<friday evening rant while waiting for traffic to die down>
I have a favorite utility program, a piece of software that has been included with every shipping Microsoft operating system since the earliest versions of DOS. I’m talking about Debug, of course, the DDT of MS-DOS. (DDT, or Dynamic Debugging Tool, was a Debug-like programmer for CP/M, the operating system DOS was largely based upon.)
With all the focus on security in Vista, I thought Debug would be long gone. In fact, geek that I am, I had some notes about a possible post called “Debug, RIP” that I thought I’d write up when I got my hands on Vista. I was already feeling a sense of loss.
But late last night, I was pleasantly surprised to find DEBUG.EXE in c:\Windows\System32, just sitting there like a loaded gun on the floor of a maximum security prison. So I picked it up and shot out some windows. Great fun. I had meant to look at some more esoteric aspects of Vista, but how can a guy stay focused when Debug is around?
Debug has been around a long time. If you were writing assembly language in the 80s (and all the really cool guys were), then Debug was by your side night and day. It was the fastest way to write and test a little program, or to check some values in memory, or to trigger an interrupt or a million other things. You could use like a hex editor to edit a file with complete control of every byte. you could disassemble executables (as in the screen shot above), and you could also write quick and dirty little .COM programs that would only take up a few bytes. You could use it to write directly to the video RAM on your display card, or any other area of memory for that matter.
And you can still do all these things with Debug, even under Vista. For example …
Writing to Video RAM
- At the command prompt, type DEBUG and press Enter.
- Type RDS, press Enter, then type B800 and press Enter. (You’ve set the data segment register to address B800, pointing at the beginning of the memory buffer where on-screen text is stored today as it was 20 years ago.)
- Type F 0 1000 1 2 3 4 and press Enter. Actually you can change “1 2 3 4” to any string of one or more hex values. Try some variations and you’ll get some cool patterns. For example, here’s one of my favorites: F 0 1000 44 F 6F 7 75 7 67 7
- All you’re doing is writing repeating patterns of bytes to the video card’s text buffer. Each character on the screen has a character value and an attribute (color, etc.) value. In the last example above, 44 is a capital D, F means “bright white,” 6F is a lower-case o, and … you get the idea.
- After you’ve had enough, press Q and Enter to return to the command prompt.
Hacking Files with Debug
Debug is also fun for editing files. With Debug, you load the file into memory, then you can search the bytes in the file and overwrite them as needed. And you can change any file that will fit in memory. (Well, the memory Debug can address, which is a messy topic now that computers have over a megabyte of RAM so we won’t get into it).
You can change EXE files, for example. Think about it. Sure, these days there’s so damn much security in everything that it’s hard to change bytes in a program without corrupting it or setting off an alarm of some kind. But it wasn’t always so.
The command prompt program, for example. Back in DOS days, it was simply Command.com, located in the root directory of your C: drive. This was the program that put a C:\> prompt on the screen and interpreted commands from the user; DOS itself, from the user’s perspective. And since Command.com was a simple COM file (the executable format before EXEs, and based on CP/M’s executable format that loaded the code in at offset 100 in the current memory segment), you could just hack it up all you wanted in debug.
And I did. For example, I once went into CompUSA in Chicago in the 80s, and just for fun I hacked up the Command.com on a few of their DOS-based laptops that were on display. I searched for the string “invalid command or filename” and replaced it with “Shop at Elek-Tek and SAVE!”
The cool thing about this trick was that the bogus error message didn’t appear until after the computer had been rebooted, so even if a friendly little salesman snuck up on me, I could play dumb, say I got lost in something, and the computer seemed to work fine. But the next day, when the salesman made a mistake showing off some feature to a customer, up came that replacement message I had entered for him.
Another thing I did once, after a few too many Black Russians at a guy named Dave’s house, was modify his Command.com to make it create formatted disks with an interpreter named Dave.com instead of Command.com. I think I may have had to modify a SYS file or something to do this one, I don’t remember for sure. Anyway, whenever Dave formatted a bootable floppy disk, it had Dave.com in the root, but it still ran DOS programs fine and everything worked like normal. But since Dave.com was a copy of the hacked up Command.com, it had the same quirk, so any time you booted off a Dave.com disk you’d keep spreading the virus.
We got away with so much in the 80s. I’m much more mature now, of course. The things I plan to do with the DEBUG.EXE in Vista will be altruistic, wholesome, and help make the world a better place.
</friday evening rant> … I’m outa here!