Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

 debug and some assembly related questions

views
     
TSzybler
post Jan 22 2006, 04:31 PM, updated 19y ago

Casual
***
Junior Member
404 posts

Joined: Jan 2003


I'm a newbie in assembly language, I would be glad if someone could help me out in a couple of questions that I had below:

1. When I'm in debug (under dos), and let's say I type a100, followed by some assembly instructions. The last 2 instructions are INT 21 and INT 20. When I tried tracing it, the instruction "INT 20" is no where to be seen, instead, I see "NOP" instead. I also noticed that after executing the intruction "INT 20", my cs:ip jumped to somewhere else.
xenon
post Jan 22 2006, 05:25 PM

On my way
****
Senior Member
501 posts

Joined: Jan 2005
From: Selangor

This is the first time I try to study the "debug" program. I've never use it because it lacked functionalities and difficult to use. Now the question is are you asking for a workaround to get some work done? Or you want explanation for why something happens?

I think you just want to know "why it happens", rather than "how to do this and that"? What do you expect to happen after tracing INT 20h which means terminate program? I think you are not facing any problem that prevents you from getting your work (tracing registers) done. It is only that you are puzzled by the cs:ip jumped to somewhere else.

I don't know about the details of the "debug" program, so my explanation might be wrong.

Ok. I did some testing. "debug" does trace into interrupt routine. So the cs:ip jump is actually the interrupt routine, which is quite long. Use the command "g" to execute without stepping.

This post has been edited by xenon: Jan 22 2006, 05:32 PM
TSzybler
post Jan 22 2006, 07:40 PM

Casual
***
Junior Member
404 posts

Joined: Jan 2003


Ermm.. sorry.. I made some silly typo mistakes.. what I'm trying to say that, after i traced the instruction "INT 21", by right i should have seen "INT 20" if i type t again. However, the instruction "INT 20" is no where to be seen. Instead, it seems that after "INT 21", the cs:ip jump to another location and in my case, it's "NOP".
xenon
post Jan 22 2006, 08:32 PM

On my way
****
Senior Member
501 posts

Joined: Jan 2005
From: Selangor

Yes. INT 21 is like a jump instruction to call an API (application programming interface). "debug" traces into the API.
TSzybler
post Jan 22 2006, 10:15 PM

Casual
***
Junior Member
404 posts

Joined: Jan 2003


ok. I just find it funny when during our practical 1, we were asked to enter a small program with the last 2 instruction INT 21 and INT 20 into debug and asked us to trace the program until we see INT 20. How are we supposed to do that when we'll never ever see INT 20. After INT 21 we're jumped to somewhere else...
xenon
post Jan 22 2006, 10:21 PM

On my way
****
Senior Member
501 posts

Joined: Jan 2005
From: Selangor

QUOTE(zybler @ Jan 22 2006, 10:15 PM)
How are we supposed to do that when we'll never ever see INT 20.
*
Use the g command, with a parameter that specify "run until this address".

The example shows a 3-line program that prints a character "A".

QUOTE
trace the program until we see INT 20

Maybe you're asked to trace repeatedly. I've never try, but in theory, you will encounter IRET instruction that brings you back to your program. Perhaps you need to "t" 100 times.

You'll see INT 20 many traces after INT 29 (or INT 21). But after calling INT 20, it will terminate without return to your program. Extra info: there is one or two functions of INT 21 that terminates program, similar to INT 20.

This post has been edited by xenon: Jan 22 2006, 10:31 PM


Attached thumbnail(s)
Attached Image
TSzybler
post Jan 23 2006, 10:46 PM

Casual
***
Junior Member
404 posts

Joined: Jan 2003


Thanks... your help is much appreciated.

 

Change to:
| Lo-Fi Version
0.0159sec    0.28    6 queries    GZIP Disabled
Time is now: 29th March 2024 - 07:32 PM