The first article about assembly: love love, this register about some interesting
Hello, everyone! I’m Cxuan, a programmer! We looked at the basic registers in the previous article, but in this article we’ll put them into practice.
Teach you assembly Debug by hand
We will use a lot of Debug commands in the future, so let’s familiarize ourselves with them.
What is the Debug
Debug is a function provided by the Windows/Dos operating system. Using Debug enables us to easily view the value of various CPU registers and memory conditions, and facilitates us to Debug instructions and track the running process of the program.
Next we will use a lot of debug commands, but to use these commands, you need to install debug on your computer, Windows/Mac can be installed, I have found the link for you. Oh, I forgot to mention that we are using Dos Box here to simulate the operating environment of assembly.
Portal (Mac and Windows) : www.dosbox.com/download.ph…
After downloading the DosBox, it looks like this.
When we enter the debug command, it should prompt
Since we haven’t connected and mounted yet, we execute at this point
mount c D:\debug
Copy the codeTo execute this command, you will need to create a debug folder on drive D, and we will mount it under Debug.
In addition, run C: to switch to drive C.
At this point we can execute the debug command.
I need to pay attention to this. When I set up the Debug environment in Windows 10 system, I typed “Debug” after mounting, and still prompted “Illegal Command: Debug”. At this time, you need to download another debug.exe.
Download address: pan.baidu.com/s/177arSA34… Password: 3 akd
You need to download the debug.exe and place it in the directory where you mounted it. In this case, I mounted it in the DEBUG folder on drive D.
Once you’re done, type DEBUG.
Because every time you open Dosbox, you will execute the above commands, which is really annoying, so what to do? An easy way to do this is to go to the Dosbox installation path
When open, type at the end
OK, next time open Dosbox directly, these three commands will be executed by default. So far, this is all the problems I encountered in building Dosbox.
The Debug of actual combat
Play assembly to learn to use Debug, Debug is a debugging program, through the Debug can let us see the memory value, trace the stack, see the register temporarily stored content, etc., but also can better help us understand assembly code, so learn Debug, is very important. This is an indispensable hands-on ability.
The following Debug commands will be used, and they are briefly introduced here.
There are many Debug commands, but these commands are commonly used.
Ok, now let’s go straight to the topic and start the official Debug operation on Dosbox. First, open Dosbox.
Well… We’ve opened this screen multiple times.
What if I write an order? Okay, never done, here we go!
Debug -r
Debug -r allows you to view and modify the contents of the CPU register.
View register contents.
Debug -r is used to view the register contents. -r is an invalid instruction.
Code Segment (CS) is a Code Segment register. It is also called a base address of a Code Segment. Instruction Pointer registers (also known as offset addresses) tell us which segment address to fetch from the base address of the segment. This Instruction Pointer registers (also known as offset addresses) tell us which segment address to fetch from the base of the segment.
You can use segment base address: offset address to determine the specified address in memory.
Here we will talk briefly about the concept of these two registers. To understand the specific functions of these two registers, you can see my last article
You can also modify the contents of the register using -r, as shown below
The general format for -r is the -r register, and then the system will prompt you with a colon, followed by what you want to change.
Debug -d
Use the -d command to view the contents of memory.
By default, the output memory value starts with the CS:IP address. Since the default CS value is 073F and the default IP address is 0100, the memory value of -d is 073F:0100.
There are many formats of -d. The following describes some commonly used formats.
A format like -d 1000:0, the offset address of the -d segment base address, produces the following output.
As shown in the figure above, Debug lists the contents of the specified memory location. Each of the 00’s in the figure above represents 8 bits, and if it’s 4A, the eight bits expand to 0010, 1011. Each line has 16 8-bits, so it constitutes a 128-bit memory address.
Why not? Because the value of the memory unit is not overwritten, which means that there is no value in this area of memory.
In the middle of each line is a -, which is set up to make it easier for us to read, and there are 8 memory units before and after the – sign, so it’s easy to look at.
Several on the right…… Represents the ASCII character that can be displayed for each memory cell, since memory has no value and therefore no CORRESPONDING ASCII code. We can count 16. In each line, which means that each 00 corresponds to an ASCII code.
We can use the -d segment base: start offset address format -d 1000:9 to display the starting digit of 1000.
The Debug starts from 1000:9 to 1000:88 and contains 128 bytes. Contents in the first line from 1000:0 to 1000:8 are not displayed.
You can also use -d 1000:0 9, which is the -d segment base address: start offset address and end offset address format.
You can also use the -d offset address to view memory values without specifying a segment base address.
Debug -e
Check the value of the specified location or region in memory.
-e can be used to rewrite memory values. For example, if we want to rewrite the contents of 1000:0 to 1000:f, we can use -e 1000:0 0 1 2 3 4 5 6 7 8 9 0 A B C D E F, as shown in the following figure.
Note that when you overwrite -e, each value has a space in the middle. If there is no space, it will be treated as a memory value.
And then -d 1000:0 to see the memory value we just overwrote.
You can also use questions to modify the contents of memory cells starting at an address one by one.
Again using 1000:100 as an example, print -e 1000:100 and press Enter.
As shown in the image above, you can see that we typed the -e 1000:100 command once and then hit the Enter key.
Notice, if you hit enter here, you’re done rewriting -e.
If you want to continue overwriting later values in memory, you need to press the space bar.
We overwrite memory values after 1000:100, and then use -d 1000:100 to see if our overwrite works.
The -e command also supports writing characters. For example, we can start writing values and characters to the position 1000:0. -e 1000:0 1 ‘a’ 2 ‘b’ e ‘c’.
As shown in the figure above, when we write characters ‘a’ ‘b’ ‘c’ to memory, it is automatically converted to ASCII for storage, and the character we just wrote can be found on the far right.
Debug -u
How do you write a piece of machine code into memory? Let’s say we want to write a piece of machine code in memory.
We can use -e to write to memory the machine code b8 01 00 B9 02 00 01 C8, as shown below
After we use -e to write, we use -d to check the memory value, we can find the value we just wrote, but we can’t see the machine code, so how to read the machine code?
Don’t worry, there is also a -u command, this is to look at the machine code, as shown below, we use the -u command to display the machine code we have written.
It can be seen that the memory address 1000:0000 ~ 1000:0006 makes us write machine code. The -u command is to translate the contents of the memory cell into assembly instructions and display them.
The -u output is divided into three parts:
- On the far left is the address of each machine instruction;
- In the middle are machine instructions;
- On the far right are assembly instructions executed by machine instructions.
1000:0 stores machine instructions composed of machine code B8 01 00, and the corresponding assembly instruction is MOV AX,0001.
1000:0003 stores machine instructions composed of machine code B9 02 00 written, and the corresponding assembly instruction is MOV CX,0002.
At 1000:0006, machine instructions composed of machine code C1 C8 are stored, and the corresponding assembly instructions are Add AX, Cx.
Debug -t
The above series of instructions, including the debug-E machine code mentioned above, are written to the memory, so how to execute these instructions?
We can use debug-t to execute the write instruction. Debug-t allows you to execute instructions pointed to by CS:IP.
Since it is -t that can execute commands pointing from CS:IP, it is necessary to point CS:IP at 1000:0 (because we wrote the instructions at 1000:0 earlier).
First we need to execute -r cs 1000, -r IP 0 to assign cs :IP to 1000:0.
Then the -t command is executed. The following is a screenshot of the command that has been executed.
MOV AX,0001 MOV AX,0001 MOV AX,0001 MOV AX,0001 MOV AX,0001 MOV AX,0001
After continuing with -t, we can see the register change.
Debug -a
After all, machine instructions are not so easy to understand and write, so is there a way to support us to write assembly instructions directly? Debug provides the -a option to write assembly instructions. As shown in the figure below
Mov AX,1 mov bx,2 mov cx,3 add AX,bx add ax,cx add ax,ax, and press Enter to confirm execution.
We use -d 1000:0 f to see the FTH memory instruction starting at offset address 0 (because the largest address written is only f).
The reason why 1000:000f in the figure above has a value is because we’ve already done this write above.
In addition, using -a allows you to enter instructions from a preset address.
conclusion
Today I have talked about the basic usage of Debug
- -r Displays or modifies the contents of a register
- -d Displays instructions in memory
- -e Modifies memory contents
- -u can interpret the contents of memory as machine instructions and corresponding assembly instructions
- -t Executes the command at CS:IP
- -A writes to memory in assembler form
There are many options for assembly instructions, the above are often used instructions, these instructions to be able to use skillfully.
Finally, I would like to recommend my own Github, which has a lot of hardcore articles that will definitely help you.