Aminet 6

home *** CD-ROM | disk | FTP | other *** search

/ Aminet 6 / Aminet 6 - June 1995.iso / Aminet / dev / debug / Disectv17b.lha / document / DisectV1.7.doc < prev next >

Wrap

Text File | 1995-03-20 | 108.4 KB | 2,358 lines

* ------------------------------------------------------------------------- * Disect V1.7 - © DMA 1994-5 26.11.94 ========================== ======== 1) Introduction 2) Disect Request Windows 3) The Program Screen 4) A Disassembler Tutorial 5) Symbol Selection Window 6) Address Functions 7) DataStrings 8) Key Macros 9) Expressions 10) MultiBin Files 11) Screen Icons Reference 12) Keyboard Reference 13) Mouse Reference 14) Menu Reference 15) Process Variables Memory 16) Grabbing An Existing Process 17) Auto Trace Mode 18) Hardware Monitor 19) 68020 Modes/Instructions 20) Installing To Hard Drive 21) Contact Address * ------------------------------------------------------------------------- * 1) Introduction =============== Disect is a very powerful combined disassembler/debugger program, which has been designed to be easy to use. Its power is achieved at the expense of memory: the minimum requirement is 1Mb; for larger projects, 2Mb will be required. The programmer neither encourages nor condones its use to assist in illegal duplication of copyright software. Disect can be used for two main purposes: development of software; and the gaining of knowledge (hacking can be very educational). The debugger allows an executable file, a disk boot-block, a binary file, or an area of memory to be loaded and created as a Process. It is even possible to grab an existing memory-resident Process. A Process's instructions can be executed individually, or the Process can be activated, with or without breakpoints installed. System exceptions can be trapped before they crash the machine, and program symbols can be read from execut- able files. The disassembler allows a loaded program to be commented, have blank lines inserted, and have it's numbers and addresses replaced with constant or program symbols. All the symbols of Release 3 of the system include files are available to the disassembler. A program which has been dissected in this way can then be saved as two source files: a program file, and a support file. The support file will contain EQUs for all required constant symbols. System constant symbols can be EQUs (grouped by the SI file where they live), or alternatively the support file can INCLUDE all required SI files. Disect data files can be saved, to be reloaded later: 'hold on to your hacks'! Disect requires Release 2 of the Amiga operating system; it also requires the ASL library, and GadTools library. If you've paid your shareware fee then you'll have the full version. Otherwise, the copy you've got is (hopefully) only a demo. This has a few differences: you cannot disassemble to file; you cannot extract program symbols from executable files; auto trace mode is not available. In addition, you will not have all of the system symbol data files. If this is so, and since, as I don't doubt, you'll be impressed by this program, then don't hesitate in registering today, by sending your name and full address (and a cheque/postal order for £20) to the address which you'll find at the end of this file. As well as receiving the full version, you'll also be en- titled to technical support (by mail) if required. If you like this program, it's well worth the money... this will encourage further versions, which will only get even more powerful... imagine! 'Disect' is Shareware, Copyright © D.M.Alderson 1994/5, all rights reserved. Duplication for the purpose of backups is permitted, but not for the purpose of selling or otherwise distributing the software, manual, or other related items, which includes '.dsct' data files only for commercial purposes, without written permission from the author. This does not apply to the demo version of the software, which in such instances would include the manual, and other related items, but not including '.dsct' data files unless for commercial purposes. The author does not make any warranty, express or implied, with respect to the software or any related item, their quality, performance, or fitness for any purpose. It is the responsibility solely of the purchaser to determine the suitability of the software for any purpose. In no event will the author be liable for incidental or consequential damages of any kind in connection with the software product, manual, or other related items and processes including, but not limited to, any interruption of service, loss of business, anticipated profit, or other consequential damages. ETC. Disect was written using a 2 meg A500+ (without a hard drive!). * ------------------------------------------------------------------------- * 2) Disect Request Windows ========================= The program takes much of its input through 'request windows'. These are standard windows containing string and button gadgets, etc. The more commonly used windows have keyboard shortcuts. Where available, these consist of the first letter of the text within the gadget (which will be underlined). One exception is the 'Select Address Base' request: to select '+ Decimal' you use key 'p'; to select '- Decimal' you use key 'm'. Many of the windows allow specification of a number of address ranges (eg: when searching memory). These contain a list of the currently defined address ranges, and two string gadgets to input the start and end addresses (inclusive) of a range. You should input the start, and then the end, after which, if the range is ok, the address range will be stored. Note that you may not enter zero as an address. For most of the windows, the ranges list will be initialised to contain the start and end addresses of any loaded project memory. If you LMB on any address range, it will be selected, and can then be changed. If you select a range, then enter no input for the start and end addresses, the range will be deleted from the list. The RMB can be pressed to un-select a selected address range. Instead of having to enter the actual end address into any end address string gadget, it is possible to instead enter the size of a memory area, by preceeding it with a comma. You can also enter, for example: '+12', which will result in an address range of 13 bytes (ie: end address = start address + 12). For an address range of a single byte, you can simply enter '='. One last thing: if Disect seems to lock-up, try pressing any SHIFT key, or any ALT key. * ------------------------------------------------------------------------- * 3) The Program Screen ===================== As of V1.2, Disect incorporates menus for most functions. To prevent contention between menus, and Disect's use of the RMB, in order to select from a menu, you must first RMB click on the menu bar, in order to 'activate' the menus. To disable the menus, and allow Disect to respond to the RMB in the main window, you simply LMB on the window, away from the menu bar (for example, on the status/message area). At the top of the screen is displayed the available chip and fast memory, various function icons, and the program's status/message output. The status message consists of the current state of any Process (--- none, -S- Process suspended, -A- Process active, -W- Process Wait()ing), info of any defined disassembly window markers, and the number of address stack entries. The icons (from left to right) are: project; INCBIN; address stack (3 icons); smiley; workbench screen; disassembly window left/right scroll arrows. See below for more info. Below this is the disassembly window area. There can be either one or two disassembly windows open at once: the tab key will toggle between single and double window mode. The cursor keys can be used to scroll windows, while pressing shift also will move a window faster. In double window mode, pressing the left alt key will select the lower disassembly window. This applies to the cursor keys as well as other disassembly window keys (eg: A, F1-F9, F10). In each disassembly window, you'll find up and down arrow gadgets for scrolling the window. Normally, these work upon the window in which they are situated. It is possible, however, to use either pair of arrow gadgets to scroll the memory window, by also pressing the right ALT key. Next down is a window which displays the PC and SR values, and the source effective address (SEA) and destination effective address (DEA) of the instruction at the PC, when applicable. Also displayed is the content of these addresses. There are two lines of this: the upper line displays the current values, while the lower line displays the previous values. This allows the SEA/DEA content to be seen to be affected after execution of an instruction, which is not possible with programs which display only the current values. The upper line can be used to enter new values for the PC and SR, via LMB on the digits of the PC, or the digits/letters of the SR. To enter a new SR value, a request window will be opened. This allows input of either an expression (denary/hex/binary/symbols), or any combination of the letters XNZVC to denote which flags are to be set: any unspecified flags will be cleared. If no input is received, then the PC/SR is unaffected. If the Process is active, then attempting to change the PC or SR will have no actual effect. The third line in this window is the 'register zoom'. This can be locked to any of the registers d0-d7 or a0-a7, and displays the register content, and the content of this address and the next 15 bytes upward in memory, as denary/hex (depending on the currently selected base), and as ascii characters. The '·' character is displayed for any bytes not within the ascii range of 32 to 127. The locked register is selected by LMB on the text of 'd0', 'd1', etc in the register window. The register zoom can also be locked to the SEA or DEA of the instruction at the PC, if a Process has been created, by LMB on the text of 'sea=' or 'dea=' in the first line of the window. The register window is the lower-left window on the screen, and this displays the register values as denary/hex. For data registers, the register content is displayed also as ascii. For address registers, the register content is also used as an address; the content of this is displayed as denary/hex and ascii. Any of the registers can be given new values in the same way as the PC, by LMB on the digits of the register value. A nice little feature which you may at times find useful is, when entering for an address register value, instead of an address, you may enter, for example: >a text string This has the effect of storing all the input text after the '>' character, and setting the address register to point to the stored text. Disect contains eight such text buffers, each of which may contain up to 63 characters. The lower-right window is the memory dump. This can be scrolled using cursor keys and the right alt key. The shift key applies for the up and down cursor keys as it does for the disassembly window. By LMB on the address digits, you can input a new address for any of the separate lines in the window. When you do this, the addresses of any lines below the affected one will be updated, but any above it will remain unchanged. This allows, for example, the first line to be locked on one memory location, the second to be locked on another, and the remaining six lines to be used as a memory dump starting from yet another address. If you use the cursor keys to move the window, the first two lines will stay where they are in memory, and only the continuous block of six lines will be moved. Neat eh? Note that a much bigger memory dump window can be accessed by pressing 'm'. * ------------------------------------------------------------------------- * 4) A Disassembler Tutorial ========================== The best way to understand something is to do it, so on the disk you'll find an executable file called 'KeepASL' (in the Tutorial drawer). This is a little utility I wrote ages ago since I was fed up with having to reload the ASL after each time I assembled something. All it does is to open the ASL library and the clipboard device, preventing them from being removed from memory. So, load up Disect, and LMB on the project icon. This will open the project request from which you should select 'Executable', and select the file via the ASL. The next request allows you to define whether or not to create a Process, and extract any symbols from the executable file. Leave these un- checked (you don't need to create a Process for the disassembler, and there are no symbols in 'KeepASL'). The string gadget allows you to enter any CLI arguments to be passed to the executable file (again, not required now). So, just LMB on 'OK'. The executable will be loaded, and the disassembly window moved to it's start address. Note that marker 9 will be defined at the address - marker 9 is always defined at the start address of any loaded executable/ binary/boot, etc. When you load a binary file, marker 8 will be defined at its end address, so if you were to save the binary file later, you could enter 'm9' for the save binary start address, and 'm8' for the end address. Next, if you haven't already done so, load the SysSymbol data for the following directories: DOS, EXEC, INTUITION. This is done by pressing the 'Help' key to access the 'Resident SysSymbol Data Preferences', selecting the required data, then 'Use'. This request also allows you to load and save the preferences, or to quit, which will restore the preferences to the state they were when you pressed 'Help'. In the disassembly window, you'll have something like this: 0000665256 move.l 4.w,665604 0000665264 bsr.w 665504 0000665268 lea.l 665766(pc),a1 0000665272 moveq.l #0,d0 0000665274 movea.l 665604(pc),a6 0000665278 jsr -552(a6) 0000665282 move.l d0,665608 0000665288 beq.w 665406 0000665292 lea.l 665784(pc),a1 0000665296 moveq.l #0,d0 0000665298 movea.l 665604(pc),a6 0000665302 jsr -552(a6) 0000665306 move.l d0,665612 Obviously, the addresses will be different but the methods are the same. First of all, LMB on the area between the address and the mnem- onic of the first line, and enter the text 'main'. From the request window, select 'Instruction'. This will define a program symbol for the first address of the program, and will log the address as an instruction. Incidentally, if you ever enter a program symbol name which does not fit into the available area, the end of the name will not be lost. On the screen, only the first 11 characters will be visible; when you disassemble to a file, the whole of the name will be output. Now, LMB on the destination effective address of the first line. This will open the symbol selection window (see below for specific info). Activate the string gadget which presently contains the LMB'd address, and enter the text 'sys_base'. From the request windows which open, you should define the address type as 'Variable', the address size as 'Long', and the address base as '+ Decimal'. What this does is to log the DEA of the first instruction as a long variable, the content of which will be displayed as positive (unsigned) denary. Just to make sure, RMB on the DEA of the first line, and you'll see: 0000665604 sys_base DC.L 0 The previous disassembly window address will have been stacked (look at the status message), so you can return there either by LMB on the third icon from the left at the top of the screen, or by pressing F10. Do this now! You'll notice that as well as having replaced the DEA of the first line with the program symbol 'sys_base', Disect will also have replaced all other references to this address. This feature can be disabled by press- ing 'Del', and unchecking 'AutoSymbol', BUT DON'T DO THIS NOW! Now, to make the source more readable, we'll add a blank line after each of the following lines in the disassembly window: the first, the second, and the eighth line. Do this by LMB on the mnemonic of each of these lines. This will open the 'Address Functions' request, from which you should select 'Add Blank Line' (at lower-left of window). For the second and eighth lines, you'll get the 'Address Type' request, since these addresses have not yet been logged - obviously, these should be logged as instruction addresses. This will result in the following: 0000665256 main move.l 4.w,sys_base 0000665264 bsr.w 665504 0000665268 lea.l 665766(pc),a1 0000665272 moveq.l #0,d0 0000665274 movea.l sys_base(pc),a6 0000665278 jsr -552(a6) 0000665282 move.l d0,665608 0000665288 beq.w 665406 0000665292 lea.l 665784(pc),a1 0000665296 moveq.l #0,d0 Next, LMB on the text '-552' (or -$228), then on the text 'exec' in the lower window. You'll probably have guessed already, but LMB on the text '_LVOOpenLibrary' in the upper window, then select 'Confirm', and define the address as 'Instruction'. Now, we all know that a call to exec.Open- Library() requires a1 pointing to the library name text, so RMB on the SEA of the third line. What you now see won't look like much, until you've done the following: define a program symbol at the first line in the disassembly window, 'name' will do, and define the address as Data/Byte/ASCII/NULL. Now we know what library it is, we can change the program symbol from 'name' to 'int_name': 0000665766 int_name DC.B "intuition.library",0 The last request window ('Select Data Area Size') allows you to define how many bytes there are in a data area in four ways: you can enter an expression to define the number of BYTES; you can simply press 'Enter' to make it consist of one byte, one word, or one long (depending on the address size already defined); you can select 'NULL' to make the data area end at the first NULL byte/word/long; or you can select 'Symbol' to make it end at the byte before the address of the next defined program symbol. If you now press F10, you'll see that the address reference will have been replaced with 'int_name'. Next, press the 'A' key, and enter the following: '[0:$58]'. This will move the disassembly window to the $58th byte of the first hunk. Here, you will see a 'jsr' as the third line. LMB on the text '-204' or '-$cc', and replace it with '_LVOOpenWindow'. So, the first line contains the address of a NewWindow structure, so RMB on this address to move the disassembly window to this data. Now press key 'X', (or select 'Define DataString' from the 'Functions' menu), and from the list of system DataStrings, LMB on the text 'NewWindow', then select the 'Define' gadget. The NewWindow structure data area will be logged, and Disect will inform you that it has found an address pointer within the NewWindow structure, which points to an ASCII string. Click on the 'Define' gadget, and the ASCII string will also be defined as a data area. The disassembly window will now be returned to the address of the NewWindow structure. For further information about DataStrings I STRONGLY recommend that you read section 7. Well, we could go on like this for all of the 560 bytes of the program, but fortunately, you don't have to. Instead, LMB on the project icon and select 'Load Data', 'Erase', then load the file 'Tutorial/KeepASL.dsct': ; * ------------------------------------------------------------- ; Disassembly of 'KeepASL' - DMA 1.10.94 0000665256 main move.l (EXEC_BASE).w,sys_base 0000665264 bsr.w start_up ; WB/CLI start up 0000665268 lea.l int_name(pc),a1 ; open intuition 0000665272 moveq.l #0,d0 0000665274 movea.l sys_base(pc),a6 0000665278 jsr _LVOOpenLibrary(a6) Much better than the original, eh! Now, we're going to disassemble the whole program to source, so press 'd'. This gives the 'Disassemble To File' request. The disassembly address range will be initialised as the address range of the loaded program. Note that with executable files, there may be more than one hunk in the file, so it is possible to disassemble more than one address range. Now, using the two string gadgets at the bottom of the window, enter the two path/file names as 'RAM:Program.s' and 'RAM:Support.s', then select either to EQU or INCLUDE system constant symbols (I suggest EQU), and select 'OK'. After a short time a request window will open, informing you that an immediate long has been found. This means that Disect has found a number, as immediate data, which is within the project memory range. It is possible for such numbers to be immediate data, or program addresses, but it should be fairly obvious for you to decide which from the context in which they are used. For such numbers, Disect will display any matched program symbol name, or alternatively, the previous program symbol to the address along with the required offset to match the value of the number. From this request, you have a choice of leaving the number as immediate data, replacing the number with the symbol (or symbol+offset), or quitting the disassembly process. In our case, the number should be replaced (it's actually the nw_Title pointer of the NewWindow structure). Ok, when it's done, load up the two source files (you'll actually find them in the Tutorial drawer, although I suggest you DO have a go at all this). Have a look at them... Nice, aren't they! AND, they'll assemble correctly. * ------------------------------------------------------------------------- * 5) Symbol Selection Window ========================== A major feature of Disect is its ability to replace numbers present within a program with symbols. Disect can distinguish between two different types of symbols: PROGRAM A program symbol refers to a specific address within the program. This may be either the destination of a branch, etc, or an access to a variable, or the address of data. There are two kinds of program symbol, system and user. System program symbols, or system address symbols, are used to refer to absolute addresses in memory, for example, the addresses of chip registers. These form part of Disect's predefined system symbol list. User program symbols are defined by the user, and are used to refer to addresses within the program being disassembled. CONSTANT A constant symbol refers to any number used as immediate data, or as a displacement for the following addressing modes: ARID dd(ax) ARIDI dd(ax,rx.x) PCD dd(pc) PCDI dd(pc,rx.x) Disect's predefined system symbol list includes all of the system constants of Release 3.0 of the system include files. These are divided into three classifications: LVO a library vector offset used with: jsr dd(ax) Structure a system structure offset used with: dd(ax) Constant all other system symbols User constant symbols are defined by the user. A valid symbol name must begin with either a letter, or the characters '_' or '.', and may continue with any of these, as well as digits. Disect supports the use of local program symbols, which must be prefixed with either a '_' or '.' character, depending upon the current preference setting. There are a certain number of reserved symbol names which cannot be used when defining a symbol. The list of these can be found in Section 8. In order to replace a number within a program, all you have to do is LMB on the number in the disassembly window. This will open the Symbol Selection Window, which is used to specify which symbol(s) are to be used to replace the number. In addition to using real symbols, Disect also allows 'fake' symbols to be created. These are symbols which have no name text. Instead, the 'name' is the value of the symbol displayed in whatever base you select. For example, instead of replacing the number 16 with the real symbol 'MP_SIGTASK', you could replace it with the fake symbol '%10000'. Or, the number 65 may be replaced with a fake symbol: "A". The possible bases for fake symbols are decimal, hex, ASCII, binary. Such symbols will appear in the symbol list where appropriate. Whenever you replace a number, the address where the number occurs becomes logged in the usual way. In addition, if you are replacing an address with a (new, program) symbol, then this address is also logged. Consider the following: 632472 move.l 632804,d0 ~ ~ ~ 632804 ori.b #0,d0 If you LMB on the '632804' in the first line, and replace it with a symbol, eg: 'variable', then the addresses of both lines will be logged. First, Disect will allow you to define the address type for the equivalent address of '632804' (although INCBIN is not supported in this way, at present). In this example, it might be address type: VARIABLE/LONG/... This will log the second address, and assign to it a program symbol (named 'variable'). After this, the Symbol Selection window will close, and Disect will then request the characteristics of the first address (INSTRUCTION). The Symbol Selection window contains two list windows. The left window will display the current list of matched symbols. You may select a symbol from the list by LMB on it within this window. The right window will display either a list of system include directories, or a list of the files within a selected directory. You can LMB on a directory or file name in order to limit the symbol search to only the selected directory or file. If you RMB on a system constant symbol (in the other list), then this will select the system include directory and file which contains that symbol. Note that if you RMB anywhere else (not in the symbol list window), then the current list of symbols will be sorted alphabetically. The currently selected system include path is displayed above the includes list window; to the right of this text is a 'Parent' gadget to un- select the current directory and file names. In the symbol list window, if a symbol has a '*' character disp- layed after its name, then this denotes that the symbol is not defined in the official system includes. There are quite a few of these to allow greater flexibility. They include 'FLAGB_' and 'FLAGF_' definitions of 680x0 process- or flags (in exec/execbase.i), and a complete list of raw key codes (devices/ keyboard.i), as well as some hardware bits symbols. When disassembly to file, any such symbols will be output to the support file as EQUs. Above the symbol list window, are four gadgets. The first two gadgets allow selection of the type of symbol to be searched for. The first gadget selects between System or User symbols; the second, between Program or Constant symbols. The third gadget allows you to select the type of search to be performed; there are two possible types of symbol search: Value, and Bit. The first will search all resident symbols for a direct value match with the number to be replaced. A Bit search will list all symbols for which a set bit in the original number corresponds to a set bit in the symbol's value. This is used when replacing a number which represents bitwise OR of multiple bit flags. As examples: move.l #IDCMP_RAWKEY+IDCMP_CLOSEWINDOW,(a0) move.w #DMAF_MASTER+DMAF_COPPER,dmacon(a5) When searching for symbols in this way, when you have selected the first symbol to be used, Disect will then only list symbols which represent bits in the same group of flags (eg: only IDCMP_ flags, or only DMAF_ flags). The fourth gadget depends on the current symbol type: for program symbols, a 'Prev' gadget will exist; for constant symbols, an Offset cycle gadget will exist. The 'Prev' gadget will automatically select the system/user program symbol with a value previous to that of the number being replace (which would be an address). This is useful for finding, for example, a reference to the low byte of a word variable (assuming you have already defined a program symbol for the address of the word), or a refernce into a data table. It becomes especially useful if replacing a system address: for any direct address reference to a hardware register, pressing this gadget will result in the symbol 'CUSTOM_BASE' being automatically selected (ie: address $DFF000). The apprioriate symbol from the hardware directory (custom.i) can then be selected to account for the required offset to the actual address. When you attempt to find a previous (user) program symbol, Disect will only use a local program symbol if this does not result in a reference to a local program symbol across the bounds of a global program symbol. When searching for system/user constant symbols, the Offset cycle gadget will be displayed. This allows you to select an offset value to be used when searching for a symbol value match. The possible offsets are: -1, -2, -3, +1, +8, +16, +24. Such an offset represents the value to be added to the original search value in order to find the value to which the symbol search must match symbols. For example: btst.b #INTB_AUD3,intreqr(a5) Now, INTB_AUD3 has the value 10, ie: bit 10 of the word-register. When this is assembled (some assemblers would allow the above, some would require you to have '-8' after the 'INTB_AUD3'), the resulting code would actually be: btst.b #2,$1E(a5) So, when you LMB on the '2' in the disassembly window, obviously Disect would search for symbols of value 2. If you've already replaced the '$1E' with 'intreqr', then you'll be expecting an 'INTB_' symbol. This would return 'INTB_SOFT'. Incorrect. Hence, an offset of '+8' will solve the problem, and produce the relevant result (by searching for symbols of value 2+8, hence 'INTB_AUD3' would be found!). The actual result would, of course, be: btst.b #INTB_AUD3-8,intreqr(a5) Above the four symbol gadgets is a string gadget which is used for displaying the current search value, or the current list of selected symbols Above the four symbol gadgets is a string gadget. This has a dual purpose of displaying the currently selected list of symbols which will be used to replace the number, and to allow a symbol name to be input. When searching for user program or constant symbols, you may enter any valid unused symbol name here, and this will be created as a new user symbol which will be assigned the value of the replace-number. If you enter the name of an existing system/user symbol, then this will have the effect of selecting the symbol. In this case, the symbol search value (ie: originally the number which was being replaced), will be adjusted to take account of the value of the symbol which you entered. This is useful since there are times when a number being replaced is formed from, for example, an accumulation of structure offsets. As an example, consider a program which allocated it's variables memory dynamically, then accessed them using ARID mode via a5. Supposing this memory block was 2k in size, and you have determined that bytes 240 to 273 are used for an MP structure (message port, exec/ports.i), so you have defined a user constant symbol 'mport' to have the value 240. Now, you might find the following: move.b 255(a5),d0 What this represents is in fact: move.b mport+MP_SIGBIT(a5),d0 This can be achieved by entering the name 'mport' (which will be selected, and the search value of 255 adjusted to 15), then selecting the 'MP_SIGBIT' symbol by LMB in the symbol list window. To the right of the string gadget are three check gadgets which are used to select the type of symbols to be searched for when searching for system constant symbols. These gadgets will automatically define themselves according to the context where the replace-number was used. Note that this cannot be 100% accurate for the type of symbols: always make sure you are searching for what you want! Whenever a symbol is selected which results in the search value becoming zero, then a request window will open. The content of this varies. If you are making a normal symbol selection (due to LMB in the disassembly window), then four gadgets will exist: 'New' 'Zero' 'Confirm' and 'Quit'. When making a dummy symbol selection (due to pressing the 'P' key in the main window), then a 'Comment' gadget will exist instead of 'Confirm'. If you are replacing a number within a bitfield instruction (ie: either the offset or width value), then you get 'New' 'Confirm' and 'Quit'. The 'New' gadget will erase the currently selected symbol(s) and allow a new seclection to be made. 'Zero' will allow you to select further symbols (of value 0). 'Confirm' will cause the original number in the disass- embly window to be replaced with the currently selected symbol(s). 'Quit' will abort, and close the Symbol Selection window. The 'Comment' gadget has a rather useful purpose (see key 'P' in Section 12). * ------------------------------------------------------------------------- * 6) Address Functions ==================== The Address Functions request is accessed via LMB on the opcode (mnemonic) area in the disassembly window. The address functions are as follows: Log Address ----------- This allows a program address to be logged. You will be requested the type of the address. This may be instruction, variable, data, copper, INCBIN, ASCII string (NULL-terminated), or EVEN string (which is the same, except Disect will ensure that the string ends at an odd address, so that the next address is therefore even). Note that any extra pad byte used to word-align the string must be NULL. If a Process exists, then when an address is logged (by any method), if the PC is at the address, then it will be auto- matically defined as an instruction address. INSTRUCTION This is the default address type for all addresses at which the opcode can be successfully identified as a valid instruction. VARIABLE This allows an address to be defined as a byte, word, or long variable. The base in which the variable's value should be displayed can also be defined. DATA Similar to a variable address, a data address consists of any number of bytes, words, or longs. The size of the data area can be specified by either: pressing Enter (for 1 byte/word/long); inputting an expression to determine the number of bytes of data; selecting the NULL gadget (data continues up to and including the first NULL byte/word/long); or selecting Symbol gadget (data area continues until next defined program symbol). The last option will allow a data area to automatically be adjusted if a new program symbol is defined after the data area start, and before what was previously the 'next program symbol'. (Note that this cannot be used if the next logged address from the data area start does not have a program symbol, or if there is no next program symbol). Incidentally, there is another way of defining data areas. See section 7. COPPER A copper address will be disassembled as a macro which, when assembled, will create the relevant copper instruction. These macros will be output to the support source file during file disassembly (if required). Note that for copper move instruction, if the hardware SysSymbol data is resident then the move destin- ation address will automatically be replaced with the relevant symbol for the hardware register it refers to. INCBIN This allows data areas to be defined as INCBIN areas. Such areas will be disassembled as an INCBIN directive. Upon selection of this, Disect will request the INCBIN data area size, which must be entered (no 'next-symbol', or until-NULL'). After this, the ASL is used to select the file to which the data area should be written. See also the section about the INCBIN request window. AS PREVIOUS This will automatically define an address of the same type, etc, as the previously defined address. Be careful not to use this after, for example, defining an address via the Symbol Selection Window, since this would be taken as the previous address type. Amend Address ------------- This allows a previously-logged address to be amended. Erase Address ------------- This will remove anything that has been attached to the address. Add/Erase Section Header ------------------------ A section header is a line of '-' characters, which will be added before the address. Add/Erase Header Comment ------------------------ These options allow a full-line comment to be added before the address, or to be removed from the address. Add/Erase Line Comment ---------------------- These allow an end-of-line comment to be added to the address, or removed from the address. Add/Erase Blank Line -------------------- These will add/remove a blank line after the address. Erase Program Symbol -------------------- This allows a program symbol to be removed from the address. Erase SEA Symbols ----------------- This option will remove any symbol(s) which have been used to replace the instruction's source effective address. This includes the offset and width values for 68020 bit fields. Erase DEA Symbols ----------------- This option will remove any symbol(s) which have been used to replace the instruction's destination effective address. This includes the offset and width values for 68020 bit fields. * ------------------------------------------------------------------------- * 7) DataStrings ============== In order to log a data area which consists of a number of byte/ word/long elements, ie: all bytes, all words, OR all longs, you use the address functions request. This allows you to specify the total size of the data area, and Disect will log only the first address. Obviously, this can save a lot of memory for large data areas, since Disect does not have to store information for each address. This is the best way of logging uniform data areas. For any data area where its elements are not all the same size (byte/word/long), you can use a DataString. The DataString request, accessed via key 'X', allows you to define your own DataString, or select a system DataString, and use it to define a data area. A DataString consists of two strings: the format string, and the base string. The first specifies the size of each element of a data area; 'B' represents a byte, 'W' a word, and 'L' a long. The base string defines the base of a 'piece' of data: 'P' positive denary; 'N' negative denary; 'H' hex; 'B' binary; 'A' ASCII; 'X' means use the currently selected default base (either hex or denary, as defined via the preferences). When you use a DataString to define a data area, successive addresses are logged as data, the size and base of which corresponds to the relevant characters from the format and base strings. Disect contains a number of predefined (system) DataStrings. The names of these correspond to the names of system structures, eg: Gadget, New- Window, etc. Each DataString represents the byte/word/long elements of the relevant system structure. You can also define your own DataStrings, which will be saved/loaded as part of the Disect data file. In the DataString request window, after pressing Enter in the base string gadget, if your DataString is valid, then it will be automatically stored. The LMB can be used to select a DataString from the currently displayed list. As of V1.6, when you use a system DataString to define a data area, a preference exists to allow Disect to automatically add a line comment to each 'DC.X' directive. These comments will be the names of the fields of the system structure which the DataString represents. When you later LMB on the operand of such a 'DC.X' directive (in order to replace it with a symbol) then Disect actually uses the line comment text in order to define which system include file is to be searched within the Symbol Select window. If the required directory's SysSymbol data is not resident, Disect will attempt to load it. As well as automatically selecting which include file, Disect also defines which 'group' of bit symbols should be listed, if necessary. For example, if you LMB on the number of: DC.W $44040 ; nw_IDCMPFlags then the Symbol Select window will open in 'intuition/intuition.i', and only 'IDCMP_' flag symbols will be listed! If required, once such a number has been replaced with a symbol, Disect will automatically erase the line comment text since it is no longer required. This is a preference, and can therefore be disabled if necessary. In addition, an item exists in the 'Functions' menu which will erase ALL existing SDS (system DataString) line comments. When defining an data area using a system DataString, Disect can detect pointers to other system structures. For example, within a NewWindow structure, nw_FirstGadget will be detected as pointing to a Gadget structure. In this case, Disect will move the disassembly window to the address of the Gadget structure, and a request window will open which allows you to confirm to Disect that you wish the data area to be defined, or alternatively, you can cancel the definition. The window also contains a string gadget, which will contain either the text of any existing program symbol at the start of the data area, or a symbol name which Disect will create automatically. Whichever, this is the symbol name which will be defined for the first address of the data area. It is not possible to enter any other program symbol name. For example, for a Gadget structure, Disect may create a program symbol of 'gadget0'. The number at the end of the symbol name is defined to be unique for each data area definition. It is recommended that you use these automatic symbol names (see below). Whenever a data area is defined in this way (due to a pointer to it within a previously-defined data area), then the program symbol of it is used to replace the number/address within the existing data area. Example: DC.L gadget0 ; nw_FirstGadget ~ ~ ~ ~ ~ ~ gadget0 DC.L $13ef26 ; gg_NextGadget Two of the system structures which are supported by DataStrings exist as an array of structures. These are TagItem and NewMenu structures. When you define a data area for either of these structures, Disect will also define any following structures, until the end of the array. For example, a TagItem array ends when ti_Tag holds a value of TAG_END. One last point to mention is that when a data area is defined via a system DataString (directly from the request window, as opposed to via a pointer to it in a previously-defined data area), if the first address of the area does not have a program symbol, then Disect will automatically create one for the address, as described above. The thing to be aware of is that when disassembling to a source file, Disect has the ability to detect such program symbols, and if it does so, it will disassemble the data area using a single macro (instead of a sequence of DC.X directives). For example: gadget1 DC.L gadget2 DC.W 326,4,50,14 DC.W GFLG_GADGHCOMP,GACT_RELVERIFY,GTYP_BOOLGADGET DC.L border12,0,intuitxt7,0,0 DC.W 2 DC.L 0 The above would automatically be converted to: gadget1 GADGET gadget2,326,4,50,14,GFLG_GADGHCOMP,GACT_RELVERIFY, & GTYP_BOOLGADGET,border12,0,intuitxt7,0,0,2,0 This will not occur: if any address in the data area has a line end comment; if any address in the data area other than the first address has either a header comment, or a program symbol; or if you have not used Disect's auto- matic symbol names. The syntax for continuing macro parameters over more than one line follows that required by Devpac. Any required macro definitions will be output to the Support source file. As a result of this feature, any program symbol name which might be created by Disect is now reserved; this means that you cannot use these names for any other program symbols you might create. The complete list of reserved symbol names (and macro names) can be found in Section 9. The DataString request window contains the following: Data Start Address ------------------ A string gadget allows the data start address to be specified. This will be initialised, when the window opens, to be the start address of the (upper) disassembly window. DataString Name --------------- A string gadget is used to enter the name of a user DataString. If you enter the name of an existing DataString, it will be selected. Data Format String ------------------ This string gadget allows you to enter up to 512 characters to specify the format of the data area. Each data element may be specified to be byte, word, or long, by entering the characters 'B', 'W', or 'L'. Note that if you enter, for example, 'LLBBBW', then Disect will automatically insert an extra 'B' before the 'W' to ensure word-alignment. Disect will permit an odd number of 'B' if it is at the end of the string. Data Base String ---------------- This string is used to enter an equal number of characters to specify the base of each data element. Each may be any of: 'P' positive den- ary; 'N' negative denary; 'H' hex; 'B' binary; or 'A' ASCII. Associated with each string are two numbers. The first displays the number of characters for each string. The second displays the number of successive, same, characters at the end of each string. System/User Cycle ----------------- This will toggle between a list of system and user DataStrings. Delete ------ This will delete the currently-selected user DataString. Define ------ This will close the window, and cause Disect to attempt to define the data area using the selected DataString. If an error occurs, the disass- embly window will be moved to the address which Disect was attempting to log when the error ocurred. Where possible, Disect will preserve any existing program symbols and comment texts within the definition data area. Any blank lines will be removed, but one will be added at the end of the data area. Quit ---- This will close the window, without defining the data area. * ------------------------------------------------------------------------- * 8) Key Macros ============= The 'Macros' menu allows up to ten key macros to be defined and used. This allows sequences of key presses, LMB or RMB clicks, and gadget selections to be recorded, and played back automatically by pressing a single key. As an example of just how useful this can be, supposing you were dissecting a program which contained a data table of, say, a hundred entries, each one consisting of the following sort of thing: DC.B "some text string",0,0 DC.L program_function67 Before this has been logged as data, it might be disassembled as, for example: $42be8 DC.W $736f $42bea blt.b $42c51 $42bec DC.W $2074 $42bec bcs.b $42c68 ~ ~ ~ ~ etc To define a key macro to format a single entry, first of all you would make sure that the disassembly window is at the start address of the first entry. You then begin the macro definition by selecting the menu item 'Macros/Begin Definition/Macro 1'. First, by LMB on the first 'DC.W', you would define the address as an 'EVEN String'. This gives: $42be8 DC.B "some text string",$0,$0 $42bfa ori.b #$0,-(a0) Next, LMB on the 'ori.b', then select 'Add Blank Line', and define this address as a single 'Data/Long/Hex' long. Finally, by clicking on the disassambly window down arrow twice, then pressing 'Enter', the macro will be defined. By moving the disassembly window down two lines, you will ensure that each time you use the macro, the relevant addresses will be formatted, since the macro has been defined to operate upon the first two lines in the disassembly window. All that is now required is to press the '1' key to use the macro to define successive entries in the data table, until the end of table is reached. But 'ah!', I hear you say: how will I know when I have reached the end of the table? Well, one possible solution is to begin definition of macro 2, and to first of all press key '1' (which would cause the next entry in the data table to be formatted). Then, you could hold down the right ALT key whilst you LMB click once on the address digits at the left hand side of the first line in the disassembly window. This will move the memory window to this address, at which point you would press 'Enter' to complete the macro definition. All of this would give you a second macro which enables you to see the content of the next address which would be affected by the macro, before you actually use it on this address. Note that it is perfectly safe to redefine macro number 1: macro number 2 does not depend on macro number 1, even though macro number 1 was played during definition of macro number 2. During definition or playback of any macro, if any errors occur, then the macro definition/playback will be aborted. This would result in a macro NOT being defined. This also occurs if any Process exception occurs other than a trace or a breakpoint exception. A defined macro can be replayed either by pressing it's key (1-0), or using the menu item. Via the menu item, a request window will open which allows you to specify either to play the macro once, to play the macro a specific number of times, or to play the macro until an expression is TRUE. This is probably most useful for something such as the following: 'w1=$662084', which would play the macro until the (upper) disassembly window reached a certain address. Macro playback can be aborted by clicking on the main program window, and holding down the space bar. * ------------------------------------------------------------------------- * 9) Expressions ============== Disect allows complex expressions to be input whenever a numeric value is required. Such expressions may contain program or constant symbols, which may be system or user symbols, although local program symbols are not permitted. Numbers may be expressed as denary, hex, binary, or character constants (eg: 'a', "ab", 'abc', "abcd"). In addition, addresses can be represented as offsets from hunk/project memory starts. For example, the text "[0:16]" represents the address of the 16th byte of hunk 0 (the first hunk). If there is only one project memory area (eg: an executable of only 1 hunk, or a binary file, has been loaded), then a hunk number does not have to be specified ("[16]" would be accepted). Any numbers within the "[]" characters may be either hex or decimal. If a base offset address has been defined, then if you were to input "[16]", then this would be taken as an offset from the base offset address (instead of as an offset from the start of the first/only hunk). It is also possible to prefix a number with a '.', for example: '.$80000046'. This will cause Disect to treat the number as an FFP value, which in this case would be evaluated to a value of 32. If the value is too large/small to be stored as a long integer, then an error will result. Disect supports the following operators, in decreasing order of precedence: HIGH PREC - MINUS, eg: -32 ~ bitwise NOT, eg: ~$0FF0 << >> SHIFT LEFT and RIGHT, eg: %1<<16 & ! ^ bitwise AND, OR, EOR * / \ MULTIPY, DIVIDE, MODULO + - ADD, SUBTRACT = < > <> <= >= comparisons Precedence may be overridden via parentheses ( and ). Expressions are evaluated left-to-right. Byte, word, and long indirection is supported via parentheses: {4}.l long content of address 4 The following is also possible: {{4}.l}.w word content of address specified by long content of address 4 The comparison operators return the value 0 if FALSE, and -1 (or $FFFFFFFF) if TRUE. Expression evalution occurs using 32-bit unsigned integer arithmetic. The operator | is equivalent to ! (bitwise OR); != may be used for <> (inequality). There also exists a number of reserved symbol names. Unlike all other symbols, they are case-insensitive: M1-M9 disassembly window markers 1-9 W1 start address of upper/single disassembly window W2 start address of lower disassembly window W3 start address of memory window If register a6 is equal to any of these, then the relevant name will be displayed in the register window instead of the actual address: BASEEXEC Exec library base address BASEDOS DOS library base address BASEGFX Graphics library base address BASEINT Intuition library base address BASEASL ASL library base address BASEGADT GadTools library base address BASEMFFP MathFFP library base address The following are only valid if a Process exists: D0-D7 current value of data registers A0-A7 current value of address registers PC current value of program counter SR current value of status register CCR current value of condition codes register SP current value of a7 SEA source effective address of instruction at PC DEA destination effective address of instruction at PC INITSP value of a7 when Process initially entered PROCP address of Process's Task/Process structure In addition, Disect will not allow symbol names such as 'A235768', or 'a23ff40', since such names may be automatically created during disassembly to file, and hence should not exist already. The following lists all the symbol names reserved for creation of automatic program symbols for system structure data areas which have been defined via DataStrings. Each symbol name is the base name to which an ascii number is added. All possibilities (actually, an infinite number) of each base name text are reserved. System Structure Base Symbol Macro Name ---------------- ----------- ---------- BB bblock BOOTBLOCK BitMap bitmap BITMAP BoolInfo boolinfo BOOLINFO Border border BORDER ColorSpec colrspec COLORSPEC EasyStruct easystru EASYSTRUCT ExtGadget extgadg EXTGADGET ExtNewScreen extnscrn EXTNSCREEN ExtNewWindow extnwind EXTNWINDOW Gadget gadget GADGET Hook hook HOOK Image image IMAGE IntuiText intuitxt INTUITEXT KeyMap keymap KEYMAP LH listhead LISTHEAD LIB lib LIBRARY LN listnode LISTNODE MC memchunk MEMCHUNK ME mementry MEMENTRY MH memheadr MEMHEADER ML memlist MEMLIST MLH minlisth MINLISTHEAD MLN minlistn MINLISTNODE MN message MESSAGE MP messport MESSAGEPORT Menu menu MENU MenuItem menuitem MENUITEM NewGadget newgadg NEWGADGET NewMenu newmenu NEWMENU NewScreen newscrn NEWSCREEN NewWindow newwind NEWWINDOW PropInfo propinfo PROPINFO StringExtend strextnd STREXTEND StringInfo strinfo STRINFO TTextAttr ttxtattr TAGTEXTATTR TagItem tagitem TAGITEM TextAttr textattr TEXTATTR TextFont textfont TEXTFONT TextFontExtension tfontext TEXTFONTEXT * ------------------------------------------------------------------------- * 10) MultiBin Files ================== The 'Save MultiBin' item in the 'Project' menu allows a single binary file to be created which consists of more than one block of memory. The item will open a request window which contains a list of entered address ranges, string gadgets for entering address ranges, and a couple of gadgets at the bottom of the window. The 'SegList' gadget allows a memory-resident SegList to be used to automatically define the address ranges to be saved. By entering the start address of the first hunk in memory into the string gadget next to the 'SegList' gadget, and then clicking on the 'SegList' gadget, Disect will scan the SegList, and store the start and end addresses of each hunk in the SegList. Be careful! The address to be entered as the start address of the first hunk should be the address at which the PC begins when the SegList is executed (the SegList is immediately before this address in memory). There is also a check gadget which will force the file which is saved to be pure binary. In general, if you have used the 'SegList' gadget, then this should be unchecked, since extra information is saved in the file which enables the MultiBin file ('.mbin') to be reloaded later to the same addresses from which each block of memory was saved, and possibly created as a Process. This is of most use when dissecting an executable which allocates memory, into which it decompresses the real program as a complete SegList. By specifying the initial execution address of the first decompressed hunk, the complete program can be saved as a MultiBin file. For those who are interested, a description of the MultBin file format is at the end of this section. If the gadget is checked, then only the exact content of the specified memory ranges is saved, as a binary file ('.bin'). This means that the saved memory cannot be loaded back later to the exact addresses from which each block was saved. The 'Load MultiBin' item in the Project menu allows a previously saved MultiBin file to be loaded. This presents a request window which has an 'Allocate Saved Memory' check gadget. If checked, then Disect will attempt to load the MultiBin file to the exact addresses from which it was saved. Alternatively, if unchecked, the file will be loaded to any available memory. A separate executable program called 'AllocMultiBin' allows the required memory of a MultiBin file to be allocated. It should be used immed- iately after re-booting your machine. It will open an ASL requester with which you specify the MultiBin file to be loaded. If an error occurs, the program will re-open this requester; if the file loads successfully, the program will merely wait until you click on it's window's close gadget, and will then free the memory used by the MultiBin file. Once the MultiBin file has been loaded, you should leave 'AMB' in memory, and load Disect. Then select 'Load MultiBin' from the 'Project' menu, select the same MultiBin file as was loaded by 'AMB', and check the 'Allocate Saved Memory' gadget in the relevant request window. From this window, click on the 'OK' gadget, and 'AMB' will automatically free the used memory, then terminate, allowing Disect to load the MultiBin file to the required memory. Also in the Save Multibin request window is an 'Add' gadget, which will attempt to add a selected address range to the current project, if the memory is available. MultiBin File Format: --------------------- For each memory block: LONG start address of memory LONG end address of memory LONG memory type (MEMF_ returned by Exec.TypeOfMem() followed by the memory block itself File ends with 3 LONGs, all of value zero. * ------------------------------------------------------------------------- * 11) Screen Icons Reference ========================= Here is information about the icons at the top of the main program screen, from left to right across it. Project Icon ------------ The first icon is used to access the Project Request. This allows the following operations: 1) Executable will load an executable file. After selecting the file to be loaded, a request window will allow you to specify whether or not Disect should extract any program symbols, and create a Process. The window also contains a string gadget with which to enter any CLI arguments which are to be passed to the Process. If program symbols are extracted from an executable file, then Disect will automatically log their addresses as instructions, since it is not possible to determine between code/data/etc. All this means is that some addresses will have to be amended via the Address Functions request... no major problem. 2) Memory will allow a memory area to be logged as the project. This feature also allows a Process to be created, the starting address of which will be the first address of the memory area. It is not possible to create a Process for a ROM memory area. 3) Load Binary will allow a non-executable file to be loaded, with the option of creating it as a Process. In addition, you may specify a preferred memory address to which the binary file should be loaded. If you specify an address, but the memory is already used, then Disect will not load the binary file. 4) Boot Block allows a 1024-byte disk boot block to be loaded; it may be created as a Process if required. The initial PC address will be the 12th byte of the boot block. Note that when a boot block is loaded, the first three longs are formatted appropriatly (the boot ID, checksum, and whatever the third one is?). If a Process is created, then Disect will pass the address of the trackdisk's IOEXTTD structure to the Process in a1. 5) Load Data and Save Data can be used to load/save the data that Disect creates when you disect a loaded project. This data is formed when you do anything to an address within the project memory range (replacing numbers with symbols, creating program symbols, adding blank lines and comments, etc). Note that the current disassembly window markers are also saved/loaded. 6) Save Binary allows a memory area to be saved to a file. Note that you can resave a loaded binary file by specifying m9 and m8 for the start and end addresses (assuming you've not changed them since loading the binary file). 7) Erase Data will erase any existing Disect Data. Note that whenever a project is loaded, disassembly window marker 9 is auto- matically defined at the first address of it. For binary files, marker 8 is also defined at the last address. INCBIN Icon ----------- This icon will access the INCBIN request. This allows you to define data areas which are to be disassembled using an INCBIN assembler directive. In order to define an area, you simply enter the start and end addresses of the area, and, if these are valid, Disect will then ask you to select the file to save the binary area as. If the file is written ok, then the INCBIN area will be defined. You can select an existing INCBIN area by LMB in the address ranges list window. In order to delete an INCBIN area, you select it, then enter NULL strings for the start and end addresses (ie: empty the string gadget, and press 'Enter'). An INCBIN area may be unselected by pressing the RMB. The Save gadget is used in order to re-save, or rename, an existing INCBIN area's binary file. This is only achieved by selecting an INCBIN area first. Address Stack Icons ------------------- The address stack is used in order to follow the flow of a prog- ram. If the RMB is pressed over an address in the disassembly window, the current window start address will be stacked, and the disassembly window will be moved to the new address. The three icons are: retrieve last stacked address, stack current disassembly window address, and delete last stacked address. Note that if pressing left alt while RMB, the lower disassembly window address will be stacked/changed. Smiley Icon ----------- Reserved for future use... WorkBench Icon -------------- This allows the workbench screen to be opened/closed. Arrow Icons ----------- The upper pair of left and right arrow icons can be used to move the upper disassembly window; the lower pair are for the lower disassembly window (if this is open). By also pressing the right ALT key, either pair can be used to move the memory window. * ------------------------------------------------------------------------- * 12) Keyboard Reference ====================== This section contains general program information, related to the keys which invoke each feature of Disect. The complete list is below: Windows Cursor Keys Move upper disassembly window ------- & LEFT ALT Move lower disassembly window & RIGHT ALT Move memory window & SHIFT Move window fast A {LEFT ALT} Define disassembly window address F1-F9 {LEFT ALT} Go to disassembly window marker SHIFT F1-F9 {LEFT ALT} Define disassembly window marker F10 {LEFT ALT} Retrieve last address stack entry ESCAPE Refresh all windows + Swap both disassembly window addresses \ Address/Offset display mode TAB Single/double disassembly window QUOTE (above TAB) Change number base (hex/decimal) Y Move disassembly window to previous addr U Move disassembly window to next address O Move disassembly window after data area Functions F Search memory --------- G Continue search W Fill memory Q Copy memory S Display symbols D Disassemble to file I Display information H Display processor history M Display memory dump Z Evaluate expression X DataStrings (see section 7) P Dummy symbol selection DEL Display preferences HELP Display resident SysSymbol preferences ESCAPE Abort search/disassemble to file Process E Execute instruction (whole of JSR/BSR) ------- T Trace instruction (stops inside JSR/BSR) C Breakpoint after PC & resume V Breakpoint at PC DEA & resume N Next instruction (without execute) K Kill Process B Define breakpoint L Kill breakpoints DISASSEMBLY WINDOW ADDRESS (A) ============================== This opens a window through which to input the required address. If the left alt key is pressed with the 'A' key, then the input will be used to define the lower disassembly window address. DISASSEMBLY WINDOW MARKER (F1-F9) ================================= With the shift key, keys F1 to F9 will define disassembly window markers 1 to 9 at the current disassembly window address. To delete a marker, both keys can be pressed a second time. Without the shift key, the disass- embly window will be moved to the address of the selected marker. If the left alt key is also pressed, then the lower disassembly window will be used. RETRIEVE STACKED ADDRESS (F10) ============================== Key F10 will retrieve the last stacked address and move the dis- assembly window to it. Again, left alt can also be pressed to move the lower disassembly window. REFRESH MAIN WINDOWS (ESCAPE) ============================= As well as refreshing all windows in the main program screen, the escape key will, if a Process exists, move the (upper) disassembly window to the current PC address (if this address is not visible in a disassembly window). MOVE TO PREVIOUS ADDRESS (Y) ============================ This will move the disassembly window to the previous logged address from the first logged address in the disassembly window. Left alt will select the lower disassembly window. MOVE TO NEXT ADDRESS (U) ======================== This will move the disassembly window to the next logged address from the first logged address in the disassembly window. Left alt will select the lower disassembly window. MOVE AFTER DATA AREA (O) ======================== This will move the disassembly window to the address after the first logged data address in the disassembly window. This is useful in order to pass large (uniform) data areas. SEARCH MEMORY (F,G) =================== Key 'F' will open the Search Memory request window, with which you can define the ranges of memory to be searched, the type of search data, and the data to be searched for. At the top of the window are two string gadgets to input the start and end addresses (inclusive) of a range. You should input the start, and then the end, after which, if the range is ok, the address range will be stored. Note that you may not enter zero as an address. The current ranges are displayed in a window below these gadgets. To the right of this window are gadgets to scroll through the list of address ranges. This list will be initialised to contain the start and end addresses of any loaded project memory. If you LMB on any address range, it will be selected, and can then be changed. If you select a range, then enter no input for the start and end addresses, the range will be deleted from the list. The RMB can be pressed to un-select a selected address range. Note that this info applies to all other windows where address ranges have to be specified. The gadgets at the bottom of the window are used to select the type of search. This may be byte, word, long, ASCII, or source. The string gadget allows input of the search data. For byte/word/long, this must be a sequence of expressions, with a comma to separate each parameter. For ASCII/ source, the text string entered is the search data. Note that ASCII will search memory for a text string, while source will actually disassemble the specified address ranges, and compare the resulting source with the input text. Obviously, searching for source is slower. The case gadget allows you to specify whether to ignore case when searching for ASCII/source. If check- ed, then Disect will use case-sensitive search; if unchecked, then case will be ignored. If searching for byte/word/long, you may enter a single '?' char- acter instead of an expression, in order to specify that a search-element is unknown. For example, if you entered 32,"A",?,16 for a byte search, then the following would be successfully matched: 32,65,46,16 and 32,65,12,16... etc When searching for ASCII/source, the '?' character may be used in the same way. In order to specify a search for a '?' character, you must enter '??' instead. When searching for ASCII or source, any number of spaces input as the search data will be matched to any number of spaces (or tabs) during the search. Key 'G' will continue a search which has been halted due to the search data being found. If searching for byte/word/long or ASCII data, then Disect will move the memory window (screen lower right) to the address where the search data has been found. If searching for source, then the (upper) disassembly window will be moved instead. Note that no checks are performed on the memory areas: if you (accidentally?) read from hardware registers, etc, you'll probably regret it... An alarm sound will begin whenever the search data is found, or when the search ends (data not found). In order to specify the end of an address range, it is possible to enter the following into the 'End' string gadget: = specifies an address range of a single byte (ie: the end address is the same as the start address) - most useful for Fill Memory (!) +X specifies an address range of (X+1) bytes (ie: the end address is the start address + X; 'X' can be any valid expression) ,X specifies an address range of X bytes; 'X' can be any valid expression This is possible in all request windows which allow input of an address range. (Search Memory/Fill Memory/Copy Memory/INCBIN/Load Memory/Save Binary/ Disassemble To File) FILL MEMORY (W) =============== This opens the Fill Memory request window, which is similar to Search Memory (above). The fill data type may be byte, word, long, or ASCII. Note that no checks are performed on the memory areas: if you (accidentally?) write to hardware registers, etc, you'll probably regret it... COPY MEMORY (Q) =============== A window will open, allowing you to specify the start and end addresses of the source memory area, and the start address of the destination memory area. These two areas may overlap without any corruption occurring. Note that no checks are performed on the memory areas: if you (accidentally?) write to hardware registers, etc, you'll probably regret it... DISPLAY SYMBOLS (S) =================== This will open a window via which a list of all current user symbols is displayed. At the window top is displayed the total number of program and constant symbols. The gadgets at the bottom of the window allow selection of whether to list program, constant, variable, or unused symbols, and the order in which to list the symbols (either alphabetically, or by increasing symbol value - NOTE that to resort the symbol list, you must also press the RMB). The next two gadgets allow you to delete or rename a selected symbol. A symbol may be selected by LMB on it. Once a symbol has been deleted, it cannot be retrieved. To rename a symbol, you should select it, press the 'Rename' gadget, enter the new name into the string gadget which is automatically activated, then press Enter. There is also another gadget, 'VM'. This allows a constant symbol to be changed to a variable symbol, and vice versa. See 'Process Variables Memory' for more info. As of V1.2, if you LMB on a program symbol which has already been selected, then the symbol window will be closed, and the (upper) disassembly window will be moved to the address of the symbol. As of V1.3, if you press a letter key (with or without a shift key), or the ".", or "_" keys, then, if the symbols have been sorted alpha- betically, the window will move to the first symbol beginning with that character. DISASSEMBLE TO FILE (D) ======================= Use of this feature is described in the tutorial (above); here is some specific information. The disassembly process occurs in two passes. On the first pass, Disect disassembles the required address ranges internally, creating a list of all referenced addresses which have not had a program symbol created for them, a list of all required system symbols, and a list of all required user symbols. Any immediate long numbers which lie within the disassembly address range(s) which have not been replaced by a symbol are also checked for. Also, during the first pass, Disect performs checks for any local program symbol references across the bounds of a global, For example: some_sr bsr .do_it rts another_sr bsr .elsewhere .do_it jsr .miles_away If any such references are found, Disect will move the upper disassembly window to the reference of the local program symbol, and the lower window to the address of it. Disassembly to file will be abandoned. On the second pass, the disassembly occurs again; this time the program and support source files are created. Now, any address references for which no program symbol exists will be have automatic symbols written for them. For example, the following code: 0000675372 lea 683208,a0 ~ ~ ~ ~ ~ ~ 0000683208 DC.W 10 would be disassembled as: lea A683208,a0 ~ ~ ~ ~ ~ ~ A683208 DC.W 10 After the whole disassembly is complete, there may still be some referenced addresses which were not disassembled directly. For example: 0000675372 move.w 683208,d0 ~ ~ ~ ~ ~ ~ 0000683206 data_table DC.L 10 0000683210 DC.L 20 Here, the first line would have been disassembled containing 'A683208', but there would be no program symbol of this name. Instead, any missing address references will be output to the end of the program file, by offsetting them from the previous global program symbol. As an example, the above would create: A683208 EQU data_table+2 If Disect finds a data area where all bytes are NULL, instead of creating lots of 'DC.X 0' source, Disect will convert the source to a single line of 'DCB.X n', where n=the required number of bytes/words/longs. This will not occur if the first line of the data area (ie:the only logged address of the data area) has had it's DC.X operand (a zero!) replaced with a symbol, or if the line has a line comment. During disassembly to file, Disect will concatenate multiple lines of DC.B, DC.W, or DC.L statements to form (much) fewer lines of source. DISPLAY INFORMATION (I) ======================= The displayed information contains the number of logged program addresses, and the number of program and constant user symbols. Below this is displayed the address range and size of each project memory area, with the type of the memory (C=chip, F=fast, P=public). DISPLAY PROCESSOR HISTORY (H) ============================= After any instruction is traced or executed (or skipped via key 'N' - see below), or whenever an active Process reaches a breakpoint, or whenever an exception occurs, the current processor state is stored. This information is accessed via the processor history display. The most recent entry is displayed in the lower window, with previous entries above. The display of register contents is in hex, although by LMB on the digits of a number, its value is displayed in denary in the small box in the top left of the request window. The thing to note is that for any entry, the register values represent the values after executing the previous instruction, while the PC, SEA/DEA and instruction disassembly represent the next instruction to be executed. DISPLAY MEMORY DUMP (M) ======================= This opens a large memory dump window, the start address of which will be initialised to the current address of the first line of the small memory window in the main program screen. The window may be moved around memory using the cursor keys (and the shift key to move it faster). A string gadget in the window top left allows a new start address to be input. The base of the address digits will be the same as the currently selected base for the main program screen (denary or hex). Note that the ASCII display will show the character '·' for any memory locations for which the content is out- side the ASCII range of 32 to 127. By LMB on a memory location's content, Disect will display the denary values of the byte, word, and long starting at that address. The cycle gadget in the window allows you to select whether to display the B/W/L as signed or unsigned denary. RMB on a memory location's content will cause the Base Offset Address to be defined at the address of the selected byte. The preferences will also be updated to display offsets instead of addresses. EVALUATE EXPRESSION (Z) ======================= This opens a window containing a string gadget for input of an expression. The current string content will be evaluated whenever Enter is pressed. Expression results are displayed as unsigned denary, signed denary (if the sign bit is set; ie, either bit 31, bit 15, or bit 7 depending upon whether the value is in the long, word, or byte value range - try it out with results of 4294967295, 65535, and 255 - you'll see what I mean!), hex, ASCII, binary, and any program symbol if one is found of the result value. DUMMY SYMBOL SELECTION (P) ========================== This will request a single expression, the result of which will be passed to the Symbol Selection Window. This allows you to select symbol(s) in the usual way, for any number, although obviously no information will be stored about your selection. When a symbol match occurs, the window will display the 'New', 'Zero', and 'Quit' gadgets as usual, but the 'Confirm' gadget will be replaced with a 'Comment' gadget. If this is selected, then the Symbol Selection window will close, and a message will appear in the main window. By LMB on the mnemonic of an instruction within the disassembly window, the actual text of the selected symbols can be automatically stored as a line comment for the instruction. The comment text will automatically have the chars "*!*" added to the end, allowing such comments to be found in disassembled a source file, using a text editor. As an example, if a program routine allocated temporary space for definition of a NewWindow structure: link a5,#-48 Although you cannot replace '-48' with 'nw_SIZE', by making a dummy selection for a value of '48', the Symbol Selection window will list 'nw_SIZE'. By selecting this, then the 'Comment' gadget, the symbol text is stored as a comment (with a marker allowing it to be found and edited, when a source file has been disassembled). DISPLAY PREFERENCES (DEL) ========================= This window allows selection of program preferences. The gadgets at the bottom of the window allow the last saved preferences to be loaded, the current settings to be saved, the current settings to be used, and the previous settings to be restored (ignoring any changes since window opened). The preferences are as follows: AutoSymbol This enables/disables automatic symbol replacement. This means that as addresses are disassembled via display of the disassembly window(s), any address which has not been replaced by a program symbol will automatically be replaced by any program symbol which has a matching value. In addition, if the 'hardware' directory SysSymbols are resident, then any references to chip registers or CIA addresses will also be automatically replaced. Also, any instructions of the form 'jsr dd(a6)' will have their displace- ments replaced with _LVO symbols, if a6 contains the base address of any of the libraries: Exec, DOS, Graphics, Intuition, ASL, MathFFP, GadTools. This only occurs if a Process exists, and will take place whenever the instruction at the PC is a jsr. This preference also controls Process Variables Memory references symbol replacement (see elsewhere). Auto 0(Ax) This enables/disables automatic display of a '0' before '(Ax)' for the address-register-indirect addressing mode. This is useful because some assemblers will automatically optimise address- register-indirection-with-displacement references to ARI if the displacement is zero. This feature allows a '0' to be displayed so that it can then be replaced with a symbol (for example: exec/lists.i 'LH_HEAD' which has the value 0). Case This allows selection of upper or lower case for disassembly. Note that assembler directives will always be disassembled as upper case. Base This allows selection of denary or hex for disassembly. A7/SP This allows selection of 'a7' or 'sp' for disassembly. Local This allows selection of the character to prefix local program symbols. This may be either '.' or '_'. PSymb ':' This enables/disables automatic display of a ':' character after program symbols in the program symbol field of a line. SAD This enables/disables automatic display of program symbols instead of addresses in such places as register values, memory dump addresses, addresses in request windows, etc. Offset This allows addresses to be displayed as hunk/project memory start offsets instead. If selected, any address which lie within the project memory range will be displayed as, for example, "0:256", where 0 is the hunk number, and 256 is the offset. In the disassembly window, this will be enclosed in "[]" chars. In addition, you may define a base offset address (using an item from the preferences menu). If you do this, then ALL addresses, not just addresses in project memory range, will be displayed as offsets relative to the base address, eg: "-$32", or "[+146]". A small request window is used to define the base address. This contains a string gadget for input of the address, and a check gadget to enable/disable the current base address. Comment DS This enables/disables automatic line comments when Disect defines a data area using a system DataString. Erase DSC This enables/disables automatic removal of DataString-defined line comments after symbolic replacement of a number. Blank Lines This preference enables/disables automatic blank lines. If used, Disect will add blank lines after any of these instructions: DBcc, Bcc, JMP, JSR, RTD, RTE, RTR, RTS. Process Mem This informs Disect whether or not to install a memory monitor when a Process is created (not if a Process is grabbed). If one is installed, then when the Process terminates, a request window will open to list any unfreed memory allocations. Disect will display the start and end addresses of each memory block, as well as the size. Also displayed will be either: 'SELF' if the memory was allocated by a function within the Process; the name of the library containing the function which allocated the memory (if this can be determined); 'ROM' if the memory was allocated by a ROM function which could not be named as a library. If the alloc- ator cannot be determined, then the return address when AllocMem() was called will be displayed. The memory monitor is installed by calling Exec.SetFunction() for the functions AllocMem() and FreeMem(). Before doing this, Disect first checks the current destination addresses of their JMP inst- ructions (the jump table just below ExecBase). If either of these instructions do not jump to a ROM address, then Disect will not attempt to install the memory monitor. Note that it is necessary to install a memory monitor for certain features of the Auto Trace mode (see elsewhere). DISPLAY SYSSYMBOL PREFERENCES (HELP) ==================================== As mentioned above, this window allows selection of resident SysSymbol (system symbol) data. The four gadgets at the bottom of the window work as for Preferences (above). Response to changing the preferences occurs when the window is closed. Note that you cannot remove a directory's data from memory if it is used (ie: if any of it's symbols are used by the project in memory). The digits after each directory's name represent the size of the data file. It's best not to load data without using it, since any resident data is checked in such circumstances as expression evaluation, checking if a symbol name is used already, etc. EXECUTE INSTRUCTION (E) ======================= Only available if a Process exists, this will execute the single instruction at the PC. Note that the whole of a JSR/BSR will be executed, ie: the Process will be suspended at the address after the JSR/BSR instruction. Any permanent breakpoint at the PC will be ignored. One small point to add is that it is possible to execute PC- relative JSR/BSR instructions which use 68020 specific address modes, even with a pre-68020 processor. (The reason: JSR/BSR instructions are buffered before execution, so therefore PC-relative modes get changed to absolute- long address mode. In the case of BSR, the instruction is changed to JSR absolute-long, so therefore any BSR which uses an 020 mode is permitted on a pre-68020 processor. If you didn't follow that, it does not matter...) TRACE INSTRUCTION (T) ===================== This will trace the instruction at the PC, if a Process exists. This means that if the instruction is a JSR/BSR, then the Process will be suspended at the first instruction of the subroutine which is called. Any permanent breakpoint at the PC will be ignored. In addition, if you trace a JSR or a BSR, then any form of breakpoint at the PC is ignored. RESUME PROCESS (Process Menu) ============================= This will activate a suspended Process, hence it and Disect will be running 'simultaneously' (multi-tasking). Any permanent breakpoint at the PC will be ignored during the (first) execution of the instruction there. BREAKPOINT AFTER PC (C) ======================= This will define a stop breakpoint after the instruction at the PC, and resume the Process. This is useful if the instruction is a DBcc/Bcc, since an entire program loop may be executed, and the Process suspended after the loop has been completed the required number of times. A permanent break- point at the PC will be ignored during the (first) execution of the instruc- tion there. BREAKPOINT AT DEA (V) ===================== This will define a stop breakpoint at the DEA of the instruction at the PC, and resume the Process. This, again, is useful for executing program loops, but ones where the exit point of a loop does not sequentially lead to the next instruction. Any permament breakpoint at the PC will be ignored during the (first) execution of the instruction there. NEXT INSTRUCTION (N) ==================== This will move the PC to the next instruction without executing the current one. Any breakpoint at the PC will be ignored. KILL PROCESS (K) ================ This will kill a suspended Process. This is achieved by changing the Process's stack pointer to the address it was when the Process began, moving the PC to an RTS instruction, and resuming the Process. Whenever a Process terminates, if any data exists, you will be given a chance to save it before it is (automatically) erased. DEFINE BREAKPOINT (B) ===================== This allows a breakpoint to be defined. The program requests the address of the breakpoint, and it's type. This may be permanent, conditional, stop, or count. Conditional breakpoints also require an expression. This will be evaluated after input, and if no error occurs, the breakpoint will be defined. Whenever execution of an active Process reaches a conditional break- point, then its expression will be evaluated. If the result is not zero, then the breakpoint is removed, and the Process suspended. If the result is FALSE (equal to zero), then the Process is resumed. If the expression cannot be evaluated (for example, due to an unknown symbol name), then the Process will be suspended, with the breakpoint intact, and an error message displayed. Count breakpoints have associated with them a long counter. When- ever the breakpoint is reached, the counter is decreased. If it reaches zero, then the breakpoint is removed, and the Process suspended, otherwise the Process will resume. Stop breakpoints are simple breakpoints which will cause the Process to be suspended. They are removed whenever encountered. Stop break- points are in fact count breakpoints with an initial counter value of 1. Note that an alternative method of defining a breakpoint is to LMB on the address digits in the disassembly window, at the address where the breakpoint is required. When an active Process reaches a breakpoint, if the breakpoint causes the Process to be suspended, then the PC will be at the address of the breakpoint, and the instruction there will not yet have been executed. Whenever an exception occurs, the PC will either be at the address of the instruction which caused it, or at the address of the next instruction. KILL BREAKPOINTS (L) ==================== This will remove all currently-defined breakpoints. It works even when the Process is active. * ------------------------------------------------------------------------- * 13) Mouse Reference =================== This section describes the areas of the main program screen which will respond to LMB or RMB activity. Disassembly Window ------------------ 1) Address Digits LMB at left of window to define breakpoint. # 2) Address Digits RMB at left of window to remove breakpoint. 3) Program Symbol area LMB define program symbol for the address. 4) Program Symbol area RMB on a local moves window to its global. 5) Mnemonic LMB to access address functions. 6) Mnemonic RMB to move PC to instruction. 7) Number LMB in instruction operands to replace with symbol(s). 8) Program Address RMB in instruction operands to stack current address and move window to new address. * 9) Displacement RMB in instruction operands to stack current address and move window to EA, eg: 32(a6). * # Right ALT may also be pressed, which will move the memory window to the address instead of defining a breakpoint. * Left ALT may also be pressed to move the lower disassembly window; right ALT may be pressed to move the memory window (in which case, no address will be stored on the address stack). PC/SR/EA Window --------------- 1) PC Value Digits LMB to define new PC value. 2) SR Value Digits/Flags Text LMB to define new SR value. 3) SEA/DEA Text LMB to select register zoom lock. 4) SEA/DEA Value Digits RMB to display previous program symbol. Register Window --------------- 1) D0-D7/A0-A7 Value Digits LMB to define new register value. 2) D0-D7/A0-A7 Text LMB to select register-zoom lock. Memory Window ------------- 1) Address Digits LMB to define new memory display address. The following request windows also have responses to mouse buttons: Memory Dump ----------- 1) Memory content LMB to display byte/word/long value as denary. 2) Memory content RMB to define base offset address. Breakpoints Display ------------------- 1) Breakpoint information LMB to move (upper) disassembly window. Symbol Display -------------- 1) Symbol name LMB (twice) to move (upper) disassembly window. * ------------------------------------------------------------------------- * 14) Menu Reference ================== This section details any program functions which are accessible only via menus (no keyboard commands), and are not documented elsewhere. SCAN '.GS' FILE (Project Menu) ============================== This allows a '.gs' file as produced by GenAm to be scanned, and its constant symbols extracted. When doing this, if Disect finds a symbol name which is already used (either by a system or a user symbol), then the values of the two symbols are compared. If they both have the same value, then the symbol from the '.gs' file is ignored. If the values differ, then a request window will open, allowing you to either rename the symbol from the '.gs' file (type in the new name, and press 'Enter'), or to ignore the symbol from the '.gs' file (click on the 'Ignore' gadget). Note: it is best to scan a '.gs' file ONLY AFTER you have already loaded any required system symbols for your current project. This is because when SysSymbol data is loaded, no checks occur for existing symbol names. When you later save your '.DSCT' data, the symbols read from the '.gs' file will also be saved, so you only need to scan a '.gs' file once. BREAKPOINT AT ACTIVE PROCESS PC (Process Menu) ============================================== This allows Disect to regain control of an active Process. In terms of Exec task-switching, the Process will be either Wait()ing on signals or Ready (suspended only until its next quantum). If the Process is Waiting, then the breakpoint will be defined, but the Process will remain Waiting until it receives a valid signal (caused by, eg: LMB on it's window), at which point it will reach the breakpoint. If the Process is Ready, then the breakpoint can only be defined if the Process's PC is within project memory range (ie: not within ROM, or a system library, etc). DISPLAY BREAKPOINTS (Process Menu) ================================== This displays any defined breakpoints: the breakpoint address, and breakpoint type. Permanent breakpoints are denoted by '*' and conditional by '?'. Count and stop breakpoints have a number displayed with represents the remaining counter value (a stop breakpoint is a count breakpoint of value 1). Conditional breakpoints have their expressions displayed after the '?'. By LMB on a breakpoint text line, the (upper) disassembly window can be moved to the address of the breakpoint. * ------------------------------------------------------------------------- * 15) Process Variables Memory ============================ As of V1.7, if a Process exists, it is possible to define an area of memory as variables memory which is used by the Process. This memory may be either within the Process's memory (project memory range), or it may have been allocated by the Process. This is most useful when dissecting a program which references its variables using either of the addressing modes ARID (eg: '32(a4)'), or ARIDI (eg: '16(a5,d0.w)'), since it allows references to known variables to be automatically replaced with user-defined symbols, as will normally occur with direct address references to logged addresses. The 'Process' menu contains an item 'Variables Memory'. This will open a request window which contains: two string gadgets for input of variables memory start and size; a single string gadget for input of the address of a 'JSR _LVOAllocMem(a6)' instruction; and two more gadgets, 'Ax', and 'Previous'. The first two string gadgets allow the variables memory area to be specified directly, if this is known. If you enter a start address and a size which matches the address and size of any block of memory which is known to have been allocated by the Process, then the address of the 'JSR AllocMem' which allocated this memory will automatically be stored in the third string gadget. It is also possible to enter the address of a 'JSR AllocMem', from which Disect will be able to determine the address and size of the variables memory. The 'Previous' gadget will automatically define all three string gadgets according to the last memory allocation made by the Process. Note that this is only possible if a memory monitor was installed when the Process was created (see main preferences). The 'Ax' gadget allows you to select which address register is to be taken as a variables memory base pointer. The purpose of this is best illustrated by example. If you were dissecting a Process which had allocated a block of memory and stored its address in a4, or had done 'lea [1:0],a4', and you had the following: move.b #24,32(a4) If you LMB on the '32' and replace it with a user constant symbol which you named 'some_var': move.b #24,some_var(a4) If the DEA is within a known variables memory area, then the symbol 'some_var' is treated as a 'variable constant symbol'. What this means is that whenever the PC reaches any instruction which contains either an ARID or a ARIDI reference such as '32(a4)', then Disect will automatically replace the '32' with the known variable symbol 'some_var'. All of the information contained in the Variables Memory request window is saved as part of the DSCT data file, so that, for example, once the 'JSR AllocMem' which allocates the variables memory has been identified, Disect will automatically define the variables memory start and size when this instruction is executed the next time you load the original Process. * ------------------------------------------------------------------------- * 16) Grabbing An Existing Process ================================ The 'Project' menu item 'Grab Process' allows an existing memory- resident Process to be grabbed, and used as if the Process had been created by Disect in the normal way. A request window will open, which will list all current Processes which are waiting, either as a result of a call to Exec Wait(), or Exec WaitPort(). To grab a Process, simply LMB on its name to select it, then click on the 'Grab' gadget. At this point, if the Process is no longer Waiting, then Disect will not attempt to grab it. If the Process is still Waiting, Disect will effectively send it one of the signal(s) it is waiting for, and the Process will resume, under control of Disect. Lovely! Also in the 'Project' menu is another item 'Ungrab Process'. This will allow a grabbed Process to be resumed, no longer under the control of Disect. This feature should be used with caution. It is vital that some Processes remain functional at all times, ie: it is not safe to grab them since their activities must not be interrupted. The only way to discover if a Process can be safely grabbed (and ungrabbed) is to try it. Note that some Processes can be grabbed, and only when you attempt to ungrab them will problems occur. You have been warned... Another word of warning: a Process which has been grabbed may have its SegList memory (the memory in which the Process resides) freed automatically, as soon as the Process has replied to its WorkBench start-up message. As a result, it may be unsafe to single-step the last instructions of a Process, since the OS may free the Process's memory before the very last instruction has been executed by Disect. As an example: bsr close_down ; reply to WB message moveq.l #0,d0 ; set return code rts ; Process terminates here ! If you execute (key 'E') the bsr, the Process replies to its WB start-up message, which may cause the Process's memory to be freed. Disect will then have a PC at the moveq.l instruction, but any operation which uses memory (eg: opening a Disect window) may cause the content of the PC address to become corrupt. If this occurs, then you should select the 'Move PC To Return Code' item from the 'Process' menu. This will move the PC to an address which is guaranteed to contain the final two instructions in the example above. * ------------------------------------------------------------------------- * 17) Auto Trace Mode =================== Hopefully, this will at times prove to be a rather useful little feature. What it does is to automatically trace the instructions of your Process until some certain pre-specified condition is met. It is accessed via the 'Process' menu, which will open a request window. This contains a 'Resume' and a 'Quit' gadget: the first will enable auto trace mode, whilst the second will not. Note that once enabled, auto trace mode can be disabled be pressing the 'Esc' key. Whenever you save the main program preferences, then the current auto trace mode settings and expressions are also saved. The remaining content of the auto trace request window is roughly divided into two. On the left, you have six check gadgets and two string gadgets. These define the conditions which will cause auto trace mode to be disabled. The first two check gadgets are used to define whether or not auto trace mode is disabled whenever an instruction is reached which will attempt to perform a word or long read/write using an odd source/destination effective address. As with all the conditions which may disable auto trace mode, the Process will 'suspend' before the current instruction has been executed. The third check gadget is used to disable auto trace mode when- ever the instruction at the PC is RTS. This can be used to effectively resume the Process until the RTS of the current function/subroutine. Note that Disect will count how many JSR/BSR instructions are traced, in order to know how many RTS instructions must be ignored before the actual RTS which will disable auto trace mode is reached. The next check gadget, if checked, will cause auto trace mode to be disabled whenever the destination effective address of an instruction is not within 'permitted' memory. Disect considers the following to be permitted: 1) The memory in which the Process resides. 2) The memory in which the Process's Process STRUCTURE resides. 3) The Process's stack. 4) Memory used by the LIB structure of any resident library. 5) Any memory allocated by the Process. Any writes to memory allocated by the Process will only be detected as being permitted if a memory monitor was installed when the Process was created (not grabbed!). This option can be found in the Preferences request window. For word or long writes to memory, Disect will also check if the address of the last byte written is outside permitted memory. The final two check gadgets are used to enable/disable each expression entered into the two string gadgets. If enabled, before tracing an instruction, Disect will evaluate an expression, and will disable auto trace mode if the result is TRUE (non-zero). Note that this is the equivalent of placing a conditional breakpoint at every instruction of your Process (which would be otherwise impossible), including any external libraries or functions, including ROM (also not otherwise possible). If the expression contains either of the reserved symbol names 'SEA' and/or 'DEA', then if an instruction does not have a source/destination effective address, the expression will be ignored (for that instruction only). As a result, Disect will not allow a single expression to contain BOTH 'SEA' and 'DEA' (since this would result in the expression being ignored for instructions which have only a source OR a destination effective address). This is why there are two expressions permitted: one can contain 'SEA', and the other, 'DEA'. The are other conditions which will always cause auto trace mode to be disabled: if PC is 0 or odd; if the opcode at PC cannot be identified; if the destination effective address is hardware register INTENA; if the instruction at PC is privileged; or if a breakpoint is reached (if the breakpoint would normally cause an active Process to be suspended). In the right of the auto trace request window are seven check gadgets used to control various options. The first two tell Disect whether or not to trace ROM functions, and any external functions (not within the memory range of the Process, and not in ROM). Whenever a JSR/BSR instruction is reached, Disect uses the address of the subroutine to decide if it should be traced. If not, then the JSR/BSR instruction is executed, as occurs via pressing key 'E' normally, hence the subroutine will execute in real-time. Note that a JSR/BSR is treated as a call to a ROM function either if the subroutine address is in ROM, or if the instruction at this address is a JMP into ROM (eg: exec.library). If a function is not traced, then auto trace mode will resume after the function has returned. The third check gadget will enable/disable writes to the history buffer after each instruction has been traced. Whenever a JSR/BSR is executed (ie: not traced), then the history buffer will be written to after the JSR/ BSR has completed, the function having returned successfully. The final four check gadgets will enable/disable the refreshing of the four main program windows after each instruction has been traced. The second item in the Process menu is 'Resume Until RTS'. This will enable auto-trace mode, with all options disabled except 'Suspend At RTS'. This is useful for quickly getting to the end of the subroutine in which the PC is currently located. Note that the 'Odd SEA' and 'Odd DEA' options for auto trace mode will be as defined via the Auto Trace Mode request window (ie: they are not automatically disabled during Resume Until RTS). Also in the 'Process' menu is another item 'Breakpoint After External BSR/JSR'. If you're not interested in this then read no further... Right, the reason I did this one was as follows: when tracing ROM functions, more specifically exec.library Wait(), auto trace mode would be disabled at the following instruction: move.w #$4000,$dff09a ; disable interrupts Now, we cannot possibly expect to continue auto-trace mode (take my word for it...), so what this menu item will do is to place a stop breakpoint at the address after the last traced internal JSR/BSR to an external function. What this means is that somewhere within the memory range of our Process is the following: ~ ~ ~ ~ ~ ~ jsr _LVOWait(a6) ~ ~ ~ ~ ~ ~ Since this is the (internal) JSR which called an external function, Disect will define the breakpoint immediately after this instruction, and resume the Process. Once the Wait() has completed, the Process will be suspended after the JSR instruction. NOTE: before using this menu item, in this example it is necessary to move the PC to the instruction before the 'move.w #,$dff09a' (ie: you MUST NOT use it with the PC at this instruction). To move the PC to the previous instruction, you merely need to RMB on the mnemonic of the instruction in the disassembly window. Remember this! * ------------------------------------------------------------------------- * 18) Hardware Monitor ==================== This feature is essentially unfinished, although it is usable (with caution), so I decided to include it in the demo version of Disect (in the hope of some constructive feedback...?) If enabled, the hardware monitor allows an active Process to alter the values of certain hardware registers, without crashing the system when the Process is suspended. This also applies to a Process being active in the sense of only executing a single instruction. At present, the status of DMA flags, interrupt flags, and ADK flags are monitored, as well as all interrupt vectors, and all trap vectors. Support is not yet available for any Process which alters the VBR. In addition, the TRACE and ILLEGAL vectors must NOT be altered by the Process. Disect also allows two user-definable functions to be used, one to be called whenever the Process is resumed, and one to be called whenever the Process is suspended. Each is defined via its own request window, which contains a string gadget for input of the function address, and a check gadget which is used to enable/disable the function. A 'Load' gadget also allows an executable file to be loaded to be used as a function. Also in the request window are 16 check gadgets which define which registers must be preserved during the function, and 16 string gadgets which allow register values to be passed to the function. If a register is preserved, then it will be the same after the function as it was before the function was called; any registers which are not preserved will contain the return values from the function. Any enabled function will be executed in Supervisor mode. The function must remain in Supervisor mode, and must end with an 'RTS'. * ------------------------------------------------------------------------- * 19) 68020 Modes/Instructions ============================ The following notes concern 68020-specific addressing modes, and instructions: 1. In a 68020 effective address, only the base displacement can be replaced by a symbol; the outer displacement cannot. For PC-relative modes, the value displayed for the base displacement will be the result of adding it to the PC value for the instruction. This address will be automatically replaced by a matching program symbol (if the current preferences permit this). For modes where the base register is an address register, if the base displacement is a long, then an automatic program symbol match is checked for in the same way. 2. The offset and width values for bit field instructions can be replaced by symbols, although only a single user constant symbol is permitted. When using the symbol selection window to replace a bit field offset/width value, the symbol search type is pre-defined, and cannot be altered. Since these values can be replaced by only one symbol each, the facility to enter an existing symbol name (to be used as an offset) will be disabled. If you replace a bit field value, the address of the BF instruction is not logged in the usual way. This has no other implications, except it may save you a little memory. 3. When a Process exists, during calculation of a 68020 effective address, if any memory indirection attempts to read a non-existant address, then the effective address will be considered invalid, and will not be displayed. Also, if you're using a pre-68020 processor, any disassembly of 68020 modes which attempts to perform a memory indirection at an odd address will render the EA invalid, hence it will not be displayed. 4. The following 68020 instructions are not implemented: CAS, CAS2, CALLM, RTM, PACK, UNPK. * ------------------------------------------------------------------------- * 20) Installing To Hard Drive ============================ Ok, on the disk, the file 'DisectV1.7' is in fact a script. This contains an ASSIGN: ASSIGN DISECT: DisectV1.7: The last name of this may be changed to reflect the partition name where you wish to put Disect. Other than this, NOTHING else should be altered. Simply copy the FOUR directories and FOUR files from the (floppy) disk to (where-ever!). Important: DO NOT give the executable ('Disect.exe') an icon in order to double-click on it to launch the program: ALWAYS double- click on the script file ('DisectV1.7') * ------------------------------------------------------------------------- * 21) Contact Address =================== If you have any problems or suggestions concerning Disect, (or if you want the full version), here's the address: Dave Alderson 86, Powell Ave Marton Blackpool Lancashire England FY4 3HH Last, but certainly by no means least, many, many, many thanks to Bill Westhead for helping spread the (e-mail) word, and also to the following people for helping to test out the early versions: Marc Kelly Mark Manning * ------------------------------------------------------------------------- *