Parameters listed in [ ] are explained as:

address :–

Memory location specified in hexadecimal. for example

100 DS:12 SS:0 198A:1234

Range: –

Two hexadecimal addresses separated by a single space. They may be listed as

either full Segment:Offset pairs or just an Offset alone .

List: –
A string of Hexadecimal bytes separated by a space, or ASCII data enclosed
within single or double quote marks.for example:
e 100 31 C0 B4 09 BA 50 02 CD 21 B8 4C 00 CD 21
e 250 'This is an ASCII data string.$'
number - All numbers and values used in any DEBUG commands are understood
as being Hexadecimal only.
Quit: Q
Immediately quits (exits) the Debug program.
Hex: H value1 value2
A very simple (add and subtract only) Hex calculator. Enter two Hex values (no more
than four digits each) and DEBUG shows first the SUM, then the DIFFERENCE of
those values. Examples:
-h aaa 531 -h fff 3 -h dbf ace
0FDB 0579 1002 0FFC 188D 02F1
Dump: D [range]
D [address] [length]
Displays the contents of a block of memory. The Memory locations near the beginning of
Segment C000 should display information about the kind of video card installed on your PC.
This first example shows we have a Matrix card in this system.
Examples:
-d c000:0010
C000:0010 24 12 FF FF 00 00 00 00-60 00 00 00 00 20 49 42 $.......`.... IB
C000:0020 4D 20 43 4F 4D 50 41 54-49 42 4C 45 20 4D 41 54 M COMPATIBLE MAT
Search: S range list
Searches within a range of addresses for a pattern of one or more byte values given in
a list. The list can be comprised of numbers or character strings enclosed by
matching single or double quote marks.Examples:
-s fe00:0 ffff "BIOS"
FE00:0021
FE00:006F
Compare: C range address
Compares two blocks of memory. If there are no differences, then DEBUG simply
displays another prompt (-). Here's an example of what happens when
there are differences:
-c 140 148 340
127D:0143 30 6D 127D:0343
127D:0146 10 63 127D:0346
127D:0148 49 30 127D:0348
The bytes at locations 140 through 148 are being compared to those at 340 (through
348, implied); the bytes are displayed side by side for those which are different (with
their exact locations, including the segment, on either side of them).
Fill: F range list
This command can also be used to clear large areas of Memory as well
as filling smaller areas with a continuously repeating phrase or single byte. Examples:
-f 100 12f 'BUFFER'
-d 100 12f
xxxx:0100 42 55 46 46 45 52 42 55-46 46 45 52 42 55 46 46 BUFFERBUFFERBUFF
xxxx:0110 45 52 42 55 46 46 45 52-42 55 46 46 45 52 42 55 ERBUFFERBUFFERBU
xxxx:0120 46 46 45 52 42 55 46 46-45 52 42 55 46 46 45 52 FFERBUFFERBUFFER
Enter: E address [list]
Used to enter data or instructions (as machine code) directly into Memory locations.
Example: First we'll change a single byte at location CS:FFCB from whatever it was
before to D2
-e ffcb d2
Go: G [=address] [addresses]
Go is used to run a program and set breakpoints in the program's code.
Optional breakpoints ( meaning the program will HALT before executing the code at
any of these locations) of up to any ten addresses may be set by simply listing them on
the command line.
Requirements: Breakpoints can only be set at an address containing the first byte of a
valid 8088/8086 Opcode.
Assemble: A [address]
Creates machine executable code in memory beginning at CS:0100 (or the specified
address) from the 8086/8088 (and 8087) Assembly Language instructions which are
entered. The 'A' command remembers the last location where any data was assembled,
so successive 'A' commands (when no address is specified) will always begin at the
next address in the chain of assembled instructions.
The assembly process will stop after you ENTER an empty line. 
Unassemble: U [range]
Disassembles machine instructions into 8086 Assembly code. Without the optional
[range], it uses Offset 100 as its starting point, disassembles about 32 bytes and then
remembers the next byte it should start with if the command is used again.
Example:
-u 126 133
xxxx:0126 31C0 XOR AX,AX
xxxx:0128 B409 MOV AH,09
xxxx:012A BA0201 MOV DX,0102
xxxx:012D CD21 INT 21
xxxx:012F B84C00 MOV AX,004C
xxxx:0132 CD21 INT 21
-
Input: I port
The use of I/O commands while running Windows™9x/Me is just plain unreliable! This is
especially true when trying to directly access hard disks! Under Win NT/2000/XP, the I/O
commands are only an emulation; so don't trust them. Though the example below still works
under Win2000/XP, it's most likely using some WinAPI code to show what's in the Windows
clock area; not directly from an RTC chip.
Long ago (when DOS was the only OS for PCs), there were dozens of BASIC programs that
used I/O commands for handling tasks through parallel and serial ports (e.g., to change the font
used by a printer or values in a modem's control registers). Under real DOS, they can still be
used for direct communications with keyboards or a floppy drive's control chips along with many
other hardware devices.
Here's an example of how to read the hours and minutes from a computer's "real time clock"
(RTC):
-o 70 04 <-- Check the hours.
-i 71
18 <----- 18 hours (or 6 p.m.)
-o 70 02 <-- Check the minutes.
-i 71
52 <----- 52 minutes
Output: O port byte
See comments under the Input command.
Load:
L [address] [drive] [firstsector] [number] or program! (See the N command for more on
this)
This command will LOAD the selected number of sectors from any disk's Logical Drive under
the control of MS-DOS or Windows into Memory. The address is the location in Memory the
data will be copied to (use only 4 hex digits to keep it within the memory allocated to DEBUG),
the drive number is mapped as: 0=A:, 1=B:, 2=C:, etc., firstsector counts from ZERO to the
largest sector in the volume and finallynumber specifies in hexadecimal the total number of
sectors that will be copied into Memory (so a floppy disk with 0 through 2,879 sectors would be:
0 through B3F in Hex).
Move: M range address
This command should really be called: COPY (not Move) as it actually copies all the
bytes from within the specified range to a new address.
Examples:
1) -m 7c00 7cff 600
Copies all the bytes between Offset 7C00 and 7CFF (inclusive) to Offset 0600 and
following...
2) -m 100 2ff 70
This second example shows that it's very easy to overwrite most of the source you're
copying from using the Move command. Apparently, DEBUG stores the source bytes
elsewhere before writing them; otherwise, this example would cause a problem when
it started overwriting what it hadn't copied yet! This copies the 512 bytes between
Offsets 100h and 2FFh (inclusive) to Offset 0070 overwriting the first 368 bytes in
the process.
Name: N [pathname] [arglist]
This command can be used to load files into DEBUG's Memory after you have started the
program, but it's main function is to create a new file under control of the Operating System
which DEBUG can WRITE data to.
Normally, when you want to 'debug' a file, you'd start DEBUG with a command like this:
C:\WINDOWS>debug test.com . But it's also possible to load a file into DEBUG's Memory
from within DEBUG itself by using the 'N' command and then the 'L'
command (with no parameters) like this:
-n c:\temp\test.com
-l
which will load the file test.com into DEBUG's Memory starting at location CS:0100 (you
cannot specify any other location when using the L command like this!).
The 'N' command makes it quite easy to save data or an Assembly program created in DEBUG to
a file on your hard drive!
For example, these commands (in bold; along with DEBUG's reponses):
-n c:\temp\doswinok.com
-a 100
cs:0100 jmp 138
cs:0102 db 0d,0a,"It's OK to run this "
cs:0118 db "program under DOS or Windows!"
cs:0135 db 0d,0a,24
cs:0138 mov dx,102
cs:013B mov ah,9
cs:013D int 21
cs:013F mov ax,4c01
cs:0142 int 21
cs:0144
-rcx
CX 0000
:44
-w
Writing 00044 bytes [ 68 bytes in decimal ]
-q
will create a 68-byte file called DOSWINOK.COM in the C:\TEMP folder; even when running
DEBUG in a DOS-window. The file names, however, are still limited to
DOS's eight characters plus three for the extension (an 8.3 filename as it's often called)!
Homework: Follow the steps above to Assemble and save this program under DEBUG, then use
DEBUG to debug it! Use the P(roceed) command to step through most of the
instructions, since this will keep you from accidentally stepping into an INT(errupt) instruction!
If you ever do use the T(race) command on an INT, you'll end up inside nests of BIOS routines
which often crashes DEBUG!
Register: R [register]
Entering ' r ' all by itself will display all of the 8086 register's contents and the next
instruction which the IP register points to in both machine code and an unassembled
(Assembly Language) form. For example, if you start DEBUG in a Windows 95B
DOS-box with the command line:
>debug c:\windows\command\choice.com
and then enter an ' r ' at the first DEBUG prompt, DEBUG will display someting
similar to this:
AX=0000 BX=0000 CX=1437 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0ED8 ES=0ED8 SS=0ED8 CS=0ED8 IP=0100 NV UP EI PL NZ NA PO NC
0ED8:0100 E90E01 JMP 0211
Flags Register
Flag Name Set Clear
Overflow(yes/no) OV NV
Direction(increment/decrement) DN UP
Interrupt(enable/disable) EI DI
Sign(negative/positive) NG PL
Zero(yes/no) ZR NZ
Auxiliary carry(yes/no) AC NA
Parity(even/odd) PE PO
Carry(yes/no) CY NC
Trace: T [=address] [number]
The T command is used to trace (step through) CPU instructions one at a time. If you
enter the T command all by itself, it will step through only ONE instruction beginning
at the location specified by your CS:IP registers, halt program execution and then
display all the CPU registers plus an unassembled version of the next instruction to be
executed; this is the 'default' mode of the TRACE command. Say, however, you
wanted DEBUG to trace and execute seven instructions beginning at address
CS:0205; to do so, you would enter:
-t =205 7
Remember that the value for the number of instructions to execute must be given in
hexadecimal just as all other values used in DEUBG. (Since the T command uses the
"hardware trace mode" of the CPU, it's possible to step through instructions in a ROM
- Read Only Memory - chip.)
Proceed: P [=address] [number]
Proceed acts exactly the same as Debug's T (Trace) command for most types of
instructions... EXCEPT: Proceed will immediately execute ALL the instructions
(rather than stepping through each one) inside any Subroutine CALL, a LOOP, a
REPeated string instruction or any software INTerrupts. This means that you do not
have to single-step through any of the code contained in a Subroutine or INT call if
you use the Proceed (P) command. This means Proceed will be the command you use
most often to debug programs, and Trace will only be used to step into a Subroutine
or possibly check the logic of the first few iterations of a LOOP or REP instruction.
Write:
W [address] [drive] [firstsector] [number]