Straight to business, open an ms dos prompt and type ‘debug’
The prompt should now be a simple’-’ from here you can issue debug commands.
First off we’re going to look at the registers, type ’r’ and press enter, the output i got was:
AX=0000 BX=0000 CX=0000 DX=0000 SP=FFEE BP=0000 SI=0000 DI=0000
DS=2422 ES=2422 SS=2422 CS=2422 IP=0100 NV UP EI PL NZ NA PO NC
2422:0100 C3 RET
AX, BX, CX and DX are registers, which at the moment are empty (we‘ll be manipulating these shortly).
SP is the stack pointer, IP is the instruction pointer which, as its name suggests points to the next instruction to be executed.
Obviously 0100 isnt a memory address so its coupled with the CS register, so the instruction pointer, when i did that dump, was pointing to the segment at 2422:0100.
As you can see on the last line, also displayed is the instruction there at the time, now for the aforementioned register manipulation, issue the following commands at the debug prompt:
r AX
4
Now type ‘r’ again to do another dump and the value of AX should change to reflect the value you just placed into it. (it should say AX=0004)
Repeat the process substituting AX for BX and 4 for, lets say, 2. Do another dump and you’ll see you have a value in the AX and BX registers. To add these two values together is going to be a bit trickier. First off we need to get the instruction into memory and then get the instruction pointer to point at it, issue the following commands at the debug prompt:
e 100 #selects the address 0100h
01 #places 01h at the above address
e 101 #selects the address 0101h
D8 #places D8h at the above address
Now do a dump, the last line should say:
2422:0100 01D8 ADD AX,BX
01D8 is the x86 machine code for adding the AX and BX registers (where mine says 2422, yours will probably be different), either way the next instruction to be performed is to add the values contained in the AX and BX registers (which remember you put values in earlier).
To execute this instruction type ‘t’ at the debug prompt. ‘t’ stands for trace, when you execute the instruction another dump is automatically performed to show you the results of the instruction:
AX=0006 BX=0002 CX=0000 DX=0000 SP=FFEE BP=0000 SI=0000 DI=0000
DS=2422 ES=2422 SS=2422 CS=2422 IP=0102 NV UP EI PL NZ NA PE NC
2422:0102 8AC3 MOV AL,BL
As you can see the value of the calculation is stored in AX, the original value remains in BX, the instruction pointer is now pointing at 0102h.
Executing this instruction would have unpredictable results so reset the pointer by typing ‘r IP’ at the debug prompt to reset the instruction pointer.
Now thst you know the basics, i'll quickly run through how to multiply.
The machine code for multiplying the AX and BX registers is F7E3, so:
e 100
F7
e 101
E3
See if you can figure out how to subtract and divide (you’ll have to find out the x86 machine code for the operation.
This article was originally written by pigsbig78 |
Copyright Open Source Institute, 2006 
