DEBUG.EXE is a command that may be very familiar to some people, but strange to others. Some people use it like an expert but some people doesn't even know what it is and/or how to use it. I am neither an expert on it, nor somebody who doesn't know it at all. I just want to introduce some useful techniques about it.
Let me show you an example first:
C:\>COPY CON TEST.TXT
I am a white rabbit.
I like peace.
^Z
1 file(s) copied
C:\>DEBUG
-A 100
0C46:0100 MOV AX, 0201
0C46:0103 MOV BX, 0300
0C46:0106 MOV CX, 0001
0C46:0109 MOV DX, 0080
0C46:010C INT 13
0C46:010E INT 3
0C46:010F
-G = 100
-D 4BE 4FF
0C46:04B0 00 01 ..
0C46:04C0 01 00 17 FE 7F 03 3F 00-00 00 C5 BB 3F 00 80 00 ......?.....?...
0C46:04D0 41 04 0C FE FF FF 04 BC-3F 00 96 68 00 01 00 00 A.......?..h....
0C46:04E0 C1 FF 0F FE FF FF 9A 24-40 01 37 D3 F3 01 00 00 .......$@.7.....
0C46:04F0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 55 AA ..............U.
-N MBR.DAT
-R BX
BX 0000
:0
-R CX
CX 0000
:200
-W 300
-N TEST.TXT
-L 300
-R BX
BX 0000
:
-R CX
CX 0025
:
-D 300 324
0C46:0300 49 20 61 6D 20 61 20 77-68 69 74 65 20 72 61 62 I am a white rab
0C46:0310 62 69 74 2E 0D 0A 49 20-6C 69 6B 65 20 70 65 61 bit...I like pea
0C46:0320 63 65 2E 0D 0A ce...
-Q
C:\>
In this example, I showed you three things:
If you are new to DEBUG.EXE, you need to know that the text shown above are not all needed to type: some text is information given by DEBUG.EXE. You need to practice it if you really want to use DEBUG.EXE well. For help information on DEBUG.EXE, type "?" at the prompt of DEBUG.EXE. If you want to safely and successfully practice the above operations, you need to switch to pure MS-DOS. You cannot make direct disk access under Windows NT/2000. You cannot safely access the MBR under Windows 9x. So you need to switch to pure MS-DOS before you do those things.
Detailed explanations to the operations above:
-A 100 Start entering assembly code from memory address 100
(note: DEBUG automatically allocates 64KB memory from
0000H to FFFFH)
0C46:0100 MOV AX, 0201 Set access mode to "read" (AX is a CPU register, which
usually stores adder data or data used by interrupts,
since INT 13H is going to be called, here it means
"Set access mode to 'read'")
0C46:0103 MOV BX, 0300 Set memory address to 0300H
0C46:0106 MOV CX, 0001 Set sector to 0001H (this composes part of a sector
address on a HDD)
0C46:0109 MOV DX, 0080 Set HDD number to 0080H (0080H is the first HDD on
a PC)
0C46:010C INT 13 Call INT 13H
0C46:010E INT 3 Call INT 3H to return control to DEBUG.EXE
0C46:010F (Type a return here)
-G = 100 Execute the code from 0100H
-D 4BE 4FF Display information of the partition table and the
MBR signature (4BEH = 0300H + 01BEH, 1BEH is the
standard offset of a partition table, from that
position, there are four partition tables; each
partition table is 16 bytes long; the rest two bytes
at 04FEH and 04FFH should be 55H and AAH, which
conposes the MBR signature)
0C46:04B0 00 01 ..
0C46:04C0 01 00 17 FE 7F 03 3F 00-00 00 C5 BB 3F 00 80 00 ......?.....?...
0C46:04D0 41 04 0C FE FF FF 04 BC-3F 00 96 68 00 01 00 00 A.......?..h....
0C46:04E0 C1 FF 0F FE FF FF 9A 24-40 01 37 D3 F3 01 00 00 .......$@.7.....
0C46:04F0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 55 AA ..............U.
MBR information (yours may be different from mine)
-N MBR.DAT Set filename to "MBR.DAT"
-R BX Retrieve and change the value of BX (BX and CX
together represents the length of a file; they are
used when loading or saving a file)
BX 0300
:0
-R CX Retrieve and change the value of CX (because the
length of the MBR is 0200H, that is, 00000200H, BX
is set to 0000H and CX is set to 0200H)
CX 0001
:200
-W 300 Save the file with information from memory address
0300H and until length 00000200H
The rest part can be done under Windows NT.
-N TEST.TXT Set filename to "TEST.TXT"
-L 300 Load it to memory address 0300H
-R BX Retrieve BX (and then CX) to view its length
BX 0000
: (Just type return here)
-R CX
CX 0025
: (Just type return here)
-D 300 324 Show the content of the file (0300H + 0025H - 1
= 0324H is the end of the file in the memory)
0C46:0300 49 20 61 6D 20 61 20 77-68 69 74 65 20 72 61 62 I am a white rab
0C46:0310 62 69 74 2E 0D 0A 49 20-6C 69 6B 65 20 70 65 61 bit...I like pea
0C46:0320 63 65 2E 0D 0A ce...
-Q Quit DEBUG
From the example above you may discover something very interesting: <ENTER> is only one key, but it takes two bytes in a plain text file: "0D 0A".
Now you know how to load the MBR into the memory using DEBUG.EXE, so let me tell you how to save a block of memory to the MBR: just replace "MOV AX, 0201" with "MOV AX, 0301". If you've just assembled all the code for reading the MBR, you only need to type "A 100", "MOV AX, 0301", and press <ENTER>. I hope I've helped you.