- It has been years since I did ASM programming but thanks to you guys I'm going to get MASM32 up and going this weekend.
- You guys also told me about HxD as a Debugger since the MS Debug command line program is going away with Win7.
I have downloaded and installed HxD and have it up and running... but don't see how to simply...
1) give it an absolute memory address (in either decimal or hex) and have it dump the contents so I can see what is there...
2) give it a character string to search for in the system memory... either a normal string of characters (8bit ASCII) or as Unicode (16 bit... right?)
3a) Finally is the world still working with the old segmented addressing like in the old 80xx processors?
3b) Is there a standard register map that is used today or is it different for all the various Intel type processors?
3c) Or are people using a "virtual" processor with a "virtual" register map?
3d) Where can I find the register map(s) currently used today when doing asm programming?
Finally, if this is not the proper forum for this post let me know but since HxD came up here I thought I'd give it a try.
thanks for any help.
well - part 3 is where to start :P
segmented memory is more or less a thing of the past
although, when the OS emulates a 16-bit environment to run DOS programs, it appears to be segmented
since the 80386 (286, really), a typical operating system runs in "protected mode"
this offers layers or "rings" of protection for processes, I/O, and memory
memory is virtualized so that a process operates in 4 Gb of address space (32-bit machines)
with HxD, you can view the memory of a given process - but, not just any memory
the old x86 processor registers have been expanded a bit...
(http://webster.cs.ucr.edu/AoA/DOS/ch04/CH04A2.gif)
of course, there are segment registers - and more of them
we rarely have to mess with them unless you are writing an OS or, perhaps, a kernel-mode driver of some sort
since the early pentiums, the FPU registers double as MMX registers...
(http://webster.cs.ucr.edu/AoA/Windows/HTML/images/TheMMXInstructionSeta.gif)
and with the advent of SSE, even more...
(http://img.tfd.com/cde/MMXSSE.GIF)
recent processors have still more registers
Dave blinded me with science(nice graphics) :clap:
google images :P
Here s a 64 lines proggie that displays (and writes to disk) a memory dump. If the commandline contains a valid filename, it will be used, otherwise the executable itself, as loaded in memory, will be displayed.
include \masm32\MasmBasic\MasmBasic.inc ; download (http://www.masm32.com/board/index.php?topic=12460)
DumpMem PROTO :DWORD, :DWORD
.code
db "Hello, this is the code section just before the start label ....", 0
Init
.if Exist(CL$())
Let eax=FileRead$(CL$())
mov edx, LastFileSize
.else
push Lof(CL$(0)) ; assume size of memory block equals disk size
invoke GetModuleHandle, 0 ; CL$(0): 0th arg of commandline is the executable itself
pop edx
.endif
mov edi, rv(DumpMem, eax, edx)
FileWrite "tmp.dmp", edi ; for further processing
Inkey Left$(edi, 70*260) ; show some lines on screen
Exit
DumpMem proc uses esi edi ecx pStart, nBytes
mov eax, nBytes
sar eax, 4 ; divide by 16 to get lines
mov ecx, eax ; linecounter - we need it below
inc eax ; one line extra in case filesize is not a multiple of 16
imul eax, eax, 70
Let edi=New$(eax) ; create a buffer
push edi
mov esi, pStart
.Repeat
invoke MbCopy, edi, Cat$(Space$(68)+CrLf$), -1 ; create a line
REPEAT 4
lodsd ; grab 4 bytes, and translate them to Hex
add Hex$(eax), 8 ; Hex$ returns edx, and we start from the right
REPEAT 4
sub edx, 2
movzx eax, word ptr [edx] ; grab a byte in hex notation
stosw
inc edi ; 4*3=12
ENDM
inc edi ; 4*(12+1)=52
ENDM
push esi
push ecx
m2m ecx, 16 ; 52+16=68
sub esi, ecx
.Repeat
lodsb
.if al<32
mov al, "." ; replace non-printable chars with dots
.endif
stosb
dec ecx
.Until Zero?
pop ecx
pop esi
add edi, 2 ; skip CrLf - 68+2=70, size of one line
dec ecx ; dec line counter
.Until Zero?
pop edi
xchg eax, edi
ret
DumpMem endp
end start