Make your own free website on Tripod.com

Basic Usage of DOS DEBUG

Materials:
Working complete PC
Blank Diskette
Student Diskette, "New Boot A Ver 2.0+"
Student CD-ROM, "Room 6359"
Objectives:
The student will become familiar with how to use DOS DEBUG to:
clear the DEBUG workspace RAM with zeros,
load a raw sector into RAM,
display RAM contents on screen,
Competency:
The student will how to use DEBUG's basic commands for the purposes of data recovery including how to clear the DEBUG RAM workspace with zeros, load a raw sector into RAM and how to display its contents on screen.

    DEBUG.EXE

  1. This machine language programmer's tool has been included with all versions of DOS from the beginning up to the WIN9x family and the WINNT family including Windows XP. Because the 32-bit Windows operating systems are protected mode operating systems many of the more powerful and hence useful capabilities of DEBUG will be blocked if they are attempted from DEBUG running within a DOS box. As such all exercises with DEBUG must be performed from a DOS only boot up (i.e. a DOS bootable diskette or CD-ROM).

  2. Procedures

  3. Boot to the Room 6359 student CD-ROM. Cancel the virus scan if it starts with [Ctrl]+[Break]. From the Q:\BOOTNAV prompt change to the K: RAM Drive which the bootable CD-ROM automatically creates. Insert a boot diskette into the floppy drive which has been remapped by the bootable CD-ROM to be physical diskette drive B: Now start DEBUG:


    K:\>debug
    -_

  4. At the DEBUG "dash prompt" enter the command "d 100 1ff" which tells DEBUG to dump or display the contents of RAM from offset 100 to offset 1FFh on screen. Note that the program DEBUG itself occupies the first 256 bytes of RAM from offset 0 to offset FFh and these are offlimits. The workspace begins at offset 100h and is roughly 32KB in size. Going beyond the end of the workspace, one runs into DEBUG again and corrupts it forcing a reboot. Corrupting the area below offset 100h can also lock up the machine and force a reboot:

    -d 100 1ff
    242C:0100  BA 83 03 E8 34 F2 C6 06-2A 28 FF 81 3E D8 2A 0F   ....4...*(..>.*.
    242C:0110  29 75 2C C6 06 0F 29 20-C7 06 D8 2A 34 00 1B 24   )u,...) ...*4..$
    242C:0120  FC 30 00 40 75 0E 81 0E-FC 30 00 40 A1 DA 2A A2   .0.@u....0.@..*.
    242C:0130  B5 2F EB 0B BA 83 03 E8-00 F2 C6 06 2A 28 FF 81   ./..........*(..
    242C:0140  3E E0 2A 6E 28 75 7A C7-06 E0 2A 00 00 C6 06 6E   >.*n(uz...*....n
    242C:0150  28 20 F7 06 FC 30 02 00-75 5C 83 0E FC 30 02 8E   ( ...0..u\...0..
    242C:0160  1E E4 2A FC 8B CE 26 8B-36 E2 2A 80 3C 00 75 22   ..*...&.6.*.<.u"
    242C:0170  06 26 8B 3E 2B 28 2B CF-26 8E 06 11 27 B0 3A F2   .&.>+(+.&...'.:.
    242C:0180  AE 07 06 1F E3 2E C6 06-2A 27 00 C6 06 10 27 FF   ........*'....'.
    242C:0190  EB 22 BF 2A 27 B9 0C 00-F3 A4 06 1F BE 2A 27 C6   .".*'........*'.
    242C:01A0  06 10 27 FF E8 7C 02 73-0B BA 63 02 E8 8B F1 C6   ..'..|.s..c.....
    242C:01B0  06 2A 28 FF EB 0B BA 83-03 E8 7E F1 C6 06 2A 28   .*(.......~...*(
    242C:01C0  FF 81 3E D0 2A F0 28 75-0B C6 06 F0 28 20 81 0E   ..>.*.(u....( ..
    242C:01D0  FC 30 00 08 81 3E E0 2A-03 29 75 38 C6 06 03 29   .0...>.*.)u8...)
    242C:01E0  20 C7 06 E0 2A 00 00 C7-06 D8 2A 00 00 F7 06 FC    ...*.....*.....
    242C:01F0  30 00 10 75 14 81 0E FC-30 00 10 83 0E FE 30 01   0..u....0.....0.
    -_
  5. The offset of the first byte of each row is displayed at the far left of the output, the actual bytes values at each location are shown in hexadecimal across the rows and the ASCII code equivalents are shown at the far right. If there is no text ASCII code equivalent of the value DEBUG displays a period instead. Therefore it is important to know the ASCII code for a period itself since at the right it could be mistaken for a byte that has no ASCII equivalent when in fact it is a period. The ASCII code for a period is "2Eh" A byte holding this value is highlighted and its ASCII equivalent to the far right to clarify:

    -d 100 1ff
    242C:0100  BA 83 03 E8 34 F2 C6 06-2A 28 FF 81 3E D8 2A 0F   ....4...*(..>.*.
    242C:0110  29 75 2C C6 06 0F 29 20-C7 06 D8 2A 34 00 1B 24   )u,...) ...*4..$
    242C:0120  FC 30 00 40 75 0E 81 0E-FC 30 00 40 A1 DA 2A A2   .0.@u....0.@..*.
    242C:0130  B5 2F EB 0B BA 83 03 E8-00 F2 C6 06 2A 28 FF 81   ./..........*(..
    242C:0140  3E E0 2A 6E 28 75 7A C7-06 E0 2A 00 00 C6 06 6E   >.*n(uz...*....n
    242C:0150  28 20 F7 06 FC 30 02 00-75 5C 83 0E FC 30 02 8E   ( ...0..u\...0..
    242C:0160  1E E4 2A FC 8B CE 26 8B-36 E2 2A 80 3C 00 75 22   ..*...&.6.*.<.u"
    242C:0170  06 26 8B 3E 2B 28 2B CF-26 8E 06 11 27 B0 3A F2   .&.>+(+.&...'.:.
    242C:0180  AE 07 06 1F E3 2E C6 06-2A 27 00 C6 06 10 27 FF   ........*'....'.
    242C:0190  EB 22 BF 2A 27 B9 0C 00-F3 A4 06 1F BE 2A 27 C6   .".*'........*'.
    242C:01A0  06 10 27 FF E8 7C 02 73-0B BA 63 02 E8 8B F1 C6   ..'..|.s..c.....
    242C:01B0  06 2A 28 FF EB 0B BA 83-03 E8 7E F1 C6 06 2A 28   .*(.......~...*(
    242C:01C0  FF 81 3E D0 2A F0 28 75-0B C6 06 F0 28 20 81 0E   ..>.*.(u....( ..
    242C:01D0  FC 30 00 08 81 3E E0 2A-03 29 75 38 C6 06 03 29   .0...>.*.)u8...)
    242C:01E0  20 C7 06 E0 2A 00 00 C7-06 D8 2A 00 00 F7 06 FC    ...*.....*.....
    242C:01F0  30 00 10 75 14 81 0E FC-30 00 10 83 0E FE 30 01   0..u....0.....0.
    -_
  6. DEBUG is displaying the random data that was already present in the RAM workspace before it was launched. This area ...

Copyrightę2000-2007 Brian Robinson ALL RIGHTS RESERVED