Pay attention to the values of CS and IP in the observation diagram
: The address at CS:IP is the instruction that the CPU is currently reading and executing.
Debug also lists the machine code stored in the memory unit pointed to by CS:IP, and translates it into an assembly rule instruction.
In the figure, the memory unit pointed to by CS:IP is 0AE1:0100 , the machine code stored here is DF9989916 , and the corresponding assembly instruction is:
FISTP WORD PTR [BX+DI+1689]
You can also use the R command to modify the contents of the register:
(5) Use the D command in debug to view the contents of the memory.
We use the " D segment address: offset address " format to view the contents of a certain memory. For example, to view the contents of memory 10000H, the address format is 1000:0, and then use " D 1000:0 " to list the contents at 1000:0:
using the format of " D segment address + offset address ", Debug will list the address from Specifies the contents of the 128 memory cells starting with the memory cell.
For example, we run the command " D 0AE1:0100 " and the result is as shown:
Parse:
Using the D command, Debug will output three parts:
- On the left is the starting address of each line.
- On the right is the data in each memory unit corresponding to the displayable ASCII characters.
- The middle part is the content of 128 memory units starting from the specified address, which is output in hexadecimal format. The output of each line starts from the address of an integer multiple of 16, and the content of up to 16 units is output.
Note that there is a "-" in the middle of each line, dividing the output of each line into two parts, this is just for easy viewing.
Notice:
The content we see in the memory is different in different computers, and it may be different every time we use Debug.
Because what we see with Debug is the content that was originally in the memory, these content are affected by the system environment that may change at any time.
example:
Use " D 1000:9 " to view the content at 1000:9:
Debug displays from 1000:9 until 1000:88, a total of 128 bytes. The contents of 1000:0~1000:8 in the first line are not displayed.
After using "D segment address: offset address", then use the D command to list the following contents:
You can also specify the viewing range of the D command:
D segment address: start offset address end offset address .
example
For example, to see the content in 1000:0~1000:9:
(6) Use the E command of Debug to rewrite the content in the memory.
example:
Write 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 in the memory unit 1000:0~1000:9 respectively, you can use " E start address data data data...... ” format;
Use the E command to write characters into the memory, for example: use the E command to write from the memory 1000:0: 1, "a", 2, "b", 3, "c". The result is as follows:
Use the E command to write a string to the memory. For example, use the E command to write from memory 1000:0: 1, "a+b", 2, "c++", 3, "IBM". The result is as follows:
(7) Use the E command to write the machine code into the memory, use the U command to check the meaning of the machine code in the memory, and use the T command to execute the machine code in the memory.
Write such a piece of machine code starting from the memory unit 1000:0:
mov ax,0001 //机器码:b80100 mov cx,0002 // 机器码:b90200 add ax,cx //机器码:01c8
**We can use the U command to view the machine instructions corresponding to the original machine code we wrote into memory or in memory
example
Use the U command to translate the contents of the memory unit starting from 1000:0 into assembly instructions and display them. The display output of the U command is divided into three parts: the address of each machine instruction, the machine instruction, and the assembly instruction corresponding to the machine instruction.
As we can see, there is no difference between data and code in memory. The key is how to interpret it.
Use the debug T command to execute one or more instructions, and simply use the T command to execute the instruction pointed to by CS:IP. To execute an instruction written to 1000:0 using the T command, there are two steps:
- Let CS:IP point to 1000:0 first
- Use the R command to modify the contents of CS and IP so that CS:IP points to 1000:0
- Use the T command to execute the instruction we wrote (at this point, CS:IP points to the memory unit where our instruction is located)
- After executing the T command, the CPU executes the instruction pointed to by CS:IP, and the instruction B8 01 00 (mov ax, 0001) at 1000:0 is executed. After the instruction is executed, the debug display outputs the state of the registers in the CPU.
Notice:
After the instruction is executed, the content in AX is rewritten to 1, IP becomes IP+3 (because the instruction length of mov ax, ooo1 is 3 bytes), CS:IP points to the next instruction.
We can continue to execute instructions downward with the T command:
(8) Use the debug A command to write machine instructions in the memory in the form of assembly instructions.
It can be seen that when using the A command to write instructions, we input assembly instructions, and Debug translates these assembly instructions into corresponding machine instructions, and writes their machine codes into memory.
Commands used in this experiment
- View and modify the contents of registers in the CPU: R command
- See what's in memory: D command
- Modify the contents of the memory: E command (can write data, instructions, in memory, they are actually no difference)
- Interpret the contents of memory as machine instructions and corresponding assembly instructions: U command
- Execute the instruction at the memory unit pointed to by CS:IP: T command
- Write instructions to memory in the form of assembly instructions: A command