MS-DEBUG 1981 – 2009

Earlier this week (May 5) Microsoft Windows 7 Release Candidate was released to the general public and like many technology enthusiasts I downloaded a copy early in the morning hours on Tuesday, shortly after Microsoft made it available on its website.

The RC build of Windows 7 (build 7100) has many tweaks over the previous beta build I have (build 7000) and I have not yet played with it long enough to come up with any meaningful conclusions. However, this is not the point of this article. As you might have noticed from the title of this article, I was not about to talk about my experience with Windows 7 (maybe I will write about it later). What I noticed the first thing in Windows 7 is that the DEBUG command is nowhere to be found.

I was just old enough to remember the very early days of DEBUG under MS-DOS. In fact, I was fascinated with such a small and yet powerful tool that came with every version of MS-DOS distribution. the DEBUG command was so powerful that you could do almost anything with your machine with sometimes just a few key strokes.

For a long time, I used DEBUG to learn x86 assembly language and to learn about disk (both floppy disks and harddrives) structures and file systems. And occasionally, I would use DEBUG to edit binary files.

I remembered that I could use commands like

-l 100 0 0 1
-d

to load the boot sector from floppy A and inspect whether the boot sector was infected with any virus and if so, I would find a clean floppy disk and using DEBUG to write its boot sector to the disk that was infected.

And routinely, I would use the following commands to inspect the partition table of my harddrive to make sure that it was free from any infections:

mov ax, 0201
mov bx, 1000
mov cx, 0001
mov dx, 0080
int 13
int 3
-g 100
-d 1000

Remember this one?

jmp ffff:0000

I remembered that someone at my high school used to play the pranks by changing the very first few bytes on floppy disks to EA:00:00:FF and placed the disks in computers in the lab so that whenever someone turned on the computer, it would enter an infinite reboot cycle.

And when CIH stroke in the late nineties, my friends and I would use DEBUG to inspect the virus’s code to see how the instructions could actually be used to cause real physical damage to the hardware.

After Windows came along, I still used DEBUG often. After all, deep inside Windows (up till Windows ME), there was MS-DOS and for years, user were allowed to operate in real mode if they so inclined to. With the advent of Windows 2000 and then later Windows XP people started to forget about DEBUG since the operating system became true 32bit and the DOS prompt became just an emulator. You could still view files and write assembly code within DEBUG, but it was in a protected environment and everything you do was pretty safe and you couldn’t really do anything harmful to the hardware (of course, you could still overwrite sectors in floppy disks if you wanted to).

Ah, those were the good old days. Just like QBasic disappeared from later versions MS-DOS, DEBUG has gradually become obsolete. It remained in Windows Vista, but it is no where to be found in Windows 7. At last, Windows has shed one of its last vintage applications from the MS-DOS era.

Be Sociable, Share!

20 Comments

  1. Larry says:

    Actually, debug is not in windows Vista nor Windows server 2008.

  2. Windows Server 2008 says:

    I think it is (Server 2008)

    *****
    C:\>debug /?
    Runs Debug, a program testing and editing tool.

    DEBUG [[drive:][path]filename [testfile-parameters]]

    [drive:][path]filename Specifies the file you want to test.
    testfile-parameters Specifies command-line information required by
    the file you want to test.

    After Debug starts, type ? to display a list of debugging commands.

    C:\>ver

    Microsoft Windows [Version 6.0.6001]

  3. Stu says:

    Did anyone ever really use this? There were a lot of better alternatives available; and if you were geeky enough to want to play wth assembly language, then you probably knew someone who could get you a copy of something better.

    It’s been many years since young geeks would dabble in assembler when learning about PCs. Now there is only a tiny subset who will learn assembler by playing with microcontrollers at uni.

    I don’t think anyone will really miss MS-DEBUG as a learning/experimenting tool.

    Cheers,
    Stu.

    • Well when all I had was a dated 286 I found it was the best way for me to learn how to program using interrupts – gosh, I can’t even remember how I came across debug.exe, I think it was just sheer curiosity. I never learned how to save, so I would write all of my programs on paper, and I didn’t think about writing my code with dummy addresses either, so I would design my jumps on paper too …

      … and no I was not doing this in the ’80s, this was back in ’99, “when all I had was a dated 286″. I didn’t know it was still in windows XP; now I’ve found it on my work machine I’m going to relive those lovely days by writing occasional programs while compiling FM – besides, I know how to load and save now. Mode 13h here I come!!!

      * just reading some of these responses – I say ditto to zero_himself. I use RosAsm now, but environments like debug.exe keep your skills sharp.

  4. hwertz says:

    Well, yeah, people “did” use it, in the old RLL days you’d make a call (to address C800:0000 as I recall..) to low-level format the hard disk among… a few magazines would list short assembly-language apps in debug form too. As you say though I doubt anyone used it for serious development.

    That was like 20 years ago though; I’ve never heard of anyone using debug at all in at least the last 10 years.

    As for dabbling in assembly now, it’s surely not ubiquitous (or that common) to do things right in assembly, but there are those who still do it, they’ll typically write a non-speed-critical framework in C, and then the speed-critical portions as inline assembly. This is most often done in gcc and gas, though. The new direction for this now is getting stuff running directly on a video card. Oh, but sadly, even microcontrollers are programmed less and less in assembly now.. the 8-bitters are still around, but many microcontrollers now run stuff in Java, or even boot Linux and run whatever can fit in ROM.

  5. Windows Vista says:

    It’s also available in Vista’s dos box…

  6. zero_himself says:

    > Did anyone ever really use this?

    bad question, I LEARNED assembler when I was 15, using debug(warez and freeware were a lot harder to find back then)

    I will kind of miss it(It was my first assembler after all), but I can’t really say it has a lot of use anymore. To hexedit something, use winhex, or hexworkshop.(just quicker for large files) And windows programs just get too complex to use it for(who can call a function in a dll from a program written in debug…)

  7. Emil says:

    I use Vista Premium, and I have debug.

  8. azag says:

    I miss it! I learned assembly language with debug in the 90s, created many .com apps, hooking int 5, int 21, resident apps, etc
    i have created the fastest floppy formater with a .bat using debug.
    well of course later i used tasm, soft-ice, etc..but debug was always very useful.

  9. Jeffrey Haskovec says:

    I didn’t realize this. But it looks like they removed debug from Vista 64, but it is still in the 32 bit copy, so maybe they are just removing it for lack of 64 bit support?

  10. Left Blank says:

    Actually, if you wanted to learn assembly today, you’d grab a freeware copy of IDA Pro: http://www.hex-rays.com/idapro/idadownfreeware.htm

  11. /g/eek says:

    Debug these days is only useful for running malware. Since debug can easily run plain binaries entered in hex form, it
    s actually just as dangerous as anything else when run with admin privileges. Maybe even more so, as it belongs to Windows itself so it will never show a warning like those on downloaded executables post-xpsp2. Most virus scanners fail to catch debug or ntvdm processes going astray, there’s only so much you can do as a virus scanner.

  12. Safwan says:

    Thanks for a nice read. I get a lot of amusement from computer hardware and software stuff, although my profession is non-computer related.

  13. Grzegorz says:

    I have debug on my Polish Windows 7 RC:
    Microsoft Windows [Wersja 6.1.7100]
    Copyright (c) 2009 Microsoft Corporation. Wszelkie prawa zastrzeżone.

    C:\Users\Grzegorz>debug
    -d C000:0010
    C000:0010 00 00 00 00 00 00 00 00-98 01 00 00 00 00 49 42 …………..IB
    C000:0020 4D 0A 00 00 00 00 00 00-00 00 00 00 00 00 00 00 M……………
    C000:0030 20 37 36 31 32 39 35 35-32 30 00 00 00 00 00 00 761295520……
    C000:0040 3F 3F 00 00 00 00 00 00-22 01 00 00 00 00 00 00 ??……”…….
    C000:0050 32 30 30 36 2F 30 33 2F-31 35 20 31 38 3A 32 39 2006/03/15 18:29
    C000:0060 00 00 00 00 E9 90 11 00-E9 4C 1D 00 00 00 00 00 ………L……
    C000:0070 00 00 08 40 00 00 02 10-55 59 00 00 00 00 00 00 …@….UY……
    C000:0080 0D 0A 52 53 34 38 30 4D-28 48 50 2D 43 42 44 29 ..RS480M(HP-CBD)
    -d
    C000:0090 2D 20 54 45 53 54 20 42-49 4F 53 20 33 30 30 2F – TEST BIOS 300/
    C000:00A0 31 34 20 42 52 23 31 39-32 32 34 0D 0A 00 28 43 14 BR#19224…(C
    C000:00B0 29 20 31 39 38 38 2D 32-30 30 33 2C 20 41 54 49 ) 1988-2003, ATI
    C000:00C0 20 54 65 63 68 6E 6F 6C-6F 67 69 65 73 20 49 6E Technologies In
    C000:00D0 63 2E 20 42 4B 2D 41 54-49 20 56 45 52 30 30 38 c. BK-ATI VER008
    C000:00E0 2E 30 34 37 49 2E 30 30-31 2E 30 30 31 00 20 79 .047I.001.001. y
    C000:00F0 75 63 61 79 65 6E 2E 68-70 20 76 36 31 31 20 00 ucayen.hp v611 .
    C000:0100 4D 53 34 38 50 43 49 45-44 47 4E 31 55 4E 00 00 MS48PCIEDGN1UN..
    -

  14. jwiz says:

    I used debug back in the good old days also, it was a useful tool. I remember running it on computers at my high school and changing the register for the file size to ffffff and fill up the network drives with very large empty files. This was back when then total network drive space was only a few hundred megs. I’m sure it would take forever to write a couple hundred gig file in debug nowadays though.

  15. bovine says:

    The NTSD/CDB/WinDBG debuggers are the replacement for Win32/Win64 debugging needs. Windows 2000 (and maybe XP?) shipped with NTSD in the system32 directory. More recent versions of Windows generally don’t include it, because the online download gets revised frequently: http://www.microsoft.com/whdc/devtools/debugging/default.mspx

  16. mirabilos says:

    Oh I will *so* really miss it.

    It was such a superb tool to debug
    stuff, easier to use than gdb, and
    while not as fancy as Borland’s
    Turbo Debugger 1.0, one could write
    AND SAVE modifications or entire
    programmes in it.

    And I used it excessively in debugging
    the MirBSD MBR, PBR (bootxx), boot-
    loader (boot / ldbsd.com) early sy-
    stem startup.

  17. Debug is a 16 bit app, so it runs in the NTVDM (virtual DOS machine). If you have 32 bit Vista / Server 2008 (and I think Windows 7) you have Debug. If you have the 64 bit version of Vista, Win7, Server 2008 and server 2008 R2 (which is 64 bit only) there is no VDM and so no Debug.

  18. Ej says:

    Microsoft recommends using windebug32 for all versions of Windows in 32 bit and windebug64 for all 64 bit, the only exceptions is with the itanium processor and Microsoft has a special windebugger for that. Even though there are probably better programs out there this is one that keeps coming up with any issues you are trying to figure out with Windows 7 RC, since there isn’t really any specific programs for it yet. I listed them below for those of you still interested in working with the debugger or viewing the minidumps created with Windows’ errors.

    64-bit
    http://www.microsoft.com/whdc/devtools/debugging/install64bit.mspx

    32-bit
    http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

    Intel Itanium is listed under the 64-bit link above.

  19. Martenzit says:

    How can you activate debug in windows 7?
    I was try to write debug in cmd but there is no such a code like debug …

Leave a Reply