![]() ![]() The dump command is used to display the bytes of a loaded file in hex and in their ascii representation. But if the file was 00310f52 bytes then, CX = 0f52 and BX = 0031. So if the file was 1b bytes long, CX = 001b and BX=0000. If the file is bigger than 64k then the value will be split into two registers where BX contains the high order of the length of the file and CX contains the low. One important thing to remember is if debug has a file loaded, then the value CX is the length of the file. If you use the R command with no arguments it will display the values of all those registers and the flags, including the the instruction that IP is pointing to. If omitted the value is unchanged:ĬX 000A Returns value of CX, which in this case is 000A On return with a register as an argument it will display the value of that register and prompt you to enter a new value. Where register can be the name of one of these 16 bit registers: AX, BX, CX, DX, SP, BP, SI, DI, DS, ES, SS, CS, IP. One of debug’s debugging features is the ability to read or write to a loaded program’s registers. There are also other calculator software out there or you can program your own! This command proves very useful when calculating offset address range(s).Īlthough, if you wish for a GUI and more functionality you can use MS Calculator (C:\Windows\System32\calc.exe) which also capable of multi., div., long expressions, and bitwise comparisons. The first number it shows in the result is the sum, in this case 000F (the 0x8+0x7), and the difference which is 0x8-0x7=0001. Next I found the sum of 8 and 7 and the difference. ![]() In the first occurance of the H command it calculated 010E+0100 or just 10e+100 and the result was 20E, the difference: 10E-100 is E. On return you should have the first number as the sum of the two specified numbers and the second number is the result of value2 subtracted from value1. Where both value1 and value2 are hex numbers with a digit range of 1 to 4. H stands for hex and this command is used to calculate the sum and difference of two hexadecimal numbers. Now to begin with the simple H command of debug. Since the directory (C:\Windows\System32) it is in should already be a part of your %PATH% environment var, you can just go to Run and enter ‘debug.exe’ or do it from the command prompt. In more plainer terms, this program allows the manipulation of file and disk contents byte by byte.įirst open up debug.exe. It is a console program and is included with every Windows OS (In path C:\Windows\System32). ![]() I started this tutorial on, then forgot about it, then finished it Feb 08.ĭebug is a hex editor, assembler, disassembler, and debugger. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |