ViewVC Help
View File | Revision Log | Show Annotations | Revision Graph | Root Listing
root/cebix/mon/README
Revision: 1.1
Committed: 1999-10-04T19:31:09Z (25 years, 2 months ago) by cebix
Branch: MAIN
Branch point for: cebix
Log Message:
Initial revision

File Contents

# Content
1
2 mon, Version 2.2
3 A command-driven file monitor
4
5 Copyright (C) 1997-1999 Christian Bauer, Marc Hellwig
6 Freely distributable
7
8
9 Overview
10 --------
11
12 "mon" is an interactive command-driven file manipulation tool that is inspired
13 by the "Amiga Monitor" by Timo Rossi <trossi@jyu.fi>. It has commands and
14 features similar to a machine code monitor/debugger, but it is not intended
15 to be used for debugging. It doesn't operate on physical or virtual RAM
16 locations of a process but rather on a fixed-size (but adjustable) buffer with
17 adresses starting at 0. Also, there are no commands to trace code, set
18 breakpoints etc. There are, however, built-in PowerPC, 680x0, 6502 and 8080
19 disassemblers.
20
21
22 Installation
23 ------------
24
25 There are precompiled binaries for BeOS included in the archive. mon doesn't
26 need any auxiliary files.
27
28 To compile under Unix, cd to "src", edit "Makefile" and type "make".
29
30
31 Usage
32 -----
33
34 mon can be started from the Shell or from the Tracker (BeOS), but command line
35 history doesn't work when started from the Tracker). If you give no command
36 line arguments, mon enters interactive mode. Otherwise, all arguments are
37 interpreted and executed as mon commands. The default buffer size is 1MB.
38 The mon command prompt looks like this:
39
40 [00000000]->
41
42 The number in brackets is the value of "." (the "current address", see the
43 section on expressions). You can get a short command overview by entering
44 "h".
45
46 Commands that create a longer output can be interrupted with Ctrl-C.
47
48 To quit mon, enter the command "x".
49
50
51 Constants, variables and expressions
52 ------------------------------------
53
54 The default number base is hexadecimal. Decimal numbers must be prefixed with
55 "_". Hexadecimal numbers may also be prefixed with "$" for clarity. Numbers
56 can also be entered as ASCII characters enclosed in single quotes (e.g. 'BAPP'
57 is the same as $42415050). All numbers are 32-bit values (one word).
58
59 With the "set" command, variables can be defined that hold 32-bit integer
60 values. A variable is referred to by its name. Variable names may be arbitrary
61 combinations of digits and letters (they may also start with a digit) that
62 are not also valid hexadecimal numbers. Names are case-sensitive.
63
64 mon accepts expressions in all places where you have to specify a number. The
65 following operators are available and have the same meaning and precedence as
66 in the C programming language:
67
68 ~ complement
69 + unary plus
70 - unary minus
71 * multiplication
72 / integer division
73 % modulo
74 + addition
75 - subtraction
76 << shift left
77 >> shift right
78 & bitwise AND
79 ^ bitwise exclusive OR
80 | bitwise inclusive OR
81
82 Parentheses may be used to change the evaluation order of sub-expressions.
83
84 There are two special symbols that can be used in expressions:
85
86 . represents the "current address" (the value of "." is also displayed in
87 the command prompt). What exactly the current address is, depends on the
88 command last executed. The display commands set "." to the address after
89 the last address displayed, the "hunt" commands sets "." to the address
90 of the first found occurence of the search string, etc.
91 : is used by the "apply" ("y") command and holds the value of the byte/
92 half-word/word at the current address.
93
94 The "modify" (":"), "fill" ("f") and "hunt" ("h") commands require you to
95 specify a byte string. Byte strings consist of an arbitrary number of byte
96 values and ASCII strings separated by commas. Examples:
97
98 "string"
99 12,34,56,78,9a,bc,de,f0
100 "this",0a,"is a string",0a,"with","newlines",_10
101
102
103 The buffer
104 ----------
105
106 Those mon commands that operate on "memory" operate on a buffer allocated by
107 mon whose size is adjustable with the "@" command. The default buffer size is
108 1MB. The buffer is an array of bytes where each byte has a 32-bit integer
109 address. Addresses start at 0 and are taken modulo the buffer size (i.e. for
110 the default 1MB buffer, addresses 0 and 100000 refer to the same byte).
111
112 The buffer is the working area of mon where you load files into, manipulate
113 them, and write files back from. Arbitraty portions of the buffer may be used
114 as scratch space.
115
116
117 Commands
118 --------
119
120 The following commands are available in mon ('[]' marks a parameter than can be
121 left out):
122
123
124 x Quit mon
125
126 quits mon and returns to the shell.
127
128
129 h Show help text
130
131 displays a short overview of commands.
132
133
134 ?? Show list of commands
135
136 displays a short list of available commands.
137
138
139 ver Show version
140
141 shows the version number of mon.
142
143
144 ? expression Calculate expression
145
146 displays the value of the given expression in hex, decimal, and ASCII
147 characters. If the value is negative, it is displayed as a signed and unsigned
148 number.
149
150
151 @ [size] Reallocate buffer
152
153 changes the size of the buffer to the given number of bytes while preserving
154 the contents of the buffer. If the "size" argument is omitted, the current
155 buffer size is displayed.
156
157
158 i [start [end]] ASCII memory dump
159
160 displays the buffer contents from address "start" to address "end" as ASCII
161 characters. Entering "i" without arguments is equivalent to "i .". The value
162 of "." is set to the address after the last address displayed.
163
164
165 m [start [end]] Hex/ASCII memory dump
166
167 displays the buffer contents from address "start" to address "end" as hex
168 words and ASCII characters. Entering "m" without arguments is equivalent to
169 "m .". The value of "." is set to the address after the last address displayed.
170
171
172 d [start [end]] Disassemble PowerPC code
173
174 disassembles the buffer contents from address "start" to address "end".
175 Entering "d" without arguments is equivalent to "d .". The value of "." is
176 set to the address after the last address displayed.
177
178
179 d65 [start [end]] Disassemble 6502 code
180
181 disassembles the buffer contents from address "start" to address "end".
182 Entering "d65" without arguments is equivalent to "d65 .". The value of
183 "." is set to the address after the last address displayed.
184
185
186 d68 [start [end]] Disassemble 680x0 code
187
188 disassembles the buffer contents from address "start" to address "end".
189 Entering "d68" without arguments is equivalent to "d68 .". The value of
190 "." is set to the address after the last address displayed.
191
192
193 d80 [start [end]] Disassemble 8080 code
194
195 disassembles the buffer contents from address "start" to address "end".
196 Entering "d80" without arguments is equivalent to "d80 .". The value of
197 "." is set to the address after the last address displayed.
198
199
200 d86 [start [end]] Disassemble 80x86 code (very incomplete)
201
202 disassembles the buffer contents from address "start" to address "end".
203 Entering "d86" without arguments is equivalent to "d86 .". The value of
204 "." is set to the address after the last address displayed.
205
206
207 : start string Modify memory
208
209 puts the specified byte string at the address "start" into the buffer. The
210 value of "." is set to the address after the last address modified.
211
212
213 f start end string Fill memory
214
215 fill the buffer in the range from "start" to (and including) "end" with the
216 given byte string.
217
218
219 y[b|h|w] start end expr Apply expression to memory
220
221 works like the "fill" ("f") command, but it doesn't fill with a byte string
222 but with the value of an expression that is re-evaluated for each buffer
223 location to be filled. The command comes in three flavors: "y"/"yb" works on
224 bytes (8-bit), "yh" on half-words (16-bit) and "yw" on words (32-bit). The
225 value of "." is the current address to be modified, the value of ":" holds
226 the contents of this address before modification.
227
228 Examples:
229 yw 0 fff :<<8 shifts all words in the address range 0..fff to the left
230 by 8 bits (you can use this to convert bitmap data from
231 ARGB to RGBA format, for example)
232 y 0 1234 ~: inverts all bytes in the address range 0..1234
233 yh 2 ff 20000/. creates a table of the fractional parts of the reciprocals
234 of 1..7f
235
236
237 t start end dest Transfer memory
238
239 transfers the buffer contents from "start" to (and including) "end" to "dest".
240 Source and destination may overlap.
241
242
243 c start end dest Compare memory
244
245 compares the buffer contents in the range from "start" to (and including)
246 "end" with the contents at "dest". The addresses of all different bytes and
247 the total number of differences (decimal) are printed.
248
249
250 h start end string Search for byte string
251
252 searches for the given byte string in the buffer starting at "start" up to
253 (and including) "end". The addresses and the total number of occurrences are
254 displayed. The value of "." is set to the address of the first occurrence.
255
256
257 \ "command" Execute shell command
258
259 executes the given shell command which must be enclosed in quotes.
260
261
262 ls [args] List directory contents
263
264 works as the shell command "ls".
265
266
267 rm [args] Remove file(s)
268
269 works as the shell command "rm".
270
271
272 cp [args] Copy file(s)
273
274 works as the shell command "cp".
275
276
277 mv [args] Move file(s)
278
279 works as the shell command "mv".
280
281
282 cd directory Change current directory
283
284 works as the shell command "cd". The name of the directory doesn't have to be
285 enclosed in quotes.
286
287
288 o ["file"] Redirect output
289
290 When a file name is specified, all following output is redirected to this
291 file. The file name must be enclosed in quotation marks even if it contains
292 no spaces. Entering "o" without parameters closes the file and directs the
293 output into the terminal window again.
294
295
296 [ start "file" Load data from file
297
298 loads the contents of the specified file into the buffer starting from address
299 "start". The file name must be enclosed in quotation marks even if it contains
300 no spaces. The value of "." is set to the address after the last address
301 affected by the load.
302
303
304 ] start size "file" Save data to file
305
306 writes "size" number of bytes of the buffer from "start" to the specified file.
307 The file name must be enclosed in quotation marks even if it contains no spaces.
308
309
310 set [var[=value]] Set/clear/show variables
311
312 If no arguments are given, all currently defined variables are displayed.
313 Otherwise, the value of "var" is set to the specified value. If "=value"
314 is omitted, the variable "var" is cleared.
315
316
317 cv Clear all variables
318
319 clears all currently defined variables.
320
321
322 rmon
323 ----
324
325 When mon is started as "rmon", it enters "real mode". That is, all memory
326 related functions no longer operate on the buffer but on "real" (virtual)
327 memory. Unless you are writing Mac emulators, this is probably of not much
328 use. :-)
329
330
331 Examples
332 --------
333
334 Here are some simple examples for what is possible with mon.
335
336 Join "file1" and "file2" to "file3":
337
338 [ 0 "file1"
339 [ . "file2"
340 ] 0 . "file3"
341
342 Remove the first 24 bytes (e.g. an unneeded header) of a file:
343
344 [ 0 "file"
345 ] 18 .-18 "file"
346
347 Load the mon executable and search for PowerPC "nop" commands:
348
349 [ 0 "mon"
350 h 0 . 60,00,00,00
351
352 Create a modified version of mon so that the prompt has " $" instead of "->":
353
354 [ 0 "mon"
355 set size=.
356 h 0 . "->"
357 : . " $"
358 ] 0 size "mon1"
359
360 Convert a binary file which contains 16-bit numbers in little-endian format
361 to big-endian format (or vice-versa):
362
363 [ 0 "file"
364 yh 0 .-1 :>>8|:<<8
365 ] 0 . "file"
366
367 Load a BeBox boot ROM image and start disassembling the system reset handler:
368
369 [ 0 "bootnub.image"
370 d 100
371
372
373 Legal stuff
374 -----------
375
376 Copyright 1997-1999 Christian Bauer. This program is freeware. You may do
377 whatever you want with it for personal use. Permission is granted to
378 redistribute this program free of charge, provided it is distributed in the
379 full archive with unmodified contents and no profit beyond the price of the
380 media on which it is distributed is made. Exception to the last rule: It may
381 be included on freeware/shareware collections on CD-ROM. There are no
382 warranties of any kind for this program. If you use this program, you do so
383 at your own risk. The authors are not responsible for any damages that might
384 result from using this program.
385
386
387 History
388 -------
389
390 V1.0 - Initial release
391 V1.3 - Now uses libreadline
392 Disassembler: prints SPR names instead of numbers, fixed bugs
393 V1.4 - Implemented 6502 and 680x0 disassemblers
394 V1.5 - Non-interactive mode, real mode
395 V2.0 - Unified PPC and x86 release
396 V2.1 - Compiled for BeOS R4, opens Terminal window when started from Tracker,
397 implemented 8080 disassembler, included Unix makefile
398 V2.2 - Switched from project files to makefiles on BeOS, fixed some minor
399 bugs in the PPC disassembler, commands made modular
400
401
402 Christian Bauer
403 <cbauer@iphcip1.physik.uni-mainz.de>
404
405 Marc Hellwig
406 <hellwig@iphcip1.physik.uni-mainz.de>