Command Line Actions

A number of arithmetic, bitwise, and logical functions are available. The precedence of evaluation is similar to that of the C programming language. Here they are, listed in order of precedence:

Functions	Type
- ~	Monadic
* /	Dyadic
+ -	Dyadic
symbols, .code, .data, etc.	Address expression
: \|	Dyadic (address construction)
] [ {	Monadic (extraction)
>> <<	Dyadic (bit shift)
< <= >= >	Dyadic (relational)
== !=	Equality
&	Dyadic (bitwise AND)
^	Dyadic (bitwise XOR)
&&	Dyadic (logical AND)
\|\|	Dyadic (logical OR)

For example, this expression

2a + 3 * {[.data+2|2c / 4 & ffff == 5af && 3 << bl || 21 ^ 2

is evaluated as

(((2a + (3 * ({([.data+2)|(2c / 4)))) & (ffff == 5af)) && (3 << bl)) || (21 ^ 2)

**Code Breakpoints**
BC	Display all code breakpoints.
BC addr	Set code breakpoint at addr.
BC*	Clear all code breakpoints.
BC* addr	Clear code breakpoint at addr.
BC+	Enable all code breakpoints.
BC+ addr	Enable code breakpoint at addr.
BC-	Disable all code breakpoints.
BC- addr	Disable code breakpoint at addr.

**Debug Registers DR0 to DR3**
BD	Display debug registers (also Alt-F9).
BD addr	Set DR breakpoint on instruction fetches at address addr.
BD addr LnI	Set DR breakpoint on I/O of length n (n=1 (byte), 2 (word), 4 (dword)) at I/O port addr.
BD addr LnR	Set DR breakpoint on read/writes of length n (n=1, 2, 4) at address addr.
BD addr LnW	Set DR breakpoint on writes of length n (n=1, 2, 4) at address addr.
BDn*	Clear DRn.
BDn+	Enable DRn.
BDn-	Disable DRn.

**Data Display**
D	Display next screen of data.
D addr	Data display.
D-	Data display back one page.
Dx addr	Data type (B = Byte, W = Word, D = Dword, V = Vector, G = GDT, I = IDT, T = TSS, T2 = 286 TSS, T3 = 386 TSS).
Dx addr P	Data display as physical data (say in ROM which has been mapped over by 386MAX).
Dx addr Pexp	Data display using exp as CR3 - this is useful when debugging VCPI clients because they use a separate CR3.
All data display commands may be followed by an optional width switch (e.g., DW/5 which displays the data at five words per line instead of the usual eight). The data width switch must be placed between the data command and its arguments (if any) as in DW/5 DS:0.

**Data Entry**
E addr [xx ...]	Enter data starting at addr using optional hex bytes xx.

**Descriptor Table Entry**
DTE expr	Display the Descriptor Table Entry corresponding to the selector in expr.

**Exit To DOS**
EXIT	Exit to DOS. This command is equivalent to the following command sequence: R AH=4C SIGINT 21 G

**Data Fill**
F addr L len xx	Fill data starting at addr of length len with byte value xx.
F addr Llen xx P	Fill physical data starting at addr of length len with byte value xx.
F addr Llen xx P exp	Fill data starting at addr of length len with byte value xx where addr is translated using exp as CR3 - this is useful when debugging VCPI clients because they use a separate CR3.

**Data Move**
M addr Llen addr	Move data starting at first addr of length len to second addr

**Hex Arithmetic**
H exp	Display hex arithmetic result

**Instruction Goto**
G	Go without stopping (same as ESC)
G addr	Goto to instruction at address addr
GM bool_exp	Go monitor (single-step until bool_exp is TRUE) -- see Monitor Mode
GM	Go monitor using last boolean expression specified with GM

**MAC Display**
MACBASE addr	Set the base address of the MAC chain in case it's different from .DMAC. This is handy when displaying the DOS subsegment chain.

**Insertion Into PM Context**
INSERT gdtridtr [cr3 [lapde]]	Insert into PM context.
INSERT * idtr	Insert into IDT. where gdtr = linear address of fword describing the GDT idtr = ... IDT cr3 = incoming CR3 (optional) lapde= linear address of 4MB block where 386SWAT's PDE(s) should be copied
Insert 386SWAT into a PM context while still in RM. This feature is useful when attempting to debug across the boundary from RM to PM. In particular, it can be used to gain control shortly after Windows enters PM.

**Instruction Disassembly**
U	Display the next screen of instructions.
U addr	Unassemble instructions starting at addr.
U-	Unassemble instructions back one page.
U16 addr	Unassemble instructions starting at addr as a 16-bit code segment.
U32 addr	Unassemble instructions starting at addr as a 32-bit code segment.
Ux addr P	Unassemble instructions as physical data (say in ROM which has been mapped over by 386MAX).
Ux addr Pexp	Unassemble instructions starting at addr using exp as CR3 - this is useful when debugging VCPI clients because they use a separate CR3.

**Page Table Display**
PTE addr PTE val	Display the Page Directory and Page Table entries which correspond to the address addr or linear address val.
SPTE addr/val	Same as PTE command, but also displays the matching PTE in the PTE display screen (F5).

**Signal Interrupt**
SIGINT xx	Signal interrupt xx (00 to FF, of course).
This keyword is useful (particularly for hardware interrupts) when you are debugging a time-critical piece of code and need to see what would happen if (say) a timer tick happened at this particular point.

**Toggle Interrupt Interception**
TOGINT xx [xx...]	Toggle interception of interrupt xx (00 to FF, of course). Valid interrupts are 00, 01, 02, 03, 05, 06, 0C, 0D, 0E. For example, if TRAPINV does not appear in the 386SWAT profile and you wish to enable it, use TOGINT 6.

**Register Operations**
R reg[=]exp	Set register reg to exp. Valid registers include all GP and EGP as well as FL, EFL, CRn, DRn, TRn, TR, and LDTR. There are two ways to crash the system via this command: setting CR3 to a bad value, or setting EFL with a bad value for the VM or IOPL flags. The code which sets CR0 forces the Page Enable and Protect Enable bits on (as evidenced by typing R CR0=0), so experiment with setting CR0 without fear. Use the pseudo-register names CSIP or CSEIP to set both registers to an address.
R reg.str[=]exp	This command also supports bit mask qualifiers on registers. For example, to set the AM bit in CR0, type R CR0.AM=1. See Register Mask Values for a complete list of mask values supported.
RC	Clear saved register state so another RS may execute.
RR	Restore saved registers.
RS	Save registers to restore later via RR. Only one RS may be executed at a time without either restoring the state via RR or clearing the state via RC.

**Search Operations**
S addr1 addr2 tgt S addr L len tgt	Search from addr1 to addr2 or from ea for len bytes for target tgt.

The search results are displayed on a separate screen which may be made active at other times by pressing F6. Only the first 23 matches are displayed. In a future release the Up, Down, Page Up, and Page Down keys will allow scrolling through successive matches.

The target may take one of several forms:

Use a target of the form xx, xxxx, xxxxxxxx where x represents a hex digit to search for bytes, words, or dwords of a specified value. For example, the form S 0:0 L FFFF 10CD searches for all occurrences of the hex bytes CD followed by 10 in the first 64KB of conventional memory. Word and dword searches do not require word or dword alignment of the matching data. The number of digits entered determines the width of the value. Thus you should use leading zeros to pad out a small value to a wider width. For example, 0 and 00 both search for a single byte of zeros, 000 and 0000 both search for a word of zeros, and 00000, 000000, 0000000, and 00000000 all search for a dword of zeros.
Use a target of the form "search_string" to search for a case sensitive string. For example, S 0:0 L FFFF "386MAX" searches for all occurrences of the string 386MAX in the first 64KB of conventional memory. The ability to search for a case insensitive string will be added in the future.
Use a target of the form !instr to search for a specific assembler instruction. For example, S 0:0 L FFFF !INT 10 searches for all occurrences of video interrupts in the first 64KB of conventional memory. This target is found by disassembling the code between the start and stop addresses instruction by instruction, thus the alignment of the matching instructions and the starting address is critical. If data appears within that range, some matches may be missed. The command S1 (instead of S) can be used to disassemble the code byte by byte. That is, with the S command, having disassembled an instruction which does not match the specified pattern, the next instruction is searched; with the S1 command, the next byte is searched. The code search text may include one or more question marks as wildcards which match any character in the disassembled instructions. For example, use S 50|0 FFFF !mov e??,cr? to find all moves from a control register to a 32-bit register. Try the forms S 3BC7:100 FFFF !mov [1234] and S 3BC7:100 FFFF !mov ?s:[1234] to find all moves into location [1234] with or without a segment override. To find jumps to a specific location, use the code targets !j? 1234, !j?? 1234, and !j??? 1234. Note that floating point instructions may be disassembled beginning with either F or FN depending upon the presence of a preceding WAIT opcode (9Bh). To be safe, search for both.
Use a target of the form #pte to search for a PTE in the Page Tables. For example, S 0 C0000000 # CF4000 searches for the PTE CF4000 from linear 0 through linear C0000000. The linear addresses are both rounded down to a 4KB boundary. A match at a particular linear address means that the PTE was found and it covers the 4KB block at the linear address displayed. When comparing PTEs, the flag bits are ignored, thus a match might be found when the PTE in the Page Tables is not present.

**I/O Port Read/Write**
Ix port	Input Byte, Word, or Dword from port.
IMR	Display current Interrupt Mask Register values for master and slave PICs.
IRR	Display current Interrupt Request Register values.
ISR	Display current In-Service Register values.
Ox port val	Output Byte, Word, Dword val to port.

**Symbolic Debugging (see SWATSYM.DOC for details)**
CD [d:][path] CHDIR [d:][path]	Change the current directory to path. If no argument, display the current drive/directory.
FS	Flush symbol table.
LF filename	Load file into browser.
LI +	Enable line number display in disassembly screen.
LI -	Disable line number display.
LI dddd	Go to line dddd (decimal) in file browser.
LI dddd+	Go to line dddd forward from current line.
LI dddd-	Go to line dddd back from current line.
LS filename	Load symbol file.
LS filename exp	Load symbol file and add 16-bit value to all VM segments.
PATH d:\dir1[,d:\dir2[,...]]	Set source file search path.
PATH+ d:\dira[,d:\dirb[,...]]	Add to source file search path.
PS r	Set range of symbol proximity searches to r.
PS r g	Set range r and granularity g (1=bytes, 2=words, 4=dwords) of symbol proximity searches.
QS addr	Display the symbol which is nearest to (and below) the given address.
SB+	Enable source browser mode.
SB-	Disable source browser mode.
SB*+	Enable source browser mode but disregard module names.
TS	Force all symbols to be retranslated according to current GDT and LDT.
TS sel	Retranslates only for selector/segment sel.
TS * ID	Retranslates for all selectors/segments with ID specified.
TS sel ID	Retranslates only for selector/segment sel with ID specified.
TS \|sel* \|IDv\|p*	Change to specified mode for selector and/or ID specified.
TS \|sel* \|ID \|v\|p nsel	Replace segment/selector and mode for specified selectors and IDs. If * is specified for mode, the mode is left alone.
TS \|sel* \|ID \|v\|p nsel+	nsel is added to all specified segments.

**Remote debugging (see SWATREM.DOC)**
APPKEY	Edit application keystroke buffer. This is primarily useful for remote debugging. If an application is waiting for a keystroke, this feature allows you to send one to the application, as well as to view any that may already be available.
CHAT	Enter CHAT mode (also via Ctl-F8).
SETCOM port bps	Initialize specified serial port for communications. See SETCOM= profile option for full syntax.
SETCOM	Reinitialize the serial port with values last specified by SETCOM or SETCOM=. This is useful when an application has reprogrammed the UART.
SETCOM -	Ignore all activity on serial port. Use this if you are done with remote debugging and wish an application to have access to the serial port. When 386SWAT is using the serial port, no serial port interrupts will be visible to virtual mode programs.
SETCOM RTS+	Pull RTS (Request To Send) line high.
SETCOM RTS-	Drop RTS (Request To Send) line low.
SETCOM DTR+	Pull DTR (Data Terminal Ready) line high.
SETCOM DTR-	Drop DTR (Data Terminal Ready) line low. This is one way to hang up a modem that won't respond to (wait)+++ (wait)ATH(ENTER).
REMDBG	Attempt to establish remote debugging session (also via Ctl-F9). See the section below on remote debugging.

Unreal Mode

UNREAL s reg [s reg...]

where s is a sign (+ or -) indicating whether to enable or disable, and reg is a segment register CS, DS, ES, FS, GS, SS, or the keyword ALL.

Turn on and off Unreal Mode for all or selected segment registers. This mode is a variant of Real Mode in which any segment register can access all of the 4GB address space. That is, instead of the normal 64KB length of a segment, the length is 4GB. This command can enable all or just some of the segment registers for Unreal Mode. For example,

UNREAL +ALL	enables UM for all segment registers
UNREAL -ALL	disables ...
UNREAL +DS	enables UM for DS only
UNREAL +DS +ES	enables UM for DS and ES

To see if a segment register is enabled for UM, look for the plus sign next to the segment number in the instruction disassembly window.

**Virtual Mode Switches**
VMSCOUNT=val	Don't intrude into the GDT/IDT for VCPI debugging until the value in this counter has decremented to zero. This keyword is useful for occasions where the VCPI client shuffles its GDT and IDT around for a while before deciding just where it's going to be.
VMSINT=ON\|OFF	Enable (ON) or disable (OFF) VCPI debugging. Use this feature in cases where some VCPI programs misbehave when VCPI debugging is enabled. In this case, enable VCPI debugging only as necessary.
VMSINT=xx,xx,...	Change the default interrupts intercepted by 386SWAT when debugging VCPI clients.

**Pentium-Pro CPU Specific Commands**
BTF	Display Branch Trace Facility state (ON or OFF).
BTF ON\|OFF	Turn Branch Trace Facility state ON or OFF.
LBR	Display Last Branch/Exception values on the command line.
LBR ON\|OFF	Turn Last Branch/Exception window display ON or OFF. The four-line window displays the Last Branch From EIP, Last Branch To EIP, Last Exception From EIP, and Last Exception To EIP. Also, the keywords .LBRFR, .LBRTO, .LEXFR, .LEXTO contain the value of the Last Branch/Exception From/To EIP in case these need to be used in command line expressions (e.g., U .LBRFR).

**Windows Debugging Commands (see WINKDBG.DOC)**
IPF [/d] [/s] [/r] expr	If Invalid Page Faults are being trapped by 386SWAT's VxD (see SWATVXD.DOC for more details), use the IPF command to control how these events are to be handled. The optional switch /d tells 386SWAT not to display a message on the mono screen describing this event, /s tells 386SWAT not to stop when this event occurs, /r tells 386SWAT to remove this entry from its local tables, and expr is an expression which evaulates to a linear address corresponding to the Invalid Page Fault.
MDB expr	Display the memory which corresponds to the selector expr as a Module Database.
SGH [/b\|/s\|/h\|/o] [/c] expr	Search through the Windows Global Heap for values. The expression (expr) entered is interpreted as a base address if /b is specified, size if /s, handle if /h, and owner if /h. If /c is specified, the search continues from the currently displayed entry; otherwise, the search starts at the top of the heap.
TDB expr	Display the memory which corresponds to the selector expr as a Task Database.
WKD [ON\|OFF]	Turn ON or OFF Kernel Debugging. This command cannot be used from within Windows.
WKD [QUIET\|NOISY]	Disable (QUIET) or Enable (NOISY) reports on Parameter Errors.
WKD LOGERROR [ON\|OFF]	Turn ON or OFF the INT 01h trap of calls to LogError ().
WKD FAULT [ON\|OFF\|SKIP]	Turn ON, OFF, or SKIP once traps for Faults.