Commands

.

?

A

ADD

ADDR

ADDW

BC

BD

BE

BL

BP

BPE

BPINT3

BPIO

BPM

BPMSG

BPMX

BPX

CLEARDR

CMT

CODE

D

E

EC

 EXP

EXP16

EXP32

FKEY

FILE

FONT

G

GDT

H

HEAP

HBOOT

HELP

HotKey

HWND

IDT

LDT

LINES

MakePE

MOD16

MOD32

NAME

P

 PAGE

PageIn

PDLL32

PEDump

PHYS

PMODULE

PNEWSEC

PRET

PROC

R

RS

S

SRC

SRCLINES

SS

Suspend

SYM

T

TABLE

task

 thread

TRNEWDOS

TRNEWTCB

TRTCB

U

VCALL

VER

VM

VXD

VXDSYM

W

WC

WD

WMSG

WR

WS

X

 
.
	display current instruction, same as 'U cs:eip'
? 
	This is the expression evaluation command. Try your expression in decimal 
	first. If that fails, try it in hex.
		? 123+34
		? 4d2h+9
		? esi/4
		? (3+2)<<1
A [address]
	Assemble code. Only available in register version.
ADD   STACK|DATA|DASM
	create a new stack/data/disassemble window
	ADD STACK
	ADD DATA
	ADD DASM
ADDR
	Display context list.
ADDW [pos] L|R|T|B REG|DATA|DASM
 Add a reg/data/disassembler window in the current CPU window.
 Position is of the form Left|Right|Top|Bottom
 ex:
 ADDW 2 L DATA
 ADDW 2 2 T REG
 ADDW R DASM
BC list|*
	Break point clear
BD list|*
	Break point disable
BE list|*
	Break point enable
BL list|*
	Break point list
BPINT3 address
	Set a break point by inserting an int 3(0xcc) into user code.
BPIO port
	Set a debug register breakpoint on port I/O.
	See also: BreakPoint Overview
BMSG hwnd [msg]
BPMSG hwnd [msg]
	Set a breakpoint on a window message.
	See also:
	 WMSG
	 BreakPoint Overview
	Ex:
	 BMSG 12c wm_destroy
BPM address R
BPM address W
BPM address X
	Sets a hardware breakpoint with DRx.
	See also: BreakPoint Overview
BPMX address
	Sets an executive breakpoint with DRx.
	This is the same as 'BPM address X'
BP [[seg:]address] [if (conditions)]
BPX [[seg:]address] [if (conditions)]
	Set a breakpoint on execute
	TRW will try Debug register first. If that fails, it will insert a 
	int3(0xcc) into the user code.

	As a special case, if omit address, with only conditions,
		g if (conditions)
	TRW2000 will run the program step by step, check the condition for
	each step.
		g if ((byte)*eip==c3&&eip<402000)
	See also:
		BreakPoint Overview BPMX
		BPINT3
D [address]
D range >filename
	Perform a memory dump to the data window, or save a memory dump to file.
		 d 401000
		 d cs:402000
		 d 401000,402000 >myfile
		 d 401000 L 100 >myfile
E [address [partern]]
	Edit memory
	E ds:edi 'nothing',0
EC
	focus to code window or command window. Usually define as hotkey F6 .
EXP !
Exp module-name!
Exp partial_export_name
	Display all matching exported API calls.
	Searches all of the exported API function names in all referenced modules.
	 EXP !
	 Exp kernel32!
	 Exp *
	 Exp Get*
	 Exp *window*
FILE [source-filename]
	 Select/Display source file
FKEY [function-key strings]
	 Display/Set Function keys
	 ex:
	 FKEY
	 FKEY f10 "d 2;U 3;"
FONT 1|2
	select TRW2000 graphics display font.
G
 Run.
 G address ;run to address, same as 'gox address'
 G if conditions ;run with conditions
H [command]
HELP [command]
 Display help for all commands, or the referenced command in detail.
HOTKEY
 Display current hot keys, and allow you press a new key to display.
 See also:
 Hot Keys
HWND [HWND]
 Display window handle information.
PageIn <address>
 Load the not present page to memory.
 PageIn cs:401000
LINES [25 | 43 | 50 | 60]
 Set/Display screen lines
 ex: lines 43
 See also:
 Ini file
MOD16 [hmod|mod_name]
 Display 16bit module list,
 or display detail info for specified module.
 Usage:
 MOD16
 MOD16 1cf
 MOD16 KERNEL
 MOD16 . ;for current module
PDLL32
 Run until 32bit DLL entrypoint.
 Usage:
 PDLL32 mydll32.dll
PEDUMP
 Dump PE image memory direct to file 'DUMP1.EXE'.
 You can use G_Rom's MakePE to rebuild a valid PE.
BP if condition
 Set a breakpoint on a condition
 bp if (eax>=3456787)
 bp if (dx<543)
 bp if (ch==23)
 go if (ah!=34)
PNEWSEC
 Go until entering a new section in PE image
PMODULE
 'pret' until CS:EIP in the module.
PRET
 Run until RET,RETF,IRET.
 shortcut key: F12
RS
 View User Screen. (F4).
S
 Search in memory
 S 0 L -1 'window'
 S 100,200 'bug12',34
SRC
 Toggle source mode, can be Source|Mixed|Code
SUSPEND
 Suspend current thread, and leave TRW2000. Hot keys to back.
SYM
 List all debug symbols
TABLE [table name]
 Select/Display a symbol table
TRNEWDOS
 Catch next DOS program.
TRNEWTCB
	Catch next new thread at the first opcode.
	Supports 32-bit and 16-bit apps.
	Note: Do not run a Windows app from a DOS command prompt, or TRW2000 will 
	catch START.EXE.
TRTCB <thread_handle>
 Trace a existing thread
U [address]
U range >filename
 Disassemble in Code Window, or save disassembly output to a file.
 u 401000
 u cs:402000
 u 401000,402000 >myfile
 u 401000 L 100 >myfile
VCALL
 Usage:
 Vcall * -display all VxD calls
 Vcall num -if num<10000h, diaplay all VxDid calls
 -if num>10000h, diaplay the VxD call
 Vcall partial-name
 Ex:
 Vcall 0d
 Vcall 100001
 Vcall *sys*
W range filename
 Write memory to file
 w ds:401000,402000 myfile
 w 401000 L 100 c:\myfile.bin
WC [codewindow_lines]
 Set the length, in lines, of the code window. No parameter will turn it on/off.
 ex:
 wc 25
 wc
WD [datawindow_lines]
 Set the length, in lines, of the data window. No parameter will turn it on/off.
 ex:
 wd 25
 wd
WMSG - Display windows messages
 usage:
 WMSG [partial-name] [WMSG-number]
 Ex:
 WMSG 12
 WMSG wm_destroy