Debug is a Program testing and editing tool that can be executed from windows command prompt.
Debug can be used to create large files.[like dd in linux, but its not dd,dd is a power tool]
Lets see how debug looks at a file .
Few commands in debug needed for this exercise
- r = view the registers
- w = write to the file or disk
- r bx = change register bx value
- r cx = change register cx value
- ? = help on debug
- q = Quit debug
When a file is opened in debug the register values are initialized as follows
bx:cx - the size of the file
ip - the starting address for execution
[which is 0000 for exe and 0100 for bat,other files]
D:\>dir /x Mathematica_5.1_Win.EXE
Volume in drive D is SOFTWARE
Volume Serial Number is 5CE3-FAD8
Directory of D:\
02/03/2005 10:27 AM 113,126,762 MATHEM~1.EXE Mathematica_5.1_Win.EXE
1 File(s) 113,126,762 bytes
0 Dir(s) 28,524,593,152 bytes free
D:\>debug mathem~1.exe
-r
AX=0000 BX=06BE CX=2B6A DX=0000 SP=00B8 BP=0000 SI=0000 DI=0000
DS=0B80 ES=0B80 SS=0B90 CS=0B90 IP=0000 NV UP EI PL NZ NA PO NC
0B90:0000 0E PUSH CS
-q
In the above listing BX:CX value translated to 06BE2B6A in hex which is
113126762 bytes in decimal.[The size of the file :)]
We can use the above info to create a large file and maybe even zero fill it.
When we open a non existent file , debug complains but lets you into the prompt.
And when we check the registers BX and CX and initialized to zero.
When we change the bx,cx value to the size of file and write the changes the file is created
with the specified size. :-)
Lets say we need to create a 1MB file.
Open up calculator and calculate the hex value for 1MB [1048576 bytes]
Fire up debug in command prompt and create the file.
D:\>debug a.txt
File not found
-r bx
BX 0000
:0010
-r cx
CX 0000
:0000
-w
Writing 100000 bytes
-q
D:\>dir a.txt
Volume in drive D is SOFTWARE
Volume Serial Number is 5CE3-FAD8
Directory of D:\
02/05/2009 09:16 AM 1,048,576 A.TXT
1 File(s) 1,048,576 bytes
0 Dir(s) 28,523,511,808 bytes free
D:\>
The file created will have alien data [taken from stack maybe].
Zero filling a file is possible in debug but it has a few limitations.
Lets create a 100 byte file and try to zero fill it
D:\>debug a2.txt
File not found
-r bx
BX 0000
:0000
-r cx
CX 0000
:0100
-d 0100
0B31:0100 4D 00 00 3D 00 00 00 00-00 00 00 00 00 00 00 00 M..=............
0B31:0110 43 4F 4D 53 50 45 43 3D-43 3A 5C 57 34 00 20 0B COMSPEC=C:\W4. .
0B31:0120 57 53 5C 53 59 53 54 45-4D 33 32 5C 43 4F 4D 4D WS\SYSTEM32\COMM
0B31:0130 41 4E 44 2E 43 4F 4D 00-41 4C 4C 55 53 45 52 53 AND.COM.ALLUSERS
0B31:0140 50 52 4F 46 49 4C 45 3D-43 3A 5C 44 4F 43 55 4D PROFILE=C:\DOCUM
0B31:0150 45 7E 31 5C 41 4C 4C 55-53 45 7E 31 00 41 50 50 E~1\ALLUSE~1.APP
0B31:0160 44 41 54 41 3D 43 3A 5C-44 4F 43 55 4D 45 7E 31 DATA=C:\DOCUME~1
0B31:0170 5C 7A 75 6C 66 69 5C 41-50 50 4C 49 43 7E 31 00 \zulfi\APPLIC~1.
-f 0100 L 100 0
-d 0100
0B31:0100 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0B31:0110 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0B31:0120 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0B31:0130 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0B31:0140 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0B31:0150 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0B31:0160 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
0B31:0170 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
-w
Writing 00100 bytes
-q
D:\>
Fill has this syntax
-f (memory_location) L (num_of_bytes_to_fill) (filler)
We used '0' as filles ,filler can be anything .ex: 1234 will fill the file with 1234`s
'0100' was used as offset since the file is loaded at 0100 [open a simple txt file and check for
Number of bytes can be specified to a max of FFFF [ not sure]
So to fill files bigger that FFFF I have to change the offset a couple of times and fill the
whole file which is not a good idea.
We`ll see of there`s a better way out...
A tuturial on Debug command can be found here :
http://www.armory.com/~rstevew/Public/Tutor/Debug/debug-manual.html
No comments:
Post a Comment