WESTERN INSTITUTE OF TECHNOLOGY ITPD1 – PLATFORM TECHNOLOGIES 1

Chapter 5
Introduction to Machine Language
Objectives:
At the end of the lesson, the students should be able to:
• Evaluate the word Debug, Debugging, Load Modules; and
• Apply the code in DEBUG programs.

What is a Computer Bug?

In computing, a bug is an error in the source code that causes a program to produce
unexpected results or crash altogether. Computer bugs can affect an application’s performance, so
developers need to make sure they are corrected before the software gets sold to customers.

What is Debugging?
Debugging is the process of identifying and resolving errors, or bugs, in a software system. It
is an important aspect of software engineering because bugs can cause a software system to
malfunction, and can lead to poor performance or incorrect results. Debugging can be a time-
consuming and complex task, but it is essential for ensuring that a software system is functioning
correctly.

There are several common methods and techniques used in debugging, including:
• Code Inspection: This involves manually reviewing the source code of a software system to
identify potential bugs or errors.
• Debugging Tools: There are various tools available for debugging such as debuggers, trace
tools, and profilers that can be used to identify and resolve bugs.
• Unit Testing: This involves testing individual units or components of a software system to
identify bugs or errors.
• Integration Testing: This involves testing the interactions between different components of
a software system to identify bugs or errors.
• System Testing: This involves testing the entire software system to identify bugs or errors.
• Monitoring: This involves monitoring a software system for unusual behavior or
performance issues that can indicate the presence of bugs or errors.
• Logging: This involves recording events and messages related to the software system,
which can be used to identify bugs or errors.

What Does Debugger Mean?

A debugger is also known as a debugging tool. A debugger is a computer program used by
programmers to test and debug a target program. Debuggers may use instruction-set simulators,
rather than running a program directly on the processor to achieve a higher level of control over its
execution. This allows debuggers to stop or halt the program according to specific conditions.
However, use of simulators decreases execution speed.

28 | L A B O R A T O R Y M A N U A L ARNOLD M. NARTE
WESTERN INSTITUTE OF TECHNOLOGY ITPD1 – PLATFORM TECHNOLOGIES 1

What is a Load Modules?

A load module is an executable program stored in a partitioned data set program library.
Creating a load module to execute only, will require that you use a batch loader or program
management loader. Creating a load module that can be stored in a program library requires that
you use the binder or linkage editor. In all cases, the load module is relocatable, which means that
it can be located at any address in virtual storage within the confines of the residency mode
(RMODE).
Once a program is loaded, control is passed to it, with a value in the base register. This gives
the program its starting address, where it was loaded, so that all addresses can be resolved as the
sum of the base plus the offset. Relocatable programs allow an identical copy of a program to be
loaded in many different address spaces, each being loaded at a different starting address.
Batch loader
The batch loader combines the basic editing and loading services (which can also be
provided by the linkage editor and program manager) into one job step. The batch loader accepts
object decks and load modules, and loads them into virtual storage for execution. Unlike the binder
and linkage editor, the batch loader does not produce load modules that can be stored in program
libraries. The batch loader prepares the executable program in storage and passes control to it
directly.

Program management loader

The program management loader increases the services of the program manager
component by adding support for loading program objects. The loader reads both program objects
and load modules into virtual storage and prepares them for execution. It resolves any address
constants in the program to point to the appropriate areas in virtual storage and supports the 24-bit,
31-bit and 64-bit addressing modes.

What is a load library?

A load library contains programs ready to be executed.

Debug
The debug command is used to look at portions of your computer and write assembly code
to perform certain tasks on your computer.

Feature of Debug
• Display all program code and data in hexadecimal format and any data that you enter into
memory must also be in hex.
• Provides a single-step mode, which allows you to execute a program one instruction at a
time so that you can view the effect of each instruction on memory locations and registers.

29 | L A B O R A T O R Y M A N U A L ARNOLD M. NARTE
WESTERN INSTITUTE OF TECHNOLOGY ITPD1 – PLATFORM TECHNOLOGIES 1

Parameters
NOTE: Parameters listed in brackets ( [ ] ) are optional. Optional parameters usually indicate
there are a number of different ways a command could be used. I've listed the meanings of all the
parameters here for you:

address - Memory location specified in hexadecimal. You can use either a simple Offset all by itself
(in which case, the present CS 'Code Segment' will be assumed), or you can enter the full
Segment:Offset location using either all hex numbers or substituting the name of a segment
register for a number. Leading zeros are not required; thus 1F all by itself would be the location
'CS:001F' ( CS meaning whatever the CS happened to be at the time you entered this ).

Examples:
100 DS:12 SS:0 198A:1234

range - Two hexadecimal addresses separated by a single space. They may be listed as either full
Segment:Offset pairs or just an Offset alone ( in which case, the Segment is assumed to be that of
the present CS or "Code Segment" ). NOTE: Some commands, such as Compare (C), may require
the second address be given only as an offset.

list - A string of Hexadecimal bytes separated by a space, or ASCII data enclosed within single or
double quote marks. You can list any number of bytes from a single one up whatever number fits on
the line before having to press the Enter key. A single byte, such as 00 is most often used with the
FILL (f) command whereas an ENTER (e) command will most likely have a string of many hex bytes
or ASCII characters per line;

for example:
e 100 31 C0 B4 09 BA 50 02 CD 21 B8 4C 00 CD 21
e 250 'This is an ASCII data string.$'

number - Remember all numbers and values used in any DEBUG command are understood as
being Hexadecimal only! That includes the number of sectors in the LOAD or WRITE commands and
even the number of instructions you want DEBUG to step through in the TRACE or PROCEED
commands.

30 | L A B O R A T O R Y M A N U A L ARNOLD M. NARTE
WESTERN INSTITUTE OF TECHNOLOGY ITPD1 – PLATFORM TECHNOLOGIES 1

C:\WINDOWS>debug

Quit: Q
Immediately quits (exits) the Debug program! No questions ever asked... should be the first
command you remember along with the "?" command.

Hex: H value1 value2

A very simple (add and subtract only) Hex calculator. Never forget that all numbers inside of
DEBUG are always Hexadecimal. Enter two Hex values (no more than four digits each) and DEBUG
shows first the SUM, then the DIFFERENCE of those values.

Examples:
-h aaa 531 -h fff 3 -h dbf ace
0FDB 0579 1002 0FFC 188D 02F1

Dump: D [range]
D [address] [length]
Displays the contents of a block of memory. The Memory locations near the beginning of
Segment C000 (even under Windows 2000/XP) should display information about the kind of video
card installed on your PC. The first example below shows what a Matrox video card on our system
displayed.

31 | L A B O R A T O R Y M A N U A L ARNOLD M. NARTE
WESTERN INSTITUTE OF TECHNOLOGY ITPD1 – PLATFORM TECHNOLOGIES 1

Examples:
-d c000:0010
C000:0010 24 12 FF FF 00 00 00 00-60 00 00 00 00 20 49 42 $.......`.... IB
C000:0020 4D 20 43 4F 4D 50 41 54-49 42 4C 45 20 4D 41 54 M COMPATIBLE MAT
C000:0030 52 4F 58 2F 4D 47 41 2D-47 31 30 30 20 56 47 41 ROX/MGA-G100 VGA
C000:0040 2F 56 42 45 20 42 49 4F-53 20 28 56 31 2E 32 20 /VBE BIOS (V1.2
C000:0050 29 00 87 DB 87 DB 87 DB-87 DB 87 DB 87 DB 87 DB )...............
C000:0060 50 43 49 52 2B 10 01 10-00 00 18 00 00 00 00 03 PCIR+...........
C000:0070 40 00 12 10 00 80 00 00-38 37 34 2D 32 00 FF FF @.......874-2...
C000:0080 E8 26 56 8B D8 E8 C6 56-74 22 8C C8 3D 00 C0 74 .&V....Vt"..=..t
-

-d 100 130
xxxx:0100 EB 24 0D 0A 54 68 69 73-20 69 73 20 6D 79 20 66 .$..This is my f
xxxx:0110 69 72 73 74 20 44 45 42-55 47 20 70 72 6F 67 72 irst DEBUG progr
xxxx:0120 61 6D 21 0D 0A 24 B4 09-BA 02 01 CD 21 B4 00 CD am!..$......!...
xxxx:0130 21 !
-

Search: S range list

Searches within a range of addresses for a pattern of one or more byte values given in a
list. The list can be comprised of numbers or character strings enclosed by matching single or
double quote marks. [ NOTE: In the examples below, if you do find the same data on your
computer, the locations could easily vary from ours! ]

Examples:

-s fe00:0 ffff "BIOS"

FE00:0021
FE00:006F

-d fe00:0
FE00:0000 41 77 61 72 64 20 53 6F-66 74 77 61 72 65 49 42 Award SoftwareIB
FE00:0010 4D 20 43 4F 4D 50 41 54-49 42 4C 45 20 34 38 36 M COMPATIBLE 486
FE00:0020 20 42 49 4F 53 20 43 4F-50 59 52 49 47 48 54 20 BIOS COPYRIGHT
FE00:0030 41 77 61 72 64 20 53 6F-66 74 77 61 72 65 20 49 Award Software I
FE00:0040 6E 63 2E 6F 66 74 77 61-72 65 20 49 6E 63 2E 20 nc.oftware Inc.
FE00:0050 41 77 03 0C 04 01 01 6F-66 74 77 E9 12 14 20 43 Aw.....oftw... C
FE00:0060 1B 41 77 61 72 64 20 4D-6F 64 75 6C 61 72 20 42 .Award Modular B
FE00:0070 49 4F 53 20 76 34 2E 35-31 50 47 00 DB 32 EC 33 IOS v4.51PG..2.3

Compare: C range address

Compares two blocks of memory. If there are no differences, then DEBUG simply displays
another prompt (-). Here's an example of what happens when there are differences:

-c 140 148 340

127D:0143 30 6D 127D:0343
127D:0146 10 63 127D:0346
127D:0148 49 30 127D:0348

32 | L A B O R A T O R Y M A N U A L ARNOLD M. NARTE
WESTERN INSTITUTE OF TECHNOLOGY ITPD1 – PLATFORM TECHNOLOGIES 1

Fill: F range list

This command can also be used to clear a whole segment of Memory as well
as filling smaller areas with a continuously repeating phrase or single byte. Examples:

-f 100 12f 'BUFFER'

-d 100 12f
xxxx:0100 42 55 46 46 45 52 42 55-46 46 45 52 42 55 46 46 BUFFERBUFFERBUFF
xxxx:0110 45 52 42 55 46 46 45 52-42 55 46 46 45 52 42 55 ERBUFFERBUFFERBU
xxxx:0120 46 46 45 52 42 55 46 46-45 52 42 55 46 46 45 52 FFERBUFFERBUFFER

Enter: E address [list]

Used to enter data or instructions (as machine code) directly into Memory locations.

Example. First we'll change a single byte at location CS:FFCB from whatever it was before to D2 :
-e ffcb d2

Go: G [=address] [addresses]

Go is used to run a program and set breakpoints in the program's code. As we saw in an
Example for the ENTER command, the '=address' option is used to tell DEBUG where to start
executing code. If you use 'g' all by itself, execution will begin at whatever location is pointed to by
the CS:IP registers.

Breakpoints are used to HALT the execution of a program we're testing at some point of interest
before its termination. Up to 10, optional breakpoint addresses may be set by simply listing them
on the '-g' command line; separated by spaces. DEBUG will halt execution just before any of
breakpoint addresses is about to be executed, and all of them will be 'cleared' at this time as well.
(If you should somehow attempt to set more than 10 breakpoints, DEBUG will respond with: bp
Error.

Assemble: A [address]
Creates machine executable code in memory beginning at CS:0100 (or the specified
address) from the 8086/8088 (and 8087) Assembly Language instructions which are entered.
Although no Macro instructions nor labels are recognized, you can use the pseudo-
instructions 'DB' and 'DW' (so you can use the DB opcode to enter ASCII data like this: DB 'This is
a string',0D,0A ); spaces after the commas would make it clearer but aren't necessary.
The 'A' command remembers the last location where any data was assembled, so
successive 'A' commands (when no address is specified) will always begin at the next address in
the chain of assembled instructions. This aspect of the command is similar to the Dump command
which remembers the location of its last dump (if no new address is specified).

The assembly process will stop after you ENTER an empty line.

Examples:
Using the character string from our E (Enter) command above:
-a 200
xxxx:0200 db 'An "ASCII-Z string" is always followed by '
xxxx:022A db "a zero-byte ('00h').", 0

33 | L A B O R A T O R Y M A N U A L ARNOLD M. NARTE
WESTERN INSTITUTE OF TECHNOLOGY ITPD1 – PLATFORM TECHNOLOGIES 1

xxxx:023F
-d 200 23e
xxxx:0200 41 6E 20 22 41 53 43 49-49 2D 5A 20 73 74 72 69 An "ASCII-Z stri
xxxx:0210 6E 67 22 20 69 73 20 61-6C 77 61 79 73 20 66 6F ng" is always fo
xxxx:0220 6C 6C 6F 77 65 64 20 62-79 20 61 20 7A 65 72 6F llowed by a zero
xxxx:0230 2D 62 79 74 65 20 28 27-30 30 68 27 29 2E 00 -byte ('00h')..

Unassemble: U [range]
Disassembles machine instructions into 8086 Assembly code. Without the optional
[range], it uses Offset 100 as its starting point, disassembles about 32 bytes and then remembers
the next byte it should start with if the command is used again. ( The word 'about' was used above,
because it may be necessary to finish with an odd-number of bytes greater than 32, depending
upon the last type of instruction DEBUG has to disassemble. )

NOTE: The user must decide whether the bytes that DEBUG disassembles are all
8086 instructions, just data or any newer x86 instructions (those for the 80286, 80386 on up to the
lastest CPU from Intel; which are all beyond the ability of DEBUG to understand)!

Example:

-u 126 12F
xxxx:0126 B409 MOV AH,09
xxxx:0128 BA0201 MOV DX,0102
xxxx:012B CD21 INT 21
xxxx:012D B400 MOV AH,00
xxxx:012F CD21 INT 21

Input: I port
The use of I/O commands while running Windows™9x/Me is just plain unreliable! This is
especially true when trying to directly access hard disks! Under Win NT/2000/XP, the I/O
commands are only an emulation; so don't trust them. Though the example below still works
under Win2000/XP, it's most likely using some WinAPI code to show what's in the Windows clock
area; not directly from an RTC chip.

Load:
L [address] [drive] [firstsector] [number]
This command will LOAD the selected number of sectors from any disk's Logical Drive
under the control of MS-DOS or Windows into Memory. The address is the location in Memory the
data will be copied to (use only 4 hex digits to keep it within the memory allocated to DEBUG),
the drive number is mapped as: 0=A:, 1=B:, 2=C:, etc., firstsector counts from ZERO to the largest
sector in the volume and finally number specifies in hexadecimal the total number of sectors that
will be copied into Memory (so a floppy disk with 0 through 2,879 sectors would be: 0
through B3F in Hex).

Move: M range address

This command could be called COPY (not Move), since it only copies all the bytes from
within the specified range to a new address.

34 | L A B O R A T O R Y M A N U A L ARNOLD M. NARTE
WESTERN INSTITUTE OF TECHNOLOGY ITPD1 – PLATFORM TECHNOLOGIES 1

Examples:
1) -m 7c00 7dff 600
Copies all 512 (200h) of the bytes between Offsets 7C00 and 7DFF (inclusive) to Offset 0600 and
following.
2) -m 100 2ff 200

This second example shows it's very easy to overwrite much of the same source area
you're copying from when using the Move command. However, DEBUG must store all the source
bytes in Memory before writing them; otherwise, this example would cause a problem when
overwriting an area it hadn't copied data from yet, if it were copying only one byte at a time from
that source area! The example above copies all 512 bytes of offsets 100h through 2FFh (inclusive)
to Offsets 0200h and following; overwriting the last 256 (2FF-200+1 hex) bytes of the source in the
process. This is also true under real 16-bit DOS.

Name: N [pathname] [arglist]

This command can be used to load files into DEBUG's Memory after you have started the
program, but it's main function is to create a new file under control of the Operating System which
DEBUG can WRITE data to.
Normally, when you want to 'debug' a file, you'd start DEBUG with a command like
this: C:\WINDOWS>debug test.com . But it's also possible to load a file into DEBUG's Memory
from within DEBUG itself by using the 'N' command and then the 'L'
command (with no parameters) like this:
-n c:\temp\test.com
-l
which will load the file test.com into DEBUG's Memory starting at location CS:0100 (you cannot
specify any other location when using the L command like this!).

Register: R [register]
Entering ' r ' all by itself will display all of the 8086 register's contents and the next
instruction which the IP register points to in both machine code and an unassembled (Assembly
Language) form. For example, if you start DEBUG in a Windows 95B DOS-box with the command
line:
>debug c:\windows\command\choice.com
and then enter an ' r ' at the first DEBUG prompt, DEBUG will display someting similar to this:
AX=0000 BX=0000 CX=1437 DX=0000 SP=FFFE BP=0000 SI=0000 DI=0000
DS=0ED8 ES=0ED8 SS=0ED8 CS=0ED8 IP=0100 NV UP EI PL NZ NA PO NC
0ED8:0100 E90E01 JMP 0211

Trace: T [=address] [number]

The T command is used to trace (step through) CPU instructions one at a time. If you enter
the T command by itself, it will normally step through only ONE instruction beginning at the
location specified by your CS:IP registers, halt program execution and then display all the CPU
registers plus an unassembled version of the next instruction to be executed; this is the 'default'
mode of the TRACE command. Say, however, you wanted DEBUG to trace and execute seven
instructions beginning at address CS:0205; to do so, you would enter:
-t =205 7

35 | L A B O R A T O R Y M A N U A L ARNOLD M. NARTE
WESTERN INSTITUTE OF TECHNOLOGY ITPD1 – PLATFORM TECHNOLOGIES 1

Proceed: P [=address] [number]

Proceed acts exactly the same as Debug's T (Trace) command for most instruction types;
with these notable exceptions: Proceed will immediately execute all instructions (rather than
stepping through each one) inside any subroutine CALL, LOOP, REPeat string instruction or any
software INTerrupt. You can still step into an INT or execute all the code contained in a subroutine
if you need to, but with the Proceed (P) command you are not required to do so.

Write:
W [address] [drive] [firstsector] [number]
The WRITE (W) command is often used to save a program to your hard disk from within
DEBUG. But the only safe way to do so, especially under Windows, is by allowing the OS to decide
where to physically create that file on the disk. This is done by first using the Name (N) command to
set up an optional path and filename for the new file (or to overwrite one that already exists).
DEBUG will automatically begin saving program or data bytes from Offset 0100 of the 64 KiB
Segment the OS allocated for it. The only other requirement is to set the size of the file you wish to
write by placing the total number of bytes in the combined BX and CX registers* before executing
the WRITE command. The Register command is used to change the value in the CX register in the
following example from our MyMBR Batch/Debug Script Program.

EXAMPLE:
After creating and running a small program inside of DEBUG which copies the Master Boot Record
(MBR) to Offset 0000h through 01FFh, these DEBUG commands save the MBR to a file on the hard
disk:
-n mymbr.bin
-rcx
CX 0001
:200
-w 0
Writing 00200 bytes [ 512 bytes in decimal ]
-

Basic Assembly Instructions used in DEBUG

The specific set of basic Assembly instructions used in Debug will depend on the target
processor architecture (x86, ARM, etc.) and the debugger itself. However, there are some common
instructions you'll likely encounter across different scenarios:

Data transfer:
• MOV: Moves data between registers or memory locations.
Examples:
MOV AX, 10
MOV BX, CX
MOV [0x1000], AX

36 | L A B O R A T O R Y M A N U A L ARNOLD M. NARTE
WESTERN INSTITUTE OF TECHNOLOGY ITPD1 – PLATFORM TECHNOLOGIES 1

• PUSH: Pushes a value onto the stack.

Example:
PUSH AX
• POP: Pops a value from the stack.
Example:
POP BX

Arithmetic and logical operations:

• ADD: Adds two values.
Examples:
ADD AX, BX
ADD AX, 5
• SUB: Subtracts two values.
Examples:
SUB AX, BX
SUB AX, 10
• MUL: Multiplies two values.
Example:
MUL BL
• DIV: Divides two values.
Example:
DIV BL
• AND: Performs a bitwise AND operation.
Example:
AND AX, BX.
• OR: Performs a bitwise OR operation.
Example:
OR AX, BX.
• NOT: Performs a bitwise NOT operation.
Example:
NOT AX.

Control flow:
• JMP: Jumps to a specific instruction. Example: JMP 0x1000.
• JE: Jumps if equal. Example: JE Label.
• JNE: Jumps if not equal. Example: JNE Label.
• JG: Jumps if greater than. Example: JG Label.
• JLE: Jumps if less than or equal. Example: JLE Label.

37 | L A B O R A T O R Y M A N U A L ARNOLD M. NARTE
WESTERN INSTITUTE OF TECHNOLOGY ITPD1 – PLATFORM TECHNOLOGIES 1

Debugging specific instructions:

• INT: Triggers an interrupt, often used to invoke the debugger. Example: INT 3.
• NOP: Does nothing, often used as a placeholder or for delaying execution. Example: NOP.

Additional commands:
• DUMP: Shows the contents of memory or registers.
• FILL: Fills a memory region with a value.
• EDIT: Modifies the contents of memory or registers.
• BREAK: Sets a breakpoint at a specific address.

38 | L A B O R A T O R Y M A N U A L ARNOLD M. NARTE