*********************************************************************** *********************************************************************** (Part II of Hacking Doc) MONAM2 HELP FILE This is a copy of a monam2 help file I wrote ages ago *********************************************************************** *********************************************************************** Devpac 2 Devpac 2 is the best Monitor program I have ever used. It has some very nice break points that you can place conditions on. You can do nice things like tell the monitor to trace the program for 10000 instructions and then jump back to the monitor. Ok in the list below the Am = the right Amiga button. Window Commands TAB Mo ve to the next window Am A Set address sets the starting address of a memory or disassembly window Am B Set Breakpoint Sets various break point (see later) Am E Edit Window On the memory window this lets you edit memory. You can edit in hex (delfault) or press the TAB key and jump to the Ascii part of the window and edit in Ascii Am L Lock Window With this command you can lock the disassembly window or memory win dow to a particular register. The disassembly window is lock by default to the PC. You can lock the disassembly window and the memory window together by locking the memory window to M2. (M2 is a memory registor see later) Am O Show Other This does convertions and mathmatcis for you. It prompts for a number but you can use symbols from your program as well as complex maths Am P Printer Dump Dumps the current window to the printer, it can be aborted by pressing ESC Am R Register Set Alter a register. You can just feed in a number or define it by a maths equation ex A3=A2+4 or you can even use the symbols from the A3=A2+START Am S Split Windows Splits window 2 into window 2 and window 4 or window 3 into window 3 and window 4 Am T Change Type This only works on window 4 (created either by splitting window 2 o r by loading a source file). It changes the type of the window between disassembly, memory and source-code (if a file has been loaded). Am Z Zoom Window Zooms the current window to full size or back again. Zooming the register window shows the values of M0-M9 (Devpac internal memory registers... see later) SCREEN SWITCHING Monam uses its own screen display and will always make itself the front and active window whenever an exception (including breakpoint) occurs V View other Screen BREAKPOINTS Am B Set Breakpoint With this command you can set a variaty of kinds of break points. After pressing B just enter one of the following address will set a simple break point address,expression will set a stop breakpoint at the given address,after it has executed expression times address,= will set a count breakpoint. The ini tial value of the count will be zero address,* will set a permanent breakpoint address,? expression will set a conditional breakpoint, using the given expression such as the value of a registor etc address,- will clear any breakpoint at the given address You can't set a break point in ROM Help Show Help and Breakpoints This displays the current breakpoints, task status, its seqment list (showing where your program is), free memory and the system memory list. Am commands are available within this display Ctrl B Set Breakpoints Sets a breakpoint at the start address of the disassembly window (you have to be in it). If there is one already there it will clear it U Go Until Prompts for an address at which a simple breakpoint will be placed then program execution resumed Ctrl K Ki ll Breakpoints Clears all break points Ctrl A Set Breakpoint then Execute A real great command. It places a simple breakpoint at the instruction after the Program counter and then runs the program. This is really great for single stepping through conditional loops, you just single step down to the command that does the test and loop and press Ctrl A and it places a breakpoint after the loop and then runs program (goes arou nd the loop until it falls through on to your break point). The only thing to watch is the program exiting at another point and never getting to your break point Ctrl X Stop program executing Stops your task running. It does this by setting the trace bit so you will get a trace exception. While this does work, be careful if you stop it in the middle of some AmigaDOS ROM routines, particularly signal handling and message pa ssing OTHER STUFF Monam has a history buffer showing the condition of the registors and program counter. H Show History buffer Shows the history buffer (for the last 5 instructions) Ctrl C Terminate Leave Monam Ctrl Q Quit a program Stops a program running. This can be hazardous to use, and should only be done as a last resort. If your program is terminated in this way it will not clean up, and thus not de-allocate any memory it was using or close windows etc Ctrl L Loading Executable Program This will prompt for a filename and then a command line and will attempt to load the file ready for execution. If MonAm has already loaded a program it is not possible to load another until the former has terminated B Load Binary File Prompts you for a file name and optional load address (separated by a commma) and will then load the file where specified . If no load address is given then memory will be allocated from the system. M0 will be set to the start address and M1 to the end address (see below for a discription of the M registers) A Load Ascii file A great command that allows you to load a ascii file (such as the sorce coad) into window four of Monam, if window 4 isn't already open then it will open it automaticly EXECUTING PROGRAMS Ctrl R Return to program/Run Runs the current program from the PC position at full spead the history buffer will not be updated while running. Ctrl Z Single-Step This single-steps the instruction at the PC with the current register values. Single-stepping a trap, Line-A or Line-F opcode will, by default, be treated as a single instruction. This can be charged using Prefrences (Ctrl P) Ctrl Y Single-Step as above but included for the convenience of German u sers Ctrl T Interpret an Instruction (Trace) A great command. It is the same as Ctrl Z but skips over BSR's, JSR's, Traps, Line-A and Line-F calls, re-entering the debugger on return from them to save stepping all the way through the routine or trap. It works on instructions in ROM and RAM Ctrl S Skip and Instruction Ctrl S increments the PC register by the size of the current instruction thus causing it to be skipped. Use this inst ead of Ctrl Z when you know this instruction is going to do something you dont want R Run (various) Prompts for the style of run you want just press it and you will be prompted for G Go Identicial to Ctrl R just runs the program at full speed I Instruction This is a great command that executes the entered number of enstructions remembering the infomation in the history buffer and then returning to Monam. Traps are executed as single insturctions SEARCHING MEMORY G Search memory (get a sequence) Will prompt for B/W/L/T standing for Bytes, Words, Longs, Text and Instructions (Intructions and Texzt are case sensitive). The SP is not called SP in the searches it is called A7 N Find Next Having found one with the G command (see above) you can find another occurence of it by pressing N OTHER STUFF Ctrl P Preferences Alows you to alter various options in Monam by answering Y/N to the questions I Intellegent Copy Copies a block of memory to another area. The addresses should be entered in the form START,INCLUSIVE_END,DESTINATION No checks are made on the validity of the move. It will let you quite happily crash the system L List Lables Lists all the lables in the program. Lables are displaye d in the order they where found on the disk W Fill Memory With START,INCLUSIVE_END,FILLBYTE P Disassemble to Printer/Disk Disassembles Area of memory to printer or disk with lables the first lines should be entered in the form START_ADDRESS,END_ADDRESS The next line prompts for an Area of memory to use to build the cross-reference list, which should be left blank if no automatic labels are require d else should be of the form BUFFER_START,BUFFER_END Next is the prompt for data areas which will be disassembled as DC instructions, of the form DATA_START,DATA_END,SIZE The optional size field shoudl be B, W, L, defaulting to L, determining the size of the data. When all data areas have been defined, a blank line should be entered Finally a filename prompt will appear, if this is blank all outp ut will be to the printer, else it will be assumed to be a disk file **** Special Note **** I will be stuffed if I can get this to work... I can get it to just disassemble the code but I can't get it to put in lables. (it worked on the ST what happend guy's). We hope for a fix in an upgrade. M Modify Address Same as Am A O Show Other Bases Same as Am O D Change Drive and Directory Change current Drive and Directory THE M REGISTERS (In the bits above where I said see later well here it is) The Devpac manual is shy and doesn't blow it's own horn enough about some of it's features. The M registers are one of the things, Devpac has internal registors numberred M0-M9 some of them are used by the program such as M2 and M3 which control the start of the disembly window and the start of the Memory window. You can alter the value of the M registers and the windows will reflect the change. You can use som e of the registers for your own use such as setting M7 to a memory address you want to look back at latter and the go away and look at another memory address then when you want to go back you just go M .... for Modify memory and M7 and you will jump back to the address you stored just by going MM7 when you load a binary file M0 and M1 are set to the start and end of file you loaded. This makes it really easy to load a binary file change a character and save it back again. You don't even have to en ter in the start and end addresses when you save it you just use M0 and M1 in the save statement M2, M3, M4 and M5 are the start addresses of windows 2,3,4,5 Another thing Devpac doesn't make to much about it the use of symbols in your statements such as alterring a register A5=A2+A3+START_PRG - SUM_OTHER_NUMBER So why work it out let Devpac do it for you Fuck that took me a long time to type in and I dearsay there are heeps of spelling mistacks in it so if you find one all you have to do is write it o n a piece of paper and flush it down the loo. Or correct the file and reload it up to the board. Bye Fun_to_hack *********************************************************************** *********************************************************************** MONAM2 METHODS This is a copy of a file I wrote ages ago showing you how to get the most out of monam *********************************************************************** ******** *************************************************************** HANDY THINGS TO KNOW ABOUT DEVPAC'S MONAM I really like using Devpac's machine code monitor (called Monam or Monam2 from here on). Most people don't really use it to it's potential because the manual dosn't emphasize some of the better features so I thought I would write about some of the handy features and methods of using them that I have found helpful in debugging programs. Everything I mention here is in the manual but some it is in very o bscure places or just mentioned in passing. This is not an Help file of the commands but a help file showing better ways to use the commands. For a list of the commands see the file Monam2_help.txt Monam2 will debug programs and tell you what the machine code calls are as it comes to them so instead of looking at code that says JSR -$1E(A6) when you are single stepping the program you will see JSR Open. This is great and stops you looking up endless calls in the manual. The way to get it to do it is to put the file Libfile.Monam into the libs directory on your systems disk. You will find the file in the Libs directory on the original distribution disk. Monam2 will debug programs that have been saved with the labels in them and display them in the program when you are single stepping it. Ok that is obvious but what isn't so obvious is you can use the labels yourself. This is great if you are like me and hate keying in 6 didget Hex numbers all the time. When ever you have to key in a hex address you can just type in the label instead. You can set the program counter to point to a label just by using the Set register command (Right_Amiga_Key R PC=label) that goes for setting the address of the current window as well (M label) you can even use the names of the Registers to save you key in the values in them. For example if A0=$123456 and you think it is pointing to a file name and want to see what it is you can set the Data window to it by making it the current window and going M A0 this will set the current win dow to the value in AO you can do this for all the Registers A0-A7, D0-D7, PC. All these labels and short cuts really come into there own when you are doing a calculation you can use the O command (Other) for doing calculations you can do things like O A0+D0 and it will work out what the values in A0 plus D0 equal. You can use all the Registers A0-A7, D0-D7 the PC and even use the SR register (you can do it with the SR reg I didn't say you could do anything useful with it). You can even use the operators {} for the number at an address instead of the address itself for example if A0 is pointing at number $12345678 you can go M {A0} and it will set the current window to address $12345678 this could be useful for looking up a table. If you want to actually do something with the address A0 or the number A0 then all you have to do is put a $ in front of it. Apart from using labels and Registers as short cuts Monam2 has some built in reserve words they are CODE which is set to the start address of any program you load up and HUNK1 HUNK2 etc which are set to the start of the Hunks. CODE is very handy for when you are single steeping and want to nip back to the start to see what where you started. Hunk can be handy for jumping around the code. There is no end off HUNK or ENDOFCODE reserved words. The flexibly of the maths bits of Monam2 is extreamly good and you will find you can use it from any part of the program so when ever you want to go to an address or set a register to a value you have to work out you don't ha ve to work it out and then set the register or tell Monam2 to go to that address just include the equation in the command to tell monam to go to the address or set the register to the value. With out a doubt my feature of Monam2 is it's Memories there are 10 memories M0 to M9. M0, M1, M2 and M3 are used by Monam itself. M2 is set to the top of the disassembly window and M3 is set to the top of the Hex window when ever you move these windows then the values change to the top of it's window. We can use these for our own use. If you are in the Disassembly window and come across a bit of code that looks a bit funny and could be data so you nip over to the Data window and want to set it to the same address as the disassemble window. Just go to the Data window (M3) and press MM2 then hit RETURN (M for memory and M2 for the address of M2 which is the disassemble window). Although this involves four keystrokes which is in most cases only going to be a few less than going M and the address you want to go anyway since two of them are the same and the other one is Return and you don't have to hunt and peck around the keyboard to type in a hex number you get a great increase in speed and you are much more sure of getting it right than keying in the number. You actually have two more windows than are not obvious, if you go to the disassembly window and press Right Amiga button and S at the same time then you split the window into two windows both which are disassemble windows you can jump over to the Data window and split i t in two the same way and you can jump around them with the TAB key just as you can do with the two normal windows and you can Zoom each of the windows with Amiga Z. I will talk more about windows and the M variables in the Section on Tracing techniques and Stuff. You can also lock a window to an window to a Memory variable or a register. By default the disassembly window is locked to the PC but you can lock any of the windows to any register or Memory value. To lock the Data window to A0 you just move to t he Data window and press the right Amiga key and L simultaneously and then then type A0 and press return and from then on the Data window will always be set to the value of A0 and if it should change then the top of the window will change. You can also lock windows together for example to lock M3 to M2 you go to the Data window (M3) and go Amiga L M2 return and everytime the the disassembly window changes the Data window will change to match. To unlock a window you just lock it to it's Memory value example move to the disassembly window and go Right Amiga L M2 and the window will not change when PC goes off the screen. The values M0 and M1 are automatically set to the start and end of a file that is loaded in with the binary function (B) this is very handy when you want to save a file back again you just use M0 for the start and M1 as the end. The values of M are set to M0 Start of the last binary file loaded M1 The end of the Last binary file loaded M2 The start of the Disassembly window M3 The sta rt of the Data window M4 The start of the second disassembly window if it exists otherwise free M5 The start of the second Data window if it exists otherwise free M6 A free variable to be used by you M7 A free variable to be used by you M8 A free variable to be used by you M9 A free variable to be used by you To get a list of all the M variables as well as the usual A0-A7, D0-D7, PC and SR just keep pressing TAB key until you get to the register window and press Right Amiga key and Z (for Zoom) and you get a dump of all the Registers. While you are in the Zoom mode you can't use the O command for preforming calculations but you can use right Amiga O to do the same thing. The O without an Amiga key is supposed to be there only to be compatible with Monam 1 but I don't know anyone who uses the Amiga O version so you tend to think Monam2 wont let you do calculations but it will, this is very handy because so often the thing you want to calculate on is something you have seen in Zoom mode the same go es for the screen that displays the hunks and break points (got to by pressing Help). You can also set Registers in Zoom mode and in the help key screen just go Right Amiga R and set the register as per normal. You can get a dump of the current window you are in by going Right Amiga P this also works in Zoom mode giving you a bigger dump. The disassemble to printer or drive option of monam2 (version 2.0) has a floor in it... it won't put labels in even though it ask you for an area to store the labels in. T he only way to fix this is to get a latter version of Monam there is a version of Monam2.05 that has been converted from German to English (thanks Sigfried) have a look on the disk you got this with if it is there it will be called Monam2.05 (my name not anyone elses). The only problem we have found with this version is it wont save Preferences (hopefully we will fix this). I found the easiest way around this is to save the preferences from an earlier version of Monam2 (real men change the file by hand). T racing techniques and stuff When you are single stepping a program and stop half way through and go into Zoom mode you are able to jump up and down the program and have a good look around then when you press Escape to go back you where you where when you went into Zoom mode this is great if you wanted to go back to there but if you have just found something interesting and would rather have that at the top of the window when you got back to the normal screen this is an absolute pain. The way around this is to set the window Memory variable from Zoom mode if you are in the Disassembly window and you go into Zoom mode then advance four or five pages all you have to do is go Amiga R M2=address to set the memory variable M2 (top of disassembly window) to the address that you want to be at and when you press escape the top of the window will be the address you put into the register M2. When you are tracing a program and you come to something of interest you can flag it by setting a memory value to the PC (Amiga R M3=PC) and if you find another thing then set M4=Pc and M5 etc up to M9 then if you want to come back you just go MM3 (Memory M3) and later MM4 etc. I use this quite alot to keep track of the flow of a program that I am tracing if you get to a suspicious part that calls a subroutine and you set M3=PC if that subroutine calls another one you can set M4=PC etc. You can then conveniently jump around the bits of the program without having to write a single address down. A thing I use this for alot is working ba ckwards. You find a bit of code in the program that look of interest and you Set M9=Address then trace the program using the Instruction search and when if you find the call to it you set M8=address then search again for a call to that address and set M7 to it's address. With all these memory variables set to different parts of the program you can then go MM6 or MM7 or MM8 to jump around the different parts of the program of course this is very limited in the amount of code you can do this with and there i s a good chance that you wont be able to find the address call you are searching for but anytime you find you are about to write a Memory address down set a Memory variable to equal it instead. I find moving the address to the top of the window and using the Memory variable for that window to define the new variable the best way to do it.. for example want to set M5 to an address in M2 you just keep pressing the down arrow until the address lines up with the top of its window and go Right Amiga R M5=M2. Thi s sounds very involved but you will find your self doing it very quickly after a few times and it doesn't involve keying in a number which is the thing that really slows you down and is most likely to be got wrong. Saving and loading a binary file can be very handy for changing a program you don't have the source code for (Hacking who me?). If you load an executable program with the binary load function (B) it loads the whole program including the program header and file relocation table. The program looks just as it would on the disk not as it would look in memory if you had loaded it as an executable file (Control L) because when a program is loaded by the operating system it is relocated to run at that place in memory. If you load a program with the B option you can save it with the S option and it will still run in the usual fashion the trick is to save it with a correct start and end. If you were to try and find out the start and end by looking in memory you would without a doubt fail but since the varia ble M0 and M1 are assigned to the start and end of the binary file loaded all you have to do is to save it using M0 for the start and M1 as the end. After you have loaded a program you can then alter bits of it. But you have to be careful what you are doing, you can't alter anything that has absolute address because this will be altered by the relocation table when it is loaded but you can alter things that are PC relative or change commands into Nop's or change a conditional branch to another condition suc h as make a BNE to BRA just by changing one byte. I can not over emphasize the need to make sure you are not changing something that will be altered by the relocation table when the program is loaded. When you are looking at a program you have loaded as a program (the normal way with Control L or when starting monam) have a look the data window and see if the address that a call is talking about is there in hex if it is then it was put there by the relocation table and is to be left alone. The other thing t o watch out for is making sure you don't save the program down on top of something else on the disk. Normally the file system makes sure you don't do that but if it is a protected disk then they may be loading sectors directly from the disk and not have allocated them as already used and the operating system will think there fair game and save your file down over some other code on the disk. The way to be sure this dosn't happen is to use Newzap or one of the other excellent file zapers available on the ami ga and change it directly on the disk. Loading the file up as binary is still handy in this case as it will show you exactly what the code looks like on the disk so you will have lots to code surrounding the code you want to change to confirm you are in fact changing the right bit of code. UPDATE ON MONAM2_METHODS SNAP & OSNAP There are two programs that I have started using in conjunction with Monam2 and I dont know what I would do without them. They are both the same kind of program. I started using sna p and have now retired it in favour of OSNAP but if you cant get OSNAP then snap will do fine. The programs allows you to click on some text anywhere on the screen and copy it into a buffer and then paste it somewhere else as if you had keyed it in by hand. The programs have many uses including using them from inside a modem package to quote other messages back at people. But from monam I use it for enterring in hex numbers for me. You will have noticed I have a reel hatrid with hex numbers and will do anyt hing to get away from keying them in includeing using the memories as much as posible to store them. With both SNAP and OSNAP you can do things like see a BSR $12345 instruction and move the mouse pointer to the line hold down the Amiga key and drag the pointer accross the number and copy it into a buffer then you just go M (for change window address) and press Amiga I to insert it into the line. You can grab the numbers from anywhere. OSNAP is the same as snap with more features the main feature I like is the fact it has a history buffer on the strings it is grabing. I use this to follow the flow of a program. You come to a BSR so you grab the whole line with the BSR instruction in it and then single step to the address it is going to then the next time you get another BSR you grab it again and you carry on doing this until you decide you went the wrong way and then you just list the lines you have been grabing and to go back one call you just change to the address at the start of the line. FunToHack