ViewVC Help
View File | Revision Log | Show Annotations | Revision Graph | Root Listing
root/cebix/mon/README
Revision: 1.6
Committed: 2000-10-06T00:04:21Z (24 years, 1 month ago) by cebix
Branch: MAIN
Changes since 1.5: +8 -1 lines
Log Message:
new command "d8086" for disassembling 16-bit x86 code

File Contents

# Content
1
2 mon, Version 3.0
3 A command-driven file monitor
4
5 Copyright (C) 1997-2000 Christian Bauer, Marc Hellwig
6 GNU binutils disassemblers Copyright (C) 1988, 89, 91, 93, 94, 95, 96, 97, 1998
7 Free Software Foundation, Inc.
8
9
10 License
11 -------
12
13 mon is available under the terms of the GNU General Public License. See the
14 file "COPYING" that is included in the distribution for details.
15
16
17 Overview
18 --------
19
20 "mon" is an interactive command-driven file manipulation tool that is
21 inspired by the "Amiga Monitor" by Timo Rossi <trossi@jyu.fi>. It has
22 commands and features similar to a machine code monitor/debugger, but it
23 lacks any functions for running/tracing code. There are, however, built-in
24 PowerPC, 680x0, 80x86, 6502 and 8080 disassemblers. By default, mon operates
25 on a fixed-size (but adjustable) memory buffer with adresses starting at 0.
26
27
28 Installation
29 ------------
30
31 Please consult the file "INSTALL" for installation instructions.
32
33
34 Usage
35 -----
36
37 mon can be started from the Shell or from the Tracker (BeOS), but command line
38 history doesn't work when started from the Tracker).
39
40 Options:
41 -m enables symbolic MacOS A-Trap and low memory globals display in the
42 680x0 disassembler
43 -r makes mon operate in real (virtual) memory space instead of an allocated
44 buffer
45
46 If no additional command line arguments are given, mon enters interactive
47 mode. Otherwise, all remaining arguments are interpreted and executed as mon
48 commands.
49
50 The default buffer size is 1MB.
51
52 The mon command prompt looks like this:
53
54 [00000000]->
55
56 The number in brackets is the value of "." (the "current address", see the
57 section on expressions). You can get a short command overview by entering
58 "h".
59
60 Commands that create a longer output can be interrupted with Ctrl-C.
61
62 To quit mon, enter the command "x".
63
64
65 Constants, variables and expressions
66 ------------------------------------
67
68 The default number base is hexadecimal. Decimal numbers must be prefixed with
69 "_". Hexadecimal numbers may also be prefixed with "$" for clarity. Numbers
70 can also be entered as ASCII characters enclosed in single quotes (e.g. 'BAPP'
71 is the same as $42415050). All numbers are 32-bit values (one word).
72
73 With the "set" command, variables can be defined that hold 32-bit integer
74 values. A variable is referred to by its name. Variable names may be arbitrary
75 combinations of digits and letters (they may also start with a digit) that
76 are not also valid hexadecimal numbers. Names are case-sensitive.
77
78 mon accepts expressions in all places where you have to specify a number. The
79 following operators are available and have the same meaning and precedence as
80 in the C programming language:
81
82 ~ complement
83 + unary plus
84 - unary minus
85 * multiplication
86 / integer division
87 % modulo
88 + addition
89 - subtraction
90 << shift left
91 >> shift right
92 & bitwise AND
93 ^ bitwise exclusive OR
94 | bitwise inclusive OR
95
96 Parentheses may be used to change the evaluation order of sub-expressions.
97
98 There are two special symbols that can be used in expressions:
99
100 . represents the "current address" (the value of "." is also displayed in
101 the command prompt). What exactly the current address is, depends on the
102 command last executed. The display commands set "." to the address after
103 the last address displayed, the "hunt" commands sets "." to the address
104 of the first found occurence of the search string, etc.
105 : is used by the "apply" ("y") command and holds the value of the byte/
106 half-word/word at the current address.
107
108 The "modify" (":"), "fill" ("f") and "hunt" ("h") commands require you to
109 specify a byte string. Byte strings consist of an arbitrary number of byte
110 values and ASCII strings separated by commas. Examples:
111
112 "string"
113 12,34,56,78,9a,bc,de,f0
114 "this",0a,"is a string",0a,"with","newlines",_10
115
116
117 The buffer
118 ----------
119
120 Those mon commands that operate on "memory" operate on a buffer allocated by
121 mon whose size is adjustable with the "@" command. The default buffer size is
122 1MB. The buffer is an array of bytes where each byte has a 32-bit integer
123 address. Addresses start at 0 and are taken modulo the buffer size (i.e. for
124 the default 1MB buffer, addresses 0 and 100000 refer to the same byte).
125
126 The buffer is the working area of mon where you load files into, manipulate
127 them, and write files back from. Arbitraty portions of the buffer may be used
128 as scratch space.
129
130
131 Commands
132 --------
133
134 The following commands are available in mon ('[]' marks a parameter than can be
135 left out):
136
137
138 x Quit mon
139
140 quits mon and returns to the shell.
141
142
143 h Show help text
144
145 displays a short overview of commands.
146
147
148 ?? Show list of commands
149
150 displays a short list of available commands.
151
152
153 ver Show version
154
155 shows the version number of mon.
156
157
158 ? expression Calculate expression
159
160 displays the value of the given expression in hex, decimal, and ASCII
161 characters. If the value is negative, it is displayed as a signed and unsigned
162 number.
163
164
165 @ [size] Reallocate buffer
166
167 changes the size of the buffer to the given number of bytes while preserving
168 the contents of the buffer. If the "size" argument is omitted, the current
169 buffer size is displayed.
170
171
172 i [start [end]] ASCII memory dump
173
174 displays the buffer contents from address "start" to address "end" as ASCII
175 characters. Entering "i" without arguments is equivalent to "i .". The value
176 of "." is set to the address after the last address displayed.
177
178
179 b [start [end]] Binary memory dump
180
181 displays the buffer contents from address "start" to address "end" in a binary
182 format. Entering "b" without arguments is equivalent to "b .". The value of
183 "." is set to the address after the last address displayed.
184
185
186 m [start [end]] Hex/ASCII memory dump
187
188 displays the buffer contents from address "start" to address "end" as hex
189 words and ASCII characters. Entering "m" without arguments is equivalent to
190 "m .". The value of "." is set to the address after the last address displayed.
191
192
193 d [start [end]] Disassemble PowerPC code
194
195 disassembles the buffer contents from address "start" to address "end".
196 Entering "d" without arguments is equivalent to "d .". The value of "." is
197 set to the address after the last address displayed.
198
199
200 d65 [start [end]] Disassemble 6502 code
201
202 disassembles the buffer contents from address "start" to address "end".
203 Entering "d65" without arguments is equivalent to "d65 .". The value of
204 "." is set to the address after the last address displayed.
205
206
207 d68 [start [end]] Disassemble 680x0 code
208
209 disassembles the buffer contents from address "start" to address "end".
210 Entering "d68" without arguments is equivalent to "d68 .". The value of
211 "." is set to the address after the last address displayed.
212
213
214 d80 [start [end]] Disassemble 8080 code
215
216 disassembles the buffer contents from address "start" to address "end".
217 Entering "d80" without arguments is equivalent to "d80 .". The value of
218 "." is set to the address after the last address displayed.
219
220
221 d86 [start [end]] Disassemble 80x86 (32-bit) code
222
223 disassembles the buffer contents from address "start" to address "end".
224 Entering "d86" without arguments is equivalent to "d86 .". The value of
225 "." is set to the address after the last address displayed.
226
227
228 d8086 [start [end]] Disassemble 80x86 (16-bit) code
229
230 disassembles the buffer contents from address "start" to address "end".
231 Entering "d8086" without arguments is equivalent to "d8086 .". The value
232 of "." is set to the address after the last address displayed.
233
234
235 : start string Modify memory
236
237 puts the specified byte string at the address "start" into the buffer. The
238 value of "." is set to the address after the last address modified.
239
240
241 f start end string Fill memory
242
243 fill the buffer in the range from "start" to (and including) "end" with the
244 given byte string.
245
246
247 y[b|h|w] start end expr Apply expression to memory
248
249 works like the "fill" ("f") command, but it doesn't fill with a byte string
250 but with the value of an expression that is re-evaluated for each buffer
251 location to be filled. The command comes in three flavors: "y"/"yb" works on
252 bytes (8-bit), "yh" on half-words (16-bit) and "yw" on words (32-bit). The
253 value of "." is the current address to be modified, the value of ":" holds
254 the contents of this address before modification.
255
256 Examples:
257 yw 0 fff :<<8 shifts all words in the address range 0..fff to the left
258 by 8 bits (you can use this to convert bitmap data from
259 ARGB to RGBA format, for example)
260 y 0 1234 ~: inverts all bytes in the address range 0..1234
261 yh 2 ff 20000/. creates a table of the fractional parts of the reciprocals
262 of 1..7f
263
264
265 t start end dest Transfer memory
266
267 transfers the buffer contents from "start" to (and including) "end" to "dest".
268 Source and destination may overlap.
269
270
271 c start end dest Compare memory
272
273 compares the buffer contents in the range from "start" to (and including)
274 "end" with the contents at "dest". The addresses of all different bytes and
275 the total number of differences (decimal) are printed.
276
277
278 h start end string Search for byte string
279
280 searches for the given byte string in the buffer starting at "start" up to
281 (and including) "end". The addresses and the total number of occurrences are
282 displayed. The value of "." is set to the address of the first occurrence.
283
284
285 \ "command" Execute shell command
286
287 executes the given shell command which must be enclosed in quotes.
288
289
290 ls [args] List directory contents
291
292 works as the shell command "ls".
293
294
295 rm [args] Remove file(s)
296
297 works as the shell command "rm".
298
299
300 cp [args] Copy file(s)
301
302 works as the shell command "cp".
303
304
305 mv [args] Move file(s)
306
307 works as the shell command "mv".
308
309
310 cd directory Change current directory
311
312 works as the shell command "cd". The name of the directory doesn't have to be
313 enclosed in quotes.
314
315
316 o ["file"] Redirect output
317
318 When a file name is specified, all following output is redirected to this
319 file. The file name must be enclosed in quotation marks even if it contains
320 no spaces. Entering "o" without parameters closes the file and directs the
321 output into the terminal window again.
322
323
324 [ start "file" Load data from file
325
326 loads the contents of the specified file into the buffer starting from address
327 "start". The file name must be enclosed in quotation marks even if it contains
328 no spaces. The value of "." is set to the address after the last address
329 affected by the load.
330
331
332 ] start size "file" Save data to file
333
334 writes "size" number of bytes of the buffer from "start" to the specified file.
335 The file name must be enclosed in quotation marks even if it contains no spaces.
336
337
338 set [var[=value]] Set/clear/show variables
339
340 If no arguments are given, all currently defined variables are displayed.
341 Otherwise, the value of "var" is set to the specified value. If "=value"
342 is omitted, the variable "var" is cleared.
343
344
345 cv Clear all variables
346
347 clears all currently defined variables.
348
349
350 Examples
351 --------
352
353 Here are some simple examples for what is possible with mon.
354
355 Join "file1" and "file2" to "file3":
356
357 [ 0 "file1"
358 [ . "file2"
359 ] 0 . "file3"
360
361 Remove the first 24 bytes (e.g. an unneeded header) of a file:
362
363 [ 0 "file"
364 ] 18 .-18 "file"
365
366 Load the mon executable and search for PowerPC "nop" commands:
367
368 [ 0 "mon"
369 h 0 . 60,00,00,00
370
371 Create a modified version of mon so that the prompt has " $" instead of "->":
372
373 [ 0 "mon"
374 set size=.
375 h 0 . "->"
376 : . " $"
377 ] 0 size "mon1"
378
379 Convert a binary file which contains 16-bit numbers in little-endian format
380 to big-endian format (or vice-versa):
381
382 [ 0 "file"
383 yh 0 .-1 :>>8|:<<8
384 ] 0 . "file"
385
386 Load a BeBox boot ROM image and start disassembling the system reset handler:
387
388 [ 0 "bootnub.image"
389 d 100
390
391
392 History
393 -------
394
395 Please consult the file "ChangeLog" for the release history.
396
397
398 Christian Bauer
399 <Christian.Bauer@uni-mainz.de>
400
401 Marc Hellwig
402 <Marc.Hellwig@uni-mainz.de>