this:

248F:0100  EB 21 90 0D 0A 54 75 72-6E 20 6F 66 66 20 74 68   .!...Turn off th
248F:0110  65 20 63 6F 6D 70 75 74-65 72 20 6E 6F 77 2E 2E   e computer now..
248F:0120  2E 2E 24 0E 1F BA 03 01-B4 09 CD 21 EB FE 44 FE   ..$........!..D.
248F:0130  EB E4 8B C0 5B 8B 47 06-89 47 08 F9 EB 19 5B 89   ....[.G..G....[.
248F:0140  4C FE 74 09 03 F9 2B C1-48 89 05 2B F9 03 F9 89   L.t...+.H..+....
248F:0150  7F 08 8B C6 8C DA F8 C3-8B D1 83 C2 27 80 E2 F0   ............'...
248F:0160  8B DA F7 DB F7 DB F5 D1-DB D1 EB D1 EB D1 EB B4   ................
248F:0170  48 CD 21 72 26 3B 06 40-10 76 F4 3B 06 3E 10 76   H.!r&;.@.v.;.>.v


^^^^^^^^^  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^  ^^^^^^^^^^^^^^^^
address                   hex values                              ASCII
range:00-70=80h


The maximum amount of data Dump can load is 64K.


-e  "Enter"      here you can enter your bytes replacing the old ones

Syntax -e "address".Debug will display the corrispondig byte and entering
a value the older one will be overwritten.To view the next byte, without
changing anything, simply press the space key.


-f  "Fill"       fills the memory with your values

Fills a specific range of memory with the same data.Example:

-f 100 l 1F4 FF        What does this mean ?

-f = command "FILL"

100= start at address 0100h

l 1F4 = lenght 1F4 = 500 bytes

FF = fill with FF

So after executing this command the first 500 bytes of the file will have
the value FF.

Before: 

248F:0100  B8 E0 30 BA FA 14 3B C4-73 69 8B C4 2D 44 03 90   ..0...;.si..-D..
248F:0110  25 F0 FF 8B F8 B9 A2 00-90 BE 7E 01 FC F3 A5 8B   %.........~.....
248F:0120  D8 B1 04 D3 EB 8C D9 03-D9 53 33 DB 53 CB 0E 01   .........S3.S...
248F:0130  7D 29 41 4E 0F 93 B6 CE-A2 BC FC 99 10 86 85 81   })AN............
248F:0140  0D 1A 99 32 33 60 05 D1-48 BF 00 D5 D1 16 5D 25   ...23`..H.....]%
248F:0150  DD FB F8 73 0B 33 5A D8-DD 72 AF B0 42 54 EA B8   ...s.3Z..r..BT..
248F:0160  5E 4E 6F 74 20 65 6E 6F-75 67 68 20 6D 65 6D 6F   ^Not enough memo
248F:0170  72 79 24 B8 00 09 BA 61-01 CD 21 CD 20 90 FD 8B   ry$....a..!. ...

After:

248F:0100  FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF   ................
248F:0110  FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF   ................
248F:0120  FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF   ................
248F:0130  FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF   ................
248F:0140  FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF   ................
248F:0150  FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF   ................
248F:0160  FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF   ................
248F:0170  FF FF FF FF FF FF FF FF-FF FF FF FF FF FF FF FF   ................


-g  "Go"         executes the file

g simply executes the program.By default it starts at offset 100h.You can
set also breakpoints but I think that would be too specific for now.The
important thing is that using g the file will be executed.


-h  "Hex"        performs hex calculations

Example:

-h 150 50

Debug will give you two results, 01A0 and 0100.The first one is achieved
by calculating 150+50 = 1A0, the second by 150-50 =100.

-i  "Input"      reads a byte of a I/O port

Syntax: i "port".Debug will display the data from the selected port.


-l  "Load"       loads a file into memory

Loads a file using the command "n" before, or loads disksectors into memory
-m  "Move"       the known mov

nothing to say, move just does what it means..

-n  "Name"       name of file
-o  "Output"     sends a byte to a port

the opposite of input

-p  "Proceed"    is used to execute routines

using Proceed a subroutine will be executed til the end, exactly like
a simple command.

-q  "Quit"      
-r  "Register"   displays the registers

displays the flags and the registers:

AX=0000  BX=0000  CX=16BC  DX=0000  SP=FFFE  BP=0000  SI=0000  DI=0000
DS=248F  ES=248F  SS=248F  CS=248F  IP=0100   NV UP EI PL NZ NA PO NC
248F:0100 B8E030        MOV     AX,30E0       ^^^^^^^^^^^^^^^^^^^^^^^^


Here are the flags: NV= no overflow
The direction flag is set to UP
EI enables the interrupts
The sign flag is set to PLUS
zero flag = No Zero
NA = No Auxiliary
PO=Parity ODD
and NC for No Carry


AX=0000  BX=0000  CX=16BC  DX=0000  SP=FFFE  BP=0000  SI=0000  DI=0000
DS=248F  ES=248F  SS=248F  CS=248F  IP=0100   NV UP EI PL NZ NA PO NC
248F:0100 B8E030        MOV     AX,30E0       
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

here we have the start address and the next command, mov ax,30E0."Translated"
also in hex, B8E030.The beginning offset is again 0100h.



AX=0000  BX=0000  CX=16BC  DX=0000  SP=FFFE  BP=0000  SI=0000  DI=0000
         ^^^^^^^^^^^^^^^^
DS=248F  ES=248F  SS=248F  CS=248F  IP=0100   NV UP EI PL NZ NA PO NC
248F:0100 B8E030        MOV     AX,30E0    


in CX we have always the size of the file.That means, in this case, the
file has a size of 5820 bytes, which would be 16BC in hex.If you load a 
file that is larger than 64K the BX register will also be used to display
the size.

So the BX and CX registers of a 95254 large command.com would be:

AX=0000  BX=0001  CX=7416  DX=0000  SP=0000  BP=0000  SI=0000  DI=0000
         ^^^^^^^

BX is also used.So 17416 in dec is 95254.


-s  "Search"

The syntax is the same as using the compare command.You can search either
for ASCII or hex strings, but must be carefully since everything you
type in is considerd case sensitive.If nothing is found, nothing won't be
displayed,of course...

-t  "Trace"      Displays regs after executing an instruction

executes each time only one command and displays then registers and flags.

-u  "Unassamble" Let's see the code
-w  "Write"      writes a file to disk


Now we want to display a text assembling directly with Debug:

-a 100                                 ; start at offset 100h
246B:0100 jmp 10E                      ; jump to our code
246B:0102 db "ASM RULEZ",0a,0d,"$"     ; here's the data
246B:010E mov ah,9                     ; display text
246B:0110 mov dx,102                   ; load the text
246B:0113 int 21                       ; execute it
246B:0115 mov ah,4c                    ; quit to DOS
246B:0117 int 21

This will display ASM RULEZ and finally return to Dos quitting Debug.


Converting numbers - BIN-HEX-DEC

Of course you do this with a pocket calculator but it's quite interesting
how it is done without it.

Converting BIN to DEC: 

let's take 111011 for example.First of all we have to "turn" the number,in 
this way we'll make the things easier to calculate.The "syntax" is
"figure" multiplied by 2 and then squared,cubed and so on depending on the
place of the figure.Ok, let's begin

1. we change the whole number 111011 => 110111
                      
2.Now we have to calculate.

The first figure is a 1, so we'd write 1 multiplied by 2 in the first power,
and that's 2.But the first figure is considered as a 0, so the correct
calculation is 1 multiplied by 2 in the 0 power..and that's 1.
To get the complete number in dec, we have to add all the results
of each figure.
The second figure is a 1, so let's calculate the dec value.Think back to
the syntax.1 multiplied by 2 in the 1st power(normally it would be the second,
but, as I told you, the first figure is considered as a 0).2 in the 1st
power...that's 2.Now let's add the first two results..1+2
Next number: 0  that is  0 multiplied by 2 in the 2nd power..= 0,since 0 
multiplied by fuck will remain 0.( only calculating the first figure the 
result of 0 is 0,because 0 in the 0 power is 1).
so for now we have 1+2+0
The next number is a 1: 1 multiplied by 2 in the 3rd power = 8
so the result for now is 1+2+0+8
the next one is a 1: 1 multiplied by 2 in the 4th power =16
result: 1+2+0+8+16
another 1: 1 multiplied by 2 in the 5th power = 32
so we have 1+2+0+8+16+32
The correct result is 1+2+0+8+16+32 = 59

Converting BIN to HEX :

First of all, the hex values are: 0123456789ABCDEF

Our number was 111011.Now we must devide it after every fourth figure 
beginning from the right.This would correspond to  0011:1011 .To fill
all the figures we have to add  0's.
The next step is to convert both sides into dec, what you would be able
to do now also without a calculator.
left side: 0011 
Working with four figures, there's also another way to convert it into
dec without any calc.Here's the syntax:

    XXXX
    8421

simply divide the number and count it if there's a 1.Example: 1101 

1   1   0   1

8   4  (2)  1
   

we don't count the 2 because there's a 0, so let's add the figures:
8+4+1=13

Now let's go back to our hex example.The left side was 0011,which corresponds
to 3 in dec.And the right side is 1011, which is 11.So let's give a look
to the valid hex values: 3 corresponds to 3, and 11 would be B.
111011 in hex is 3B.
 
Converting HEX to DEC :

Let's take for example ABCD.You have to know that 16 is the base of the hex
system.
1.Turn the figures: DCBA
D= 1 multiplied by D,which corresponds to: 1 multiplied by 13 (D=13) =13
C= 16 multiplied by C => 16 multiplied by 12 = 192
B= 16x16= 256 multiplied by B => 256 x 11 = 2816
A= 256x16=4096 => 4096 x A = 4096 x 10 = 40960

now we have to add all values : 13+192+2816+40960 = 43981

Converting DEC to BIN :

example: 100 .Now me must simply devide each result:

100:2  = 50 no residue => 0
 50:2  = 25     "      => 0
 25:2  = 12 residue 1  => 1
 12:2  =  6 no residue => 0
  6:2  =  3     "      => 0
  3:2  =  1 residue 1  => 1
  1:2  =  1     "   1  => 1


So 100 in dec is: 1100100  in bin

A useful help could be this table:

        BIN                    DEC                      HEX
______________________________________________________________
       0000                     0                        0
       0001                     1                        1
       0010                     2                        2
       0011                     3                        3
       0100                     4                        4
       0101                     5                        5
       0110                     6                        6
       0111                     7                        7
       1000                     8                        8
       1001                     9                        9
       1010                    10                        A
       1011                    11                        B
       1100                    12                        C
       1101                    13                        D
       1110                    14                        E
       1111                    15                        F

That's all...

cya