Edit/Modify 1024K Mem and Kiss Disassembler (C) 1977 - 1993
BEGIN 0000000000000000000000000000000000000000000000000000000000000 DSseg
0000 0000000000000000000000000000000000000000000000000000000000000 9000
MEMORY 0000000000000000000000000000000000000000000000000000000000000 CSseg
0000 0000000000000000000000000000000000000000000000000000000000000 9000
VALUE 0000000000000000000 each page displays 0000000000000000000 ESseg
0000 0000000000000000000 1024 bytes of memory 0000000000000000000 B800
0000000000000000000 in ASCII & extended 0000000000000000000
EDIT 0000000000000000000 ASCII 0000000000000000000 SSseg
MODE 0000000000000000000000000000000000000000000000000000000000000 9000
0000000000000000000 zero values are 0000000000000000000
DISAS- 0000000000000000000 displayed as ASCII 0 0000000000000000000 SP
SEMBLY 0000000000000000000000000000000000000000000000000000000000000 FCF6
HEX 0000000000000000000000000000000000000000000000000000000000000 END
INPUT 03FF : Up 1024 bytes : Move cursor
UNUSED : Down 1024 bytes : <- ^ v -> F1
: Toggle modify mode : Change Seg 0 - F Help
: Hex modify : Disassemble Memory
author - Bob Richardson, PO Box 1065, Chautauqua, NY 14722 (716) 753-2654
I first wrote EDMOD in 1977 for the original TRS-80 Model 1. Updated it in
1980 for the TRS-80 Model 4 with 4 each 64K banks of memory. Updated it in
1987 for the Intel 8088. Updated it in 1993 for the Intel 80386/8046. If
you would like the modestly commented assembly language source code send a
disk and postage to the author. EDMOD.OBJ and GOEDMOD.COM are 'freeware.'
The programs are assembled using the world's finest and fastest assembler,
A386.COM from: Eric Isaacson Software, 416 East University Avenue, Blooming-
ton, Indiana 47401, phone: (812) 339-1811. A386.COM is 10 times faster than
either Borland's or Microsoft's assemblers. He was the author of Intel's
first ASM86 assembler. EDMOD.OBJ requires an 80386, 80486 or Pentium to run.
The EDMOD.OBJ program allows the user to edit/modify any/all 1024K (RAM)
memory, excluding video RAM at segment A000H. GOEDMOD.COM is the command line
loader for EDMOD.OBJ. EDMOD may be run from either Windows or the command
line prompt. EDMOD.ICO is the icon if you wish to run it from windows. EDMOD
uses the keyboard and mouse (if mouse driver is loaded).
From the DOS> prompt, type GOEDMOD to run the program. EDMOD.OBJ, EDMOD.DOC,
EDMOD.ICO (icon), and GOEDMOD.COM may be on any drive and any directory so
long as they are all in the same directory that runs GOEDMOD.COM.
When running EDMOD.OBJ these EDMOD.DOC pages may be displayed by pressing the
F7 key. The Enter, PgUp, PgDwn, and up and down arrow keys are active.
Each page displays 1024 bytes of memory in the DS segment displayed at the
upper right of the screen. Displayed memory starts at BEGIN displayed at the
upper left of the the screen and ends at END displayed on the right side of
the screen. The enter keys (and + keys) move the displayed page UP 1024 bytes
in memory. The minus key (hyphen key and - key on the keypad) move the
displayed page down 1024 bytes in memory. The program initializes in EDIT
MODE (green) displayed on the left side of the screen. If a mouse is
installed, clicking the left mouse button over most commands duplicates
Hoding down the Enter key will display all sixty four 1024 byte pages of a
segment in about 8 seconds and cycle through all 16 segments in about 2
minutes. Next segment up or down switching is automatic.
In EDIT MODE you may switch segments by pressing the F5 key and then pressing
the zero through F key to switch to segments 0000H:0000H through F000H:0000H.
When F5 is pressed, four yellow blinking ???? will appear beneath DSseg on the
right side of the screen. After you have pressed the zero through F, they
will disappear and be replaced by the DS segment value you input. Using a
mouse, you would click over the and then click over the zero to F on the
second line at the top of the screen to change segments. In EDIT MODE, MEMORY
on the left of the screen always displays the BEGIN location, VALUE on the
left of the screen displays the hex value of the MEMORY location, the bottom
left of the screen displays the disassembled instruction for the byte/bytes
beginning at the displayed MEMORY location.
To switch from EDIT MODE to MODIFY MODE press the F2 key. EDIT MODE (green)
then changes to MODIFY MODE (yellow = caution) if you are not in the BIOS or
EDMOD memory regions. If you are in these regions, then MODIFY MODE changes
to red (extreme caution as you may foul up the operating system or EDMOD if
you do not know exactly what you are doing), which does not harm the computer.
The large blinking cursor now appears at the top left of the rectangle. It
may be moved with any of the arrow keys on the key pad, plus Home, PgUp, PgDn,
and End on the keypad. When the large blinking cursor is moved, MEMORY is
updated, VALUE at the new location is updated, and the disassembled
instruction at the new location is displayed on the bottom left of the screen.
The large blinking cursor may also be moved by clicking the mouse over the new
location desired. It will beep to tell you that it has moved the cursor. The
mouse cursor is gray and the large blinking cursor bright white.
In MODIFY MODE, the keypad's + key will change DISASSEMBLY on the left of the
screen from green to yellow to let you know it is trying to disassemble the
instruction beneath the cursor and then move to the next instruction.
Obviously you must know where an instruction begins for it to logically
disassemble correctly. If you do not know where an instruction begins keep
pressing the keypad's + key until you find a RET (return) instruction or a
series of PUSH or POPs and it will most likely disassemble correctly
thereafter. It does not disassemble text correctly, though earlier versions
of EDMOD tested the next 6 bytes and if all ASCII between 30H and 7FH guessed
they were text and told you so, but it was more a hindrance than help, so
removed. Anyone can identify text since EDMOD displays the ASCII and extended
ASCII characters unless they are control characters. If zero, then an ASCII
30H zero is displayed so you are not looking at a blank page as illustrated
on the first page of EDMOD.DOC.
In MODIFY MODE, pressing any ASCII key will place its value beneath the large
blinking cursor and advance the cursor. If you wish to input any value in
hex, simply press the F3 key. Two blinking yellow ?? will appear next to HEX
on the left of the screen and you must now type in two hex values from zero
zero to FF. After the second value is typed, the blinking ?? will disappear,
the hex value inserted in memory beneath the cursor, and the cursor advanced
one byte. Needless to say, EDMOD cannot modify ROM memory, which is often at/
above segment C000H. If you are not sure whether the memory displayed is ROM
or RAM, type in a new value, switch back to EDIT MODE via the F2 toggle key,
move up 1024 bytes, and then down 1024 bytes. If the value you typed in is
still there it is RAM memory. If not there, it is ROM or segment A000H video
RAM memory. EDMOD could do it automatically, but we wanted to leave something
for the user to do.
Inspite of dire warnings in the early 1980's that one could harm his/her
computer by modifying memory, we have found this not to be true using a wide
variety of computers. Maybe some of the early 1980's clones with miserable
substitution BIOS's could have been damaged by modifying the BIOS in segment
zero so that the RAM refresh was bolixed up, but I doubt it. About the worst
you can do is to modify the BIOS or EDMOD program and lock-up your computer,
requiring either a hot or cold reboot. In either case no damage is done;
i.e., Debug and Norton Utilities will allow you to do the same thing.
EDMOD is not a replacement for Debug, but rather a different approach to
editing and modifying memory. As once said, 'you pays your money and takes
your choice.' Since EDMOD is 'freeware' this is irrelevant.
If the user wishes to access EDMOD.OBJ from his/her own program:
1. User program loads EDMOD.OBJ's 22000 bytes to 9000:8000H.
2. User program loads its code segment to 0000H:0300H.
3. User program goes to EDMOD.OBJ via far jump JMP 9000H:8011H.
4. User program's first 15 bytes should be NOPs for EDMOD's return.
5. This allows the user to go to EMOD.OBJ and then return to his/
her program by pressing the shift F1 keys in EDMOD.
6. User should be experienced programmer (good luck).
We write assembly language IBM touchscreen information systems for hospitals
throughout the U.S. and Canada. EDMOD is our must useful tool and is often
used 10 to 20 times a day during programming.
EDMOD.OBJ contains a number of help/explanation pop-up windows that follow:
F1 help key pops up:
EDMOD.OBJ - MORE HELP
EDIT MODE (green)
Esc key DOS> prompt or Windows
Shift F1 ret ur pgm if 0000:0300 set
F6 key display any directory
D key decimal to hex converter
H key hex to decimal converter
S key global search ASCII/hex
F8 key using the KISS disassembler
F9 key zeros out entire segment
F10 key zeros out displayed page
note: will not zero BIOS or EDMOD
MODIFY MODE (yellow)
ASCII key modifies mem beneath cursor
F2 key toggles back to EDIT MODE
F3 key input hex beneath cursor
keypad directions keys active
MODIFY MODE (red) if in BIOS or EDMOD
press F7 to display this EDMOD.DOC
F8 key pressed pops up:
USING THE KISS DISASSEMBLER
Press the F4 key to display the 80386
and 80486 instructions disassembled.
In MODIFY MODE the lower left corner of
of video displays the disassembled
instruction beneath the large cursor.
To disassemble correctly you must start
with the cursor over the 1st byte of the
instruction and then press the keypad +
key to advance to the next instruction.
If you do not know where the instruction
begins, backup or go forward a byte at
time using the left or right arrow keys
until you find a series of PUSH or POPs
or a RET. Starting disassembly from
there will most likely be correct.
F4 key pressed pops up:
KEEP IT SIMPLE DISASSEMBLER
Most all 8088/80286 instructions display
with > 95% accuracy (indexed excluded).
80386/80486 INSTRUCTIONS DISPLAYED
ADD Ereg,Ereg MUL Ereg
OR Ereg,Ereg DIV Ereg
ADC Ereg,Ereg MOV Ereg, 32 bit value
SBB Ereg,Ereg MOV Ereg, [memory]
AND Ereg,Ereg MOV EAX, [index reg]
SUB Ereg,Ereg MOV [memory],Ereg
XOR Ereg,Ereg MOV Ereg,Ereg
CMP Ereg,Ereg MOVSD move $ doubleword
INC Ereg STOSD stor $ doubleword
DEC Ereg other instructions
POP Ereg display
PUSH Ereg "80386 instruction"
(math coprocessor excluded)
HOW EDMOD.OBJ IS CREATED:
EDMOD.COM is a plain vanilla .COM program that moves itself up to modestly
high memory in segment 9000H at offset 8000H. It is not a terminate-and-stay-
resident program. After moving itself high it first saves 9000H:8000H and up
22000 bytes on drive A:\ as EDMOD.OBJ. Thereafter, it operates identically to
GOEDMOD.COM, the tiny 200 byte or so command line loader for EDMOD.OBJ simply
loads it to 9000H:8000H and then does a far jump to 9000H:8011H. Before
loading EDMOD.OBJ high, GOEDMOD.COM loads a 4FH ('O') pointer into segment
0000H at offset 0382H which is part of the unused interrupt E0H location. This
normally vacant location tells the program not to create EDMOD.OBJ on A:\
after it is moved up and then accessed by the far jump 9000H:8011H. EDMOD.OBJ
is not a terminate-and-stay-resident program. As such, if you are accessing
it from your own program after it has once been loaded, test 9000H:8000H for
an E9H byte (jump instruction), and if not there, re-load it before jumping to
9000H:8011H. From a hard disk it loads in less than a second.
Since all calls and jumps within a .COM program are relative offsets, they
work properly. Only the MOV CS:register,label and LEA CS:register,label need
the modifier +7F00H be added to the label; i.e., LEA CS:DI,MESS becomes LEA
CS:DI,MESS+7F00H to load the effective address of the 'Edit/Modify 1024K'
message that is displayed at the top of the screen.
SETTING UP EDMOD TO RUN IN WINDOWS 3.1:
On drive C's root directory (C:\) type MD EDMOD (make directory) and press
Enter. GO to the C:\EDMOD subdirectory. Assuming that the uzipped files
GOEDMOD.COM, EDMOD.DOC, EDMOD.ICO and EDMOD.OBJ are in A:\ drive, copy them to
C:\EDMOD. Now type WIN to go to Windows.
Under [FILE] click New. Click Program Item. In description type EdMod. In
Command Line type GOEDMOD.COM In working directory type C:\EDMOD and click
Change Icon. If EDMOD.ICO appears click Ok and continue.
If for some reason Windows tells you it cannot find it, click OK and then
click [Browse]. Change the directory to C:\EDMOD and click [OK]. Now, click
EDMOD.ICO and you are all set. Finish up and the EDMOD icon will appear in
whatever directory you installed it in.
Double click the EDMOD icon and presto-change-oh you are in EDMOD at segment
9000H offset 0000H. Pressing the Esc key will return you to Windows.
BULLETIN BOARD SYSTEMS:
Feel free to upload EDMOD.OBJ, EDMOD.DOC, EDMOD.ICO and GOEDMOD.COM to any
BBS you wish. Our only condition/request is that you not modify or change
EDMOD.DOC in any way or fashion.
The next upgrade to EDMOD.OBJ will include disassembly of many of the Intel
'Pentium' (tm) instructions plus options to display all bank switched expanded
memory. Hopefully, another option will display all memory in protected mode.
- end -