CHAPTER 1 Introduction 1.1 Product Description 1.2 Using This Manual 1.3 System Requirements 1 1.1 Product Description Soft-ICE is a software debugging tool that provides hardware-level debugging capabilities to PCDOS and MSDOS debuggers. Soft-ICE uses 80386 protected mode to run DOS in a virtual machine. This gives Soft-ICE complete control of the DOS environment. Soft-ICE uses 80386 protected mode features, such as paging, I/O privilege level, and break point registers, to add hardware-level break points your existing DOS debugger. Soft-ICE was designed with three goals in mind: 1. To utilize the 80386 virtual machine capability to debugging features that are impossible or prohibitively slow with software-only debuggers (e.g., real time hardware-level break points, memory protection, breaking out of hung programs, etc.). 2. To work with existing debuggers. We wanted to provide a tool that worked with existing tools. We designed Soft-ICE in such a way that you don't have to learn a new debugger to get powerful hardware debugging capabilities. 3. To be a user-friendly program with a window that pops up instantly and does not get in the way. All of the Soft-ICE commands were designed to fit in a small window so that information on the screen behind Soft-ICE could still be viewed. Dynamic on-line help assists users who only use Soft-ICE occasionally. The Soft-ICE program features: * real time break points on memory reads/writes, port reads/writes, memory ranges, and interrupts 2 * back trace history ranges * symbolic and source level debugging * an environment that works with existing debuggers * full EMM 4.0 support * backfilling to raise base memory past 640K for monochrome systems * a window that can pop up at any time * the ability to break out by keystroke even if interrupts are disabled * debugger code that is isolated by 80386 protected mode. This prevents an errant program from modifying or destroying Soft-ICE; even if DOS clobbered, Soft-ICE will still work * the ability to configure Soft-ICE to use no memory in the lower 640K if the system has more than 640K * user-friendly dynamic help * the ability to be used as a stand-alone debugger. This ability is useful if you are debugging loadable device drivers, interrupt handlers, or boot sequences where traditional debuggers can't go, if your debugger suffers from re-entrancy problems * a soft boot capability that allows debugging with non-DOS operating systems or self-booting programs * a simple installation, with no DIP switches to set no I/O ports taken up, and no memory address space conflicts 3 NOTE: Soft-ICE will work with real address mode programs only. It will not work with programs that use 80286 or 80386 protected mode instructions. 1.2 Using This Manual The Soft-ICE manual is divided into four main sections: Learning Soft-ICE (Section I) Commands (Section II) Support Features (Section lII) Advanced Topics (Section IV) Soft-ICE can be used for most debugging problems after reading Section I, "Learning Soft-ICE", and a little experimentation. Soft-ICE's user- friendly on-line help can be used to reference command descriptions and syntax. The "Learning Soft-ICE" section contains installation instructions, a description of the user interface, and a tutorial. The tutorial is designed to get you up and running quickly. The "Commands" section describes all of the Soft-ICE commands. The command descriptions are organized by functional group with an alphabetic index for reference. The "Support Features" section covers advanced loading options, symbolic and source level debugging, and EMM 4.0 capability. The "Advanced Topics" section covers topics such as using Soft-ICE with DOS loadable drivers and using Soft-ICE with non-DOS operating systems. Throughout the manual, especially in the tutorial and the command section, examples are given that require you to give data to Soft-ICE. When the directions specify that you 4 "press" a key, such as the key, you should press the key labelled . When the directions tell you to "enter" a phrase, such as WIN, you should type in the specified letters, then press the ENTER key. 1.3 System Requirements Soft-ICE works with the IBM Series II Model 70 and 80, Compaq 80386 and 80386SX computers, AT compatible and 80386 co-processor cards. Soft-ICE will only work with 80386 XT co-processors if they are AT compatible. Soft-ICE works best with extended memory, but works fine with conventional memory systems. Soft-ICE does not use DOS or ROM BIOS for its video output and keystroke input. Therefore the video must be compatible with one of the following: MDA, Hercules, CGA, EGA, or VGA. Soft-ICE also has support for a two- monitor configuration, which can be very helpful when debugging video- intensive programs. 5 SECTION I - - Learning Soft-ICE CHAPTER 2 Getting Started 2.1 The Diskettes 2.2 Loading Soft-ICE 2.2.1 Loading Without Extended Memory 2.2.2 Loading With Extended Memory 2.2.3 Configuring Soft-ICE for a Customized Installation 2.3 Unloading Soft-ICE 2.4 Reloading Soft-ICE 7 2.1 The Diskettes Soft-ICE comes on either a 5 1/4" diskette or a 3 1/2" diskette. When you run Soft-ICE, the name of the person that your copy of Soft-ICE is licensed to is displayed on the screen as a deterrent to software pirates. The Soft-ICE diskette is not physically copy-protected for your convenience. For our convenience, we appreciate your high regard for our licensing agreement. It is important to make a duplicate copy to be used only for backup in case the original diskette is damaged. A directory of a Soft-ICE diskette will show the following files: S-ICE.EXE S-ICE.DAT LDR.EXE MSYM.EXE EMMSETUP.EXE UPTIME.EXE README.SI SAMPLE.EXE SAMPLE.ASM SAMPLE.SYM S-ICE.EXE is the Soft-ICE program. S-ICE.DAT is the Soft-ICE initialization file. LDR.EXE is the Soft-ICE program and symbol file loader. MSYM.EXE is the Soft-ICE symbol file creation program. EMMSETUP.EXE is a program that allows you to customize the way your system will use expanded memory. UPTIME.EXE sets the time to that of the real time clock. 8 README.SI is a text file containing information about Soft-ICE that did not make it into this manual. SAMPLE.EXE is a short demonstration program that is used with the tutorial. SAMPLE.ASM is the assembly language source file for the demonstration program. SAMPLE.SYM is the symbol file for the demonstration program. 2.2 Loading Soft-ICE Before running Soft-ICE, copy all of the files on the distribution diskette to your hard disk. These files should be placed in a directory that is accessible through your alternate path list. S-ICE.EXE can be loaded as a device driver in CONFIG.SYS or can be run as a program from the command line. To use many of Soft-ICE's features, S- ICE.EXE must be loaded as a device driver in CONFIG.SYS. Note : If you do not have extended memory, Soft-ICE can NOT loaded as a device driver. Instead, it must be run from the DOS prompt. 2.2.1 Loading Without Extended Memory When no extended memory is present, Soft-ICE loads it at the highest memory location possible. The memory used by Soft-ICE is then 'mapped out', making it invisible to DOS programs. Since the total memory visible to DOS its programs is less after Soft-ICE loads, it is recommended 9 that you load Soft-ICE before any TSR's or control programs. If you do not have extended memory, simply enter: S-ICE 2.2.2 Loading With Extended Memory Loading Soft-ICE with extended memory can be done in one of two ways: 1. Install S-ICE,EXE as a driver in CONFIG,SYS, This method is necessary if you will be using one the following capabilities: * Sharing memory with programs that use extended memory by using ROM BIOS calls (VDISK,SYS, RAMDRIVE.SYS, HIMEM.SYS, cache programs, etc.). * Using Soft-ICE's EMM 4,0 capability, * Using Soft-ICE for symbolic or source level debugging. * Using back trace ranges. * Using Soft-ICE with other Nu-Mega products such as MagicCV, When loaded as a driver, Soft-ICE allocates a portion of extended memory for itself and its associated components so there can be no memory conflicts. S-ICE.EXE must be loaded in CONFIG.SYS before any other driver that allocates extended memory is loaded (e.g., VDISK.SYS, RAMDRIVE.SYS). Generally Soft-ICE works best if it is the first loadable device driver installed in CONFIG.SYS. 10 For users that are new to Soft-ICE it is advisable to load Soft-ICE as the first driver in CONFIG.SYS with the following statement: device = drive: \path\S-ICE.EXE /SYM 50 Drive and path specify the directory where S-ICE.EXE is located. This statement will load Soft-ICE at system initialization and will be adequate for the tutorial. However, Soft-ICE will not be installed for some of its more powerful features such as EMM 4.0. You can reconfigure Soft-ICE with those features enabled after you have experimented a bit. If you already have experience with Soft-ICE or would like to set up Soft-ICE with those features immediately, please read chapter 6 (Soft-ICE Initialization Options). Caution: When installing any new device driver for the first time on your system, it is advisable to have a boot diskette available This precautionary measure is for the unlikely event that The default setup of the device driver is not compatible with your system. If you are not sure how to edit your CONFIG.SYS file, refer to your system user's guide or your text editor user's guide for instructions. After you have modified your CONFIG.SYS file, you must reboot your system to have the changes take effect. 2. Run Soft-ICE from the DOS Prompt by typing S-ICE. Before actually loading, Soft-ICE will display a loading message and prompt. To prevent this prompt, place the word EXTENDED in the S-ICE.DAT file. See section 6.4 for more information on the S-ICE.DAT file. Using this 11 method, S-ICE.EXE is automatically loaded into the top of extended memory, whether or not anything else is already there. If you know you will not have any other programs using extended memory, this method is acceptable. When loaded with this method, Soft-ICE occupies ZERO bytes of conventional memory. The command you use is: S-ICE Notes: You can NOT enable all of Soft-ICE's features when Loading from the command line. If you will be using Soft-ICE as a stand-alone debugger, it is recommended to Load Soft-ICE from CONFIG.SYS. If you want to load Soft-ICE as a device driver, but don't want Soft-ICE to be resident all of the time, you should use the /UN loading switch. Refer to section 6.3.1 for more information. 2.2.3 Configuring Soft-ICE for a Customized Installation You can customize Soft-ICE with Soft-ICE loading switches in CONFIG.SYS and with the Soft-ICE initialization file S-ICE.DAT. The CONFIG.SYS loading switches allow you to customize how the extended memory will be reserved by Soft-ICE. The initialization file S-ICE.DAT allows you to specify configuration options, assign commands to function keys, and define an auto-start string. An auto-start string is used to execute a series of commands that you use every time you install Soft-ICE. for more information about customizing Soft-ICE, refer to chapter 6. 12 2.3 Unloading Soft-ICE Occasionally you may need to unload Soft-ICE. A typical reason for unloading Soft-ICE is to run a program that uses 80286 or 80386 protected mode instructions. To unload Soft-ICE, enter: S-ICE /U This command places the machine back in real address mode. If Soft-ICE was initially loaded from CONFIG.SYS When the memory is still reserved for Soft-ICE and can not be used by other software. If Soft-ICE was initially loaded from the command line, unloading frees up the memory consumed by S- ICE.EXE. Caution: If you have any backfilled memory in your system, or if expanded memory is currently being used, unloading Soft-ICE could crash your system. 2.4 Reloading Soft-ICE Soft-ICE can be re-loaded at any time even if it had initially been loaded in CONFIG.SYS. If Soft-ICE had initially been loaded in CONFIG.SYS then the original configuration options (EMM 4.0, symbols and source...) are still in effect. To reload Soft-ICE, enter: S-ICE 13 CHAPTER 3 Debugging In 30 Minutes 3.1 Introduction 3.2 Popping Up the Window 3.3 Returning From the Window 3.4 Changing the Window Size 3.5 Moving the Window 3.6 Line Editing Keystrokes 3.7 Interactive Status Line 3.8 Command Syntax 3.8.1 Specifying Memory Addresses 3.9 Function Keys 3.10 Help 3.11 Tutorial 15 3.1 Introduction All interaction with Soft-ICE takes place through a window that can be popped up at any time. All Soft-ICE commands fit in a small window, but the window can be enlarged to full screen. You will typically use the small window when using Soft-ICE as an assistant to another debugger, and the large window when using Soft-ICE in stand-alone mode. The window initially comes up in full screen mode if you are using the Soft-ICE configuration file (S-ICE DAT) that was included on the distribution diskette. 3.2 Popping Up the Window You can bring up the window at any time after installing Soft-ICE. You initially bring up Soft-ICE by pressing the CTRL and D keys. However, this sequence can be changed by using the ALTKEY command (see section 5.8). 3.3 Returning From the Window Return to the original display by using the X command or the key sequence that you used to invoke Soft-ICE. Any break points that you set while working in Soft-ICE will be armed at this point. 3.4 Changing the Window Size You can modify both the width and the height of the Soft-ICE window. Changing the window size is particularly useful in stand-alone mode when you are displaying code memory. 16 The window height can vary from 8 to 25 lines tall. To change the window height, use the following key sequences: ALT  -- makes the window taller ALT  -- makes the window shorter To change the window width, use the WIN command (see section 5.9). Entering WIN with no parameters toggles between the following two modes: WIDE mode -- full screen width NARROW mode -- 46 characters wide Some commands (i.e., D, E, R, U) take advantage of the extra width by displaying more information when the window is in wide mode. 3.5 Moving the Window The Soft-ICE window is movable and can be positioned anywhere on the screen. This is particularly useful when the window is in narrow mode. Move the window anytime you need to view information on the screen behind the window. The following key sequences move the window: CTRL  -- moves the window one row up CTRL  -- moves the window one row down CTRL -- moves the window one column right CTRL  -- moves the window one column left 3.6 Line Editing Keystrokes Soft-ICE's easy-to-use line editor allows you to recall and edit previous commands. The line editor functions are similar to those of the popular CED line editor. The 17 following key sequences help you edit commands in the command window: -- moves the cursor to the right  -- moves the cursor to the left INS -- toggles insert mode DEL -- deletes the current character HOME -- moves the cursor to start of the line END -- moves the cursor to the end of the line  -- displays the previous command  -- displays the next command SHIFT -- scroll one line up in display SHIFT -- scroll one line down in display PAGE UP -- scroll one page up in display PAGE DN -- scroll one page down in display BKSP -- deletes the previous character ESC -- cancels the current command There are special key assignments when the cursor is in the data window or the code window. These are described in the sections for the E and EC command respectively. One special assignment of note is the SHIFT  and Shift  keys while the cursor is in the code window. These keys are re- assigned so they have the functions that  and  normally have. This way you can recall previous commands while the cursor is in the code window. 3.7 Interactive Status Line A status line at the bottom of the window provides interactive help with command syntax. 18 3.8 Command Syntax Soft-ICE is a command-driven debugging tool. To interact with Soft-ICE, you enter commands, which can optionally be modified by parameters. All commands are text strings that are one to six characters in length and are case insensitive. AlI parameters are either ASCII strings or expressions. Expressions are typically numbers, but can also be combinations of numbers and operators (e.g., + - /*). All numbers are displayed in hexadecimal format. Byte parameters are 2 digits long, word parameters are 4, and double word parameters are 2 word parameters separated by a colon (:). Here are some examples of parameters: 12 -- byte parameter 10FF -- word parameter E000:0100 -- double word parameter Registers can be used in place of bytes or words in an expression. For example, the command 'U CS:IP-10' will start unassembling instructions ten bytes before the current instruction pointer address. The following register name may be used in an expression: AL, AH, AX, BL, BH, BX, CL, CH, CX, DL, DH, DX, DI, SI, BP, SP, IP, CS, DS, ES, SS, or FL 3.8.1 Specifying Memory Addresses Many Soft-ICE commands require memory addresses as parameters. A memory address is a value that is made of two 16-bit words, separated by a colon. The first word is the segment address, and the second word is the segment offset. 19 Public symbols can be used in place of an address in any Soft-ICE command. The public symbols must have been loaded with the Soft-ICE program loader (LDR.EXE). See chapter 7 (Symbols and Source) for a complete description of using public symbols. The Soft-ICE expression evaluator recognizes several special characters in conjunction with addresses. These special characters are: $ -- Current CS:IP. @address -- Double Word Indirection .number -- Source Line Number The $ character can be used in place of CS:IP when typing the address of the current instruction pointer. The @ character allows you to refer to the double word pointed to by the address. You can have multiple levels of @'s. If the . character precedes an address, the address will be interpreted as a source line number in the current file, rather than an actual address. This is only valid when source files are loaded. The address is interpreted as a decimal number in this case. Examples: U.1234 This command starts unassembling instructions at source line 1234 decimal. U $-10 This command unassembles instructions starting 10 bytes prior to the current instruction pointer. 20 G @SS:SP Assume you are at the first instruction of an interrupt routine. Entering this command will set a temporary break point at the return address on the stack and skip the interrupt routine. 3.9 Function Keys Function keys can be assigned to any command string that can be typed into Soft-ICE. Function keys can be assigned from the command line or pre- initialized through the Soft-ICE definition file S-ICE.DAT. The default S-ICE.DAT that comes on the Soft-ICE distribution diskette has definitions for all 12 function keys. You can change any of these definitions at any time. They are intended as examples, but they are designed to make easy for users of Microsoft's CodeView, Thee default assignments are: F1 -- Displays general help (H;) F2 -- Toggles the register window ( ^WR;) F3 -- Changes current source mode ( ^SRC;) F4 -- Restores screen ( ^RS;) F5 -- Returns to your program ( ^X;) F6 -- Toggles cursor between command window code window ( ^EC;) F7 -- Goes to current cursor line ( ^HERE;) F8 -- Single steps ( ^T;) F9 -- Sets break point at current cursor line ( ^BPX;) 21 F10 -- Program steps ( ^P;) F11 -- Go to return address (large model) ( ^G@SS:SP;) F12 -- Displays Soft-ICE version number ( ^VER;) A caret ( ^ ) preceding a command makes it invisible, a semi-colon (;) following a command represents a carriage return. You can display the current function key assignments by entering the command: FKEY To use a function key simply press the function key instead of entering the command. To program function keys see section 5.8 for a description of the FKEY command, or chapter 6 for a description of pre-initializing function keys in S-ICE.DAT. 3.10 Help The help command displays a short description, a syntax expression, and an example of each command. To display help information, enter: ? or H -- displays short descriptions of all commands and operators ? command or H command -- displays more detailed information on the specified command, syntax, and an example ? expression or H expression -- displays the value of the expression in hexadecimal, decimal and ASCII 22 3.11 Tutorial The following tutorial demonstrates a few of the features Soft-ICE and gives you the opportunity to try using Soft-ICE. Soft-ICE can be used in conjunction with another debugger or as a stand-alone debugger. The tutorial demonstrates using Soft-ICE as an assistant to the DOS debugger, DEBUG, and then shows how Soft-ICE can be used as a stand-alone debugger with source and symbols loaded. DEBUG can be found on the PCDOS or MSDOS system diskette. If you do not have DEBUG, you can use another debugger in its place, or Soft-ICE can be used as a stand-alone debugger. Users who need to use Soft-ICE for a reverse engineering project, or for debugging DOS loadable device drivers or Terminate and Stay Resident programs should go through this tutorial too. Even though examples of these types of programs are not demonstrated directly, you will get an overview of debugging with Soft-ICE. It is recommended that you experiment with Soft-ICE and your particular environment before beginning a real project. A short assembly language program with a subtle flaw is used to demonstrate hardware-style break points. The sample program has been kept intentionally short and to-the-point for those not very familiar with assembly language. The tutorial is designed to give you a peek at Soft-ICE features. Feel free to experiment on your own after going through the tutorial. Since Soft-ICE is very flexible, it allows you to load in the way that is best for your system. Go through the installation procedures in section 2.2 before continuing with the tutorial. If you do not have extended memory on your system, you must load Soft-ICE from the command line. When loading Soft-ICE from the command line you can not load symbols or source files. In this case you must improvise in the last 23 section of the tutorial where Soft-ICE is used as a stand-alone debugger. Soft-ICE can be loaded from the DOS prompt or loaded as a device driver in CONFIG.SYS. For the purpose of this tutorial you should install Soft-ICE in CONFIG.SYS with at least 50K of extended memory reserved for symbols and source files. Soft-ICE should be the first device driver installed in CONFIG.SYS. The device installation line should look like: DEVICE = drive: path\S -ICE.EXE /SYM 50 The /SYM 50 parameter instructs Soft-ICE to reserve 50 kilobytes of extended memory for symbols and source file This is not enough to solve most real world problems, but will work for our sample program. You must re-boot your system after placing this line in CONFIG.SYS. When you re-boot your system Soft-ICE displays a copyright notice, a registration number, the name of the person who owns this copy of Soft- ICE, and the amount a extended memory reserved for each Soft-ICE component. On a system with 384K of extended memory the initial screen looks like: Soft-ICE Your Name Your Company Name Registration # SInnnnnn Copr. (C) Nu-Mega Technologies 1987-1989 All Rights Reserved Soft-ICE Version 2.00 Soft-ICE is loaded from 00132000H up to 00160000H. 50K of symbol space reserved. 10K of back trace space reserved. 200 K of extended memory available. 24 The "Soft-ICE is loaded ..." message tells you the exact area of memory that Soft-ICE and its components are occupying. If you are on a Compaq or Compaq clone and have included the word COMPAQ in your S-ICE.DAT file you would also see a message saying "Using high memory from XXXXXXXX to 00FE0000H". The next line tells you how much symbol space has been reserved. This space is used for both symbols and source files. The next line tells you how much memory has been reserved for back trace history. This amount defaults to 10K. This memory area is used by the SNAP command and the BPR command with the T or TW options. The last line tells you how much memory is left for regular extended memory. This memory can be used by other programs, such as HIMEM, SMARTDRIVE, VDISK, etc. Change directories to the hard drive directory where you loaded all the files from your distribution diskette. Remember, this directory must be accessible from your alternate path list. Before we get into heavy debugging, let's bring the Soft-ICE window up and give it a test drive. Clear the screen by entering: CLS Bring up the Soft-ICE window by pressing: CTRL D The Soft-ICE window is now on the screen. If you have file S-ICE.DAT accessible from your path then the Soft-ICE window will occupy the entire screen. It will be divided into four sections. From top to bottom, these sections are the register window, the data window, the code 25 window, and the command window. If S-ICE.DAT was not found then you will have a small window in the center of the screen. This also means that other components needed for the tutorial have not been loaded. If the small window is visible you should: 1. Exit from Soft-ICE by entering X. 2. Unload Soft-ICE by entering S-ICE /U. 3. Copy the file S-ICE.DAT from the distribution diskette to a directory accessible from your current path. 4. Restart the demo. We will now switch to the small window. The small window is very convenient for using Soft-ICE as an assistant to another debugger. Enter: WIN This will make a small command window in the center of the screen. Several Soft-ICE commands are visible on this screen. These are remnants of the initialization string in S-ICE.DAT that originally set up Soft-ICE in the full screen mode. You will notice a prompt symbol (:) and a status line at the bottom of the window. The Soft-ICE window can be moved around on the screen, and the window size can be adjusted. Move the window around the screen by pressing: CTRL  -- moves the window up one row CTRL  -- moves the window down one row CTRL -- moves the window one column left CTRL  -- moves the window one column right 26 Change the window size so that it fills the whole screen by entering: WIN You will notice that the original screen is back. Change back to the small window by entering WIN again. Make the window taller or shorter by pressing: ALT  -- makes the window taller ALT  -- makes the window shorter Now try what comes naturally when you're in front of a new program and you don't have the foggiest notion of what to do next -- ask for help. Get a help display by entering: ? Notice how the display stops and waits for a keystroke before scrolling any information off the screen. Look at the status line at the bottom of the window. The status line displays the instructions: "Any Key To Continue, ESC to Cancel ". Now press any key to continue displaying more the help information. Continue pressing the key until the prompt (: ) reappears. Scroll back through the help information by pressing SHIFT Previously displayed information in the command window can be scrolled with the shift up, shift down, page up and page down keys. Try a variety of these keys to scroll through the help information. 27 The Soft-ICE help facility gives you an overview of each command. If you enter a question mark (?) followed by a command name, you see a display showing the command syntax, a short description of the command, and an example. Try experimenting with help by entering commands in this format: ? command For example, ? ALTKEY Pay attention to the status line prompts on the bottom line of the screen if you get confused. The help command also allows you to evaluate hexadecimal expressions. For example, enter: ? 10*2+42 The resulting display shows you the value of the expression, first in hexadecimal, then decimal, then in ASCII representation: 0062 00098 "b" We brought up the window with the CTRL D key sequence. That's all right for some, but you may prefer to use another key sequence. We are now going to enter a command to change the key sequence required to bring up the window. We'll do this one step at a time, so you can get used to the status line at the bottom of the window. 28 Type the letter 'A'. The status line displays a list of all the commands starting with the letter 'A'. Finish typing the word 'ALTKEY'. The status line now displays a short description of the /ALTKEY command Press the space bar. The status line now shows the required syntax for the /ALTKEY command. Type the letters 'ALT D' then press ENTER to enter the entire command: ALTKEY ALTD You just changed the window pop up key sequence to ALT D. From now on, you must press the ALT D key sequence to pop up the window. This is assumed throughout the remainder of the tutorial. Now let's test the previous command. To exit from the window, press: ALT D The Soft-ICE window just disappeared. To return to the Soft-ICE window, release the ALT key, then press: ALT D The window returned. To see some previous commands, press: the key a few times. 29 Notice that Soft-ICE remembers commands that have been entered. Try editing one just for fun. Some of the editing keys are: INS -- Toggles insert mode on or off DEL -- Deletes one character HOME -- Moves the cursor to start of line END -- Moves the cursor to end of line -- Moves the cursor one column to the right -- Moves the cursor one column to the left When insert mode is on, notice that the cursor is in a block shape. Now that you are somewhat familiar with the environment let's try some more commands. Erase the command you were editing by pressing the HOME key, then pressing the DEL key until the command is gone. Enter: WR The WR command makes the register window visible. The register window displays the contents of the 8086 registers. Notice that the register values reflect the location where the code was executing when you invoked Soft-ICE. The WR command is assigned to the function key F2 in the Soft-ICE initialization file S-ICE.DAT. Press the F2 key several times and you will see the register window toggle on and off. Leave the register window visible. 30 Extend the vertical size of the Soft-ICE window by holding down the ALT and the until the window is the entire length of the screen. Notice the values of the CS and IP registers in the register window, then enter: MAP The MAP command displays a system memory map. The area of the current instruction pointer (CS:IP) is highlighted. If you have a complex memory map you may have to press a key a few times until the until the prompt reappears. Now try the following sequence a few times, noticing the (CS:IP) registers in the register window. ALT D Release ALT and D ALT D Each time you bring the Soft-ICE window back up you will notice that the CS and IP registers have changed. When CS and IP change you can enter the MAP command again to see if the instruction pointer now points to a different area. This little exercise demonstrates that Soft-ICE is a system level debugger that pops up wherever the instruction pointer happens to be when you press the Soft-ICE hot key sequence. The instruction pointer is continuously changing because there is a lot of activity happening behind the scenes even when you are at the DOS prompt, such as timer interrupts, DOS device driver polling, DOS busy waiting other interrupts, etc. 31 Press the F12 function key. The F12 function key defaults to be assigned to the Soft-ICE VER command. It displays the Soft-ICE copyright message and the version number. We will now assign the F12 function key to the Soft-ICE RS command. Enter: RS This will temporarily show the program screen without the Soft-ICE window. Press the space bar to get back to get back the Soft-ICE window. Enter: FKEY F12 RS; This assigns the RS command to the F12 key. The semi-colon represents the ENTER key. Press the F12 key. Repeat this a few times to toggle between the Soft-ICE window and the program screen. Now make sure the Soft-ICE window is displayed, by pressing the F12 key if necessary. You will notice RS displayed several times in the window. There is one occurrence for each time you pressed the F12 key to show the program screen. Clear the Soft-ICE window by entering: CLS 32 Enter: FKEY F12 ^RS; The ^ symbol is a shifted 6. This assigns the RS command to the F12 key, but makes it an invisible command. Press the F12 key several times. Notice that the RS command no longer displays in the Soft-ICE window. You can also assign a sequence of Soft-ICE commands to a function key. Remember to place a carriage return between each command. Now let's prepare to use Soft-ICE as an assistant to the MSDOS DEBUG utility. Get rid of the register window by pressing the F2. then shrink the window size down to about 6 lines by Using ALT . Enter: ACTION INT3 This command tells Soft-ICE to generate interrupt 3's when break point conditions are met. That's how Soft-ICE will communicate with DEBUG. The default setting is HERE. ACTION HERE will cause control to return directly to Soft-ICE. Use ACTION HERE when using Soft-ICE as a stand-alone debugger. For those of you not using DEBUG with this tutorial you might have to improvise now. CODEVIEW works with ACTION set to NMI. Most other debuggers will work with ACTION set to INT3. If your debugger doesn't, and you need help improvising, refer to the complete description ACTION (see section 5.4). 33 To make the Soft-ICE window disappear again, enter: X This is an alternative method to exit from Soft-ICE. This especially useful in function key definitions. Now that you are familiar with some of the basics of using Soft-ICE, let's learn some details by debugging the sample program (SAMPLE.ASM). SAMPLE.ASM is a simple program written in assembly language by a programmer named Jed. The program reads a keystroke from DOS and displays a message telling whether the keystroke was a space. To run the program SAMPLE, enter: SAMPLE Now press the space bar. Press several keys. Jed's program obviously has a problem! Jed has spent hours studying this source code and is certain there are no flaws in his logic. However, Jed borrowed some 'helper' routines from his friend Jake (get_key, is_space?). Jed is somewhat suspect these routines but he cannot find the bug. 34 The source code for Jed's program looks like this: Page 55,80 Title Sample program for Soft-ICE tutorial DATA Segment Public 'Data' pad db 12H dup(O) char db 0 answer db 0 space_msg db 'The Character is a SPACE',0DH,0AH,'$' no_space_msg db 'The Character is NOT a' db 'SPACE',0DH,0AH,'$' DATA Ends STACK Segment Stack 'Stack' Dw 128 Dup (?) ;Program stack STACK Ends CODE Segment Public 'Code' Assume CS:CODE,DS:DATA,ES:Nothing,SS:STACK start: ; Set up segments mov ax,DATA mov es,ax mov ds,ax ; Main Program Loop main,loop: call get_key call is_space? cmp answer,0 je no,space ; It's a space, so display the space message 35 mov ah,9 mov dx,offset space_msg int 21H jmp main_loop ; It's NOT a space, so display the no space message no_space: mov ah,9 mov dx,offset no_space_msg int 21H jmp main_loop ;----------------------------------------------------------; ; JAKE'S ROUTINES ;----------------------------------------------------------; ; Get Key Routine (one of Jake's routines) get_key proc mov ah,8 int 21H mov char,al ret get_key endp ; Check if character is a space (one of Jake's routines) is_space? proc cmp char,20H jne not_space mov answer, 1 ret not_space: mov cs:answer,0 ret is_space? endp CODE Ends Endstart 36 Jed has been using DEBUG but has not been able to pinpoint the problem. As a recommendation from his nephew Jethro, Jed has purchased Soft-ICE. He was somewhat reluctant to use it because he had tried a hardware-assisted debugger but could never get it working quite right. He was willing to try Soft-ICE because he could continue to use DEBUG -- the only debugger he really understood. Press CTRL C to break out of the program. Enter the following commands: DEBUG drive:\pathname\SAMPLE. EXE U R In the hours Jed has spent trying to find this elusive bug, he has had the suspicion that something is overwriting his code in some subtle way. With Soft-ICE, Jed decides to set a range break point across his code segment. Press: ALT D The Soft-ICE window is back. Move the window (by using CTRL and the arrow keys) until DEBUG's register display is visible. It's time to set our first break point. Enter: BPR code-seg:0 code-seg:25 W Code-seg is the value in the CS register as displayed by the DEBUG R command. The BPR command sets a memory-range break point. The length of Jed's code segment is 25H bytes, so the memory range specified goes from the beginning of his code segment to the end. The W tells Soft-ICE to break on a write. We want to catch any unexpected writes to Jed's code. 37 Enter: BL The BL command displays all break points. The display from BL looks similar to the following display: 0) BPR code-seg:0000 code-seg:0025 W C = 01 The 0 is the identifier for this break point. The range and W are displayed as they were entered, and the count (since none was specified) defaults to one. Now comes the moment of truth. Press ALT D. The window disappears again. To run SAMPLE from DEBUG, enter: G Press the space bar. Ok so far. Now press a non-space key. Our break point just woke up DEBUG. The registers and single unassembled instruction are displayed. Enter: U cs:address Address is the value of the IP register minus 10 hexadecimal. Since DEBUG is rather primitive, the value of the IP register minus 10 hexadecimal must be calculated by hand. The instruction pointer is pointing one instruction past the instruction that caused the break point. By going back ten hexadecimal instructions, DEBUG should sync up. 38 The instruction at offset 3BH is: CS: MOV BYTE PTR [13],0 Jed says,"There it is! I just knew Jake's helper routines were the problem! His code segment override instruction is writing a zero byte right over my code! Who knows what that's doing!" Enter: U 0 Location 13H happens to be the offset of a conditional jump instruction. The relative offset of the conditional jump is being set to zero. If you are an 8086 guru, you obviously know that the JE will ALWAYS fall through if the relative offset is zero. What a subtle BUG! Now we will take a quick look at how this problem would be solved using Soft-ICE as a stand-alone debugger. But first we must exit from debug. Before exiting the debugger, it's always a good idea to disable all the break points, unless ACTION is set to HERE. If you do not do this, when a break point occurs and ACTION tries to return to a debugger that is not loaded, the results are unpredictable. We've changed the ACTION to INT3, so we have to disable the break point. To bring up the window, press: ALT D List the break point by entering: BL 39 Notice that the break point description line is highlighted. The highlighted break point is the last break point that occurred. Notice that the break point number is 0. To disable break point zero, enter: BD 0 List the break point again by entering: BL The asterisk (*) after the break point number shows that the break point is disabled. To clear the break point, enter: BC 0 Enter BL again. Notice that there are no break point lines displayed. Exit from Soft-ICE, then exit from the debugger, by entering: X Q The next part of the tutorial demonstrates how Soft-ICE can be used to find the same problem as a stand-alone debugger. Soft-ICE will be used as a source level debugger. To prepare Soft-ICE to debug at source level it must have been installed in your CONFIG.SYS file, and extended memory allocated for symbols and source files. Soft-ICE can only be used as a source level debugger if you have extended memory on your system. If you do not have 40 extended memory you may still want to read through the rest of the tutorial to see the capabilities of Soft-ICE with extended memory. If you have not loaded S-ICE.EXE in your CONFIG.SYS file with memory reserved for symbols, do so at this time. To debug the sample program with Soft-ICE as a stand-alone debugger we must use the Soft-ICE program loader (LDR.EXE). To load the sample program(SAMPLE.EXE), the symbol file (SAMPLE.SYM) and the source file(SAMPLE.ASM) enter: LDR SAMPLE You are now in Soft-ICE with SAMPLE.EXE loaded into memory. Notice that Soft-ICE occupies the full screen. Soft-ICE switches to its wide mode whenever a program loaded. The source from SAMPLE.ASM should be visible in the code window. In addition, the register window and the DATA windows are visible. Step through one instruction by pressing F10. Notice that the reverse video bar moves to the next instruction to be executed after a program step. Press F6. This places the cursor in the code window. Now experiment with the , , pageUp, and pageDn keys to move the cursor and scroll the source file. Move the cursor down to line 42 with the  key. 41 Press F9. We have just set an execution break point on line 42. The line should be highlighted, showing you that a break point has been set on it. Enter: BL This shows the break point that we have just set. Now press ALT D. This exits Soft-ICE, and causes the sample program to execute until it encounters the break point on line 42. Soft-ICE should immediately come back, with the reverse video bar on line 42. Press F6 again. This will bring the cursor back to the command window. Now enter: BC * This will clear all the break points (there should only be one set). Now exit from Soft-ICE by pressing ALT D. You are back to the sample program. Type a few keys just to make sure it is still broken. Now pop Soft-ICE back up with ALT D. Since the bug has already occurred, we want to restart the program. Enter: EXIT RD 42 This command forces the sample program to exit. The R tells Soft-ICE to restore the interrupt vectors to the state they were when the sample program was loaded with LDR. The D tells Soft-ICE to delete any currently pending break points. The R and the D are not necessary in this case, but it is good to get in the habit of specifying them when exiting a program that was loaded with LDR.EXE. You are now back at the DOS prompt. Reload the program by entering: LDR SAMPLE.EXE Notice the suffix.EXE was specified this time. When the suffix is specified, Soft-ICE does not attempt to load a symbol file or source file. In this case the symbol file and source file are already in memory. Enter: SYM This displays the public symbols of the sample program. Press Esc to get back to the prompt. We will now set a range break point similar to the one we set while using Soft-ICE as an assistant to debug. This time we will use symbols to set the break point. Enter: BPR START .82 W This will set a range break point in our code segment from the symbol START to line 82 of the source file. Enter: BL You can verify that the break point has been set properly. 43 Press ALT D. Press a non-space key. We're back in Soft-ICE. Notice that the current instruction (the line with the reverse video bar) is the instruction after the one that caused the break point. To see the actual code press the F3 key. This places Soft-ICE in mixed mode. Notice that the reverse video bar covers 2 lines. This is the actual code line and the source code line of the current instruction. Press the F3 key again. We are now in code mode. No source lines are visible. The instruction above the reverse video bar is the instruction that caused the range break point to go off. Press the F3 key again to get back to source mode. Now we will fix the bug in the sample program. Exit the sample program and go back to the DOS prompt by entering: EXIT RD Re-load the sample program by entering: LDR SAMPLE. EXE Set the code window in code mode by pressing the F3 key twice. Un-assemble at the broken routine by entering: U not_space 44 We will now use the Soft-ICE interactive assembler to fix the problem. Enter: A not_space Soft-ICE will prompt you with the address. Enter: NOP Press ENTER to exit from the assembler. Notice in the code window that there is a NOP instruction in place of the CS over-ride at offset 003BH. Press the F3 key to get back to source mode, (the source code of course is not modified). Press ALT D to run the mended sample program. Enter: spaces and some non-spaces It works! You fixed the bug! To get out of Jed's program, and return to DOS, press: CTRL C Now we're going to demonstrate another feature of Soft-ICE. Enter: LDR SAMPLE.EXE This will load the sample program in one more time. 45 Enter: RIP HANG_EXAMPLE The first two displayed instructions are: CLI JMP $ Notice that the jump instruction jumps to itself. This infinite loop would normally hang the system in an unrecoverable fashion. Enter: BREAK ON We have just turned on BREAK mode. BREAK mode will cause the system to run slightly slower, but will allow Soft-ICE to come up even when the system would normal be hung. Exit from Soft-ICE by pressing ALT D. Your system is now hung. For those non-believers, press: CTRL ALT DEL Nothing happens! It is definitely hung. Now press ALT D. The Soft-ICE window is back! To get out of the infinite loop, enter: EXIT RD You are now back at DOS. Try a few directories to get a feel for the performance degradation. Many people feel comfortable leaving BREAK ON as a configuration default. 46 Turn BREAK mode off again by entering: ALT D BREAK OFF ALT D Do a few directories to get a comparison of the speed. That's it! Have fun! It's time to start experimenting and debugging on your own. Browse through the rest of the manual and refer to specific sections when necessary. 47 Blank 48 SECTION II -- Commands Section II contains syntax listings for each Soft-ICE command, and explanations and examples for each command. All numbers are in hexadecimal; any number can be an expression using +,-,/,*, or registers. All commands are case-insensitive. Words that are in italics the command syntax statements must be replaced by an actual value, rather than typing in the italicized word. The following notational conventions are used throughout this section: [ ] -- Brackets enclose an optional syntax item. < > -- Angle brackets enclose a list of items or choices. x | y -- Vertical bars separate alternatives. Use either item x or item y. count -- Count is a byte value that specifies the number of times break point conditions must be met before the actual break point occurs. If no count is specified, the default value is 1. Each time the Soft-ICE window is brought up, the counts are reset to the values originally specified. verb -- Verb is a value that specifies what type access the break point will apply to. It can be set to 'R' for reads, 'W' for write 'RW' for reads and writes, or 'X' for execute. address -- Address is a value that is made of two 16-bit words, separated by a colon. The first word is the segment address, and the 49 second word is the segment offset. The addresses can be constructed of registers expressions, and symbols. Thee address may also contain the special characters "$", ".", and "@". See section 3-8 (Command Syntax) for a description of these special characters. break-number -- Break-number is an identification number that identifies the break point to use when you are manipulating break points (e.g., editing, deleting, enabling, or disabling them). The break-number can be a hexadecimal digit from 0 to F. list -- List is a series of break-numbers separated by commas or spaces. mask -- Mask is a bitmask that is represented as: combination of 1's, 0's, and X's. X's are don't-care bits. Example: BPIO 21 W EQ M 1XXX XXXX This command will cause a break point to occur if port 21H is written to with the high order bit set. GT, LT -- GT and LT are command qualifiers that unsigned comparisons of values. 50 CHAPTER 4 Using Break Point Commands 4.1 Introduction 4.2 Setting Break Points 4.3 Manipulating Break Points 51 4.1 Introduction Soft-ICE has break point capability that has traditionally only been available with hardware debuggers. The power and flexibility of the 80386 chip allows advanced break point capability without additional hardware. Break points can be set on memory location reads and writes, memory range reads and writes, program execution and port accesses. Soft-ICE assigns a one-digit hexadecimal number (0-F) to each break point. This break-number is used to identify break points when you set delete, disable, enable, or edit them. All of Soft-ICE's break points are sticky. That means they don't disappear automatically after they've been used; you must intentionally clear or disable them using the BC or the BD commands. Soft-ICE can handle 16 break points at one time. You can have up to ten break points of a single type except for break points on memory location (BPMs), of which you can only have four, due to restrictions of the 80386 processor. Break points can be specified with a count parameter. The count parameter tells Soft-ICE how many times the break point should be ignored before the break point action occurs. 52 4.2 Setting Break Points Commands: BPM, BPMB, BPMW, BPMD -- Set break point on memory access or execution BPR -- Set break point on memory range BPIO -- Set break point on I/O port access BPINT -- Set break point on interrupt BPX -- Set/clear break point on execution CSIP -- Set CS:IP range qualifier BPAND -- Wait for multiple break points to occur 53 BPM, BPMB, BPMW, BPMD BPM, BPMB, BPMW, BPMD -- Set break point on memory access or execution Syntax: BPM[size]address[verb][qualifier value][C=count] size -- B, W, D B -- Byte W -- Word D -- Double Word The size is actually a range covered by this break point. For example, if double word is used, and the third byte of the double is modified, then a break point will occur. The size is also important if the optional qualifier is specified (see below). verb -- R, W, RW, or X qualifier -- EQ, NE, GT, LT, M EQ -- Equal NE -- Not Equal GT -- Greater than LT -- Less Than M -- Mask These qualifiers are only applicable to the read and write break points. value -- A byte, word, or double word value, depending on the size specified. 54 Comments: The BPM commands allow you to set a break point on memory reads or writes or execution. If a verb is not specified, RW is the default. If a size is not specified, byte is the default. All of the verb types except X cause the program to execute the instruction that caused the break point. The current CS:IP will be the instruction after the break point. If the verb type is X, the current CS:IP will be the instruction where the break point was set. If R is specified, then the break point will occur on read access and on write operations that do not change the value of the memory location. If the verb type is R, W or RW, executing an instruction at the specified address will not cause the break point action to occur. Note: If BPMW is used, the specified address must start on a word boundary. If BPMD is used, the specified address must point to a double word boundary. Example: BPM 1234:SI W EQ 10 C=3 This command defines a break point on memory byte access. The third time that 10 hexadecimal is written to location 1234:SI, the break point action will occur. BPM CS:1235 X This command defines a break point on execution. The break point action will occur the first time that the 55 instruction at address CS:1235 is reached. The current CS:IP will be the instruction where the break point was set. BPMW DS:FOO W EQ M 0XXX XXXX XXXX XXX1 This command defines a word break point on memory write. The break point action will occur the first time that location DS:FOO has a value written to it that sets the high order bit to 0 and the low order bit to 1. The other bits can be any value. BPM DS:1000 W GT 5 This command defines a byte break point on memory write. The break point action will occur the first time that location DS:1000 has a value written to it that is greater than 5. 56 BPR BPR -- Set break point on memory range Syntax: BPR start-address end-address [verb] [C=count] start-address, end-address -- start-address and end-address specify memory range. verb -- R, W, RW, T or TW Comments: The BPR command allows you to set a break point across a range of memory. All of the verb types except T or TW cause the program to execute the instruction that caused the break point. The current CS:IP will be the instruction after the break point. There is no range break point on execution. If a range break point is desired on execution, R must be used. An instruction fetch is considered a read for range break points. If a verb is not specified, W is the default. The range break point will degrade system performance in certain circumstances. Any read or write within the 4K page that contains the break point range is analyzed by Soft-ICE. This performance degradation is usually not noticeable, however, degradation could be extreme in exception cases. The T and TW verbs enable back trace ranges on the specified range. They do not cause break points, but instead log instruction information that can be displayed later with the SHOW or TRACE commands. For more information on back trace ranges, see chapter 9. 57 Example: BPR B000:0 B000:1000 W This command defines a break point on memory range. The break point will occur if there are any writes to the monochrome adapter video memory region. 58 BPIO BPIO -- Set break point on I/O port access Syntax : BPIO port [verb] [qualifier value] [C=count] port -- A byte or word value verb -- R, W, or RW R -- Read (IN) W -- Write (OUT) qualifier -- EQ, NE, GT, LT, M EQ -- Equal NE -- Not Equal GT -- Greater Than LT -- Less Than M -- Mask value -- A byte or word value Comments: The BPIO command allows you to set a break point on I/O port reads or writes. If value is specified, it is compared with the actual data value read or written by the IN or OUT instruction causing the break point. The value may be a byte or a word. If the I/O is to a byte port, then the lower 8 bits are used in the comparison. The instruction pointer (CS:IP) will point to the instruction after the IN or OUT instruction that caused the break point. If a verb is not specified, RW is the default. 59 Example: BPIO 21 W NE FF This command defines a break point on I/O port access. The break point will occur if the interrupt controller one mask register is written with a value other than FFH. BPIO 3FE R EQ M 11XX XXXX This command defines a byte break point on I/O port read. The break point action will occur the first time that I/0 port 3FE is read with a value that has the two high order bits set to 1. The other bits can be any value. 60 BPINT BPINT -- Set break point on interrupt Syntax: BPINT int-number [ < AL | AH | AX >= value] [C = count] int-number -- Interrupt number from 0 - FF hex value -- A byte or a word value Comments: The BPINT command allows breaking on the execution of a hardware or a software interrupt. By optionally qualifying the AX register with a value, specific DOS or BIOS calls can be easily isolated. If no value is specified, a break point will occur when the interrupt specified by int-number occurs. This interrupt can be a hardware, software, or internal interrupt. The optional value is compared with the specified register (AH, AL, or AX) when the interrupt occurs. If the value matches the specified register, then the break point will occur. When the break point occurs, if the interrupt was a hardware interrupt, the instruction pointer (CS:IP) will point to the first instruction within the interrupt routine. The INT? command can be used to see where execution was when the interrupt occurred. If the interrupt was a software interrupt, when the break point occurs, the instruction pointer (CS:IP) will point to the INT instruction causing the interrupt. 61 Example : BPINT 21 AH=4C This command defines a break point on interrupt 21H The break point will occur when DOS function call 4CH (terminate program) is called. 62 BPX BPX -- Set/clear break point on execution Syntax: BX [address] [C=count] Comments: The BPX command allows you to set or clear a point-and-shoot execution break point in source. When the cursor is in the code window the address is not required. The execution break point is set at the address of the current cursor location. If an execution break point has already been set at the address of the current cursor location, then the break point is cleared. If the code window is not visible or the cursor is not in the code window then the address must be specified. If an offset only is specified then the current CS register value used as the segment. Technical Note: BPX uses an interrupt 3 style of break point unless the specified address is ROM. This is used instead of a break point register to make more execution break points available. If your circumstances require the use of a break point register for some reason (code not loaded yet for example) you can set an execution break point with the BPM command. Example: BPX.1234 This sets an execution break point at source line 1234. 63 CSIP CSIP -- Set CS:IP range qualifier Syntax: CSIP [OFF | [NOT] start-address end-address] NOT -- When NOT is specified, the break point will only occur if the CS:IP pointer is outside the specified range. OFF -- Turns off CS:IP checking Comments: The CSIP command causes a break point to be dependent upon the location of the instruction pointer when the break point conditions are met. This function is often useful when a program is suspected of accidentally modifying code outside of its boundaries. When break point conditions are met, the CS:IP registers are compared with a specified range. If they are within the range, the break point is activated. To activate the break point when CS:IP is outside the range, use the NOT parameter. When a CSIP range is specified, it applies to ALL break points that are currently active. If no parameters are specified, the current CSIP range is displayed. Example: CSIP NOT F000:0 FFFF:0 This command causes the break points to occur only the CS:IP is NOT in the ROM BIOS when the break point conditions are met. 64 BPAND BPAND -- Wait for multiple break points to occur Syntax: BPAND list | * | OFF list -- A series of break-numbers separated by commas or spaces * -- ANDs together all break points Comments: The BPAND command does a logical AND of two or more break points, activating the break point only when conditions for all break points are met. Sometimes conditions arise when you don't want a break point to occur until several different conditions are met. The BPAND command allows specifying two or more break points that must occur before the action is generated. This function allows more complex break point conditions to be set. Each time the BPAND command is used, the specified break point numbers are added to the list until BPAND OFF is used. You can tell which of the break-numbers are ANDed together by listing the break points with the BL command. The break points that are ANDed together will have an ampersand (&) after their break-number. Once break points have been ANDed together, each remains ANDed until it is cleared, or until BPAND is turned off. 65 Example: BPAND 0,2,3 This command causes the conditions of the break points 0, 2, and 3 to be logically tied together. The break occurs only when the conditions of all three are met. For example, if the conditions of break points 2 and 3 have both been met at least once, but the conditions of break point 0 have not been met at all yet, then the action will not occur until break point 0 conditions are met. 66 4.3 Manipulating Break Points Soft-ICE provides several commands for manipulating break points. Manipulation commands allow listing, modifying, deleting, enabling, and disabling of break points. Break points are identified by break-numbers which are hexadecimal digits from 0 to F. The break point manipulation commands are: BD -- Disable break points BE -- Enable break points BL -- List break points BPE -- Edit break point BPT -- Use break point as a template BC -- Clear break points 67 BD BD -- Disable break points Syntax: BD list | * list -- A series of break-numbers separated by commas or spaces * -- Disables all break points Comments: The BD command is used to temporarily deactivate break points. The break points can be reactivated with the BE (Enable break points) command. You can tell which of the break-numbers are disabled by listing the break points with the BL command. The break points that are disabled will have an asterisk (*) after their break-number. Example: BD 1,3 This command temporarily disables break points 1 and 3. 68 BE BE -- Enable break points Syntax: BE list | * list -- A series of break-numbers separated by commas or spaces * -- Enables all break points Comments: The BE command is used to reactivate break points that were deactivated by the BD (Disable break points) command. Note that a break point is automatically enabled when it first defined. Example: BE 3 This command enables break point 3. 69 BL BL -- List break points Syntax: BL Comments: The BL command displays all break points that are currently set. For each break point, BL lists the break-number, break point conditions, break point state, and count. The state of a break point is either enabled or disabled. If the break point is disabled, an asterisk (*) is displayed after its break-number. If an enabled break point was used in a BPAND command, an ampersand (&) is displayed after its break-number. The break point that most recently caused an action to occur is highlighted. The BL command has no parameters. Example: BL This command displays all the break points that have been defined. A sample display, which shows four break points, follows: 0) BPMB 1234:0000 W EQ 0010 C=03 1) BPR B000:0000 B000:1000 W C=01 2) BPIO 0021 W NE 00FF C=01 3) BPINT 21 AH=4C C=01 Note that in this example, break point 1 is preceded with an asterisk (*), showing that it has been disabled. 70 BPE BPE -- Edit break point Syntax: BE break-number Comments: The BPE command loads the break point description into the edit line for modification. The command can then be edited using the editing keys, and re-entered by pressing the ENTER . This command offers a quick way to modify the parameters of an existing break point. Example: BPE 1 This command moves a description of break point 1 into the edit line and removes break point 1. Pressing the ENTER key will cause the break point to be re-entered. 71 BPT BPT -- Use break point as a template Syntax: BT break-number Comments: The BPT command uses an existing break point description as a template for a new break point. A description of the existing break point is loaded into the edit line. The break point referenced by break-number is not altered. This command offers a quick way to create a new break point that is similar to an existing break point. Example: BPT 3 This command moves a template of break point 3 into the edit line. When the ENTER key is pressed, a new break point is added. 72 BC BC -- Clear break points Syntax: BC list | * list -- A series of break-numbers separated by commas or spaces * -- Clears all break points Comments: The BC command is used to permanently delete one or more break points. Example: BC * This command clears all break points. 73 PAGE 74 IS EMPTY 74 CHAPTER 5 Using Other Commands 5.1 Display and Edit Commands 5.2 I/O Port Commands 5.3 Transfer Control Commands 5.4 Debug Mode Commands 5.5 Utility Commands 5.6 Specialized Debugging Commands 5.7 Windowing Commands 5.8 Debugger Customization Commands 5.9 Screen Control Commands 5.10 Symbol and Source Line Commands 5.1 Display and Edit Commands 75 Commands: U -- Unassemble instructions or display source R -- Display or change registers MAP -- Display system memory map D -- Display memory in the most recently specified format DB -- Display memory in byte format DW -- Display memory in word format DD -- Display memory in double word format E -- Edit memory in the most recently specified format EB -- Edit memory bytes EW -- Edit memory words ED -- Edit memory double words INT? -- Display last interrupt number ? or H -- Display help information VER -- Display Soft-ICE version number 76 U U -- Unassemble instructions or display source Syntax : U [address] [L[=]length] length -- The number of instructions to be unassembled Comments: The U command displays the instructions of the program being debugged. If length is not specified, the length defaults to eight lines if available, or one less than the screen length. If address is not specified, the command unassembles at address starting at the first byte after the last byte unassembled by a previous unassemble command. If the has been no previous unassemble command, the address defaults to the current CS:IP. If the code window is visible, the instructions are displayed in the code window. If source is loaded for the address range specified then source lines may be displayed depending on the current source mode. Example: U $-10 This command unassembles instructions beginning 10 hexadecimal bytes before the current address. 77 U .499 This command displays the current source file starting at line 499. The code window must be visible and in source mode. 78 R R-- Display or change registers Syntax: R register-name [ [ = ]value] ] register-name -- Any of the following: AL, AH, AX, BL, BH, BX, CL, CH, CX, DL, DH, DX, DI, SI, BP, SP, IP, CS, DS, ES, SS, or FL value -- If register-name is any name other than FL, value is a hex value or an expression. If register-name is FL, value is a series of one or more of the following flag symbols, each optionally preceded by a plus or minus sign: O (Overflow flag) D (Direction flag) I (Interrupt flag) S (Sign flag) Z (Zero flag) A (Auxiliary carry flag) P (Parity flag) C (Carry flag) Comments: The R command displays or changes register values. If no parameters are supplied, all register and flag value are displayed, as well as the instruction at the current CS:IP address. If register-name is supplied without a value, Soft-ICE displays the current value of the specified register and 79 prompts you for a new value. If register-name is FL, flags that are set are displayed as highlighted uppercase characters; flags that are cleared are displayed as non-highlighted lowercase characters. To retain the current value of a register, press ENTER. If both register-name and value are supplied, the specified register's contents are changed to the value. To change a flag value, use FL as the register-name, followed by the symbols of the flag whose values you want to toggle. To turn a flag on, precede the flag symbol with a plus sign. To turn a flag off, precede the flag symbol with a minus sign. The flags can be listed in any order. Examples: RAH 5 This command sets the AH register equal to 5. R FL = OZP This command toggles the O, Z, and P flag values. R FL This command displays the current flag values, and allows them to be changed. RFL O + A-C This command toggles the O flag value, turns on the flag value, and turns off the C flag value. 80 MAP MAP -- Display system memory map Syntax : MAP Comments: The MAP command displays the names, locations, and sizes of system memory components. The size is displayed in paragraphs. One paragraph is equivalent to 10 hexadecimal bytes. The component that the CS:IP register currently points to is highlighted. Use the MAP command when: * A break point occurs and CS:IP is not in a known memory region. * You want to get control within a resident program or system program. A range break point can be set based on the starting address and size reflected by MAP. * You suspect a program or system component of writing over code outside of its memory space. MAP is used to obtain the memory address of the region to use with the CSIP command. * You need to find out which resident program owns certain interrupt vectors. 81 Example: MAP The following is a sample display produced by the command: Start Length 0000:0000 0040 Interrupt Vector Table 0040:0000 0030 ROM BIOS Variables 0070:0000 00FE I/O System 016E:0000 06B7 DOS 0842:0000 02CE DOS File Table & Buffers A000:0000 5E00 System BUS F000:0000 1000 ROM BIOS Versions of DOS lower than 3.1 display program addresses instead of displaying the program names. 82 D, DB, DW, DD D, DB, DW, DD -- Display memory Syntax: D [size] [address] [L[ = ]length] size -- B -- Byte W -- Word D -- Double Word length -- The number of bytes to be displayed. Comments: The D command displays the memory contents of the specified address. The contents are displayed in the format of the size specified. If no size is specified, the last size used will be displayed. The ASCII representation is also displayed for all forms. If address is not specified, the command displays memory at the address starting at the first byte after the last byte displayed. If length is not specified, it defaults to eight lines, or fewer if the window is smaller. If the data window is visible, the data is displayed in the data window and the length is ignored. Example: DW DS:00 L=8 This command displays, in word format and in ASCII format, the value of the first eight bytes of the current data segment. 83 E, EB, EW, ED E, EB, EW, ED -- Edit memory Syntax: E [size ] address [data-list] size -- B -- Byte W -- Word D -- Double Word data-list -- list of data objects of the specified size (Bytes, Words or Double Words) or quoted strings separated by commas or spaces. The quoted string can begin with a single quote or a double quote. Comments: The E commands display the memory contents at the specified address, and allow you to edit the values. These commands display the memory contents in ASCII format, and in the format of the size specified. A memory editor is provided for quick memory updates. Memory can be edited by typing ASCII characters, or by typing byte, word, or double word values. If no size is specified, the last size used will be assumed. The memory Editing key strokes are: @ -- Move cursor up @ -- Move cursor down @ -- Move cursor right @ -- Move cursor left SPACE -- Move cursor to next element 84 TAB -- Toggle between numeric and ASCII areas ESC or ENTER -- Exit memory editor As values are input, the actual memory locations are updated. All numeric values are hex numbers. To toggle between the ASCII and numeric display areas, press the TAB key. If the data window is visible, the data is edited in the data window, otherwise the data is edited in the command window. The data display length defaults to 8 lines if in the command window, or to the size of the data window if it's visible. If no parameters are supplied, the cursor moves into the data window if the data window if visible. If the data window is not visible, the data is edited in the command window at the last address displayed or edited. Examples: EB 1000:0 This command displays, in byte format, up to six lines containing both the numeric and the ASCII representation of the values of the data starting at location 1000:0000. Once the lines are displayed, you can edit the values. EB 8000:0 "Hello",0D This command replaces the values starting at locatio 8000:0000 with the string "Hello" followed by a carriage return. 85 INT? INT? -- Display last interrupt number Syntax: INT? Comments: The INT? command displays the address and the number the last interrupt that happened. Example: INT? An example of the display produced by the INT? command follows: Last Interrupt: 16 At: 0070:0255 This example shows that the last interrupt generated in the system before the Soft-ICE window was brought up was an interrupt 16 hexadecimal, at location 0070:0255H. If the last interrupt that happened was a software interrupt, unassembling the code at 0070:0255H will show the interrupt instruction. If it was a hardware interrupt, unassembling the code will show the instruction that was executing when the hardware interrupt occurred. 86 ? or H ? or H -- Display help information Syntax: < ? | H > [command | expression] Comments: The ? command and the H command both display help information. If no parameters are specified, help displays short descriptions of all the commands and operators, one screen at a time. Press any key to continue, or press ESC to quit displaying help. If command is specified, help displays more detailed information on the specified command, including the command syntax and an example. If expression is specified, the expression is evaluated and the result is displayed in hexadecimal, decimal, and ASCII. Examples: ? ALTKEY This command displays information about the ALTKEY command, including its syntax and an example. H 10 + 14*2 This command displays: 0038 00056 "8". These are the hexadecimal, decimal and ASCII representations of value of the expression "10 + 14*2". 87 VER VER -- Display Soft-ICE version number Syntax: VER Example: VER This command displays the Soft-ICE version and the Nu-Mega Technologies copyright message. 88 5.2 I/O Port Commands Commands: I or IB -- Input from byte I/O port IW -- Input from word I/O port O or OB -- Output to byte I/O port OW -- Output to word I/O port 89 I, IB, IW I, IB, IW -- Input from I/O port Syntax: I [size] port Size -- B -- Byte W -- Word port -- A byte or word value Comments: The input from port commands are used to read and display a value from a hardware port. Input can be done From byte or word ports. If no size is specified, the default is byte. Example: I 21 This command displays the mask register for interrupt controller one. 90 O, OB, OW O, OB, OW, -- Output to I/O port Syntax: O [size] port value size -- B -- Byte W -- Word port -- A byte or word value value -- A byte for a byte port or a word for a word port Comments: The output to port commands are used to write a value to a hardware port. Output can be done to byte or word ports If no size is specified, the default is byte. Example: O 21 FF This command masks off all the interrupts for interrupt controller one. 91 5.3 Transfer Control Commands Commands: X -- Exit from Soft-ICE window G -- Go to address T -- Trace one instruction P -- Program step HERE -- Go to current cursor line GENINT -- Force an interrupt EXIT -- Force exit of current DOS program BOOT -- System boot (retain Soft-ICE) HBOOT -- Hard system boot (total reset) 92 X X -- Exit from Soft-ICE window Syntax: X Comments: The X command exits the Soft-ICE window and restores control to the program that was interrupted to bring up Soft-ICE. The Soft-ICE window disappears. If any break points have been set, they become active. Example: X 93 G G -- Go to address Syntax: G [=start-address] [break-address] Comments: The G command exits from the Soft-ICE window with a single one-time execution break point set. In addition, all sticky break points are armed. Execution begins at the current CS:IP unless the start-address parameter is supplied. In that case execution begins at start-address. Execution continues until break-address is encountered, the window pop-up key sequence is used, or a sticky break point occurs. The break-address must be the first byte of an instruction opcode. When the specified break-address is reached, the current CS:IP will be the instruction where the break point was set. The G command with no parameters behaves the same as the X command. The non-sticky execution break point uses an 80386 break point register, unless all break point registers have been allocated to sticky break points. In that case, an INT 3 style break point is implemented. When this case occurs, the G and P commands will not work correctly in ROM. An error message will be displayed if this is attempted. Example: G CS:1234 This command sets a one time break point at CS:1234 94 T T -- Trace one instruction Syntax: T [=start-address] [count] Comments: The T command single steps one instruction by utilizing the single step flag. Execution begins at the current CS:IP unless the start-address parameter is specified. If start-address is specified, CS:IP is changed to start- address prior to single stepping. If count is specified then Soft-ICE single steps count time The TRACE command will continue until the count is exhausted or the Esc key is pressed, regardless of which break points are reached. In source mode, the T command steps to the next source statement. If the current statement is a procedure or function call, and source exists for the routine being called, T steps into the call. If there is no source available for the called procedure or function, T steps over the routine. Example : T = 1284 3 This command single steps through three instruction starting at memory location 1284. 95 P P -- Program step Syntax: P Comments: The P command is a logical program step. One instruction at the current CS:IP is executed unless the instruction is a call, interrupt, loop, or repeated string instruction. In those cases, the entire routine or iteration is completed before control is returned to Soft-ICE. The P command uses a one-time execution break point. The non-sticky execution break point uses an 80386 break point register, unless all break point registers have been allocated to sticky break points. In that case, an INT3 style break point is implemented. When this case occurs, the P and G commands will not work correctly in ROM. An error message will be displayed if this is attempted. In source mode, the P command steps to the next source statement. If the current statement is a procedure or function call, the P command steps over the it. Example: P This command executes one 'program step'. 96 HERE HERE -- Go to current cursor line Syntax: HERE Comments: The HERE command executes until the program reaches the current cursor line. HERE is only available when the cursor is in the code window. If the code window is not visible or the cursor is not in the code window, use the G command instead. The HERE command exits from Soft-ICE with a single one-time execution break point set. In addition, all sticky break points are armed. Execution begins at the current CS:IP and continues until address of the current cursor position in the code window encountered, the window pop-up key sequence is used, a sticky break point occurs. The non-sticky execution break point uses an 80386 break point register, unless all break point registers have been allocated to sticky break points. In that case, an INT 3 style break point is implemented. When this case occurs, the HERE command will not work correctly in ROM. An error message will be displayed if this is attempted. Example: HERE This example sets an execution break point at the current cursor position, then exits from Soft-ICE and begins execution at the current CS:IP. Default Function Key: F7 97 GENINT GENlNT -- Force an interrupt Syntax: GENINT INT1 | INT3 | NMI | interrupt-number interrupt-number -- a number in the range 00 - FF Comments: The GENINT command forces an interrupt to occur. This function can be used to hand off control to another debugger when using Soft-ICE with another software debugger. It can also be used to test interrupt routines. The GENINT command simulates the processing sequence of a hardware interrupt or an INT instruction. It pushes the flags, the CS register, and the IP register, then changes the value of the CS and IP registers to the value of the interrupt vector table entry corresponding with the specified interrupt number. Example: GENINT NMI This forces a non-maskable interrupt. This will give control back to CodeView if Soft-ICE is being used as an assistant to CodeView. 98 EXIT EXIT -- Force exit of current DOS program Syntax: EXIT [R] [D] R -- Restore the interrupt vector table D -- Delete all break points Comments: The EXIT command attempts to abort the current program by forcing a DOS exit function (INT 21H, function 4CH) This command will only work if the DOS is in a state where it is able to accept the exit function call. If this call is made from certain interrupt routines, or other times when the DOS is not ready, the system may behave unpredictably. This function does NOT do any system resetting other than the interrupt table when the R option is used. This means that BIOS variables, video modes and other systems level data are not restored. Using the R option will cause the interrupt vectors to be restored to whatever they were the last time they were saved. Soft-ICE saves the interrupt vectors when it is loaded, when a program is loaded with LDR.EXE, and when the VECS S command is used. Note: To re-start a program that has been loaded with the Soft-ICE program loader (LDR.EXE) do the following: EXIT R LDR prog.EXE The EXIT command will restore the interrupt table to the values it contained before the program was loaded, then 99 exit to the command processor. By running the LDR utility and specifying the .EXE suffix, the program is loaded back in without re-loading symbols and source. The symbols and source will remain in memory. Caution: The EXIT command should be used with care. Since Soft-ICE can be popped up at any time, a situation can occur where the DOS is not in a state to accept an exit function call. Also, the EXIT command does not do any program specific resetting. For instance, the EXIT command does not reset the video mode. If your program has placed the video BIOS and hardware in a particular video mode, it will stay in that mode after the EXIT command. Example: EXIT R Restores the interrupt table and exits the current program. The R option should be used if exiting from a program loaded with the Soft-ICE program loader LDR.EXE. 100 BOOT BOOT -- System boot (retain Soft-ICE) Syntax: BOOT Comments: The BOOT command resets the system and retains Soft-ICE. BOOT is required to debug boot sequences, DOS loadable drivers, and non-DOS operating systems. BOOT is implemented with an Interrupt 19H ROM BIOS call. In some instances memory may be corrupted to the point where Interrupt 19 will not work. If this occurs, bring up Soft-ICE and use the HBOOT command. For BOOT to work properly, Soft-ICE should be installed as a loadable driver in CONFIG.SYS before any other device drivers. This is so Soft-ICE can restore the original system state as accurately as possible. Example: BOOT This command makes the system reboot. Soft-ICE remains resident. 101 HBOOT HBOOT -- Hard system boot (total reset) Syntax: HBOOT Comments: The HBOOT command resets the entire system. Soft-ICE is not retained in the reset process. HBOOT is sufficient unless an adapter card requires a power-on reset. In those rare cases, the machine power must be recycled. Example : HBOOT This command makes the system reboot. Soft-ICE must be reloaded. 102 5.4 Debug Mode Commands Commands: ACTION -- Set action after break point is reached WARN -- Set DOS/ROM BIOS re-entrancy warning mode BREAK -- Break out any time I3HERE -- Direct Interrupt 3's to Soft-ICE 103 ACTION ACTION -- Set action after break point is reached Syntax: ACTION [INT1 | INT3 | NMI | HERE | int-number] int-number -- Any valid interrupt number (0-FFH). Use this option only if a user-supplied break point qualification routine has taken over that interrupt vector (see section 11.2). Comments: The ACTION command determines where control is given when break point conditions have been met. In most cases, the desired action is INT3 or HERE, INT3 is typically used if Soft-ICE is being used with a host debugger, HERE is used when it is desired to return to Soft-ICE when break point conditions have been met, INT1 and NMI are alternatives for certain debuggers that will not work with the INT3 option. For instance, CODEVIEW works best with ACTION set to NMI. Use int-number if there is a user-supplied break point qualification routine installed. Using int-number without having a user-supplied break point qualification routine installed causes an error. For more information, see section 11.2,'User-Qualified Break Points'. If no parameter is supplied with the ACTION command, the current action is displayed. The default action is HERE. 104 Example: ACTION HERE This command specifies that control will return to Soft-ICE when break point conditions have been met. 105 WARN WARN -- Set DOS/ROM BIOS re-entrancy warning mode Syntax: WARN [ON | OFF] Comments: The WARN command is provided for using Soft-ICE with debuggers that use DOS and ROM BIOS. Many debuggers use DOS and ROM BIOS for screen output and for receiving keystrokes. Since DOS and ROM BIOS are not fully re- entrant, these debuggers may not work properly if break point occurs while the DOS or ROM BIOS is executing. If WARN ON is set, and ACTION is not HERE, then control will come to Soft- ICE before the actual action occurs. The system displays the current CS:IP and gives you the choice of continuing or returning to Soft-ICE. Generally, you should choose to return to Soft-ICE to continue your debugging. Only continue with the host debugger if you know your debugger will not cause DOS or ROM BIOS to be re-entered. WARN mode should be turned on to use Soft-ICE with DEBUG, SYMDEB, and CODEVIEW. If no parameter is specified, the current state of WARN is displayed. The default is WARN mode OFF. Example: WARN ON This command turns on DOS/ROM BIOS re-entrancy warning mode. 106 BREAK BREAK -- Break out any time Syntax: BREAK [ON | OFF] Comments: The BREAK command allows popping up the Soft-ICE window when the system is hung with interrupts disabled. Break mode can be used for the entire debugging session, or it can be turned on and off when it is required. Break mode degrades system performance slightly. This performance degradation must be weighed against the necessity of breaking out of a hung program. A user may want to have break mode on all the time, even though performance is degraded, because the program could hang at any time. Unlike other debuggers that can also be brought up at any time, Soft-ICE does not require an external switch. When BREAK is on, the Soft-ICE window can be brought up at any time by pressing the current key sequence. If no parameter is specified, the current state of BREAK is displayed. The default is BREAK mode OFF. Example: BREAK ON This command turns on break mode. This means that the Soft-ICE window can be brought up at any time, even if interrupts are disabled. 107 13 HERE 13HERE -- Direct Interrupt 3's to Soft-ICE Syntax: 13HERE [ON | OFF] Comments: The 13HERE command lets you specify that any Interrupt 3 will bring up the Soft-ICE window. This feature is useful for stopping your program in a specific location. To use this feature, place an INT 3 into your code at the location where you want to stop. When the INT 3 occurs, it will bring up the Soft-ICE window. At this point, you can use the R IP command to change your instruction pointer to the instruction after the INT 3, then you can continue debugging. If no parameter is specified, the current state of 13HERE is displayed. The default is 13HERE mode OFF. Example: 13HERE ON This command turns on 13HERE mode. Any INT 3's generated after this point will bring up the Soft-ICE window. 108 5.5 Utility Commands Commands: A -- Assemble code S -- Search for data F -- Fill memory with data M -- Move data C -- Compare two data blocks 109 A A -- Assemble code Syntax: A [address] Comments: The Soft-ICE assembler allows you to assemble instructions directly into memory. The assembler supports the basic 8086 instruction set with the 80186 and 80286 real address mode extensions. Numeric co-processor instructions and 80386 specific instructions, registers and addressing modes can NOT be assembled. The A command enters the Soft-ICE interactive assembler. An address is displayed as a prompt for each assembly line After an assembly language instruction is typed in and ENTER is pressed, the instructions are assembled into memory at the specified address. Instructions must be entered with standard Intel format. Press ENTER at an address prompt to exit assembler mode. If the address range in which you are assembling instructions is visible in the code window, the instructions will change interactively as you assemble. The Soft-ICE assembler supports the standard 8086 family mnemonics, however there are some special additions : * The DB mnemonic is used to define bytes of data directly into memory. The DB command is followed by a list of bytes and/or quoted strings separated by spaces or commas. * The RETF mnemonic represents a far return. * WORD PTR and BYTE PTR are used to determine data size if there is no register 110 argument, for example: MOV BYTE PTR ES:[ 1234],1. * Use FAR and NEAR to explicitly assemble far and near jumps and calls. If FAR or NEAR is not specified then all jumps and calls are near. * Operands referring to memory locations should placed in square brackets, for example: MOV AX,[1234]. Example: A CS:1234 This command prompts you for assembly instruction then assembles them beginning at offset 1234H with the current code segment. Press ENTER at the address prompt after entering the last instruction. 111 S S -- Search for data Syntax: S address L length data-list data-list -- list of bytes or quoted strings separated by commas or spaces. .A quoted string can begin with a single quote or a double quote. length -- length in bytes Comments: The S command searches memory for a series of bytes or characters that matches the data-list. The search begins at the specified address and continues for the length specified. The address of each occurrence found in the range is displayed. Example: S DS:SI+10 L CX 'Hello',12,34 This command searches for the string 'Hello' followed by the bytes 12H and 34H starting at offset SI+10 in the current data segment and ending CX bytes later. 112 F F -- Fill memory with data Syntax: F address L length data-list data-list -- list of bytes or quoted strings separated by commas or spaces. A quoted string can begin with a single quote or a double quote. length -- length in bytes Comments: The F command fills memory with the series of bytes or characters specified in the data-list. Memory is filled starting at the specified address and continuing for the specified length, repeating the data-list if necessary. Example: F 8000:0 L 100 'Test' This command fills memory starting at 8000:0 for a length of 100H bytes with the string 'Test'. The string 'Test' is repeated until the fill length is exhausted. 113 M M -- Move data Syntax: M start-address L length end-address length -- length in bytes Comments: The M command moves the specified number of bytes from the start-address in memory to the end-address in memory. Example: M 1000:0 L 200 2000:0 This command moves 200H bytes from memory location 1000:0 to memory location 2000:0. 114 C C -- Compare two data blocks Syntax: C address1 L length address2 length -- length in bytes Comments: The C command compares the memory block specified by address1 and the length with the memory block specified address2 and the length. When a byte from the first data block does not match a byte from the second data block, both bytes are displayed, along with their addresses. Example: C 5000:100 L 10 6000:100 This command compares the 10H bytes starting at memory location 5000:100 with the 10H bytes starting at memory location 6000:100. 115 5.6 Specialized Debugging Commands Commands: SHOW -- Display instructions from history buffer TRACE -- Enter trace simulation mode XT -- Single step in trace simulation mode XP -- Program step in trace simulation mode XG -- Go to address in trace simulation mode XRSET -- Reset back trace buffer VECS -- Save/restore/compare interrupt vectors SNAP -- Take snap shot of memory block EMMMAP -- Display EMM allocation map 116 SHOW SHOW -- Display instructions from history buffer Syntax: SHOW [B | start] B -- This tells the show command to start the display with the oldest instruction in the back trace buffer. start -- The number of instructions back from the buffer end (last instruction captured) to begin display. Comments: The SHOW command displays instructions from the back trace history buffer. If source is available for the instructions then the display is in mixed mode, otherwise only code is displayed. SHOW allows scrolling through the back trace buffer with the up, down, Pageup and PaqeDn keys. To exit from SHOW you must press the Esc key. Preceding the address of each instruction is the buffer entry number. This number shows how deep into the buffer you are displaying. The higher the number, the deeper you are into the buffer. Note: Before using the SHOW command, instructions must have been logged with a back trace range. See chapter 9 for more information on back trace ranges. 117 Hints: It is often useful to have the code window visible with the actual code of the region you are displaying from the back trace buffer. When you compare the actual instruction flow to code, displayed jumps and calls are usually less confusing. Using SHOW in conjunction with the TRACE command will allow you to see the instructions in the back trace history buffer from two different points of view. Example: SHOW 40 This example will displays starting with the 40th instruction back in the back trace buffer. 118 TRACE TRACE -- Enter trace simulation mode Syntax: TRACE [start] | [OFF] start -- The number of instructions back from the buffer end (last instruction captured) to begin trace simulation OFF -- Exit trace simulation mode. Comments: The TRACE command allows you to replay instructions from the instruction back trace history buffer just as if they were being executed for the first time. To use trace simulation mode you must have the code window visible After entering trace simulation mode you use the XT, XP and XG commands to trace through the instructions in the buffer. To exit trace simulation mode type TRACE OFF. TRACE with no parameters specified displays whether trace simulation mode is on or off. Note: Before using the TRACE command, instructions must have been logged with a back trace range. See chapter 9 for more information on back trace ranges. Hints: Trace simulation mode is most useful when the code window is visible. It is often useful to use TRACE in conjunction with the SHOW command. This allows the 119 instructions in the back trace history buffer to be viewed simultaneously in two different forms. Example: TRACE 40 This example enters trace simulation mode starting 40 instructions back from the last instruction logged. It will remain in trace simulation mode until TRACE OFF is entered. 120 XT XT -- Single step in trace simulation mode Syntax: XT [R] R -- Single step in reverse direction. Comments: The XT command single steps through the instruction back trace history buffer. This command acts like the T command for normal debugging. Note that the registers do NOT change while stepping in trace simulation mode except CS and IP, The XT instruction allows you to replay instructions from the back trace history buffer, Note: Before using XT you must be in trace simulation mode. See chapter 9 and the TRACE command in this section for more information on back trace ranges. Hint: If you are using XT frequently, like any other Soft-ICE command it can be assigned to a function key. Example: XT This command single steps one instruction in trace simulation mode. 121 XP XP -- Program step in trace simulation mode Syntax: XP Comments: The XP command does a logical program step through the instruction back trace history buffer. This command acts like the P command for normal debugging. Note that the registers do NOT change while stepping in trace simulation mode except CS and IP. The XP instruction allows you to replay instructions from the back trace history buffer. Note: Before using XP you must be in trace simulation mode. See chapter 9 and the TRACE command in this section for more information on back trace ranges. Hint: If you are using XP frequently, like any other Soft-ICE command it can be assigned to a function key. Example: XP This command executes one program step in trace simulation mode. 122 XG XG -- Go to an address in trace simulation mode Syntax: X [R] address R -- Search for address in reverse direction. address -- Address to go to in the back trace history buffer. Comments: The XG command moves the instruction pointer to the next occurrence of the specified address in the back trace history buffer. If R is specified preceding the address, then the instruction pointer is moved to the previous occurrence the specified address in the back trace buffer. The address must be the first byte of an instruction opcode. The XG is analogous to the G command in normal debugging. Note: Before using XG you must be in trace simulation mode. See chapter 9 and the TRACE command in this section for more information on back trace ranges. Example: XG 273:1030 This command moves the instruction pointer to the next instance of the instruction at address 273:1030. 123 XRSET XRSET -- Reset back trace history buffer Syntax: XRSET Comments: The XRSET command resets the back trace history buffer. This command should be executed before setting a back trace range if there is unwanted instruction information in the back trace buffer. Example: XRSET This command resets the back trace buffer. 124 VECS VECS -- Save/restore/compare interrupt vectors Syntax: VECS [C|S|R] C -- Compare current table with stored table S -- Save current interrupt table to buffer R -- Restore interrupt table from buffer Comments: The VECS command allows you to save and restore the interrupt table to an internal Soft-ICE buffer. The actual table can also be compared to the stored table with the differences displayed. When the C option is used to compare the current interrupt vector table with the stored copy the output is in the following format: address old-vector new-vector Each vector that has changed is displayed. The interrupt vector table is initially stored when Soft-ICE is loaded. It is also automatically stored when a program loaded with LDR.EXE. Only one copy of the interrupt vector table is stored, so each time VECS S is executed, previous copy of the interrupt table is overwritten. If no parameters are specified, the entire interrupt vector table is displayed. 125 Example: VECS C This command compares the actual interrupt vector table with one that had been previously stored in the Soft-ICE internal VECS buffer. 126 SNAP SNAP -- Take snap shot of memory block Syntax: SNAP [C | S | R] address1 address2 C -- Compare buffer with address range S -- Save address range to buffer R -- Restore buffer to address range Comments: The SNAP command takes a snap shot of a memory block for later comparison. The S option copies a block of memory to a buffer in extended memory. The C option displays differences between the buffer in extended memory and the actual memory specified by the address range. The R option copies the buffer in extended memory to the address range in conventional memory. When the C option is used to compare the buffer with the address range the output is in the following format: address old-data new-data Each byte that has changed is displayed. The address is usually not necessary for the C and R options. If the address is not specified, the address from the last time SNAP was entered with a specified address used. Notes: To use the SNAP command you must have specified the /TRA XXXX switch on the S-ICE.EXE line in CONFIG.SYS. 127 The SNAP command saves data in the back trace history buffer. If you are using back trace then you will have a conflict with SNAP. Specifically, SNAP will overwrite back trace information if you do a SNAP S when instruction history is in the back trace buffer. Conversely, if you have saved a region with SNAP, then enabling a back trace range will overwrite the SNAP buffer. Example: SNAP S 2000:0 4000:0 This command stores the data block from 2000:0 to 4000:0 in the Soft-ICE back trace buffer. 128 EMMMAP EMMMAP -- Display EMM allocation map Syntax: EMMMAP Comments: The EMMMAP command displays each physical page that is available for EMM memory and the pages that are currently mapped in. Note: The Soft-ICE EMM feature must be enabled to use this function. See chapter 8 for more information on enabling EMM capability. Example: EMMMAP This example displays the current EMM allocation in in the following form. Phy page Seg address Handle/Page 00 D000 FFFF 01 D400 0001/0000 02 D800 0001/0001 03 DC00 0001/0002 In this example, physical page 0 is located at D000 and is unmapped. Physical page 1 is located at D400 and has handle 1, page 0 mapped into it. Physical page 2 is located at D800 and has handle 1, page I mapped into it. Physical page 3 is located at DC00 and has handle page 2 mapped into it. 129 5.7 Windowing Commands Commands: WR -- Toggle register window WC -- Toggle/set size of code window WD -- Toggle/set size of data window EC -- Enter/exit code window . -- Locate current instruction Three window types may be created with Soft-ICE: register, data, and code. Any of these windows can be toggled on or off at any time. The data and code windows can be of variable size; the register window is fixed in size. The windows always remain in a fixed order. Starting from the top of the screen, the order is register window, data window, then code window. 130 WR WR -- Toggle register window Syntax: WR Comments: The command makes the register window visible if not currently visible. If the register window is currently visible, WR removes the register window. The register window displays the 8086 register set and the processor flags. Default Function: F2 131 WC WC -- Toggle/set size of code window Syntax: WC [window-size] window-size -- a decimal number between one and 21. Comments: If window-size is not specified, this command toggles the code window. If it was not visible it is made visible, and if it was visible it is removed. If window-size is specified the code window is resized, or it was not visible it is made visible with the specified size. Note: If you wish to move the cursor to the code window use the EC command. See description of the EC command for more details. Example: WC 12 If no code window is present, then a code window 12 lines in length is created. If the code window is currently on the screen, it is resized to 12 lines. 132 WD WD -- Toggle/set size of data window Syntax: WD [window-size] window-size -- a decimal number between one and 21. Comments: If window-size is not specified, this command toggles the data window. If it was not visible it is made visible, and if it was visible it is removed. If window-size is specified the data window is resized, or it was not visible it is made visible with the specified size. Example: WD 1 If no data window is present then a data window of one line is created. If the data window is currently on the screen, it is resized to one line. 133 EC EC -- Enter/exit code window Syntax: EC Comments: The EC command toggles the cursor location between the code window and the command window. If the cursor was in the command window it is moved to the code window, and if the cursor was in the code window it is moved to the command window. When the cursor is in the code window several options become available that make debugging much easier. The options are: * Point-and-shoot break points Point-and-shoot break points are set with the BP command. If no parameters are specified with the BPX command an execution break point is set at the location of the cursor position in the code window. The cursor must be on a line that contains code (place the code window in mixed mode if you are unsure). The default function key assignment for BPX is F9. * Go to cursor line You can set a temporary break point at the cursor and go with the HERE command. The cursor must be on a line that contains code (place the code window in mixed mode if you are unsure). The default function key assignment for HERE is F7. 134 * Scrolling the code window The code window can be scrolled only while the cursor is in the code window. The scrolling keys (UP arrow, DOWN arrow, PageUp and PageDown) are redefined while the cursor is in code window. When the cursor is in the code window the scrolling keys do the following: up -- Scroll code window up one line down -- Scroll code window down one pageup -- Scroll code window up one window pageDn -- Scroll code window down one window Note: The code window must be visible for the EC command to work. Default Function Key: F6 135 . . -- Locate current instruction Syntax: . Comments: When the code window is visible, the . command makes the current source line or current instruction visible. 136 5.8 Debugger Customization Commands Commands: PAUSE -- Pause after each screen ALTKEY -- Set alternate key sequence to invoke Soft-ICE FKEY -- Show and edit function keys BASE -- Set/display current radix CTRL-P -- Toggle log session to printer Print-Screen -- Print contents of screen PRN -- Set printer output port 137 PAUSE PAUSE -- Pause after each screen Syntax: PAUSE [ON | OFF] Comments: PAUSE controls screen pause at the end of each page. If PAUSE is ON, you are prompted to press any key before information is scrolled off the window. The prompt is displayed in the status line at the bottom of the window. If no parameter is specified, the current state of PAUSE is displayed. The default is PAUSE mode ON. Example: PAUSE ON This command specifies that subsequent window display commands will cause the screen to wait for you to press a key before scrolling new information off the window. 138 ALTKEY ALTKEY -- Set alternate key sequence to invoke Soft-ICE Syntax: ALTKEY [ALTletter] | [CTRLletter] | [SYSREQ] letter - Any letter (A - Z) Comments: The ALTKEY command allows the key sequence for popping up Soft-ICE to be changed. The key sequence be changed to CTRL + letter, ALT + letter, or the SysRq key. Occasionally you may be using a program that conflicts with the CTRL D key sequence that brings up the Soft-ICE window. One way to circumvent this possible problem is to use the ALTKEY command to change the key sequence. Another way is to add the SHIFT key to the current sequence. Soft-ICE does not respond to this key sequence and allows it to go through to your program. For example if a resident program you are using is brought up with the CTRL D key sequence, try using the key sequence CTRL SHIFT D to bring up your resident program. On some keyboards, you must press ALT and the prtsc key simultaneously to generate a system request. Care must be taken so the screen is not printed accidentally. If no parameter is specified, the current key sequence state is displayed. The default key sequence is CTRL D. 139 Example: ALTKEY ALT Z This command specifies that the key sequence ALT Z will now be used to pop up the Soft-ICE window. 140 FKEY FKEY -- Show and edit function keys Syntax: FKEY [function-key-name string] function-key-name -- F1, F2... F12 string -- The string consists of any valid Soft-ICE commands and the special character ^ (caret) and ; (semicolon). A ^ is placed in the string to make a command invisible. A ; is placed in the string to denote a carriage return. Comments: The FKEY command is used from the command line to assign a function key to a command string. Function key can be assigned to any command string that can be typed into Soft-ICE. If no parameters are specified, then the current function key assignments are displayed. To unassign a specified function key, use the FKEY command with these parameters: a function-key-name followed by a null string. The function keys can also be pre-initialized in the definition file S- ICE.DAT. For more information on function key definitions in the definition file, refer to section 6.4. Using carriage return symbols in a function key assignment string allows you to assign a function key a series of commands. A carriage return is represented by a ; (semicolon). 141 If you put ^ (shift 6) in front of a function key definition, the subsequent command will be invisible. The command will function as normal, but all information displayed in the command window (including error messages) is suppressed. The invisible mode is useful when a command changes information in a window (code, register or data) but you do not want to clutter the command window, When a function key is made invisible with ^, the function key can be used in the middle of typing in other command without affecting their operation. For example, if you are using the default assignment for F2, you can toggle the register window with F2 even if you are partially through typing in your next command. Note : Soft-ICE now has a definition file named S-ICE.DAT. You can place function key assignments in this file so that function keys will be automatically assigned when Soft-ICE is loaded. The syntax for assigning a function key in the configuration file is: function-key-name = "string" When assigning function keys to a command string in S-ICE.DAT, the string must be enclosed in double quotes. Command line examples: FKEY F2 ^WR; This example will assign the toggle register window command to the F2 key. The ^ makes the function invisible, and the ; ends the function with a carriage return. The F2 key will toggle the register window on or off, and can even be evoked while typing in another command. 142 FKEY F1 "G CS:120; R; G CS:" This example shows that multiple commands can be assigned to a single function key and that partial commands can be assigned for the user to complete. After this command is entered, pressing the F1 key will cause the program to execute until location CS:120 is reached, display the registers, then start the G command for the user to complete. FKEY F1 WD 3;D DS:100; This example will assign a series of commands to the F1 key. The function is visible, and ends with a carriage return. The F1 key will make the data window three lines long and dump data starting at DS:100. S-ICE.DAT example: F1 = "WR;WD 2;WC 10;" If this line is placed in S-ICE.DAT, when Soft-ICE is loaded it will assign the string to the F1 key. When F1 is pressed while in Soft-ICE, it will toggle the register window, create a data window of length 2 and a code window of length 10. For more information about assigning function key definitions in S-ICE.DAT, refer to chapter 6. 143 BASE BASE -- Set/display current radix Syntax: BASE [10 | 16] Comments: The BASE command sets the current radix to base 10 or base 16. Base 10 is of limited use in the narrow window because of window width limitations. It also limits the amount of information displayed in some commands in the wide mode. When the current radix is base 10, all numbers and addresses typed into and displayed by Soft-ICE are in decimal, When the current radix is base 16, all numbers and addresses typed into Soft-ICE are in hexadecimal except: * source line numbers * screen coordinates and sizes in the WIN command These exceptions are always typed in and displayed as decimal numbers. The default radix is base 16. Example: BASE 16 This example sets the current radix to base 16. 144 CTRL-P CTRL-P --- Toggle log session to printer Syntax: CTRL-P Comments: When the CTRL key followed by the P key is pressed, all subsequent information displayed in the command window is also sent to the printer. To turn the log to printer mode off, type CTRL followed by P again. When you are sending a lot of information to the printer using CTRL-P, you may want to turn the PAUSE command OFF to allow information to scroll off the window without pressing a key. 145 Print-Screen Print-Screen - Print contents of screen Syntax: Print-Screen Comments: Depressing the print-screen key does a screen dump to printer. All information from the screen is sent the printer. If you wish to print the memory map or help information is usually much faster to use CTRL-P than Print-Screen. This is because Print-Screen prints every character on the screen including borders. 146 PRN PRN --- Set printer output port Syntax: PRN [LPTx | COMx] x -- a decimal number between 1 and 4. Comments: The PRN command allows you to send output from the CTRL-P and Print-Screen commands to a different printer port. If no parameters are supplied, PRN displays the currently assigned printer port. Example: PRN COM 1 This command causes the CTRL-P and Print-Screen command output to go to the COM 1 port. 147 5.9 Screen Control Commands Commands: FLASH -- Restore screen during P and T FLICK -- Screen flicker reduction WATCHV -- Set watch video mode RS -- Restore program screen CLS -- Clear window ALTSCR -- Change to alternate screen WIN -- Change size of Soft-ICE window 148 FLASH FLASH -- Restore screen during P and T Syntax: FLASH [ON | OFF] Comments: The FLASH command lets you specify whether the screen will be restored during any Trace and Program step commands. If you specify that the screen is to be restored it is restored for the brief time period that the P or T command is executing. This feature is needed to debug sections of code that access video memory. If the P command executes across a call or an interrupt, the screen will always be restored, because the routine being called may write to the screen. If no parameter is specified, the current state of FLASH is displayed. The default is FLASH mode OFF. Example: FLASH ON This command turns on FLASH mode. The screen will be restored during any subsequent P or T commands. 149 FLICK FLICK -- Screen flicker reduction Syntax: FLICK [ON | OFF] Comments: Certain types of video cards require waiting for horizontal or vertical retrace before outputting characters. If the video writes are made arbitrarily, flickering will appear while displaying characters. If flickering occurs on your screen while using the Soft-ICE window, you should turn FLICK on. With some EGA cards, colors will not be restored properly when you exit from Soft-ICE. This is a problem with virtualizing EGA video. The port 3DA is a video port used for two purposes. The first is old CGA software polling 3DA for hsync and vsync. This allows them to have flicker free output on some old CGA controller cards. The second is that it is used to reset a palette latch on EGA cards. Soft-ICE has an algorithm to avoid having to constantly watch this port, which would slow down old programs that think they are on a CGA. However, there can occasional be circumstances where this algorithm does not work. If you are using Soft- ICE on an EGA screen and you notice that the colors are not restored correctly, then turn FLICK ON and Soft-ICE will watch the 3DA port, fixing the problem. When FLICK mode is ON, screen update will be slower. If no parameter is specified, the current state of FLICK is displayed. The default is FLICK mode OFF. 150 Example: FLICK ON This command turns on FLICK mode. This causes Soft-ICE to wait for the horizontal or vertical retrace before outputting characters. 151 WATCHV WATCHV -- Set watch video mode Syntax: WATCHV [ON | OFF] Comments: The WATCHV command allows you to specify how Soft-ICE should watch the video ports. Normally, Soft-ICE only watches video ports after an INT 10 instruction has been executed that switches to a non-character video mode. Some programs do not use INT 10 to switch modes. In these cases, if WATCHV is OFF, Soft-ICE may have trouble saving and restoring the screen properly. Turning WATCHV ON will cause Soft-ICE to watch the video ports all the time. Turn WATCHV ON if you notice that Soft-ICE is not handling your screen properly, or if the cursor is not being restored properly. Turning WATCHV ON may have a performance impact in certain video modes. If no parameter is specified, the current state of WATCHV is displayed. The default is WATCHV mode OFF. Example: WATCHV ON This command turns on WATCHV mode. This causes Soft-ICE to watch additional video ports for the purpose of virtualization. 152 RS RS -- Restore program screen Syntax: RS Comments: The RS command allows you to restore the program screen temporarily. The Soft-ICE window disappears until any key is pressed. This feature is useful when debugging graphic programs that update the screen frequently. When Soft-ICE is brought up, it returns to text mode. Using the RS command temporarily restores the graphics screen. Example: RS 153 CLS CLS -- Clear window Syntax: CLS Comments: The CLS command clears the Soft-ICE window and moves the prompt and the cursor to the upper left-hand corner the window. Example: CLS 154 ALTSCR ALTSCR -- Change to alternate screen Syntax: ALTSCR [ON | OFF] Comments: The ALTSCR command allows you to redirect the Soft-ICE output from your default screen to the alternate screen. This feature is useful, for instance, when you want to debug a graphics program without having to switch between the Soft-ICE window and the graphics display. ALTSCR requires the system to have two monitors attached. The alternate monitor should be in a character mode, which is the default mode for monitors. The default is ALTSCR mode OFF. Example: ALTSCR ON This command redirects screen output to the alternate monitor. 155 WIN WIN -- Change size of Soft-ICE window Syntax: WIN [N | W] [start-row length [start-column]] N -- When N is specified, the window will be set to the narrow width: 46 characters. W -- When W is specified, the window will be set to full screen width. start-row -- Number from 0 to 17 specifying row where window display starts. length -- Number from 8 to 25 specifying how many lines tall you want the window to be. start-column-- Column position of the left side of narrow window. The start-row and start-column specify the upper left hand corner of the narrow window. The start-column is ignored if applied to the wide window. Comments: The WIN command allows you to modify the width and height of the Soft-ICE display window. If no parameters are specified, this command toggles the window between wide and narrow screen display modes. If the WIN command is specified with only the N or the W parameter, the window size will be changed to the requested width at the current height. 156 If the number of lines plus the starting row number is larger than 25, the window length goes to the bottom of the screen. The default is WIN mode narrow. Examples: WIN N 4 9 30 This command causes the window display to start at row 4 and column 30, and to be 9 rows tall and 46 characters wide. WIN This command toggles the window display width from its current state (either wide or narrow) to the opposite state. WIN W 10 8 This command causes the window display to start at row 10, and to be 8 rows tall and go the width of the screen. 157 5.10 Symbol and Source Line Commands Commands: SYM -- Display/set symbol SYMLOC -- Relocate symbol base SRC -- Toggle between source, mixed and code FILE -- Change/display current source SS -- Search current source file for string 158 SYM SYM -- Display/set symbol Syntax: SYM [symbol-name [value]] symbol-name -- A valid symbol name. The symbol name can end with an * (asterisk). This allows searching if only the first part of the symbol name is known. The , (comma) character can be used as a wild card character in place of character in the symbol-name. value -- This is a word value that is used if you want to set a symbol to a specific value. Comments: The SYM command allows displaying and setting of symbols. If SYM is entered with no parameters all symbols are displayed. The value of each symbol is displayed next to the symbol name. If a symbol name is specified with no value then the symbol name and value are displayed. If the symbol name was not found then nothing is displayed. The SYM command is often useful for finding a symbol name when you can only remember a portion of the name Two wild card methods are available for locating symbols. If symbol-name ends with an *, then all symbols that match the actual characters typed prior to the * will be displayed regardless of their ending characters. If a , is used in place of a specific character in symbol-name, that character is a wild card character. If value is specified, all symbols that match symbol-name are set to the value. All symbols have word values. 159 Examples: SYM FOO* All symbols that start with FOO are displayed. SYM FOO* 6000 All symbols that start with FOO are given the value 6000. 160 SYMLOC SYMLOC -- Relocate symbol base Syntax: SYMLOC segment-address Comments: The SYMLOC command relocates the segment components of all symbols relative to the specified segment address. This function is necessary when debugging loadable device drivers or other programs that can not be loaded directly with LDR.EXE. When relocating for a loadable device driver, use the value of the base address of the driver as found in the MAP command. When relocating for an .EXE program, the value is 10H greater than that found as the base in the MAP command. When relocating for a .COM program, use the base segment address that is found in the MAP command. The MAP command will display at least two entries for each program. The first is typically the environment and the second is typically the program. The base address of the program is the relocation value. Example: SYMLOC 1244 + 10 This will relocate all segments in the symbol table relative to 1244. The + 10 is used to relocate a TSR that was originally a .EXE file. If it is a .COM file the + 10 is not necessary. 161 SRC SRC -- Toggle between source, mixed and code Syntax: SRC [?] Comments: The SRC command toggles between source mode, mixed mode and code mode in the code window. If SRC ? is entered, the current state is displayed. Example: SRC This command changes the current mode of the code window. If the mode was source, it becomes mixed. the mode was mixed, it becomes code. If the mode was code, it becomes source. Default-Function Key: F3 162 FILE FILE -- Change/display current source file Syntax: FILE {file-name] Comments: If a file-name is specified, that file becomes the current file and the start of the file is displayed in the code window. If no name is specified, the name of the current source file (if any) is displayed. The FILE command is often useful when setting a break point on a line that has no associated public symbol. Use file to bring the desired file into the code window, use the SS command to locate the specific line, move the cursor the specific line, then type BPX to set the break point. Note: Only source files that have been loaded into extended memory with LDR.EXE are available with the FILE command. Example: FILE MAIN.C If MAIN.C had been loaded with LDR.EXE, this command brings it up in the code window starting with line 1. 163 SS SS -- Search current source file for string Syntax: SS [line-number] [' string'] line-number -- a decimal number string -- a character string surrounded by quotes The quotes can be either single quotes or double quotes. Comments: The SS command searches the current source file for the specified character string. If there is a match, the line that the string was located in will be displayed as the top line in the code window. The search starts at the specified line number. If no line number is specified the search starts at the top line displayed in the code window. If no parameters are specified, the search continues for the previously specified string. Note: The code window must be visible and in source mode before using the SS command. Example: SS 1 'if (i = = 3)' The current source file is searched starting at line 1 for the string 'if (i = = 3)'. The line containing the next occurrence of the string becomes the top line displayed in the code window. 164 SECTION III - Support Features CHAPTER 6 Soft-ICE Initialization Options 6.1 Introduction 6.2 Loading from the DOS Prompt 6.3 Loading Soft-ICE as a Loadable Device Driver 6.3.1 Soft-ICE Loading Switches 6.4 The Soft-ICE Initialization File S-ICE.DAT 6.4.1 Configuration Options 6.4.2 Function Key Assignments 6.4.3 Initialization Command Sequence 165 6.1 Introduction The Soft-ICE program file (S-ICE.EXE) can be loaded as a loadable device driver in CONFIG.SYS or as a program from the DOS command line. To get the full power of Soft-ICE, it must be initially loaded as a device driver in CONFIG.SYS. However, there may be circumstances when you might want to run Soft-ICE from the DOS prompt or a batch file, such as: * You do not have extended memory in your system Soft-ICE can only load as a loadable device driver if you have extended memory. * You want to take up ZERO bytes of conventional memory. When loaded as a device driver, Soft-ICE occupies approximately 2K of conventional memory. * You only need to use Soft-ICE occasionally and there are no other programs using extended memory. In some cases you may need some of the features that require Soft-ICE to be loaded in CONFIG.SYS but do not want Soft-ICE to be resident all of the time. In this case Soft-ICE can be loaded in CONFIG.SYS to reserve extended memory, and then disabled, by using the /UN switch, until Soft- ICE is required. See section 6.3.1 for more information about the /UN switch. 6.2 Loading Soft-ICE from the DOS Prompt You can NOT enable all of Soft-ICE's features when loading from the DOS prompt. If you will be using Soft-ICE as a stand-alone debugger, it is recommended you load Soft-ICE in the CONFIG.SYS file. 166 To load Soft-ICE from the DOS prompt type: S-ICE In systems with no extended memory present, Soft-ICE loads itself at the highest memory location possible. The memory used by Soft-ICE is then 'mapped out', making it invisible to DOS programs. Since the total memory visible to DOS and its programs is less after Soft-ICE loads, it is recommended that you load Soft-ICE before any TSR's control programs. In systems with extended memory, you should only load Soft-ICE from the DOS prompt if you are not using extended memory for anything else (e.g., VDISK, CACHE, HIMEM...). When you initially load Soft-ICE from the command line or from a batch file, Soft-ICE will prompt you with a warning message. This warning message is just to remind you that Soft-ICE will overwrite the highest portion of extended memory when it loads. You can suppress this warning prompt with the EXTENDED option in the Soft-ICE configuration file S-ICE.DAT. For more information about the EXTENDED option, see section 6.4.1. 6.3 Loading Soft-ICE as a Loadable Device Driver In order to use all of the Soft-ICE features, you must first load Soft-ICE as a loadable device driver in your CONFIG.SYS file. The features this makes possible are: * Coexisting with other software that uses extended memory. Loading as a device driver allows Soft-ICE to manage extended memory so you can run Soft-ICE with programs that use extended memory, such VDISK, CACHE and HIMEM. 167 * Symbolic and source level debugging Loading as a device driver allows Soft-ICE to allocate an extended memory buffer for symbols and source information. * Back trace ranges and the SNAP command Loading as a device driver allows Soft-ICE to allocate an extended memory buffer for a back trace buffer. This buffer is also used for the Soft-ICE SNAP command. * Enabling Soft-ICE's EMM 4.0 capability * Running Soft-ICE with MagicCV or MagicCVW Note : When loaded as a device driver in CONFIG.SYS, Soft-ICE allocates the highest portion of extended memory for itself and its associated components, so there can be no memory conflicts. S-ICE.EXE must be loaded in CONFIG.SYS before any other driver that allocates extended memory loaded (e.g., VDISK.SYS, RAMDRIVE.SYS). Generally Soft-ICE works best if it is the first loadable device driver installed in CONFIG.SYS. 6.3.1 Soft-ICE Loading Switches One or more loading switches can follow S-ICE.EXE in CONFIG.SYS. These switches allow you to customize the way extended memory will be reserved by Soft-ICE. The switches all must begin with a / character. The loading switches are: * /EXT XXXX -- Informs S-ICE.EXE to reserve XXXX Kilobytes of extended memory for other DOS programs that use extended memory (e.g., VDISK, CACHE, HIMEM,...). If the /EXT 168 switch is not present, then any extended memory not used by Soft-ICE and its associated components will be left as standard extended memory, but the amount can not be guaranteed. The /EXT switch is useful because it is sometimes difficult to determine exactly how much memory being used by Soft-ICE and its associated components. Using the /EXT switch will guarantee a specified amount is available for other programs that use extended memory. * /SYM XXXX -- Informs S-ICE.EXE to reserve XXXX Kilobytes of extended memory for symbols and source usage. If XXXX is not specified, then all remaining extended memory is used for symbols. Enough memory must be allocated for your .SYM file and all source files. For more information about using symbols and source, see chapter 7. * /TRA XXXX -- Informs S-ICE.EXE to reserve XXXX Kilobytes of extended memory for a back trace history buffer. This buffer is used for back trace ranges and for the SNAP command. If XXXX is not specified, then 10K of extended memory is automatically reserved for the buffer. If you do not want any memory reserved for a back trace buffer, use /TRA 0. For more information about using back trace ranges, see chapter 9. * /MCV XXX -- Informs S-ICE.EXE to reserve XXX Kilobytes of extended memory for MagicCV or MagicCVW. The minimum amount of extended memory you can specify is 280K and the maximum is 620K. If XXX is not specified, S-ICE.EXE will reserve the remaining memory, between 280K and 620K. See chapter 10 for more information about running Soft-ICE with MagicCV or MagicCVW. */EMM XXXX -- Informs S-ICE.EXE to turn XXXX Kilobytes of extended memory into EMM 169 4.0 conforming expanded memory. If XXXX is specified, then all remaining memory is used as expanded. See chapter 8 for more information about expanded memory support. * /UN -- Informs S-ICE.EXE to enter protected mode, reserve any needed extended memory, then exit protected mode and unload itself. This switch should be used when you are loading S-ICE.EXE as a loadable device driver, but you don't want your system to remain in protected mode. This switch will reserve memory for Soft-ICE, and you must execute S-ICE.EXE from the DOS prompt when you are ready to use Soft-ICE. Soft-ICE reserves extended memory in the following order, regardless of the order the switches are specified: Reserve approximately 120K for S-ICE.EXE. Reserve memory for the /EXT switch if present. Reserve memory for the /SYM switch if present. Reserve memory for the /TRA switch if present. if it is not present, default to reserve 10K for the back trace buffer. Reserve memory for the /MCV switch if present. Reserve memory for the /EMM switch if present. If available memory runs out while trying to reserve memory for a switch in the above sequence, then S-ICE.EXE does the following: 1. The remaining extended memory is allocated to switch being processed when memory runs out. 2. No memory will be reserved for the remaining switches. 170 Note: If the /MCV or /EMM switch is present, a additional 64K of extended memory is reserved for a DMA holding buffer. The switches can be placed in any order following DEVICE = S-ICE.EXE. example is: DEVICE = S-ICE.EXE /TRA50 /EMM 500 /SYM 2048 If four megabytes of extended memory are available, this example will reserve approximately 120K for Soft-ICE, 2 megabytes for symbols, 50K for a back trace history buffer, 500K for expanded memory and leave approximately 1.3 megabytes for other extended memory programs. Note that Soft-ICE will load into the highest portion of extended memory, leaving the remaining memory starting at 100000H (one megabyte mark). 6.4 The Soft-ICE Initialization File S-ICE.DAT Soft-ICE has several load options. These options are specified by placing special commands in an initialization file named S-ICE.DAT. S-ICE.DAT is an ASCII text file that Soft-ICE parses at load time. This file can contain function key assignment an auto-start string and various configuration options. The file can be created and edited with any DOS text editor. When loading Soft-ICE from the command line, S-ICE.DAT must be placed in the current directory or in a directory that is accessible through your current PATH. When Soft-ICE is loaded as a device driver in CONFIG.SYS, S-ICE.DAT must be in the same directory where S-ICE.EXE is located. 171 There are three categories of commands that can be included in the S- ICE.DAT initialization file: * Special configuration options * Function key assignments * Initialization command sequence 6.4.1 Special Configuration Options Any of the following configuration options that are needed should each be placed on a separate line in the S-ICE.DAT file. * COMPAQ -- Compaq 386 and 386SX computer and some Compaq compatible computers (including computers containing Micronix motherboards) have 384K of non-contiguous extended memory. The COMPAQ option is necessary if you want Soft-ICE to use this memory. Note that the COMPAQ option is the same as the /C command line parameter in Soft-ICE 1.X. * NOLEDS -- The NOLEDS option tells Soft-ICE not to set and clear the keyboard LEDs while the Soft-ICE window is up. On some keyboards the are timing problems that will cause Soft-ICE to lose synchronization with the keyboard. If Soft-ICE hangs when you are in the Soft-ICE window use this option. Note that the NOLEDS option is the same as the /L command line parameter in Soft-ICE 1.X. * NOTVGA -- The NOTVGA option allows Soft-ICE to run on BIOS compatible VGA cards. Many VGA cards are not compatible with IBM VGA at the hardware level. These cards support VGA at the BIOS level only. Use this switch if you have one of those video adapters. Note that the 172 NOTVGA option is the same as the /V command line parameter in Soft-ICE 1.X. * EXTENDED -- The EXTENDED option causes Soft-ICE to load directly into extended memory without prompting the user with a warning message. It should be used if you are loading Soft-ICE initially from the DOS prompt and do want to be prompted, and you know nothing else using extended memory. Note that the EXTENDED option is the same as the /E command line parameter in Soft-ICE 1.X. 6.4.2 Function Key Assignments One or more Soft-ICE commands can be assigned to any function key at load time. See the description of the FKEY command in section 5.8 (Debugger Customization Commands) for a description of assigning function keys from the Soft-ICE command line. The syntax for assigning a function key name in S-ICE.DAT is : function-key-name = "string" function-key-name -- F1, F2... F12. string -- The string may consist of any valid Soft-ICE commands and the special characters ^ and ;. A ^ is placed in the string to make a command invisible. A ; is placed in the string denote a carriage return. The string must be enclosed in double quotes. An example function key assignment in S-ICE.DAT is: F12 = "D 100;" 173 This will assign the Soft-ICE dump command to function key 12. When F12 is pressed Soft-ICE will dump at offset 100H in the current data segment. The semi-colon following the 100 represents the ENTER key. 6.4.3 Initialization Command Sequence A sequence of commands can be automatically executed when Soft-ICE loads. This is useful for customizing Soft-ICE to meet your needs. For example, you might set up windows and change the default hot key sequence. The syntax for setting up an initialization command sequence in S-ICE.DAT is: INIT = "assignment-string" assignment string -- The string consists of any valid Soft-ICE commands and the special characters ^ and ;. A ^ is placed in the string to make a command invisible. A; is placed in the string denote a carriage return. The string must be enclosed in double quotes. An example initialization command sequence in S-ICE.DAT is: INIT = "WIN; WR; WD 1; WC 12; ALTKEY CTRL X;" This example will put the Soft-ICE window in full screen mode, create a register window, create a data window one line long, create a code window 12 lines long, and change the hot key sequence to CTRL X. Sample S-ICE.DAT A sample S-ICE.DAT initialization file is included on the distribution diskette. This sample assigns the function keys 174 so they are used in a similar manner as the function keys in Microsoft's CodeView debugger. This sample S-ICE.DAT should also be used as is for the tutorial in chapter 3. 175 Page 176 is blank 176 CHAPTER 7 Symbolic and Source Level Debugging 7.1 Introduction 7.2 Preparing for Symbolic or Source Debugging 7.2.1 Preparing for Symbolic Debugging Only 7.2.2 Preparing for Symbolic and Source Level Debugging 7.3 Reserving Memory for Symbols and Source File 7.4 Loading Programs and Symbol Files 7.5 Debugging With Symbols 7.6 Debugging With Source 177 7.1 Introduction Soft-ICE can load programs, symbol tables and source files for enhanced debugging. Symbolic debugging allows you to set break points and reference variables with symbol names rather than specifying numeric addresses. Source level debugging allows you to step through your program at the source code level rather than assembly code level. Symbol and source line number information is extracted from the link map file. The link map must be compatible with Microsoft's linker version 3.60 or greater. Symbols and source files reside in extended memory. You must have sufficient extended memory for the symbols and source files. Source files are not paged from the disk as in many debuggers. This allows Soft-ICE to provide complete system debugging in source level, You can debug T&SR's interrupt routines and other systems level code at the source level. Note: You cannot use symbolic or source level debugging unless Soft-ICE has been loaded as a device driver in CONFIG.SYS. 7.2 Preparing for Symbolic or Source Debugging Before debugging a program with symbols or source you must create a symbol file. This is a binary file that contains symbol and line number information in a format that Soft-ICE can understand. This file is created with the utility MSYM.EXE. MSYM.EXE reads in your link map to create a symbol file with the extension (.SYM). 178 7.2.1 Preparing for Symbolic Debugging Only To prepare a program for symbolic debugging only, you must do the following steps: 1. Compile or assemble your program. 2. Link your program with the proper switches to create a .MAP file that contains a list of public symbols. If you are using Microsoft's linker, the /MA switch is the proper switch to use. This .MAP file must be identical to the .MAP file produced by Microsoft's linker, version 3.60 or greater. 3. Create a.SYM file by running MSYM.EXE. The syntax for using MSYM.EXE is: MSYM program-name [.extension] If the extension is not supplied MSYM assumes the extension is.MAP. MSYM reads in a map file as in and writes out a symbol file as output. The symbol has the name program-name.SYM. Note: Before compiling or assembling your program you may want to make some additional symbols public. Only public symbols are supported with Soft-ICE symbolic debugging. The way to make a variable or a label public varies, depending upon which language you are using. In 8086 assembly language, simply use the PUBLIC directive followed by the locally defined symbols you wish to make public. For example: PUBLIC FOO, LOOP1, STATUS In C language, all procedure names and static variables are defined outside a block are public. 179 For other languages, refer to your language manual for details. 7.2.2 Preparing for Symbolic and Source Level Debugging To prepare a program for both symbolic and source debugging, you must do the following steps: 1. Compile or assemble each module that you wish debug at the source level with the appropriate switch to put line number information into the object files. With Microsoft languages you can use either the /Zi or the /Zd switches. You may not want to do this with all files, because the combined file sizes of the symbol file and all the source files compiled with these switches must fit into the amount of extended memory you have reserved with the /SYM loading switch in CONFIG.SYS. 2. Link your program with the proper switches to create a.MAP file that contains source line numbers and a list of public symbols. If you are using Microsoft's linker, the /LI and /MA switches are the proper switches to use. This .MAP file must be identical to the.MAP file produced by Microsoft's linker, version 3.60 or greater. 3. Create a.SYM file by running MSYM.EXE. The syntax for using MSYM.EXE is: MSYM program-name [.extension] If the extension is not supplied MSYM assumes the extension is.MAP. MSYM reads in a map file as input and writes out a symbol file as output. The symbol file has the name program-name.SYM. 180 7.3 Reserving Memory for Symbols and Source Files Before loading programs, symbol files and source files you must reserve extended memory for them. Extended memory is reserved when you load Soft- ICE in CONFIG.SYS. Before reserving extended memory you may want to add up the file sizes of the .SYM file and all of the source files that you want to load. You must reserve at least this much extended memory. You must use the /SYM loading switch when loading S-ICE.EXE. A sample line in CONFIG.SYS for loading Soft-ICE and reserving space for symbols and source files is: DEVICE = S-ICE.EXE /SYM 1024 This example loads Soft-ICE into extended memory and reserves 1 megabyte of memory for symbols and source files. See section 6.3 (Loading Soft-ICE as a Loadable Device Driver) for more details on reserving memory. 7.4 Loading Programs and Symbol Files The Soft-ICE utility LDR.EXE is used for loading programs, symbol files and source files. For symbolically debugging application programs and T&SR programs you will typically use LDR.EXE to load the program, symbols and source files in one step. For debugging loadable device drivers, ROMs and other system components you will typically use LDR.EXE to load the symbol file and source files only. The syntax for LDR.EXE is: LDR program-name | program-name.SYM | program-name.extension 181 7.4.1 Loading Program, Symbols and Source To load your program, symbols and source files in one step, you must use LDR.EXE in the form: LDR program-name Notice that program-name does not have a file extension. If no file extension is supplied, then LDR.EXE will do the following: 1. Load program-name.SYM into extended memory 2. Load source files into extended memory. This step is done only if source records exist in the .SYM file. 3. Load program-name.EXE into memory at the location it would have loaded if it had been loaded directly from the DOS prompt. 4. Bring up Soft-ICE with the instruction pointer at first instruction of your program. If it is a C program and source is loaded for the file containing , _MAIN, then the source for that file will be visible in the code window. 7.4.2 Loading Only Symbols and Source Files If you wish to load only symbols and source files (for debugging a loadable device driver for example) you must use LDR.EXE in the form: LDR program-name.SYM Notice that the.SYM extension is specified. This will load the .SYM file and source files into extended memory. When symbols are loaded by this method your program or device driver symbols are assumed to be referenced from 0:0. Since this is rarely the case you will need to use the Soft-ICE command SYMLOC to locate the symbols. See 182 the description of the SYMLOC command in section 5.10 for a complete description. An example of loading a symbol file called DRIVER.SYM is: LDR DRIVER.SYM 7.4.3 Loading a Program With No Symbols or Source To load a program file without loading the associated symbol file you must use LDR.EXE in the form: LDR program-name.extension Notice that the file extension is present. Typically the file extension will be.EXE or.COM. When a file extension specified LDR.EXE will load the program and bring up Soft-ICE with the instruction pointer at the first instruction of the program. An example of loading a program with symbols and source is: LDR TEST.EXE Notes: LDR.EXE saves a copy of the interrupt vector table automatically when it loads your program. This is equivalent to doing a VECS S command. If you are going to exit your program before it runs to completion, you can do an EXIT R to exit the program and restore the interrupt vector table. Using LDR.EXE to load only the program-name.EXE is often useful for restarting your program while in the middle of a source level debugging session. To restart, the EXIT R command to abort the current session. Then use LDR.EXE to reload your.EXE file. The symbols: source do not have to be loaded since they remain in extended memory. 183 If LDR.EXE gives you the message "Out of space loading symbol information", this means that you did not reserve enough extended memory with the /SYM loading switch in CONFIG.SYS. If LDR.EXE does not find your source files on the same directory as the program you are loading, LDR.EXE will prompt you for the path names where it can find the source files. If you have source files on several directories or are loading a program frequently this becomes cumbersome. You can eliminate the need for prompting by using the DOS environment variable SRC. LDR.EXE uses this environment variable to find source files before prompting the user. The syntax for setting the environment variable from the DOS prompt is: SET SRC = directory;directory;...;directory Each of the specified directories will be searched before the user is prompted. Limitations: Soft-ICE supports symbols for only one program at a time. If you load a new .SYM file, the existing one is overwritten. Soft-ICE does not follow overlays or Microsoft Windows segment movement. Soft-ICE recognizes public symbols and line numbers only. It does not support local variables. 7.5 Debugging With Symbols After you have loaded your program and.SYM file you can begin debugging your program symbolically. In general a symbol can be used in any command in place of an address. 184 Symbols are also used by several Soft-ICE commands when addresses are displayed. For example, the U command displays symbol names of labels and procedures as it encounters them. There are two commands that are helpful when you are symbolically debugging: * SYM -- Use the SYM command to get a listing of symbol names and values, or to change the value a symbol. * SYMLOC -- Use the SYMLOC command to relocate the base of all of your symbols. You would need to use the SYMLOC command when: 1. Loading symbols for a loadable device driver 2. Loading symbols for a T&SR that has already been loaded 3. Your program moves itself to a location other than its original location. See section 5. 10 for a complete description of these commands. 7.6 Debugging With Source When source files are loaded, Soft-ICE allows you to view and step through your source code as you are debugging. Soft-ICE offers two different modes of source level debugging: mixed mode and source mode. Use the SRC command to switch between modes. Mixed mode shows source lines and the assembly language produced by those source lines intermixed on the display. Mixed mode is useful when you must debug at the assembly level, but use the source lines for reference. Mixed mode is allowed whether the code window visible or not. 185 Source mode strictly shows source lines on the display. Source level debugging requires the code window to be visible. 7.6.1 Using Line Numbers Line numbers can be used in place of addresses in several commands. To differentiate a line number from an actual address, place a . (period) in front of the number. For example, to set an execution break point at source line 45 type: BPX .450 7.6.2 Using Source Mode in the Code Window The code window must be visible to enter source mode. If not visible, use the WC command to make it visible. Once you are in source mode you can use Soft-ICE commands switch to a different source file, view source at any location in the file, scroll through the file, search for strings in the file, and set break points in the file. For a complete description of the following commands see their command descriptions in chapters 4 and 5. The following list is a brief overview of commands that are useful when debugging source code: * Make the code window visible (if it is not already) with the WC command. * Toggle between source, mixed, and code modes with the SRC command. To toggle modes enter: SRC 186 * Place a source file in the code window (if it is n@ already) with the FILE command. For example change from the current file to file MAIN.C enter: FILE MAIN.C * Display source at a specific location within the source file with the U command. To change the view to a specific line number or memory address use the U command. You can specify actual addresses or line numbers as a parameter to the command. For example, to view source in the code window starting at source line 450 enter: U .450 * Locate the current instruction in the code wind@ with the . (period) command. * Search for a specific character string with the S@ command. For example, to search for the string "Hello World" starting at line 100 in the current source file enter: SS 100 "Hello World" * Move the cursor to the code window (if it is not already) with the EC command. * Scroll the source with the keys up, down, PaqeUp, PageDn. * Set point-and-shoot break points with the BPX command. Simply place the cursor on the source line that you wish to break on, then enter: BPX 187 Page 188 is blank 188 CHAPTER 8 Expanded Memory Support 8.1 Introduction 8.2 Configuring the EMM Environment 8.2.1 Default EMM Pages 8.2.2 Customizing the EMM Page Map 8.2.2.1 Including and Excluding Areas from EMM 8.3 Other EMM Features 8.3.1 Increasing Conventional Memory 8.3.2 Automatic Page Frame Locating 8.4 EMM Debugging 189 8.1 Introduction Soft-ICE has an expanded memory manager built into its kernel. The Soft- ICE expanded memory manager supports the Lotus-Intel-Microsoft 4.0 specification. This Soft-ICE feature is useful if you are using programs that support the EMM specification, or if you must backfill your conventional memory to extend your conventional memory to 640K or more. Other 386 control programs that provide EMM capability (such as QEMM or 386-to-the-MAX) will not co-exist with Soft-ICE. If you are using those programs for EMM capability or backfilling, you can use the Soft-ICE EMM manager in their place. Enabling EMM capability in Soft-ICE involves the following steps: 1. Configure the expanded memory environment with the utility EMMSETUP.EXE. This utility modifies S-ICE.EXE with the desired EMM page map. 2. Add the /EMM switch to your S-ICE.EXE line CONFIG.SYS. This reserves a portion of extended memory for expanded memory. An example line in CONFIG.SYS that reserves memory for EMM is: DEVICE = S-ICE.EXE /EMM 2048 This will reserve 2 megabytes of extended memory for EMM use. See section 6.3 (Loading Soft-ICE as a Loadable Device Driver) for details of installing Soft-ICE in CONFIG.SYS. 3. Reboot your system. 190 8.2 Configuring The EMM Environment Before installing S-ICE.EXE with the /EMM switch in CONFIG.SYS file, you may have to run EMMSETUP.EXE to configure the EMM 4.0 environment. This configuration process allows you to select which portions of memory you would like to make available as EMM 4.0 pages. Running EMMSETUP.EXE is highly recommended if you are using programs that take full advantage of the EMM 4.0 specification. 8.2.1 Default EMM Pages By default, S-ICE.EXE with the /EMM switch is pre-configured to allow EMM 4.0 pages in the following areas: * The lower 640K (except for the 1st 64K) * 64K starting at DDH You may want to reconfigure for the following reasons: * You may have a device such as a network that i the D000H area of memory. * You may want to fill more holes above 640K with EMM pages. This will increase performance and usability of programs like Microsoft Windows. To get maximum performance from Microsoft Windows you should fill every available page with expanded memory. 8.2.2 Customizing the EMM Page Map To configure the EMM map you must use the utility EMMSETUP.EXE. EMMSETUP.EXE allows the page map to be altered, then modifies S-ICE.EXE with the changes. 191 EMMSETUP makes its best guess on automatically configuring the EMM map. EMMSETUP will try to fill much of the address space as possible with mappable pages while working around video cards and ROMS. If its guess is not good enough or not to your liking you can override it. Overriding may be necessary if you have a network, a special video adapter or a memory- mapped option adapter. To configure the EMM map enter: EMMSETUP EMMSETUP displays a matrix of 16K memory pages available in the lower 1 megabyte region. The matrix is divided into 16 columns each representing 64K (from 0 to 10000H). There are 4 rows representing the four 16K pages in each 64K region. Each block of the matrix can contain an E, X, R or V. Blocks that contain an E are available as EMM pages; blocks that contain an X are not. Blocks that contain an R are memory areas that have been identified by EMMSETUP as ROM areas. You can override these areas with an E if desired, however, this should only be done if the ROM is never accessed. Blocks that contain V are identified as video memory. We have made worst case assumptions on video memory. Your particular video card may not take up as much as we have 'guessed'. You can override the memory blocks that contain unnecessary V's if desired. If you are satisfied with EMMSETUP's guesses, press the F10 key and S- ICE.EXE will be modified with these parameters. You must reboot before any changes made to S-ICE.EXE will take effect. If you wish to override EMMSETUP's guesses, do so at this time. 192 8.2.2.1 Including and Excluding Areas from EMM To include an area as EMM 4.0 memory simply guide the cursor to the desired block, then type E. Conversely, to exclude an area from EMM 4.0 memory, guide the cursor to the block and type X. When you are satisfied with your changes, press F10 to exit the program. All changes are automatically stored in the S-ICE.EXE file. If you wish to exit without modifying S-ICE.EXE press ESC. You must reboot before any changes made to S-ICE.EXE will take effect. When including upper memory blocks keep in mind the following: * CGA occupies from B800H to C000H. * MDA occupies from B000H to B100H. * Most Hercules cards occupy from B000 to C000H. * EGA occupies from A000H to C000H and from C000H to C400H. * VGA (mother board) occupies from A000H to C000H. * VGA (option card) occupies from A000H to C000H and C000H to C800H. * PS/2 System ROM occupies from E000H to 10000H. * PS/2 ESDI ROM occupies from CC00H to D000H * Most AT Compatible Roms occupy from F000H to 10000H. * Compaq systems, Micronix motherboard systems, and most Chips and Technologies motherboard systems move the EGA/VGA ROM to E000H However they still occupy the C000H region as well. * Token Ring Networks usually occupy from CC00H to E000H. * Many Networks occupy memory regions in the D000H area. The above guidelines are for 'generic' devices, Many implementations by different computer vendors and 193 adapter card vendors will vary. 8.3 Other EMM Features S-ICE.EXE with the /EMM switch has two features that are automatically enabled depending on your system configuration. These features are backfilling and relocating the page frame. 8.3.1 Increasing Conventional Memory System memory will automatically be backfilled up to the first non- mappable page. This means it starts looking at contiguous E's at location 1000, and continues until it finds the first non-contiguous E. If the contiguous E's go beyond the amount of your system's base memory, memory will backfilled up to the first R, V, or X that is found. The benefit of backfilling is that you can increase the amount of usable system memory to greater than 640K. The backfilled memory is available within DOS. If you do not want memory backfilled, use EMMSETUP to make page non-mappable (X) at the point you wish system memory to end. Note: Monochrome-only systems (MDA) can backfill up to B000H to add an additional 64K to conventional memory CGA systems can be backfilled up to B800, adding an additional 96K to conventional memory. EGA and VGA systems can be backfilled only if no graphics programs will be run. You can backfill an EGA or a VGA system up to B800:0 if no graphics programs will be run. Warning: If memory is backfilled,DO NOT UNLOAD Soft-ICE. Doing so will cause your system to crash. 194 8.3.2 Automatic Page Frame Locating Most EMM-knowledgeable programs require a 64K page frame that is not used as normal DOS memory. This is normally located above the video device area. However in some systems there is no 64K contiguous region to place the page frame. In these instances S-ICE.EXE 'steals' top 4 mappable pages of lower memory. The net result that lower DOS memory shrinks by 64K. 8.4 EMM Debugging A range break point or a break point on memory that is in an EMM mappable area will stay at that address no matter which EMM page is mapped in. When debugging EMM programs, the EMMMAP command may also be very useful. See section 5.6 for more information. The D, E, S, F, and C commands can be used to view or modify any allocated EMM handle page. The page does not have to be currently mapped in. The syntax of these commands is similar to that of the commands when being used for non-EMM pages, except for the following: * In the D, E, S, and F commands, the address portion of the command must be specified in the following way: Hhandle# Ppage# offset where handle is a number specifying which EMM handle to use, page is a number specifying which EMM page to use, and offset is a number from 0 to 4000H, specifying the offset from the beginning the page. 195 Example: DB H1 P3 0 This command will dump bytes from page 3 of handle 1, starting at offset 0. * The C command must be specified in the following way: C Hhandle# Ppage# offset1 Llength offset2 where handle and page are the same as above. offset1 is a number from 0 to 4000H, specifying the offset from the beginning of the page, where the first data block to be compared is located. offset2 is a number from 0 to 4000H, specifying the offset from the beginning of the page, where the second data block to be compared is located. Example: C H2 P4 00 L10 1000 This command will compare the first 10 bytes of memory located at offset 0 of page 4 of handle 2 with the first 10 bytes of memory located at offset 1000 of page 4 of handle 2. Note: Subsequent uses of the D, E, S, F, and C commands will continue to use the handle and page last specified. To get back to conventional memory, use one of the above commands with a segment specified in the address field, for example: D 0:0 196 CHAPTER 9 Back Trace Ranges 9.1 Introduction 9.2 Using Back Trace Ranges 9.3 Special Notes 197 9.1 Introduction Soft-ICE can collect instruction information in a back trace history buffer as your program executes. These instructions can then be displayed after a bug has occurred. This allows you to go back and retrace a program's action to determine the actual flow of instructions preceding a break point. Instruction information is collected on accesses within a specified address range, rather than system wide. The ranges can be from 1 byte to 1 megabyte, so if desired, complete system information can be obtained. Using specific ranges rather than collecting all instructions is useful for two reasons: 1. The back trace history buffer is not cluttered by extraneous information that you are not interested in. For example, you may not be interested in interrupt activity and execution within MSDOS. 2. Back trace ranges degrade system performance while they are active. By limiting the range to an area that you are interested in, you can improve system performance greatly. Soft-ICE has two methods of utilizing the instructions in the back trace history buffer: 1. The SHOW command allows you to display instructions from the back trace history buffer. You must specify how many instructions you wish to go back in the buffer. 2. The TRACE command allows you to go back and replay instructions from the back trace history buffer, This way you can see the instruction flow within the context of the surrounding program code or source code. 198 9.2 Using Back Trace Ranges To use back trace ranges you must do the following: 1. Allocate a back trace history buffer of the desired size by inserting the /TRA switch on the S-ICE.EXE line in CONFIG.SYS. For example, to create a back trace buffer of 100K you might have the following line in your CONFIG.SYS file: DEVICE = S-ICE.EXE 100 A back trace history buffer of 10K is allocated by default. If this is suitable for your needs you do not have to allocate a larger buffer. The history buffer size is only limited by the amount of extended memory available. 2. Enable back trace ranges by creating a memory range break point with the T or TW verb. For example: BPR 1000:0 2000:0 T The T and TW verbs do not cause break points instead they log instruction information that can be displayed later with the SHOW or TRACE commands. 3. Set any other break points if desired. 4. Exit from Soft-ICE with the X command. 5. After a break point has occurred, or you have popped Soft-ICE up with the hot key, you can display instructions in the buffer with the SHOW command. For example, to go back 50 instructions in the buffer and display instructions type: SHOW 50 199 6. To replay a series of instructions you must first enter trace simulation mode with the TRACE command. To begin replaying the sequence of instructions starting back 50 in the buffer type: TRACE 50 7. After you have entered trace simulation mode, you can trace through the sequence of instructions by using the XT, XP, or XG commands. This allows you to re-enact the program flow. For example, you can single step through the sequence of instructions in the buffer, starting at the instruction specified by the TRACE command, by typing: XT XT . . . XT The XT command single steps through the back trace history buffer. The XP command program steps through the back trace history buffer. The XG command goes to an address in the back trace history buffer. 8. To exit from trace simulation mode type: TRACE OFF 9. To reset the back trace history buffer, use the X command. 9.3 Special Notes While in trace simulation mode, most Soft-ICE commands work as normal, including displaying the memory map, and displaying and editing data. The exceptions are: 1. Register information is not logged in the back trace history buffer, so the register values do not change as you trace through the buffer, except for CS and IP. 2. Commands that normally exit from Soft-ICE do not work while in trace simulation mode. These are X, T, P, G, EXIT. As you peruse instructions from the back trace history buffer with the SHOW and TRACE commands, you may notice peculiarities in instruction execution. These are caused by jumps in and out of the specified range. These usually occur at jumps, calls, returns and entry points. When you have a hang problem or other difficult bug that requires back trace ranges, you must often use very large ranges in order to narrow the scope of the problem. Once you have a better idea of the specific problem area, you go to smaller ranges. Large back trace ranges are often very slow. When using large ranges you are usually trying to get a general idea where the problem is. Soft-ICE has a special 'COARSE' mode for doing large ranges. This speeds up the ranges a factor of three or more, but limits the amount of instructions in the history buffer. Coarse mode only collects instructions that do a memory write within the specified range. As you are replaying instructions with trace simulation mode after a 'coarse' range you will notice that the flow skips around rather than sequentially executing instructions. 201 Coarse ranges work best for large ranges and tend to be less effective for small ranges. To enable a 'coarse' back trace range, use the BPR command with the TW verb instead of the T verb. For example: BPR 1000:0 2000:0 TW For further information on back trace ranges see the command descriptions for: SHOW, TRACE, XT, XP, XG, XRSET, BPR 202 CHAPTER 10 Using Soft-ICE with MagicCV or MagicCVW 10.1 Introduction 10.2 Running Soft-ICE with MagicCV or MagicCVW 10.3 Special Considerations 10.4 The Soft-ICE ACTION Command 203 10.1 Introduction MagicCV allows you to run Microsoft's CodeView in less than 8K of conventional memory on your 80386 machine. MagicCVW allows you to run Microsoft's CodeView for Windows in less than 8K of conventional memory on your 80386 machine. Using Soft-ICE in combination with MagicCV or MagicCVW allows you to have the power of Soft-ICE while still having the convenience of using the CodeView product that you are familiar with. In the rest of this chapter, statements about MCV will apply to both MagicCV and MagicCVW, and statements about CV will apply to both CodeView and CodeView for Windows. 10.2 Running Soft-ICE with MagicCV or MagicCVW To use Soft-ICE 2.0 and MCV together, you must install S-ICE.EXE as a loadable device driver. S-ICE.EXE comes on the Soft-ICE diskette. S- ICE.EXE replaces NUMEGA.SYS in CONFIG.SYS. Use the /MCV, /EMM, and the /EXT switches as if using MagicCV or MagicCVW alone. There are additional switches that you may want to use for Soft-ICE. Refer to chapter 6 for information about these switches. To run MagicCV or MagicCVW after Soft-ICE has been loaded, refer to your MagicCV or MagicCVW manual. Notes: MagicCVW requires Soft-ICE version 2.00 or greater. MagicCV requires Soft-ICE version 1.02 or greater. The S-ICE.SYS and NUMEGA.SYS drivers were shipped with some versions of Soft-ICE. The S-ICE and NUMEGA 204 drivers must be replaced by S-ICE.EXE before you can run MagicCV and Soft- ICE 2.0 together. 10.3 Special Considerations Two Virtual Machines When you are using both Soft-ICE and MCV together, you must keep in mind that CV is in a separate virtual machine from the target environment. You can pop Soft-ICE up from either virtual machine, i.e., when CV is running, or when the target program is running. If you pop Soft-ICE up while the target program is running everything works as defined in the Soft-ICE manual. If you pop Soft-ICE up while CV is running (typically done to break points), you must keep a few points in mind: * The registers are those of CV and they CAN NOT be changed. * For convenience, the Soft-ICE MAP command displays the memory map of the target program virtual machine, not the memory map of the CV virtual machine. The highlighted area in the memory map may not be correct. * Any display or modification of memory occurs in the target program's virtual machine. * You have no visibility into the CV virtual machine except for the display of register values. Remember that when popping up the Soft-ICE window while CV is active, the register values are those of CV and should not be modified. * Instruction and program tracing is disabled from the Soft-ICE window when CV is active. This is to prevent confusion, because a trace would actually step through CV, not through the target program. 205 If you attempt to do a Soft-ICE Trace (T) or Program Step (P) command while CV is active, you will get the warning message: "Function not available in CV virtual machine." To trace through your target program code instead, you can do one of two options: * Use the CV trace command. To do this, exit the Soft-ICE window using the Soft-ICE X command, then do one or more CV traces to step through the target program. * Use Soft-ICE to go to the target program address, then use the Soft-ICE T or P commands to step through your target program. To do this, exit the Soft-ICE window with the Soft-ICE X command, then press the 'F3' key until CV is in 'mixed mode'. This allows you to see both the source lines and the instruction addresses. Pop up Soft-ICE. If the Soft-ICE window is not already in narrow mode, use the Soft-ICE WIN command to change the window size. Move the Soft-ICE window so you can see the instruction addresses on the left side of the screen. Now you can use the Soft-ICE G command to go to one of the addresses. Be sure to type in the full address, including the segment and the offset. Then enter 'G' in the CV window. At this point, CV is not active, so you can use the Soft-ICE T or P commands to step through t target program. CodeView's SHELL command If you run the DOS shell from within the CodeView virtual machine, the DOS shell is part of the virtual machine. Because of this, you should not run any TSRs when you are in the DOS shell. If you do, when you exit CodeView the TSRs will disappear along with the virtual machine. This is 206 dangerous, because any interrupt vectors that were not restored could hang your machine. CV's /R switch Soft-ICE takes advantage of many of the 80386 features including the 80386 debug registers. This means that the debug registers are not available for CV, so you cannot use the CV /R switch when running with Soft-ICE. If you do use the /R switch, Soft-ICE gives you a general protection error. At this point, you can press "C" to continue, then rerun CV without the /R switch, and use the Soft-ICE break points. The CV /R switch works when you are running MCV without Soft-ICE. 3.4 The Soft-ICE ACTION Command The ACTION command allows three different methods activating CV from a Soft-ICE break point. The best choice of action is ACTION NMI. If you experience any problems with ACTION set to NMI (usually because an adapter card in your system is using NMI), use ACTION INT1. 207 PAGE 208 is BLANK 208 SECTION III - Advanced Topics CHAPTER 11 Advanced Features 11.1 Using Soft-ICE with other Debuggers 11.1.1 Debuggers that Use DOS 11.1.2 ACTION Command with other Debuggers 11.1.3 Special Considerations 11.1.4 Using Soft-ICE with CODEVIEW 11.1.5 Debuggers that Use 80386 Break Point Registers 11.2 User-Qualified Break Points 11.2.1 Example of a User-Qualified Break Point 11.3 The Window in Graphics Mode 11.4 Expanded Memory Debugging Features 11.5 Extended Memory Debugging Features 209 11.1 Using Soft-ICE with other Debuggers Soft-ICE was designed to work well with other debuggers. Each debugger offers different features, and therefore can require special treatment. This section will describe some ways to use several debuggers effectively. 11.1.1 Debuggers that Use DOS Many debuggers use DOS and ROM BIOS to perform their display and keyboard I/O. Special consideration must be taken when using these debuggers with Soft-ICE (e.g., DEBUG, SYMDEB, and CODEVIEW), because DOS and ROM BIOS are not fully re-entrant. If a break point occurs while code is executing in DOS or BIOS, a re-entrancy problem can occur. Soft-ICE provides optional re-entrancy warning, which is activated with the WARN command. When WARN mode is on, Soft-ICE checks for DOS or ROM BIOS re-entrancy before generating the ACTION that wakes up the host debugger. When a re-entrancy problem is detected, Soft-ICE displays a warning message and offers you the choice of continuing to execute the code or returning to Soft-ICE. Note that Soft-ICE itself does not use DOS or ROM BIOS calls in its debugging commands. This means that you can use Soft-ICE any time, without the worry of re-entrancy problems. For more information on the WARN command, see section 5.4. 11.1.2 ACTION Command with other Debuggers Different debuggers use different methods of activation For a description of these methods see section 13.1. 210 If you want to return to your debugger after a break point reached, you must change the ACTION (see section 5.4) to work with your debugger. In most cases, the action that should be taken after a break point is reached is INT3. For instance, DEBUG and SYMDEB will work best with ACTION set to INT3. If INT3 doesn't work with your debugger, try INT1 or NMI. CODEVIEW works best with ACTION set to NMI. 11.1.3 Special Considerations When a break point is set, you must be careful not to set off the break point unintentionally. For instance, if you set a memory break point at 0:0, then use your debugger to dump memory location 0:0, Soft-ICE will be triggered. If ACTION is set to go to your debugger, then your debugger will be triggered by itself. Since some debuggers cannot be re-entrant, this could be a fatal problem. This problem can also occur with other debugging functions, such as editing or unassembling. For this reason, it is a good practice to disable the Soft-ICE break points once Soft-ICE has helped you get to the point where you want to look around with your debugger. 11.1.4 Using Soft-ICE with CODEVIEW Soft-ICE works best with CODEVIEW when CODEVIEW is either in Assembler mode or Mixed mode. When CODEVIEW is in Source mode with higher-level languages it does not always break correctly. It is always best to use ACTION NMI when you want Soft-ICE to wake up CODEVIEW. 211 11.1.5 Debuggers that Use 80386 Break Point Registers The 80386 has 4 break point registers that are available for use by debuggers. Soft-ICE uses these for its memory byte, word and double word break points. If the debugger you are using Soft-ICE with uses these debug registers there will be a conflict. There are two ways to handle this problem. 1. Disable the use of 80386 break point registers in the debugger you are using Soft-ICE with. Check the documentation of your other debugger for a description of how to do this. 2. Some debuggers automatically use the break point registers if they detect an 80386 processor with no method of turning them off (some versions of SYMDEB do this). For these debuggers do the following: * Bring up the Soft-ICE window before you start the other debugger. * Turn on Soft-ICE's break mode with the BREAK command (you may want to do this in the INIT statement of S-ICE.DAT if you are doing this frequently). * Start up your other debugger. * You may now pop up the Soft-ICE window and turn the Soft-ICE break mode off if desired. 11.2 User-Qualified Break Points Occasionally you may have the need for a very specific set of break point conditions. If the special conditions require qualifying register values or memory values, you can write a break point qualification routine. 212 Soft-ICE contains a very general mechanism for calling user-written break point qualification routines: the ACTION command. When you use the ACTION command, Soft-ICE can route all break points through special interrupt vector. However, before break points can be routed, the qualification routine must be placed in memory, and the interrupt vector must be pointing to the qualification routine. All registers are identical to the values when the Soft-ICE break point occurred. It is the responsibility of the qualification routine to save and restore the registers. If your qualification routine detects a match of break point conditions, it can do a variety of activities. Some examples of useful activities that a routine can do when a match is found are: * store information for later * send the information directly to a printer or serial terminal * issue an INT 3 instruction to bring up Soft-ICE The command 13HERE must be turned on in order for the INT 3 to bring up Soft-ICE (see section 5.4). If conditions do not match, the qualification routine in should execute an IRET instruction. To summarize: 1. Create a break point qualification routine in your code space, or anywhere in free memory. The routine must preserve registers. After comparing the desired conditions, the routine can execute either an INT 3 to bring up Soft-ICE, or an IRET to continue. 2. Point an unused interrupt vector to your qualification routine. This can be done either within your code or from Soft-ICE. 213 3. In Soft-ICE, set ACTION to the interrupt- number that was used to point to your qualification routine. 4. In Soft-ICE, set 13HERE on. This is necessary to bring up Soft-ICE after the conditions have been met. 5. Set the Soft-ICE general break point conditions. When any of these break point conditions are met, your qualification routine will be called. 11.2.1 Example of a User-Qualified Break Point This section contains an example of a user-qualified break point that compares for the conditions of U = 3, BX = 4 and CX = 5 when a break point goes off. First, we create the qualification routine. For the purposes of this example, we will assemble the command directly into memory with the Soft- ICE interactive assembler. For this example we will arbitrarily assemble the routine at location 9000:0H. The following statements are entered into Soft-ICE: A 9000:0 9000:0 CMP AX,3 9000:3 JNE 10 9000:5 CMP BX,4 9000:7 JNE 10 9000:A CMP CX,5 9000:D JNE 10 9000:F INT3 9000:10 IRET Now that the routine is in memory, you must point an interrupt vector to the routine. For this example, we arbitrarily pick INT 99H. To place 9000:0H in the INT 99H vector enter: ED 0:99*4 9000:0 214 Set the ACTION command so that Soft-ICE will call your break point qualification routine on every break point. ACTION 99 Set 13HERE on so the qualification routine can activate Soft-ICE when the conditions occur. 13HERE ON Now you need to set the break points. For this example, we are just interested when the registers are: U = 3, BX = 4, CX = 5 in a specific program, and we do not want any further qualification. To do this, use a range break point on memory read: BPR segment:starting-offset segment:ending-offset This will cause your break point qualification routine to be called after every instruction is executed in the specified memory range. When the register conditions do not match, then the IRET instruction is executed. When the conditions finally match the specified qualifications, the INT 3 is executed and Soft-ICE is popped up. When Soft-ICE pops up, the instruction pointer will be pointing at the INT3 in your qualification routine (9OOO:FH in our example). To get to the instruction after the one that caused the break point, you must change the instruction pointer to point to the IRET instruction (F000: 10H in the example) and single step one time. This is accomplished with the following Soft-ICE commands RIP IP + 1 T After your break conditions have gone off, remember to change the ACTION command back to ACTION HERE that subsequent break points do not go through your qualification routine. 215 11.3 The Window in Graphics Mode The screen is switched to text mode when Soft-ICE is invoked. If the screen was in graphics mode or 40-column mode, the graphics display is not visible while the window is up. For users who must see the graphics display while debugging, three features are provided. The first feature allows the Soft-ICE window to display on a second monitor (see the ALTSCR command, section 5.9). The second feature allows you to restore the screen while you are doing P or T instruction step commands (see the FLASH command, section 5.9). The third feature allows you to restore the program screen temporarily (see the RS command, section 5.9). If Soft-ICE does not seem to be following your program into graphics mode, try turning WATCHV on (see section 5.9 for details). 11.4 Expanded Memory Debugging Features A range break point or a break point on memory that is set in an EMM mappable area will stay at that address no matter which EMM page is mapped in. When debugging EMM programs, the EMMMAP command may also be very useful. See section 5.6 for more information. The D, E, S, F, and C commands can be used to view or modify any allocated EMM handle page. The page does not have to be currently mapped in. The syntax of these commands is similar to that of the commands when being used for non-EMM pages, except for the following: * In the D, E, S, and F commands, the address portion of the command must be specified in the following way: Hhandle# Ppage# offset 216 where handle is a number specifying which EMM handle to use, page is a number specifying which EMM page to use, and offset is a number from 0 to 4000H, specifying the offset from the beginning of the page. Example: DB H1 P3 0 This command will dump bytes from page 3 of handle 1, starting at offset 0. * The C command must be specified in the following way: C Hhandle# Ppage# offset1 L length offset2 where handle and page are the same as above. offset1 is a number from 0 to 4000H, specifying the offset from the beginning of the page, where the first data block to be compared is located. offset2 is a number from 0 to 4000H, specifying the offset from the beginning of the page, where the second data block to be compared is located. Example: C H2 P4 00 L10 1000 This command will compare the first 10 bytes of memory located at offset 0 of page 4 of handle 2 with the first 10 bytes of memory located at offset 1000 of page 4 of handle 2. Note: Subsequent uses of the D, E, S, F, and C commands will continue to use the handle and page last specified. To get back to conventional memory, use one of the above 217 commands with a segment specified in the address field, for example: D 0:0 11.5 Extended Memory Debugging Features The D, E, S, F, and C commands can be used to view or modify extended memory. Extended memory reserved by Soft-ICE can not be displayed. The syntax of these commands is similar to that of the commands when being used for conventional memory: * In the D, E, S, and F commands, the address portion of the command must be specified in the following way: M megabyte address where megabyte is a number specifying which megabyte to use, and address specifies the address in the specified megabyte. Example: DB M 2 0:0 This command will dump bytes from start of the megabyte starting at linear address 200000H. * The C command must be specified in the following way: C M megabyte address1 L length address2 where megabyte and address1 are the same as above. address2 specifies the address in the specified megabyte, where the second data block to be compared is located. 218 Example: C M 3 1000:2000 L10 3000:4000 This command will compare the first 10 bytes of memory located at 1000:2000 with the first 10 bytes of memory located at 3000:4000. Note: Subsequent uses of the D, E, S, F, and C commands will continue to use the last megabyte specified. To get back to megabyte 0 (conventional memory), use one of the above commands with 0 specified as the megabyte, for example: D M 0 219 Page 220 is BLANK 220 CHAPTER 12 Special Debugging Problems 12.1 Loadable Device Drivers 12.2 Boot Loaders 12.3 Interrupt Routines 12.4 Non-DOS Operating Systems 221 Soft-ICE can be a powerful tool in stand-alone mode. This chapter describes techniques for debugging system-level components using Soft-ICE in stand-alone mode. When using Soft-ICE as a stand-alone debugger, the ACTION must be set to HERE. 12.1 Loadable Device Drivers Debugging DOS loadable device drivers requires a debugger that does not make DOS calls. Soft-ICE can be used in stand-alone mode if your debugger uses DOS. There are two methods for debugging loadable device drivers: 1. Use the MAP command to find the location of your loadable driver. Display the device driver header to find the strategy or interrupt entry point. Setting a break point at the entry to strategy or interrupt will give you control within the device driver. Single step, or set break points further on, to continue debugging. Debugging the device driver initialization code requires resetting the system with the BOOT command. Use the technique stated above to set a break point within the driver code. The BOOT command will retain Soft-ICE and break points. 2. The second method requires placing special code in your driver. Do this with the 13HERE ON command (see section 5.4). Place an INT 3 opcode (CCH) in your device driver at the point where control is desired. When the INT 3 executes, control comes to Soft-ICE. You can then use an RIP command to set the instruction pointer to get around the INT 3. If you wish to debug your initialization sequence, make sure that Soft-ICE is loaded in CONFIG.SYS prior to the driver you are trying to debug. Place the 13HERE ON command 222 in the INIT string in Soft-ICE.DAT. With this method you do not have to use the BOOT command. If you are debugging your device driver symbolically or with source you must load the symbol file and the source files separately from the device driver. The symbol file and source files are loaded with the Soft-ICE program loader LDR.EXE. When LDR.EXE is used to load only the symbols and source you must use it in the form: LDR file-name.SYM The extension of the symbol file must be specified. See section 7.4 for more details about LDR.EXE. After loading the symbol file and source files with LDR.EXE you must enter Soft-ICE and relocate the symbols relative to the start of your device driver. Symbols are relocated with the Soft-ICE SYMLOC command. The syntax of the SYMLOC command is: SYMLOC segment The segment value is obtained from the MAP command. See the description of the SYMLOC command for more details. 12.2 Boot Loaders Debugging boot loaders or self-booting programs requires using Soft-ICE as a stand-alone debugger. You must first boot into DOS and load Soft-ICE. The easiest method of debugging boot loaders is to set a break point at a known address within the boot loader, and then use the BOOT command to reset the system. Soft-ICE is retained throughout the boot process with the break points still set. If a known address is difficult to find an execution break point can be set at 7C0:0H before the 223 BOOT command. This is the address where the ROM BIOS loads the boot sector into memory. Another method requires turning 13HERE mode on (see section 5.4). Place an INT 3 opcode (CCH) in your program at the point where control is desired. When the INT 3 executes, control comes to Soft-ICE, You may also use both symbols and source debugging while debugging a boot loader. See the SYMLOC command for more information on how to relocate your symbols and source to the segment where your boot loader has been loaded 12.3 Interrupt Routines Soft-ICE allows break points and single stepping within hardware interrupt service routines (timer, keyboard, etc.). Single stepping and setting break points in interrupt service routines is allowed with Soft-ICE. You can even single step through the keyboard interrupt routine while Soft-ICE is using the keyboard for input. In most cases, Soft-ICE must be used as a stand-alone debugger when debugging interrupt service routines. To set a break point on the address of the interrupt service routine, use one of the following methods: 1. Use the display double command: DD interrupt-number * 4 L 1 The address displayed is the address of the first instruction of the interrupt service routine. Set a execution break point on this address. 2. Use the command: BPINT interrupt-number 224 12.4 Non-DOS Operating Systems Non-DOS real address mode operating systems can be debugged with Soft-ICE. If the operating system is not very DOS compatible you may have to load Soft-ICE under DOS, and then use the BOOT command to start the non-DOS operating system. Follow the instructions for debugging boot sequences and self-booting programs explained in section 12.2. The MAP and WARN commands may not function properly under a non-DOS operating system, but break points and the other debugging commands will work correctly. If debugging with symbols or source you must load symbol files and source files while still under DOS or in the DOS compatible mode of your operating system. 225 Page 226 is BLANK 226 CHAPTER 13 Theory Of Operation 13.1 Activating Other Debuggers 13.2 Virtual Machine Basics 227 13.1 Activating Other Debuggers Soft-ICE works with most other debuggers by taking advantage of the 8086 family break point interrupt (INT 3). Most debuggers use the single byte INT 3 (CCH) instruction to produce break points. The target instruction is replaced by an INT 3. When the target address is executed, control is given to the debugger's INT 3 handler. The debugger then replaces the (CCH) with the first byte of the original instruction. When Soft-ICE break points occur, one of several events can happen, depending on the ACTION command. Typically, when using Soft-ICE with another debugger, ACTION is set to INT3. When break point conditions match, Soft-ICE passes control to the host debugger by simulating an INT 3. Some debuggers may not work properly by simulating INT 3's. For these debuggers, two other ACTION options are provided. They are INT1 and NMI. IX 1 is the 8086 family single-step interrupt. Most debuggers will handle an unsolicited INT 1 as a break point. NMI is supported by many debuggers as a means of breaking out of a hung condition. These debuggers were designed for hardware break-out switches that produced non-maskable interrupts. When ACTION is set for NMI, Soft-ICE simulates the non- maskable interrupt (Interrupt 2). CODEVIEW works best with ACTION set to NMI. 13.2 Virtual Machine Basics The magic of Soft-ICE is made possible by the virtual machine capability of the 80386 processor. Soft-ICE runs in the 80386 protected mode and manages the DOS environment. The 80386 protection circuitry gives Soft-ICE complete control of the DOS environment while protecting it from a wayward program. 228 How are Soft-ICE break points generated? Soft-ICE uses three different 80386 features to produce break points: * Break points on memory location use the 80386 break registers * Break points on memory ranges use the 80386 paging mechanism * Break points on I/O instructions use the I/O privilege level and I/O bit mask How is the BREAK command implemented? The BREAK command allows use of the keyboard to bring up Soft-ICE, even when interrupts are disabled and the system is hung. Soft-ICE virtualizes the interrupt mechanism so that interrupts are never disabled to Soft-ICE, even when they are disabled to the DOS program running in the virtual machine. When in break mode, the following instructions are virtualized to make sure the interrupt flag is never cleared: PUSHF POPF STI CLI INT n IRET Special considerations with virtual 8086 mode Soft-ICE runs DOS in an 8086 virtual machine. This capability is a major feature of the 80386 microprocessor. When running real address mode software (DOS, etc.) in a virtual machine some 8086 features must be emulated by a program that controls the virtual machine. In our case, 229 Soft-ICE controls the virtual machine. The following peculiarities are handled by Soft-ICE: * ROM BIOS interrupt 15H functions 87H, 88H, and 89H * The undocumented loadall instruction * Address line 20H control * 80286 and 80386 protected instructions * 80386 bugs ROM BIOS interrupt 15H functions 87H, 88H, and 89H BIOS function 87H allows a program to access memory above one megabyte in the IBM AT or Personal Series 11 architectures through a block move mechanism. Function 88H returns the extended memory size. These functions are used by the VDISK device driver. Soft-ICE emulates these BIOS calls for VDISK compatibility. Function 89H is normally used to put you into protected mode, but Soft-ICE can not allow this to happen. Instead it returns with the carry flag set. The undocumented loadall instruction The 80286 contains an undocumented instruction called loadall. This instruction was originally placed on the chip for diagnostic purposes and is not generally used by software. However, it is used by some versions of Microsoft's RAMDRIVE which is sold with Microsoft Windows and MSDOS 3.2. Soft-ICE emulates loadall to the extent of getting RAMDRIVE to work, however it is impossible to do a complete emulation of this instruction. 230 Address line 20H control The IBM AT introduced a special feature that allowed some old programs that were originally written for CP/M to function on the 80286 processor. This feature allowed memory accesses that wrapped from the one megabyte region to the zero region on the 8086 to work on the 80286. Some programs disable this 'wrap compatibility' to access memory just above one megabyte in real address mode. Soft-ICE emulates this ability. This is supported on all 80386 AT machines through the keyboard controller, and through I/O port 92H on the PS/2. 80286 and 80386 protected instructions Some AT specific programs have used 80286 protected instructions. With the emergence of the 80386, some 80386 programs use 80386 protected instructions. These programs will not work with Soft-ICE. Soft-ICE supports the standard real-address mode extensions that Intel had included with the 80186 & 80286 processors (PUSHALL, POPALL, etc.), but not protected mode instructions such as LGDT, LMSW, etc. 80386 Bugs There are several 80386 bugs up through the C stepping of the chip. Most of these bugs only apply to protected mode software (such as Soft-ICE). 231 Page 232 is BLANK 232 Soft-ICE 2.5 Addendum CONTENTS Introduction ..............................................4 Product Description (1.1) .................................5 The Diskettes (2.1) .......................................7 Loading Soft-ICE (2.2).....................................8 Using Soft-ICE with BOUNDS-CHECKER (New feature)...........9 Loading BOUNDS-CHECKER to use with Soft-ICE 2.5.................................................10 Running Soft-ICE 2.5 with BOUNDS-CHECKER............11 The Soft-ICE BOUNDS Command.........................11 Overlay Support (New feature of BPX and G commands)........13 32 Bit Dis-assembly and Register Display (5.1 - R command).14 STACK Command (New command) ...............................14 SHOW Command (5.6).........................................15 FILE Command (5.10)........................................15 Preparing for Symbolic or Source Debugging(7.2)............17 Microsoft and Turbo Source/Symbolic Improvements........................................17 Loading Programs and Symbol Files (7.4 and new TABLE command)...................................................19 Multiple Symbol Tables .............................19 Tabs Control (New TABS command)............................20 Remote Debugging (New feature and new SERIAL command)...................................................21 486 Support (New feature)..................................22 Special Configuration Options (6.4.1)......................23 Soft-ICE color support..............................23 Expanded Memory Support (8)................................25 EMMSETUP.EXE Changes................................25 2 Soft-ICE 2.5 Addendum Loading High Of Resident Programs (New feature) .......... 26 Loading High Of MS-DOS Loadable Device Drivers (New feature) ........................................... 27 Adding High Memory to MS-DOS (New feature). .............. 28 VCPI Support (New feature) ............................... 28 CONFIG.SYS Editor (New feature) .......................... 30 Back Door Commands (New feature) ......................... 32 Soft-ICE Addendum 3 Introduction This release memo is an addendum to the Soft-ICE 2.0 User's Guide. It describes the differences between the Soft-ICE 2.0 User's Guide and the Soft-ICE 2.5 release. When this memo is referring to enhancements or changes made to features that existed in the Soft-ICE 2.0 User's Guide, the memo headings will include, in parenthesis, the chapter number of the corresponding information in the Soft-ICE 2.0 User's Guide. Please read both the Soft-ICE 2.0 User's Guide and this release memo. 4 Soft-ICE Addendum Product Description ( 1, 1 ) There have been many features added to the Soft-ICE 2.5 release. The principal features are that Soft-ICE: * integrates with BOUNDS-CHECKER. * reads symbolic and source information directly from the .EXE header from Microsoft & Borland languages. * has overlay support for Microsoft's LINK and Pocket Soft's .RTLink/Plus. * can have two symbol tables loaded at the same time. * allows 386 32-bit instruction dis-assembly and 32-bit register dump. * is Microsoft C version 6 compatible. * provides numeric processor dis-assembly. * lets device drivers and T&SR programs load high * includes some additional commands: BOUNDS, TABS, STACK, SERIAL. * includes enhancements to some existing commands: R, FILE, SHOW, BPX, G. * has VCPI support. Soft-ICE Addendum 2.5 5 * allows remote debugging * has 80486 support. * allows customizes Soft-ICE window colors. 6 Soft-ICE 2.5 Addendum The Diskettes (2, 1), A directory of a Soft-ICE 2.5 diskette will now show the following additional files: \NEW\LH. \NEW\LD.SYS \NEW\ADDHI.EXE \NEW\CE.EXE \IOSIM.ASM LH.EXE is a utility that loads high T&SRs. LD.SYS is a utility that loads high DOS loadable device drivers. ADDHI.EXE is a utility that adds high memory to DOS memory chain. CE.EXE is the CONFIG.SYS editor. IOSIM.ASM is an example of a user qualified break point. It will take a BPIO break point and log all the values that were written to or read from that port. Soft-ICE 2.5 Addendum 7 Loading Soft-ICE (2.2) Follow the installation instructions in the Soft-ICE 2.0 User's Guide to copy all the files from the root directory of the distribution diskette to your Soft-ICE directory on your hard disk. In addition, copy the files from the /WW directory on the distribution diskette to your Soft-ICE directory on your hard drive; these files are new with the Soft-ICE 2.5 release. Note If you were previously using Soft-ICE 2.0 with the /EMM option on the S ICE command line in CONFIG.SYS, you need to run EMMSETUP. Since EMMSETUP writes configuration information directly into the S ICE.EXE file, this information was over-written when you loaded Soft ICE 2.5. 8 Soft-ICE 2.5 Addendum Using Soft-ICE with BOUNDS-CHECKER (New feature) Introduction BOUNDS-CHECKER gives you the protection of a protected mode operating system under MS-DOS. When your program is running, BOUNDS-CHECKER protects your program's CODE and all memory outside your program. When an MS-DOS system call or BIOS call or interrupt occurs, BOUNDS-CHECKER prevents the system software from corrupting your program. So BOUNDS-CHECKER can not only detect problems caused by your program, it can also determine if a T&SR or other program is clobbering you. Each time you make a change to your program, run BOUNDS-CHECKER while testing the new code. Your program runs at full speed, and if you accidentally access out-of-bounds memory, BOUNDS-CHECKER pops up displaying the offending source line. Using Soft-ICE in combination with BOUNDSCHECKER is very useful when the bug found by BOUNDS-CHECKER is not clearly self-explanatory. You may need to use Soft-ICE to look at data, to debug a little, or to rerun the program with Soft-ICE's back trace capability to determine why the out-of- bounds access occurred.. Soft-ICE 2.5 Addendum 9 Loading BOUNDS-CHECKER to use with Soft-ICE 2.5 To use BOUNDS-CHECKER with Soft-ICE 2.5, you must first: 1. Install BOUNDS-CHECKER on your hard disk using the BOUNDS-CHECKER installation program (BCSETUP.EXE). 2. Replace the DEVICE=d:\path\BC.SYS line in your CONFIG.SYS file with DEVICE=d:\path\S-ICE.EXE. Use the same parameters that were on the BC.SYS command line. In addition, you may want to use the /TRA nnnn parameter to create a back trace buffer larger than 10K. You may also need to increase the size of your /SYM nnnn parameter to allow your source and your symbols to be loaded. Notes You do not need the /BC switch on the DEVICE=d:/path /S-ICE.EXE line in CONFIG.SYS as the BOUNDS-CHECKER manual states. You must have Soft-ICE version 2.5 or greater and BOUNDS-CHECKER version 1.1 or greater for them to coexist. 10 Soft-ICE 2.5 Addend Running Soft-ICE 2.5 with BOUNDSCHECKER Run BOUNDS-CHECKER. When BOUNDSCHECKER pops up, if you want to enter Soft- ICE to do further debugging, select Options on the main menu, then select Soft-ICE. To re-enter BOUNDS-CHECKER, simply exit Soft-ICE with the hot key sequence or the X command. If you don't have enough extended memory to run BOUNDS-CHECKER, you can save space by running BOUNDS-CHECKER with option /S in this form: BC /S program-name This stops source from loading up into extended memory for use by Soft- ICE. The disadvantage is that Soft-ICE will show line numbers, but will not show source code. Note Soft-ICE range break points and back trace ranges will be disabled while the BOUNDS-CHECKER is running. The Soft-ICE BOUNDS Command The new command, BOUNDS, is used for turning BOUNDS-CHECKing on and off from within SoftICE. This is useful if you want to stop to do some debugging from within a BOUNDS-CHECKER Soft-ICE 2.5 Addendum 11 session, then return to BOUNDS-CHECKing after you have debugged a portion of the program. The syntax of the BOUNDS command is: BOUNDS [ON | Off] BOUNDS OFF turns off BOUNDS-CHECKing, and BOUNDS-ON turns BOUNDS-CHECKing back on. If no parameters are specified, then the current state is displayed. 12 Soft-ICE 2.5 Addendum Overlay Support (New feature of BPX and G commands) The Soft-ICE BPX break point will follow overlays produced by the Microsoft linker or.RTLink/Plus. The BPX and G commands allow you to use break points in overlays. Other break point types do not follow overlays. To use BPX to set a break point in an overlay, you must type: BPX routine_name Other forms of BPX, such as using source line numbers or setting BPX using point-and-shoot, do not follow break points in overlays. Soft-ICE 2.5 Addendum 13 32 Bit Dis-assembly and Register Display (5.1 - R command) Soft-ICE now displays 32 bit 80386 instructions properly. The Dis-assembly is always enabled. To enable 32 bit register display in the data window enter: R 32 This toggles between 16 bit and 32 bit registers. STACK Command (New command) Soft-ICE 2.5 now allows you to display the call stack. A call stack is a list of routines that were called to reach the current address. Using the call stack is especially useful when Soft-ICE pops up in a library routine. By using the call stack, you can quickly see the last routine in your program that had control before entering the library, even if the program is several levels deep into library calls. The most recently called entry in the stack is displayed first in the command window. The format of the call stack is: procedure(offset) [line-number] If line-number is a '?' then no line number information was available for this procedure. 14 Soft-ICE Addendum The STACK command can only be used if symbolic information is loaded. If the module of an entry in the call stack was not compiled with debug information, no symbolic label will be displayed. Only a hexadecimal offset will be shown. SHOW Command (5.6) The SHOW command has been enhanced to allow you to dump large amounts of back traced instructions to the printer. The new syntax for SHOW is: SHOW [B | start] [L length] B - start at beginning of buffer start - number of instructions back to begin length - number of instructions to display If SHOW is used with the length argument, you can use CTRL P to dump the Dis-assembled source to the printer. If you don't specify B or start, it starts displaying at the current location. FILE Command (5.10) The FILE command has been enhanced. The new syntax for FILE is: FILE [file-name |*] Soft-ICE 2.5 Addendum 15 FILE * displays all source files that have been loaded by LDR.EXE into extended memory. To switch to a new file with the FILE command you no longer have to type the full path name or file extension. For example, to switch to file C:\SOURCE\FOO.C, pop up Soft-ICE and enter FILE FOO. 16 Soft-ICE 2.5 Addendum Preparing For Symbolic or Source Debugging (7,2) Microsoft and Turbo Source/Symbolic Improvements Soft-ICE 2.5 has made source and symbolic improvements for users of Microsoft or Turbo languages. Soft-ICE can now get the symbolic and source information directly from the .EXE file if there is Microsoft CodeView compatible or Turbo Debug compatible debug information in the.EXE file. MSYM.EXE, the.MAP file, and the.SYM file are no longer needed if the debug records are present. With Microsoft, compile with /Zi and link with /CO. With Turbo, compile with /v and link with /v. The /CO switch makes the linker append symbolic information to the end of your.EXE file. although this will make your.EXE file grow in size, this will not affect the amount of conventional memory required by your program. Soft-ICE 2.5 Addendum Note MSYM.EXE is useful when you are using a compiler that produces a Microsoft Link compatible .MAP file, but does not place Microsoft compatible debug information in the .EXE file. 18 Soft-ICE Addendum Loading Programs and Symbol Files (7,4 and new TABLE command), Multiple Symbol Tables Soft-ICE 2.5 can now handle two symbol tables. This is useful when debugging a T&SR or DOS loadable device driver with an application, or debugging a shell with a child process. To load a separate symbol table or a separate program with symbols use the Soft-ICE TABLE command. TABLE 1 uses symbol table number one, TABLE 2 uses symbol table number 2. To use two symbol tables, do the following: 1. Use LDR to load your first program and symbolic information. 2. Pop up Soft-ICE. 3. Enter TabLE 2. 4. Exit Soft-ICE. 5. Use LDR.EXE to load the second symbol table. Both sets of symbolic information are now loaded into extended memory and you are currently viewing the second set of symbolic information. Use the TABLE 1 and TABLE 2 commands to toggle between which set of symbolic information you are currently viewing. To view your first program's symbolic information, pop up Soft-ICE if it's not up already, and enter: Soft-ICE 2.5 addendum TABLE 1 To view your second program's symbolic information, pop up Soft-ICE if it's not up already, and enter: TABLE 2 If you enter TABLE without any parameter, it will tell you which set of symbolic information is currently being viewed. Note When you re-load table 1 by entering TABLE 1 then loading with LDR, table 2 is invalidated. Tabs Control (New TABS command) Soft-ICE 2.5 allows you to control tab expansion size of source files. Previous versions of Soft-ICE assumed tabs of every 8. The syntax for the TABS command is: TABS [2 | 4 | 8] If no parameter is specified then the current tabs setting is displayed. An interesting use of the TABS command is to see more than 78 characters of source on a single line. To do this enter TABS 2. 20 Soft-ICE 2.5 Remote Debugging (New feature and new SERIAL command) Soft-ICE is capable of displaying all of the information from the command window over a serial port. The hot key is still activated via the system keyboard but once Soft-ICE is popped up, both the system and the remote keyboard will be active. To activate remote debugging use the following sequence: 1) Set the BAUD rate with the DOS MODE command to the same baud rate as the remote terminal. 2) Within Soft-ICE, set PRN to the correct serial port. Example: PRN COM1 3) Within Soft-ICE, enter SERIAL ON. At this point, you may enter information on either keyboard, and the command window output will go to both screens. 4) You will probably want to get rid of your Code, Data and Register windows as these will not be displayed across to the remote terminal. 5) If you do not want the Soft-ICE screen up on the host machine then turn ALTSCR ON from within Soft-ICE. Soft-ICE 2.5 Addendum 21 486 Support (New Feature) Soft-ICE 2.5 now has 80486 support. Previous versions did not, due to anomalies with the 80486 processor. Also 486 instructions will be disassembled correctly 22 Soft-ICE 2.5 Addendum Special Configuration Options (6.4.1) Soft-ICE color support Soft-ICE 2.5 now allows you to specify the screen colors for the Soft-ICE windows. To set colors for the different windows in Soft-ICE you must use the COLORS directive in the S-ICE.DAT file. The syntax of the COLORS command is: COLORS = "nnH,nnH,nnH,nnH,nnH,nnH, nnH,nnH,nnH,nnH,nnH,nnH where nn is a HEX number. There are four sets of three numbers. Each grouping of three affects the colors of a particular window. The ordering for the four Soft-ICE windows is: COLORS register-window, data-window, code-window, command-window Each grouping of three HEX numbers controls the normal attribute, highlight attribute and reverse attribute for the respective window. The actual number is the value that is placed in the attribute field in the video frame. The high order nibble is the background color and the low order nibble is foreground color. The colors are: 0 - black 1 - blue 2 - green 23 Soft-ICE Addendum 3 - cyan 4 - red 5 - magenta 6 - brown 7 - gray 8-0F are intense versions of the above. An example of the colors command is: COLORS = "47H,4EH,7EH, 07H,OFH,70H, 17H,lFH,71H,30H,3FH,71H" 24 Soft-ICE 2.5 Addendum Expanded Memory Support (8) The expanded memory manager has been enhanced in Soft-ICE 2.5, and utilities are now provided to load device drivers and T&SR programs into extended memory. (The expanded memory manager is enabled with the /EMM command when S-ICE.EXE is placed in your CONFIG.SYS.) EMMSETUP.EXE Changes Running EMMSETUP.EXE (the expanded memory manager setup program) now requires a command line parameter that specifies the name of the expanded memory manager file. The syntax for running EMMSETUP is: EMMSETUP file-name The file-name parameter should be S-ICE.EXE. EMMSETUP can also be used with MagicCV release 3.0, in which case the parameter should be NUMEGA.SYS. This parameter is required because EMMSETUP writes the configuration information directly into the driver file. EMMSETUP now has the option of enabling memory blocks for loading high of device drivers and T&SR programs. You must select this feature on EMMSETUP's initial screen. The EMMSETUP configuration memory map now has more choices. You can choose F for page frame, and H Soft-ICE 2.5 Addendum 25 for high memory areas. To enable expanded memory you must have 4 and only 4 contiguous F's above 640K. To load high device drivers or T&SRs you must place H's in UN-occupied memory blocks above 640K. Note If you want to load high device drivers & T&SR programs, but do not want EMM (expanded) memory, then make sure there are no E's or F's in the memory map. Loading High Of Resident Programs (New feature) The LH.EXE utility allows loading certain resident programs into available memory blocks between 640K and I megabyte. Before using LH.EXE you must reserve memory for loading high using EMMSETUP.EXE. This is done by placing an 'H' in each memory block above 640K that you wish to have as a load high area. To load a resident program high enter: LH program-name [program parameters] If there is a high memory block large enough to hold the program, the program will be loaded into it. If no program-name follows LH on the command line, a memory map is displayed of the DOS loadable device 26 Soft-ICE 2.5 Addendum drivers and resident programs loaded high along with available memory. Note You can not load all resident programs with LH.EXE. You must experiment to see which programs can be loaded high. Loading High Of MS-DOS Loadable Device Drivers (New feature) The LD.SYS utility allows loading certain MS-DOS loadable device drivers into available memory blocks between 640K and I megabyte. Before using LD.SYS you must reserve memory for loading high using EMMSETUP.EXE. This is done by placing an 'H' in each memory block above 640K that you wish to have as a load high area. To load an MS-DOS loadable device driver high, you must place the following line in your CONFIG.SYS file: DEVICE = \path\LD.SYS device-name [parameters] path - Path containing LD.SYS device-name - Name of DOS Loadable device driver including path If there is a high memory block large enough to hold the device driver, the program will be loaded into it when you boot. Soft-ICE 2.5 Addendum 27 To display a memory map of DOS loadable device drivers and resident programs loaded high use the LH utility with no parameters from DOS. Note You can not load all DOS loadable device drivers high. You must experiment to see which drivers can be loaded high. Make sure you have a boot disk handy While experimenting. Adding High Memory to MS-DOS (New feature) The ADDHI.EXE utility allows you to add high memory areas to the DOS pool of free memory. Before using ADDHI.EXE you must reserve memory for adding high using EMMSETUP.EXE. This is done by placing an 'H' in each memory block above 640K that you wish to have as a add high area. VCPI Support (New feature) VCPI (Virtual Control Program Interface) is automatically enabled when you use the /EMM switch on the S-ICE.EXE line in CONFIG.SYS. VCPI support lets you run VCPI applications that use DOS extenders when Soft-ICE is loaded. It does not allow you to debug these applications in protected mode. VCPI conforming applications include Lotus 123 version 3.0 and Autocad. 28 Soft-ICE 2.5 Addendum VCPI support does NOT enable Soft-ICE to run with other VCPI control programs, such as Quarterdeck's QEMM and Qualitas's 386MAX. Soft-ICE 2.5 Addendum 29 CONFIG.SYS Editor (New feature) CONFIG EDIT (CE.EXE) is an on-the-fly text editor for CONFIG.SYS. CONFIG EDIT is useful if you have to make occasional changes to your CONFIG.SYS. It is especially useful if you suspect that a driver in CONFIG.SYS may hang the system. It is advisable to use CONFIG EDIT when installing SoftICE in your CONFIG.SYS for the first time. Install CONFIG EDIT by placing CE.EXE as the first DEVICE = line in your CONFIG.SYS file. For example: DEVICE = /S-ICE /CE.EXE When your system boots, you will hear a tone. After the tone, you have a short time to press any key. If you press a key CE will take over and allow you to edit CONFIG.SYS. When you have edited your CONFIG.SYS file, you may exit CE by pressing one of the following keys: F1 Pressing F1 exits and changes CONFIG.SYS for this boot only. The changes are not permanent. F10 Pressing F10 exits and changes CONFIG.SYS for this boot and subsequent boots. ESC Pressing ESC exits with no changes 30 Soft-ICE 2.5 Addendum CE can also be run From the DOS command line. This is for a quick look or quick changes to CONFIG.SYS. Simply enter CE from the DOS command line. The /Q switch (Quiet) will disable the initial sound made by CE. when it is installed in CONFIG.SYS. Soft-ICE 2.5 Addendum 31 Back Door Commands (New feature) Soft-ICE 2.5 contains commands for controlling SoftICE from an MSDOS program. A program can take advantage of powerful break points for special debugging jobs or hardware simulation projects. These calls all have the following calling sequence: MOV AH,09 MOV AL,SUB-FUNCTION MOV SI,'FG' MOV DI,'JM' INT 3 The sub-functions are available: AL value Description 10H Display information in the Soft-ICE window. 11H Do a Soft-ICE command. 12H Get break point information. 13H Set Soft-ICE break point. 14H Remove a Soft-ICE break point. The following paragraphs give more detailed information about these subfunctions. 32 Soft-ICE 2.5 Addendum AL = 10H --Display Information In the Soft-ICE window. This is useful for diagnostic writes - especially from within interrupt routines and other areas that may have reentrancy concerns. Input: DS:DX - > Zstring of text characters to be displayed The Zstring can be a maximum of 100 characters and can contain carriage returns (0DH). AL = 11H -- Do a Soft-ICE command. This allows you to generate a Soft-ICE command from your program. This is used for all non-break point commands. To set Soft-ICE break points from your program see AL = 13H below. Input: DS:DX - > Zstring that contains a Soft-ICE command. The Zstring can be a maximum of 100 characters. Each Soft-ICE command in the string should end with a carriage return (0DH). Soft-ICE 2.5 Addendum 33 AL = 12H -- Get break point Information. Returns the break point number of the last break point set and the last break point that went off. This is useful when setting break points from hardware control or doing hardware simulation. Returns: DH - entry number of last break point that went off DL - type of last break point that went off BH - entry number of last break point set BL - type of last break point set The entry number is the same as is displayed in the BL command. The types are: 0 - BPM (break point register types) 1 - I/O 2 - INT 3 - BPX (int 3 style BP) 4 - Reserved 5 - Range AL = 13H -- Set Soft-ICE break point. Use this command to set Soft-ICE break points from program control. Input: DS:DX - pointer to break point structure 34 Soft-ICE 2.5 Addendum Returns: ax = error code bx = break point number ; Very little parameter value checking is done, but the following ; errors are returned. OK EQU 0 BP_TABLE_FULL EQU 3 MEM_LlM_ERR EQU 6 IO_LlM_ERR EQU 7 RANGE_LlM_ERR EQU 9 DUP_ERR EQU l6 ;duplicate break point ; Break point structure ;bp_entry struc ;bp_type db ? ;bp_addrl dd ? ;bp_addr2 dd ? ;bp_addr3 dd ? ;bp_mode db ? ;bp_mode2 db ? ;bp_size db ? ;bp_cnt db ? ;bp_state db ? ;bp_entry ends ; The following break point types are allowed: Soft-ICE 2.5 Addendum 35 MEM_LOC equ 0 ;Memory Iocation break point (BPM). MEM_RANGE equ 1 ;Memory range break point (BPR). IO equ 3 ;I/0 break point (BPIO). INT_BP equ 4 ;Interrupt break point (BPINT). X_BP equ 5 ;Execution break point (BPX). ; Here are the possible break point modes and sizes. ; Break point modes READ_MODE equ 01 WRITE_MODE equ 02 EX_MODE equ 04 ; Break point sizes BYT equ 0 WRD equ 1 DBL equ 3 ; The following paragraphs give information on how to fill the break point structure 36 Soft-ICE 2.5 Addendum ; for each break point type. ; Setting memory location break points bp_type = MEM_LOC bp_addr1 = address of break point bp_mode = one of following: READ_MODE WRITE_MODE EX_MODE or WRITE_MODE EX,MODE (execute break point) bp,size = one of following: BYT WRD DBL bp,cnt = Number of instances before breakpoint occurs ; All unused fields should be 0. ; Setting memory range break points bp_type = MEM_RANGE bp_addrl = lower range limit bp_addr2 = upper range limit bp_mode = one of following: READ_MODE Soft-ICE 2.5 Addendum 37 WRITE_MODE READ_MODE or WRITE_MODE bp_cnt = Number of instances before breakpoint occurs ; All unused fields should be 0. ; Setting I/O break points bp_type = I/O word ptr bp_addr1 = I/O address bp_mode = one of following: READ_MODE WRITE_MODE READ_MODE or WRITE_MODE bp_cnt = Number of instances before breakpoint occurs ; All unused fields should be 0. ; Setting interrupt break points 38 Soft-ICE 2.5 Addendum bp_type = INT_BP bp,addr1 = Interrupt # bp,addr2 = Optional value to check bp,mode = register to check 0 - no value checking 1 - check AL 2 - check AH 3 - check AX ;Setting execution break points bp_type = X_BP bp,addr1 = address of break point bp,addr2 = overlay number (0 = root) AL = 14H -- Remove Soft-ICE break point. Input: BX = Break point number Returns: BX = ??? when set Soft-ICE 2.5 Addendum 39 Page 40 is blank Soft-ICE 2.5 Addendum 40 APPENDIX A FUNCTIONAL COMMAND LIST Command Description Page Setting break points : BPM Set break point on memory access or execution 54 BPR Set break point on memory range 57 BPIO Set break point on I/O port access 59 BPINT Set break point on interrupt 61 BPX Set/clear break point on execution 63 CSIP Set CS:IP range qualifier 64 BPAND Wait for multiple break points to occur 65 Manipulating break points : BD Disable break points 68 BE Enable break points 69 BL List break points 70 BPE Edit break point 71 BPT Use break point as a template 72 BC Clear break points 73 Display and edit commands: U Unassemble instructions 77 R Display or change register 79 MAP Display system memory map 81 D Display memory 83 E Edit memory 84 INT? Display last interrupt number 86 ? or H Display help information 87 VER Display Soft-ICE version number 88 I/O port commands: I Input from I/O port 90 O Output to I/O port 91 233 Command Description Page Transfer control commands: X Exit from Soft-ICE window 93 G Go to address 94 T Trace one instruction 95 P Program step 96 HERE Go to current cursor line 97 GENINT Force an interrupt 98 EXIT Force exit of current DOS program 99 BOOT System boot (retain Soft-ICE) 101 HBOOT Hard system boot (total reset) 102 Debug mode commands: ACTION Set action after break point is reached 104 W Set DOS/ROM BIOS re-entrancy 106 warning mode BREAK Break out any time 107 13HERE Direct Interrupt 3's to Soft-ICE 108 Utility commands : A Assemble code 110 S Search for data 112 F Fill memory with data 113 M Move data 114 C Compare two data blocks 115 Specialized Debugging Commands: SHOW Display instructions from history buffer 117 TRACE Enter trace simulation mode 119 XT Single step in trace simulation mode 121 XP Program step in trace simulation mode 122 XG Go to address in trace simulation mode 123 XRSET Resets back trace history buffer 124 VECS Save/restore/compare interrupt vectors 125 SNAP Take snap shot of memory block 127 EMMMAP Display EMM allocation map 129 234 Command Description Page Windowing Commands: WR Toggle register window 131 WC Toggle/set size of code window 132 WD Toggle/set size of data window 133 EC Enter/exit code window 134 . Locate current instruction 136 Debugger Customization Commands: PAUSE Pause after each screen 138 ALTKEY Set alternate key sequence to 139 invoke Soft-ICE FKEY Show and edit function keys 141 BASE Set/display current radix 144 CTPP Toggle log session to printer 145 Print-Screen Print contents of screen 146 PRN Set printer output port 147 Screen Control Commands : FLASH Restore screen during P and T 149 FLICK Screen flicker reduction 150 WATCHV Set watch video mode 152 RS Restore program screen 153 CLS Clear window 154 ALTSCR Change to alternate screen 155 WIN Change size of Soft-ICE window 156 Symbol and Source Line Commands: SYM Display/set symbol 159 SYMLOC Relocate symbol base 161 SRC Toggle between source, mixed 162 and code FILE Change/display current source file 163 SS Search current source file for string 164 235 Page 236 is BLANK 236 APPENDIX B ALPHABETIC COMMAND LIST Command Description Page . Locate current instruction 136 ? or H Display help information 87 A Assemble code 110 ACTION Set action after break point is reached 104 ALTKEY Set alternate key sequence to invoke Soft-ICE 139 ALTSCR Change to alternate screen 155 BASE Set/display current radix 144 BC Clear break points 73 BD Disable break points 68 BE Enable break points 69 BL List break points 70 BOOT System boot (retain Soft-ICE) 101 BPAND Wait for multiple break points to occur 65 BPE Edit break point 71 BPINT Set break point on interrupt 61 BPIO Set break point on I/O port access 59 BPM Set break point on memory access or execution 54 BPR Set break point on memory range 57 BPT Use break point as a template 72 BPX Set/clear break point on execution 63 BREAK Break out any time 107 C Compare two data blocks 115 CLS Clear window 154 CSIP Set CS:IP range qualifier 64 CTRL-P Toggle log session to printer 145 D Display memory 83 E Edit memory 84 EC Enter/exit code window 134 EMMMAP Display EMM allocation map 129 EXIT Force exit of current DOS program 99 F Fill memory with data 113 FILE Change/display current source file 163 237 Command Description Page FKEY Show and edit function keys 141 FLASH Restore screen during P and T 149 FLICK Screen flicker reduction 150 G Go to address 94 GENINT Force an interrupt 98 HBOOT Hard system boot (total reset) 102 HERE Go to current cursor line 97 I Input from I/O port 90 13HERE Direct Interrupt 3's to Soft-ICE 108 INT? Display last interrupt number 86 M Move data 114 MAP Display system memory map 81 O Output to I/O port 91 P Program step 96 PAUSE Pause after each screen 138 Print-Screen Print contents of screen 146 PRN Set printer output port 147 R Display or change register 79 RS Restore program screen 153 S Search for data 112 SHOW Display instructions from history buffer 117 SNAP Take snap shot of memory block 127 SRC Toggle between source, mixed and code 162 SS Search current source file for string 164 SYM Display/set symbol 159 SYMLOC Relocate symbol base 161 T Trace one instruction 95 TRACE Enter trace simulation mode 119 U Unassemble instructions 77 VECS Save/restore/compare interrupt vectors 125 VER Display Soft-ICE version number 88 WARN Set DOS/ROM BIOS re-entrancy warning mode 106 WATCHV Set watch video mode 152 WC Toggle/set size of code window 132 WD Toggle/set size of data window 133 WIN Change size of Soft-ICE window 156 238 WR Toggle register window Command Description Page X Exit from Soft-ICE window 93 XG Go to address in trace simulation mode 123 XP Program step in trace simulation mode 122 XRSET Reset back trace history buffer 124 XT Single step in trace simulation mode 121 239 Page 240 is BLANK 240 APPENDIX C KEYSTROKE FUNCTION LIST Keystroke Description Moving the Soft-ICE window: CTRL  Move window one row up CTRL  Move window one row down CTRL Move window one row right CTRL  Move window one row left Resizing the Soft-ICE window: ALT  Expand the window CTRL  Shrink the window Editing the Command Line: Move the cursor to the right  Move the cursor to the left INS Toggle insert mode DEL Delete current character HOME Move cursor to the start of the line END Move cursor to the end of the line  Display the previous command  Display the next command SHIFT  Scroll one line up in display SHIFT  Scroll one line down in display PAGE UP Scroll one page up in display PAGE DN Scroll one page down in display BKSP Delete previous character ESC Cancel current command 241 Page 242 is BLANK 242 APPENDIX D Error Messages and Descriptions This appendix lists and explains the error messages that can be generated by Soft-ICE. A General Protection Violation Has Occurred. This is typically caused by a protected mode instruction. CS:IP = XXXX:XXXX Type 'C' to Continue Type 'R' to Return to Soft-ICE. This message can occur either when an 80386 protected mode instruction is encountered or if there is a segment wrap-around condition. You can often determine the reason for this message by un-assembling the instruction at the specified address. If the first byte of the instruction is an 0FH, then it is probably a protected mode instruction. If the instruction is accessing a word at offset 0FFFFH in a segment then it is a segment wrap problem. If you type C to continue, then control is given to the interrupt 0 handler in the DOS virtual machine. This message often occurs when a program jumps to an address that does not contain valid code or when valid code has been overwritten. Attempt To Divide By 0 This message is displayed when Soft-ICE evaluates an expression and the divisor in a divide operation is zero. 243 BPM Break Point Limit Exceeded Soft-ICE allows a maximum of 4 memory break points. This message is displayed ifyou attempt to exceed the maximum limit. Break Point Table Full Soft-ICE allows a maximum of 16 break points. This message is displayed if you attempt to exceed the maximum limit. Count Too Large The Soft-ICE break point commands allow an optional count field. This field can contain a maximum value of FFH. This error message is displayed if the count value specified is greater than FFH. DOS Memory Structures Corrupted This message is displayed if Soft-ICE detects a problem with the DOS memory block chain when using the MAP command. This message can also occur if you use the MAP command with a non-DOS operating system. Duplicate Break Point When a break point is entered, Soft-ICE compares the break point conditions with those of break points that had been set previously. If the conditions match, this message is displayed. 244 Interrupt Break Point Limit Exceeded Soft-ICE allows a maximum of 10 interrupt break points. This message is displayed if you attempt to exceed the maximum limit. Invalid Opcode Has Occurred CS:IP =XXXX:XXXX Type 'C' to Continue Type 'R' to Return to Soft-ICE. When the 80386 encounters an instruction that is illegal, it generates an interrupt 6. Soft-ICE displays this message and gives you the opportunity to continue or to return to Soft-ICE. If you type C to continue, then control is given to the interrupt 6 handler in the DOS virtual machine. This message often occurs when a program jumps to an address that does not contain valid code or when valid code has been overwritten. I/O Break Point Limit Exceeded Soft-ICE allows a maximum of 10 I/O break points. This message is displayed if you attempt to exceed the maximum limit. No Alternate Screen This message is displayed if the ALTSCR command is used and Soft-ICE detects only one video adapter. Parameter is Wrong Size Certain fields require a specific data type size (byte, word or double word). This message is displayed if the 245 data type size is exceeded. For example, if you use the command 'BPMB 2000:2000 EQ 1234' you are asking Soft-ICE to look for a byte access at location 2000:2000 with a value of 1234H. Since 1234H is larger than a byte, the command causes this error message to occur. Parameters Required Most Soft-ICE commands require one or more parameters. If a command is entered without the required number of parameters, this message is displayed. Range Break Point Limit Exceeded Soft-ICE allows a maximum of 10 memory range break points. This message is displayed if you attempt to exceed the maximum limit. Second Parameter Must Be Greater than First When specifying a memory range, the first number entered must be the lower limit of the range, otherwise this message is displayed. Segment:Offset Can Not Wrap Most Soft-ICE commands do not allow a memory pointer (segment:offset) to wrap from high memory to low. For example, the memory pointer FFFF:FFFF wraps and is illegal. This message is displayed if you attempt to wrap from high memory to low. 246 Soft-ICE cannot be loaded. Needs to load at top of memory. Load before any TSR's or control programs. Soft-ICE needs to load itself at the highest memory location possible. This memory is then 'mapped out', making it invisible to DOS programs, so they can't crash Soft-ICE. This message is displayed if Soft-ICE detects that another program has already been loaded at the top of memory. Soft-ICE cannot run with other 80386 control programs The 80386 only allows ore protected mode program a time, so Soft-ICE can not coexist with other control programs. When debugging a program that use EMS and EEMS, you could get this error message when you try to load Soft-ICE, because some 80386 systems come with a control program that uses the 80386 paging system to give you EMS and EEMS with a board that only has extended memory. You can, however, use a true expanded memory board to debug programs that use EMS and EEMS. Soft-ICE has already been loaded This message occurs if you attempt to load Soft-ICE twice. Soft-ICE has not been loaded This message occurs if you attempt to unload Soft-ICE when it has not yet been loaded. 247 Soft-ICE loads at the top of extended memory. This may conflict with other programs that use extended memory. If you are sure it will not conflict, then answer 'Y', otherwise answer 'N' and refer to the chapter on loading Soft-ICE with extended memory. This message occurs if you attempt to load Soft-ICE into extended memory, and S-ICE.SYS was not loaded in your CONFIG.SYS file. This warning is given to insure that you do not unintentionally wipe out a virtual disk or another program that may be loaded in extended memory. For more information, refer to section 2.2, "Loading Soft-ICE" and chapter 6, "Initialization Options". Soft-ICE will only run on 80386 based machines Soft-ICE requires Intel's 80386 microprocessor. Syntax Error This message is displayed if the information that was entered did not fit within the structure of any Soft-ICE command. The P & G Commands Function In RAM Only Soft-ICE uses two methods to implement the P and G commands. The first method uses the 80386 break point registers. However, if you have already set 4 BPM-style break points, Soft-ICE uses the INT 3 method, which will only work in RAM. If you attempt to use the P or G commands in ROM at this point, Soft-ICE detects this condition and displays this error message. 248 Valid Verbs are R, W, RW, X This message is displayed if an invalid verb is specified in a BPM command. When using the BPM command, the valid choices for verbs are R(read), W(write), RW(read/write), and X(execute). 249 Page 250 is BLANK 250 APPENDIX E TROUBLESHOOTING GUIDE This appendix gives solutions to some possible problems that you could encounter when using Soft-ICE. If you do not find the problem here, check the README.SI file on your distribution diskette for any troubleshooting hints that may not have made it into this manual. Time does not show the correct time at the end of the day. Soft-ICE does not let any interrupts go through to the system when the Soft-ICE window is up. This does not affect the real time clock at all, so the next time you reboot, the time will be displayed correctly again. You can also correct the time by running the program UPTIME. This gets the time from the real time clock and calls DOS to set the time. When debugging a program that uses EMS and EEMS, you get this error message when you try to load Soft-ICE "Soft-ICE cannot run with other 80386 control programs". Some 386 systems come with a control program that uses the 80386 paging system to give you EMS and EEMS with a board that only has extended memory. The 386 only allows one control program at a time, so Soft-ICE can not coexist with these control programs. You can, however, use a true expanded memory board to debug programs that use EMS and EEMS. Soft-ICE does not cause your software debugger to break. Some software debuggers will break only when used with one type of debugging interrupt. Refer to the ACTION command in section 5.4. This lists three different types of standard action that can be taken 251 when a break point happens. Try all three. Different ones work better for different debuggers. Soft-ICE does not come up when your monitor is in graphics mode, or it does not restore your graphics screen correctly. Soft-ICE does not use the ROM BIOS for its output, it must go directly to the hardware. Soft-ICE was designed to work with the following types of controllers, or ones that are 100% compatible: CGA MDA Hercules EGA VGA If your controller is not one of these, or not 100% compatible, you can use a second controller and monitor, and use the ALTSCR command described in section 5.9. The key sequence used to bring up Soft-ICE conflicts with an existing program that you are running. You can set a different key sequence to bring up Soft-ICE by using the ALTKEY command. If this doesn't work, add the SHIFT key to the current key sequence and use this new key sequence to bring up the existing program. Soft-ICE will not respond to the new key sequence, and will allow it to go through to the existing program. Refer to the ALTKEY command in section 5.8. When your program crashes, Soft-ICE will not come up. Refer to the BREAK command in section 5.4. This command allows you to pop up the SoFt-ICE window when the system is hung with interrupts disabled. 252 After your break point triggers your debugger, your debugger does not respond. There are two possible reasons why this problem could occur: 1) Your debugger has caused DOS or ROM BIOS to be re-entered. DOS and ROM BIOS are not fully re-entrant, so your debugger may not work correctly. Use the WARN command to turn re-entrancy warning mode on. The next time DOS or ROM BIOS is about to be re-entered, a warning message will be displayed, and you will be able choose to return to Soft-ICE to avoid the problem Refer to the WARN command in section 5.4. 2) A break occurred in the middle of an interrupt routine. Some debuggers can not handle this occurrence. Use ACTION set to HERE, because Soft-ICE will allow you to break in the middle of an interrupt routine. Refer to the ACTION command in section 5.4. You are using a CGA monitor and you get lots of flickering when Soft-ICE comes up. Certain types of video cards will flicker if characters are output without waiting for horizontal or vertical retrace. To reduce the flickering, turn FLICK mode ON. Refer to the FLICK command in section 5.9. When you use the BOOT command, the system starts to reboot but then hangs. Soft-ICE uses the interrupt 19 method of soft-booting. There are two possible times when this method could fail: 253 1) On a freshly booted system this method will work fine. But if the system has been corrupted by an errant program, there is a chance that this method will not work. 2) Some programs that use extended or expanded memory, such as EMS drivers or disk caches, are not able to handle an interrupt 19 style boot. When debugging device drivers and boot loaders that have this problem, you should use the following method. Boot the system without the drivers that cause the problem; load Soft-ICE; set up the drivers to load on the next boot; and then use the BOOT command. Refer to the BOOT command in section 5.3. You just used the SYSREQ key sequence to bring up Soft-ICE, and your system appears to be hung, or it begins to dump the screen to your printer. On some keyboards, you must press the ALT key and the PrtSc key simultaneously to generate a system request. If you accidentally press only the PrtSc key, the system will attempt to print your screen. If no printer is attached, your system will appear to be hung. To avoid this problem, be careful to press both keys simultaneously, or use the ALTKEY command to change to a different key sequence. Refer to the ALTKEY command in section 5.8. You were unassembling instructions, or editing or displaying memory when your debugger crashed. You accessed an address that triggered a Soft-ICE break point, and ACTION was not set to HERE. When Soft-ICE brings you to the point where you want to look around in memory with your debugger, you should disable the Soft-ICE break points. If you don't you could set off a break point unintentionally. This 254 would cause your debugger to trigger itself, which can be a fatal problem with debuggers that cannot be re-entrant. After you exited from your debugger, the system crashed. This problem of course could have many causes, but one possible cause is that you may have forgotten to disable the Soft-ICE break points, and ACTION is still set to trigger your debugger. When the break point occurs, ACTION will attempt to trigger your debugger, but your debugger is no longer loaded. You set a break point to trap on Interrupt 15H, function 87H, 88H, or 89H, and the break point did not occur. Soft-ICE processes these functions internally in protected mode, so you cannot set break points on these functions. Your program does not accept keystrokes, but the keyboard is still active. A shift state key may be logically stuck down. Try pressing and releasing each shift, control and alt key. Soft-ICE does not restore your graphics display properly. Soft-ICE has an enhanced video virtualization mode that can virtualize many special graphics modes. Turn this mode on by entering WATCHV ON. See the description of the WATCHV command for more details. For non-compatible video controllers and certain obscure modes you may have to use an alternate monitor. See the ALTSCR command. 255 The machine locks up while you are in Soft-ICE or moving the Soft-ICE window. Soft-ICE has timing problems with some keyboards. Use the NOLEDS statement in S-ICE.DAT. This prevents Soft-ICE from sending LED commands to the keyboard. 256 List of sections within this file: 1. INSTALLING SOFT-ICE 2. INSTALLING WITH DOS 5 3. PATCH TO SOFT-ICE TO RUN MAGIC CV WITH CODEVIEW 3.14 4. BATCH FILES FOR COMPILING WITH MICROSOFT C COMPILERS 5. BATCH FILES FOR COMPILING WITH BORLAND C++ COMPILERS 6. BATCH FILE FOR COMPILING WITH BORLAND TURBO PASCAL 7. CONFIG EDIT 8. MSYM WARNINGS 9. COMPILING WITH TOPSPEED 10. BPAND PROBLEM ------------------------------------------------------------------- 1. INSTALLING SOFT-ICE ------------------------------------------------------------------- When Soft-ICE is copied to a system, EMMSETUP should be run to insure that the internal EMM map within S-ICE.EXE matches the con- figuration of that system. When running EMMSETUP, first select "Reconfigure Driver to Current Configuration". If you have any I/O adapters which use memory, such as network cards, select "Manual Configuration and Status Screen" and X-out the block of memory used. After exiting EMMSETUP, check the date and time on S-ICE.EXE to insure that it has been changed. When Soft-ICE is installed in the CONFIG.SYS file, the switches are assigned as follows: /EXT reserves XMS memory from the 1Mb boundary on up for drivers such as HIMEM, CACHE, SMARTDRV and RAMDRIVE. HIMEM.SYS uses 64K of XMS memory, and the others use the amount specified in their switches. Add these up and set the EXT switch to this total. /SYM reserves space to store the symbolic debug data and the source files. The amount needed depends on the user's application, but usually the largest portion is for storing the source files. This space is in extended memory, just below Soft-ICE (which is at the top of extended memory). In many cases a large amount of SYM space is necessary. /EMM reserves space for use as emulated expanded memory. It is used by SMARTDRV and RAMDRIVE with the /A switch, and sometimes by application programs. On some systems, CodeView 3.11 and 3.14 will run only in expanded memory. This space is reserved just below the /SYM space. ------------------------------------------------------------------- 2. INSTALLING WITH DOS 5 ------------------------------------------------------------------- S-ICE.EXE must be used as the EMS memory manager (do not use EMM386). HIMEM.SYS must be after S-ICE.EXE, not before. When HIMEM.SYS is loaded, it displays the message "Installed A20 Handler" followed by a number. If the number is not "1" or "2", you must use the switch "/m:1" with HIMEM.SYS. DOS 5.0 may be loaded high with the "dos = high" command. Note that HIMEM.SYS must be installed to use this. If you wish to load drivers and T&SR's high, you must configure S-ICE.EXE for this using EMMSETUP. If you do not have our utility UMB.SYS, you must use our Load High utilities (LD.SYS and LH.EXE). Since the DOS 5.0 load high utility is called by "LH", rename ours to LHIGH.EXE or specify the full path to LH.EXE. You cannot use "dos = umb". Your CONFIG.SYS file should look something like this: dos = high device = c:\si\ce.exe ;configuration editor device = c:\si\s-ice.exe /SYM 500 /EXT 2112 /EMM device = c:\dos\himem.sys /m:1 device = c:\si\ld.sys c:\ansi.sys device = c:\si\ld.sys c:\dos\smartdrv.sys 2048 etc... If you have UMB.SYS, you may install this driver to allow using the DOS 5 UMB functions and load-high utilities. In this case your CONFIG.SYS file would look something like this: dos = high,umb device = c:\si\ce.exe ;configuration editor device = c:\si\s-ice.exe /SYM 500 /EXT 2112 /EMM device = c:\dos\himem.sys /m:1 device = c:\si\umb.sys devicehigh = c:\ansi.sys devicehigh = c:\dos\smartdrv.sys 2048 etc... ------------------------------------------------------------------- 3. PATCH TO SOFT-ICE TO RUN MAGIC CV WITH CODEVIEW 3.14 ------------------------------------------------------------------- This is a patch to Soft-ICE to allow MagicCV 3.0 to work with CodeView 3.14. Where it says something like "xxxx:wwww+1", if the address printed was 2C58:6CBA, use "2C58:6CBB", etc. Some users have reported slightly different addresses in earlier versions of Soft-ICE (e.g., 6C85 instead of 6CBA). ren s-ice.exe s-ice.bin debug s-ice.bin -s cs:0 lffff 42 22 prints address in xxxx:wwww format (wwww should be 6CBA) -e xxxx:wwww+1 1e -s cs:0 lffff 5a 20 prints address in xxxx:yyyy format (yyyy should be 6CC5) prints address in xxxx:zzzz format (zzzz should be 6D0B) -e xxxx:yyyy+1 1c -e xxxx:zzzz+1 1c -w -q ren s-ice.bin s-ice.exe Also, you must use either the /D or the /E switch with MCV. Since the /E switch requires setting up expanded memory, we recom- mend trying the /D switch first. ------------------------------------------------------------------- 4. BATCH FILES FOR COMPILING WITH MICROSOFT C COMPILERS ------------------------------------------------------------------- This is a sample batch file for Microsoft C 6.0 using a Large memory model, without a floating point coprocessor. c600\bin\cl /AL /Zi /c %1.c c600\bin\link /MA /CO /LI %1,%1,%1,c600\lib\llibce,; For other models:change /AL: change llibce: if 80x87, llibc7 SMALL /AS slibce slibc7 MEDIUM /AM mlibce mlibc7 COMPACT /AC clibce clibc7 HUGE /AH hlibce hlibc7 ------------------------------------------------------------------- 5. BATCH FILES FOR COMPILING WITH BORLAND C++ COMPILERS ------------------------------------------------------------------- This is a sample batch file for Turbo/Borland C++ using a Large memory model, without a floating point coprocessor. It is run from the tc\lib directory to avoid having to specify the path for all the library files called in the tlink command line: cd tc\lib tc\tcc -v -ml -Itc\include -c c:\%1.c tc\tlink /v/s/l/c c0l %1,c:\%1,c:\%1,emu mathl cl cd\ Other models: change -ml: change c0l: change mathl: change cl: SMALL -ms c0s maths cs MEDIUM -mm c0m mathm cm COMPACT -mc c0c mathc cc HUGE -mh c0h mathh ch For hardware FP (80x87) use "fp87" in place of "emu". ------------------------------------------------------------------- 6. BATCH FILE FOR COMPILING WITH BORLAND TURBO PASCAL ------------------------------------------------------------------- The following batch file format is recommended: tpc %1 /B/GD/$E+/$F+/$S+/$L+ msym %1 ------------------------------------------------------------------- 7. CONFIG EDIT ------------------------------------------------------------------- CONFIG EDIT (CE.EXE) is an on-the-fly editor for CONFIG.SYS. Install CE.EXE as the 1st "DEVICE=" in your CONFIG.SYS file. When your system boots, you will hear a tone. You have a short time to press any key after the tone (we recommend the SPACE bar). If you press a key CE will take control. CE allows changing CONFIG.SYS before using it. CE.EXE Version 2.0 also lists all the CONFIGxx.xxx files, and allows choosing which one to boot with. The chosen CONFIGxx.xxx file may be edited permanently or on a one-time basis before booting. CE.EXE must be the first driver in all the CONFIGxx.xxx files, because it cleans up for the previous bootup operation before booting. MAIN FUNCTIONS WITHIN THE CE.EXE MENU: ESC - Boot using the current CONFIG.SYS file. ENTER - Boot using the selected file without editing. F10 - Boot using the selected file without editing, and copy it into CONFIG.SYS. The previous CONFIG.SYS is saved as CONFIG.BAK. F2 - Edit the selected file before booting. To exit the edit session select ESC, F1 or F10 (see below). ESC - Exit the edit session with no changes. F1 - Change the selected file for this boot only. The changes are not permanant. F10 - Change the selected file permanently (including for this boot). OTHER IMPORTANT NOTES: CE can also be run from the command line. This is for a quick look or quick changes to CONFIG.SYS. The /Q switch (Quiet) will disable the initial sound made by CE.EXE when it is installed in CONFIG.SYS. ------------------------------------------------------------------- 8. MSYM WARNINGS ------------------------------------------------------------------- When the compiler does not produce correct debug information in the .EXE file, the .EXE file must be made without debug infor- mation, and a .MAP file with line-number data must be created. MSYM must be used to make a .SYM file from the .MAP file so that Soft- ICE can get the symbolic and source information correctly. MSYM requires a Microsoft-compatible .MAP file with at least one true Public symbol. It returns the message "Hex Value Expected" if no Public symbol is found. This is common with Assembly language programs because public symbols must be declared specifically, while higher language compilers typically make all procedure names public. If all the Public symbols in the .MAP file are Absolute, or if some modules do not have a Class, an invalid .SYM file may be produced, which can cause problems when running Soft-ICE. MSYM searches for the strings "Start" and "Publics by Value" within the .MAP file, and will return an error message if these exact strings are not found. The versions of MSYM prior to November 1991 cannot correctly process public names longer than 49 characters. If a longer name is encountered, it prints the message "String not found" with no name, and then aborts. Zortech C++ and Borland C++ allow function names to include their entire argument list, so such errors are likely to occur when using these compilers. Versions of MSYM dated from November 1991 and later allow public names up to 250 characters long. ------------------------------------------------------------------- 9. COMPILING WITH TOPSPEED ------------------------------------------------------------------- The following is a recommended project file format for com- piling with Topspeed (large model): #system auto exe #model large jpi #pragma debug(vid=>full) #pragma debug(line_num=>on) #compile %main #link %prjname This creates a detailed map file. Use our MSYM.EXE utility to create a .SYM file using the command: msym program-name Bounds-Checker will extract the debug information from this file. The following is a recommended batch file format (large model). The default redirection file TS.RED must be in your path; normally this file is in the same directory as TSC.EXE (typically TS\SYS). tsc c:\%1.c /m /ml /v2 /debug(line_num=on) msym %1 Topspeed does not generate line-number debug information for the line containing "main". In some cases this prevents being able to display source code. ------------------------------------------------------------------- 10. BPAND PROBLEM ------------------------------------------------------------------- The BPAND command does not work for BPX type breakpoints. This includes F9 style point-and-shoot breakpoints. You must use a hard- ware type of breakpoint such as BPIO or BPM X. Also, the order in which the breakpoints are listed in the BPAND command is not significant; they do not have to occur in that specific order. The break will occur when all the breakpoints listed have occurred at least once. -------------------------------------------------------------------