                             MEMSCAN  V1.0
          Copyright 1994 Gerry Futterman.  All rights reserved


 a20 is ON   2  3  4  5  6  7  8  9  A  B  C  D  E  F  0  1   23456789ABCDEF01
ͻ
D400:0452 54 79 70 65 20 4D 45 4D53 43 41 4E 20 61 74 20  Type MEMSCAN at  
D400:0462 74 68 65 20 20 44 4F 5320 70 72 6F 6D 70 74 2E  the  DOS prompt. 
D400:0472 20 59 6F 75 20 77 69 6C6C 20 20 62 65 20 70 72   You will  be pr 
D400:0482 65 73 65 6E 74 65 64 2077 69 74 68 20 61 20 20  esented with a   
D400:0492 32 35 36 20 62 79 74 650D 0A 77 69 6E 64 6F 77  256 byte..window 
D400:04A2 20 69 6E 74 6F 20 74 6865 20 50 43 27 73 20 20   into the PC's   
D400:04B2 6D 65 6D 6F 72 79 20 6173 20 77 65 6C 6C 20 61  memory as well a 
D400:04C2 73 20 20 61 20 66 61 6972 6C 79 20 63 6F 6E 64  s  a fairly cond 
D400:04D2 65 6E 73 65 64 20 68 656C 70 20 20 73 63 72 65  ensed help  scre 
D400:04E2 65 6E 0D 0A 64 65 73 6372 69 62 69 6E 67 20 74  en..describing t 
D400:04F2 68 65 20 76 61 72 69 6F75 73 20 66 75 6E 63 74  he various funct 
D400:0502 69 6F 6E 73 20 77 68 6963 68 20 63 61 6E 20 62  ions which can b 
D400:0512 65 20 70 65 72 66 6F 726D 65 64 2E 0D 0A 0D 0A  e performed..... 
D400:0522 54 68 65 20 77 69 6E 646F 77 20 20 68 61 73 20  The window  has  
D400:0532 74 68 72 65 65 20 20 7375 62 64 69 76 69 73 69  three  subdivisi 
D400:0542 6F 6E 73 2E 20 54 68 6520 20 6C 65 66 74 6D 6F  ons. The  leftmo 
ͼ
^pgup/dn -/+  4K bytes  ^f/b  +/- fast scan                    MEMSCAN V1.0
 pgup/dn -/+ 256 bytes  # Prtsc OK; + Case INsen srch               by
 up/down  -/+ 16 bytes  F1-5 edi,find,next,dmpA,dmpB           G. Futterman
 left/rite -/+ 1 byte   alt (s/c)  shell/command
 s/o minimize seg/ofst  t ascii text 0-255
<cr> - address input; esc - quit


                        DISCLAIMER OF WARRANTY:
                        -----------------------

MEMSCAN is provided  "as is" and  without warranties as  to performance,
merchantability,  fitness  for  a  particular  purpose,  or  any   other
warranties whether expressed or implied. The user must assume the entire
risk of using this program. The author will assume no liability for  any
damages resulting either from the direct use or misuse of this  software
or as a consequence of the use or misuse of this software.



                              DESCRIPTION:
                              ------------

MEMSCAN  is  a  memory  browser  with  edit,  search,  and  dump-to-file
capabilities.

MEMSCAN is intended mainly for DOS programmers but can be used by anyone
interested in looking into the IBM PC's memory.

It is assumed  that your monitor  is either a  color or black  and white
EGA/VGA or an MDA, and is in standard text (80X25) mode when MEMSCAN  is
started.

Type MEMSCAN at the  DOS prompt. You will  be presented with a  256 byte
window into the PC's  memory as well as  a fairly condensed help  screen
describing the various functions which can be performed.

This window has  three subdivisions. The  leftmost displays the  address
space in  segment:offset form.  The next  (and largest)  shows the (hex)
contents of this space, followed by, the third, its ascii equivalent.

If  no  command  line  parameter  was  entered, the BIOS area (see other
sources for this - Ralph Brown's  memory list is good) is presented  for
view.

                               View mode:
                               ----------

On  startup,  MEMSCAN  is  in  view  mode.  This  is the only mode which
dynamically updates  the screen.  View mode  offers a  sub mode which is
controlled via the return key.

o       Address input mode:

Hitting the enter key takes you into address input mode. The first  time
this mode is entered should  find the cursor under the  leftmost segment
address digit of the address line. (If the cursor doesn't appear at all,
try hitting alt-c followed by escape.)

You may now edit/enter a hex address. Legal keys are 0-9 and A-F;  Space
translates to 0.  Use the tab,  home, end, or  left/right arrow keys  to
position the cursor. Backtab destructively backspaces.

Hit return  again to  display memory  starting at  the entered  address.
Address input  mode will  now close,  and the  address is  added to  the
history.  Some  systems  will  generate  a  memory  parity error if this
address space contains no physical RAM.


o       Functions available in view mode:

The function keys F1-F5 will take MEMSCAN into the following modes:

F1 Edit memory.

F2 Search string.

F3 search string again.

F4 Ascii dump.

F5 Binary dump.

Hash (#)  3 way  toggle among  displaying all  codes, displaying all but
printer control codes,  to displaying text  codes only. (You'll  want to
toggle  all  codes  off  if  you  print  the  screen.)  Dump  to   ascii
automatically toggles all codes off if not already manually done.

Plus (+) toggles case sensitivity on/off for string searches.

Alt-c enables DOS command line entry. COMMAND.COM must be in the path.

Alt-s shells to DOS. COMMAND.COM must be in the path.

Ctl-b/Ctl-f races backwards/forwards through  memory in 256 byte  chunks
at processor speed.

Ctl-pageup/Ctl-pagedn pages back/fourth 4Kbs.

Pageup/Pagedn pages back/fourth 256 bytes.

s/o key causes the segment/offset descriptor in the address window to be
minimized. In real mode, any  address can generally be represented  4096
ways. However, if the window contains addresses above one megabyte (HMA)
AND the A20 line is enabled  (DOS is loaded high), then this  conversion
will not take place and a low toned beep is sounded. (The last 256 bytes
of the one  MB address space  run from f000:ff00  to f000:ffff. The  HMA
starts at ffff:10 and  ends at ffff:ffff, making  it 64K-16 bytes. )  If
A20 is disabled, addresses above 1 MB wrap back to zero.

t brings up a window with ASCII codes (0-255).


o       Functions available only in address input mode:

Alt-a copies the address  at the top of  the address window down  to the
address line. Hit return if you want it included in the history.

Escape either  cancels a  partially modified  address, if  one was being
entered, or exits this mode.

Up/Down  arrows  recall  previously  stored  addresses  from the history
buffer.

Return enters an address and leaves this mode.


o       Functions available only out of address input mode:

Escape exits MEMSCAN.

Left/Right arrows page back/fourth one byte.

Up/Dn arrows page back/fourth one paragraph (16 bytes).

Return enters address input mode.


                         Memory edit mode (F1):
                         ----------------------

The cursor jumps to the position it last had when in this mode (leftmost
nible in  the hex  window if  first time)  and the  memory edit  menu is
presented. Use the 0-9 and A-F  keys in the hex window, most  any other,
except  function  keys,  in  the  ascii  window, to overwrite this data.
Modified values are  highlighted. Escape or  F1 will reset  any changes,
but remain in edit mode. If none were made, you will be returned to view
mode. Note that memory is NOT  actually modified until the enter key  is
pressed, AT WHICH POINT ONLY THOSE BYTES CHANGED ON SCREEN ARE COPIED TO
MEMORY! Hitting the enter key will return you, in any case, back to view
mode.

ROM (read only memory) as well as address space which is not assigned to
RAM (usually appears as FF) cannot be modified!

Use the arrow, pgup/dn,  home/end keys keys to  move around in a  window
and tab  to toggle  between windows.  In the  hex window, the left/right
arrow keys will move  the cursor from nible  to nible. Use the  s key to
toggle between byte/nible movement.

Another function available in edit mode is data type browsing. Use alt-d
(in any window) to toggle the data type from char/word, long, float, and
double.

Char/word and long offer two interpretations: signed (left) and unsigned
(right). Float  and double  are represented  only as  signed quantities.
Char is a single byte; Word is two bytes; Long and float are four bytes,
and double is eight bytes.

Use the ctl-left/right arrow (any window) to scan among elements of  the
defined type.

Note that the  data type is  obtained from memory  - NOT the  window, so
that if memory has changed since you went into edit mode, you'll note  a
discrepancy between the window value and the data type you are currently
observing.


                             String search (F2):
                             -------------------

The cursor enters a data entry  window at the last position of  the last
search string entered and an edit menu appears. Enter the search  string
using  the  editing  function  keys  as  described.  Trailing blanks are
truncated. Case sensitivity for ascii strings must have been set in view
mode, and defaults to  insensitive. Strings are considered  ascii unless
they are of the form x'..0-F..', in which case they are considered  hex.
Hex string searches start at the leftmost nible of any byte.

Hit return to start searching memory from the address + 1 at the top  of
the address window. Any key hit interrupts the search. If the string  is
not found, a low pitched beep  is sounded; else the display is  adjusted
to display memory starting with the found string at the top left of  the
hex/ascii window.

Note that string searches will avoid MEMSCAN's data segment!



                    Repeat last string search (F3):
                    -------------------------------

The last search  string entered is  searched for again.  If this is  the
first search, string search mode is entered.


                            Ascii dump (F4):
                            ----------------

The cursor enters a data entry  window at the last position of  the last
filename entered and an edit  menu appears. Enter the filename  to which
memory  is  to  be  dumped  using  the editing keys as described. Escape
cancels this mode. After entering the file name, you'll be brought  back
to view mode. Enter the address where dumping should stop on the address
line. This starts the dump. Dumping  starts from the top address of  the
address window  up to,  and including,  the address  line address. It is
recommended that the end of  dump address be preloaded into  the history
for easy  recall. Ascii  dump format  is similar  to that of Microsoft's
DEBUG.

                           Binary dump (F5):
                           -----------------

Same procedure as Ascii dump except that the dumped data is in memory
image format.

Note that both  these dump modes  will dump in  paragraph multiples (ie.
starting at the address at the top of the address window, and continuing
to the end of the line (paragraph) containing the end address.



                         Command line options:
                         ---------------------

MEMSCAN was written as an aid  to program development with an accent  on
viewing/modifying data and pointers. As such, MEMSCAN would typically be
shelled to from a  "C" program, which would  pass either the segment  or
segment:offset  address  to  be  inspected/changed  via  the  ICA  (last
paragraph of the BIOS data area).

There are only two command line options, and they are "2" or "4".

When called as "memscan 2":
MEMSCAN expects to see a segment address (2 bytes) at ICA 0 (40:F0).
When called as "memscan 4":
MEMSCAN expects to see a segment:offset address (4 bytes) at ICA 0.

The following example shows how a  user program can shell to MEMSCAN  in
order to investigate/modify various data elements. MEMSCAN is assumed to
be in the path. The Microsoft C compiler version 6.00A was used with the
/AL switch (large memory model).

main() { int k,i[128]; float f[128]; long l[128]; double d[128];
char *c =
"Use F1 - then   ctrl right/left arrows to browsethe data types. \
(alt d changes  the type.)      This screen is  type CHAR. Next \
screen is INT,  Followed by typeLONG, followed  by FLOAT, then  \
DOUBLE.         Hit ESC in view mode to bring upthe next screen.";

for (k=0;k<128;k++)  i[k]=f[k]=l[k]=d[k]=k;
mem(c); mem(i); mem(l); mem(f); mem(d);
}

mem(a) char *a;
{ *(char **)0x4f0=a; system("memscan 4"); }
