Some Tests

Test 1: Debug a DOS Protected Mode App Using Conditional Commands 

1.Run TRW2000.
2.Begin a dos window under Win9x.
3.Select 'trnewdos' from TRW2000's menu.
4.Run PMODE.EXE at the DOS command prompt.
5.Switch back to TRW2000, and you will find you are at the beginning of the DOS program.
Now you have 2 choices: 
choice 1,
g 342
t
g 342
Press <F8> a few times and you'll see the program enter 16bit protected mode!
g 4dd
press <F8> a few more times, and now you'll see the program enter 32bit protected mode!
choice 2, use TRW2000's powerful conditional commands 
g if cs<100 ;this will run to PM16!
g if cs!=cs ;this will try to run to PM32
g if cs!=cs ;do this again, and we are in PM32

 

Test 2: The "pmodule" command. 

1.Run the program NOTEPAD.EXE
2.From the menu, select "Help" and then "About Notepad"
3.When the "About" dialog displays, run TRW-2000.
4.Press the Ring-3 hotkey (Ctrl-N) to activate TRW2000.
We now have 2 choices: 
Using the "hwnd" list: 
From the hwnd list (use the command "hwnd"), find the window handle 
by '(Dialog)'. Set a message breakpoint on the window to catch 
when it is destroyed ("bpmsg <the_hwnd> wm_destroy")
Type the command "bl" to see our breakpoint list.
Type "g" to continue execution.
In NOTEPAD, press "OK", this will re-activate TRW2000 at the point 
that the dialog received the WM_DESTROY message.
press F12 ("pret") several times, and we will finally find the point
where this dialog box was called by 
shell32.dll	call [DialogBoxParamA]
notepad.exe	call [ShellAboutA]
Or, using the powerful "pmodule" command: 
run "pmodule" command and it will skip ahead until we're back to the 
notepad.exe module, after the 
	call [ShellAboutA]

Test3: The Ring 3 hotkey (Ctrl-N) and the command "SUSPEND"

  1. Run TRW2000.
  2. Run NOTEPAD.EXE.
  3. Press the Ring 3 hotkey (Ctrl-N) to activate TRW2000.
  4. Give TRW2000 the command "PMODULE" (run until finding a RET to module code).
  5. When TRW returns, we break in NOTEPAD.EXE's address context!
  6. Give TRW the command 'SUSPEND' and we'll return back to Windows, where you'll find that NOTEPAD is suspended!!!
  7. Now, you can do anything in Windows you need to do (read .doc files, run another program, etc...) except something that would cause NOTEPAD.EXE to close.
  8. Press Ctrl-N again, and you'll return to debugging NOTEPAD, right where you left off.

Test4: Catch a new thread

  1. Select 'trnewtcb' in TRW2000's menu.
  2. Now, you can run any 32-bit , or 16-bit app and TRW2000 will catch the new thread at the first opcode.

Test5:  Finding out how a program operates.

Let's say I'm writing a new program. When I right click on my program's icon in the system tray, I want it to show a popup menu (like TRW2000 does), but I'm not sure how to do it.

So I run TRW2000, right click on a user icon in system tray, and when its popup menu displays, I hit Ctrl-N to activate TRW. I then give TRW the command "pmodule" (which tells TRW to step through the program until it encounters a RET to module code). Then, I use the TRW command "X" to return to Windows from TRW. Next, I just click anywhere to make the user popup menu close. TRW2000 pops back up and tells me that it just returned from the system call "TrackPopupMenu".