dat2343 file analysis with microsoft debug © alan t. pinck / algonquin college; 2003
TRANSCRIPT
![Page 1: DAT2343 File Analysis with MicroSoft DEBUG © Alan T. Pinck / Algonquin College; 2003](https://reader036.vdocument.in/reader036/viewer/2022062417/551c313e5503469e4f8b6356/html5/thumbnails/1.jpg)
DAT2343
File Analysis with MicroSoft DEBUG
© Alan T. Pinck / Algonquin College; 2003
![Page 2: DAT2343 File Analysis with MicroSoft DEBUG © Alan T. Pinck / Algonquin College; 2003](https://reader036.vdocument.in/reader036/viewer/2022062417/551c313e5503469e4f8b6356/html5/thumbnails/2.jpg)
Starting a DOS Window in XP
• Start – Run – (command)or• Start – Programs – Accessories – Command Prompt
(slight variations may exist between this and different installations of XP or other Windows Operating Systems)
![Page 3: DAT2343 File Analysis with MicroSoft DEBUG © Alan T. Pinck / Algonquin College; 2003](https://reader036.vdocument.in/reader036/viewer/2022062417/551c313e5503469e4f8b6356/html5/thumbnails/3.jpg)
DOS Windows Controls in XP
It is often useful to be able to mark and copy text from a DOS window (to be pasted into some other application file).
By left-clicking on the title bar icon and selecting Edit from the drop-down menu, it is possible to mark and then copy text from a DOS window.
(Other Windows OS’s provide icon tools to do this on the title bar).
![Page 4: DAT2343 File Analysis with MicroSoft DEBUG © Alan T. Pinck / Algonquin College; 2003](https://reader036.vdocument.in/reader036/viewer/2022062417/551c313e5503469e4f8b6356/html5/thumbnails/4.jpg)
Running DEBUG from the DOS prompt
At the DOS prompt, type:DEBUG
and hit <Enter>
DEBUG will respond with its prompt symbol, the dash
-
![Page 5: DAT2343 File Analysis with MicroSoft DEBUG © Alan T. Pinck / Algonquin College; 2003](https://reader036.vdocument.in/reader036/viewer/2022062417/551c313e5503469e4f8b6356/html5/thumbnails/5.jpg)
Examining a File in DEBUG
At the DEBUG prompt, enter:N followed by the filepath for the file to be examined This identifies the file Name to DEBUG
L This tells DEBUG to Load the file
D This tells DEBUG to Display or Dump
![Page 6: DAT2343 File Analysis with MicroSoft DEBUG © Alan T. Pinck / Algonquin College; 2003](https://reader036.vdocument.in/reader036/viewer/2022062417/551c313e5503469e4f8b6356/html5/thumbnails/6.jpg)
Sample DEBUG File Display
![Page 7: DAT2343 File Analysis with MicroSoft DEBUG © Alan T. Pinck / Algonquin College; 2003](https://reader036.vdocument.in/reader036/viewer/2022062417/551c313e5503469e4f8b6356/html5/thumbnails/7.jpg)
Copying the Hex Contents for Analysis
4A 70 20 33 45 20 64 52-35 32 C8 FE 44 61 64 20FF FF CD 21 80 3C 00 74-06 BA DA 89 34 00 CA 0A08 98 80 FC 3A 74 02 B0-40 8A 0E 24 99 0C 20 2C60 A2 C2 96 A0 07 98 8A-26 6A 98 25 02 02 0A C0
Use the DOS Windows controls to copy a few lines of the hexadecimal file contents into a NotePad or similar file to work with; set the font to Courier New or some other non-proportional font:
![Page 8: DAT2343 File Analysis with MicroSoft DEBUG © Alan T. Pinck / Algonquin College; 2003](https://reader036.vdocument.in/reader036/viewer/2022062417/551c313e5503469e4f8b6356/html5/thumbnails/8.jpg)
Quitting DEBUG
In order to exit or “quit” the DEBUG program, enter
Q
at the DEBUG prompt
(Return to the file where you pasted the hexadecimal file contents)
![Page 9: DAT2343 File Analysis with MicroSoft DEBUG © Alan T. Pinck / Algonquin College; 2003](https://reader036.vdocument.in/reader036/viewer/2022062417/551c313e5503469e4f8b6356/html5/thumbnails/9.jpg)
Sample Analysis of the “Dump”
Suppose that the file contained records composed of a 4 (ASCII) character field followed by a (2-byte) integer field (2’s complement, little Endian).
The first two records could be extracted from the dump as:
4A 70 20 33 45 20 64 52 35 32 C8 FE
![Page 10: DAT2343 File Analysis with MicroSoft DEBUG © Alan T. Pinck / Algonquin College; 2003](https://reader036.vdocument.in/reader036/viewer/2022062417/551c313e5503469e4f8b6356/html5/thumbnails/10.jpg)
Analysis of First “Dump” Record
4A 70 20 33 45 20 4 ASCII characters:
4A 70 20 33 Using an ASCII table this translates into “Jp 3”
2-byte integer field 45 20 (little Endian form)
Using standard 2’s complement conversion:2045(hex) = 8261(dec)
![Page 11: DAT2343 File Analysis with MicroSoft DEBUG © Alan T. Pinck / Algonquin College; 2003](https://reader036.vdocument.in/reader036/viewer/2022062417/551c313e5503469e4f8b6356/html5/thumbnails/11.jpg)
Summary of DEBUG Commands
Nfilepath Name file to be used
L Load previously named file
D or Dxxxx Dump/Display memory contents (starting at offset
xxxx)
Q Quit DEBUG
![Page 12: DAT2343 File Analysis with MicroSoft DEBUG © Alan T. Pinck / Algonquin College; 2003](https://reader036.vdocument.in/reader036/viewer/2022062417/551c313e5503469e4f8b6356/html5/thumbnails/12.jpg)
End of Lecture