This gets to the other sense of your query: "I want to make a disassembler". The source for ndisasm is available, and it handles many of the descendants of 8086, not just 8086, itself (which seriously clutters it, if all you want is an 8086 or even 80386 disassembler), but it is not self-contained and has a heavy dependency on the rest of the distribution.
And then you've just disassembled a disassembler that also happens to do CPU emulation, like Fake86 does - but only for the 8086. You'll have to make the absolute addresses relative (using the original relocation table as a guide), to make is re-assemblable. Once you do that, you can work on the source. The opcode table is in clear view (if you display it as text) - both when seen in the packed and unpacked versions of debug.exe.
8086 disassembler download view
I might port the DAS disassembler to the x86, since items (a)-(f) are already incorporated into DAS's design. I've only ever ported it to the 8051, 6800, 6809 and 8080/8085 (and Z80) up to now; but the transition from 8085 to 8086 is relatively small. To that end, I might hack something out of Fake86. That's mostly abandonware, now, since the author replaced it by XTulator, as Fake86 was written when the programmer was relatively new to C. You might also be able to hack something directly out of DosDebug's opcode tables (their "instr.*" files).
And of course you can view the memory map quite easily from GDB. In the image below you can see a typical 8086 memory map, take it with a grain of salt as legacy BIOS devs can move things around to fit their needs. But generally BIOS is at 0xC000 to 0xFFFF, bootloader will be loaded at 0x7C00, IVT will be at 0x0000, free space however could be used as needed.
Ever encountered a situation where you needed to view, disassemble or decompile a binary file, such as a data file, an object file,a library archive, a shared library (or DLL in Windows) or an executable image? Assembled on this page are severalhex viewers (hexadecimal viewers), hex editors, disassemblers and decompilers that will allow youto do precisely that.
This is a multiplatform binary viewer with "a built-in editor for binary, hexadecimal and disassembler modes".It supports disassembly of Pentium III, AMD K7 Athlon, and Cyrix M2 as well, and the ability to handle the followingexecutable formats: MZ, NE, PE, LE, LX, DOS, SYS, NLM, arch, ELF, a.out, coff32, PharLap, and rdoff.
Extended mnemonics are often used to support specialized uses of instructions, often for purposes not obvious from the instruction name. For example, many CPU's do not have an explicit NOP instruction, but do have instructions that can be used for the purpose. In 8086 CPUs the instruction xchg ax,ax is used for nop, with nop being a pseudo-opcode to encode the instruction xchg ax,ax. Some disassemblers recognize this and will decode the xchg ax,ax instruction as nop. Similarly, IBM assemblers for System/360 and System/370 use the extended mnemonics NOP and NOPR for BC and BCR with zero masks. For the SPARC architecture, these are known as synthetic instructions.[26]
Part 1: Building and Running a TestProgram in CodeView Download the file "Test.asm" into your masm615/programs directory.
To assemble and link the program, type in the command: ml /Zi test.asm Note: the command-line options for ml are case-sensitive, so you must type the ml command using the case shown for the /Zi switch. If there are errors, use DOS Edit (Edit test.asm) or Notepad to look for the errors in the file and fix them. (There should not be any errors for the downloaded test program.)
Part 2: Running the test program in theCodeView debugger Next, run the program in the CodeView Debugger to trace the program. To run the program in CodeView type in the command: cv test
In CodeView, arrange the your windows as follows: Close the command window by clicking on the upper left corner of the window.
use the Windows menu to open a Register window and the Memory 1 window. The Watch and Source 1 windows should already be open. If not, use the Windows menu to add open them.
Use the Windows Arrange command to get an easy to use layout for the debugger windows. (There should be 4 windows open: Watch, Source, Register, and Memory.)
Create watches for the variables X, Y, and Z by using the Data Add Watch command.
Use F8 (Trace) to trace the first 2 instructions of the program. This should set a new value in the DS register (in the register window).
Click in the upper left corner of the Memory window, and change the first 4 values in the "segment:offset" address information shown to match the value in the DS register: Ex. 0998:0000 Change 0998 to match the number given for DS in register window.
Trace a few more instructions using the F8 key and observe the changes to the variables X, Y, and Z in the watch window.
Once the instruction MOV DX, OFFSET MESSAGE has been executed (notice the change to DX in the register window), change the offset of the first address given in the Memory window to match the value stored in DX. You should see the message "Hullo World" in ASCII text at the right end of the Memory Window.
Continue tracing the program until the INT 21h instruction has been executed. Use the F4 key to view the message displayed on the output screen. Then, use F4 to return to the debugger screen.
Continue tracing the program using F8, including the subroutine, until the program ends. Note: if you use F10 to do the tracing instead of F8, then the subroutine is executed at full speed as a result of the call instruction, but not traced.
If you have any questions about using the debugger, ask the TA to go over this exercise with you discuss how to trace the program in the debugger using the watch, memory, and register windows to track the changes in program variables, registers and memory.
Part 3: Some Tips for Using Codeview:
This page is meant to provide some basic suggestions and strategies for people who are starting out with reverse engineering old adventure games, and aren't sure how to do it. It mainly focuses on resources and tools for reversing DOS game executables, but much of the strategies discussed may apply equally to other systems and debugging tools. This is only intended as an overview; you'll still need to read other resources to learn 8086 assembly language, and learn how to use the various tools effectively.
If the output is larger than a certain threshold (default 1MiB), it will be presented to you as a file available for download. Slices of the file can be viewed in the output if you need to inspect them.
2ff7e9595c
Comments