Presentation is loading. Please wait.

Presentation is loading. Please wait.

DAT2343 File Analysis with MicroSoft DEBUG © Alan T. Pinck / Algonquin College; 2003.

Similar presentations


Presentation on theme: "DAT2343 File Analysis with MicroSoft DEBUG © Alan T. Pinck / Algonquin College; 2003."— Presentation transcript:

1

2 DAT2343 File Analysis with MicroSoft DEBUG © Alan T. Pinck / Algonquin College; 2003

3 Starting a DOS Window in XP Start – Run – (command) or Start – Programs – Accessories – Command Prompt (slight variations may exist between this and different installations of XP or other Windows Operating Systems)

4 DOS Windows Controls in XP It is often useful to be able to mark and copy text from a DOS window (to be pasted into some other application file). By left-clicking on the title bar icon and selecting Edit from the drop- down menu, it is possible to mark and then copy text from a DOS window. (Other Windows OS’s provide icon tools to do this on the title bar).

5 Running DEBUG from the DOS prompt At the DOS prompt, type: DEBUG and hit DEBUG will respond with its prompt symbol, the dash -

6 Examining a File in DEBUG At the DEBUG prompt, enter: N followed by the filepath for the file to be examined This identifies the file Name to DEBUG L This tells DEBUG to Load the file D This tells DEBUG to Display or Dump

7 Sample DEBUG File Display

8 Copying the Hex Contents for Analysis 4A C8 FE FF FF CD C BA DA CA 0A FC 3A B0-40 8A 0E C 20 2C 60 A2 C2 96 A A-26 6A A C0 Use the DOS Windows controls to copy a few lines of the hexadecimal file contents into a NotePad or similar file to work with; set the font to Courier New or some other non-proportional font:

9 Quitting DEBUG In order to exit or “quit” the DEBUG program, enter Q at the DEBUG prompt (Return to the file where you pasted the hexadecimal file contents)

10 Sample Analysis of the “Dump” Suppose that the file contained records composed of a 4 (ASCII) character field followed by a (2-byte) integer field (2’s complement, little Endian). The first two records could be extracted from the dump as: 4A C8 FE

11 Analysis of First “Dump” Record 4A  4 ASCII characters:  4A  Using an ASCII table this translates into “Jp 3”  2-byte integer field  (little Endian form)  Using standard 2’s complement conversion: 2045(hex) = 8261(dec)

12 Summary of DEBUG Commands Nfilepath Name file to be used L Load previously named file D or Dxxxx Dump/Display memory contents (starting at offset xxxx) Q Quit DEBUG

13 End of Lecture


Download ppt "DAT2343 File Analysis with MicroSoft DEBUG © Alan T. Pinck / Algonquin College; 2003."

Similar presentations


Ads by Google