FINDSEG.EXE Ver. 1.33 1992/03/18 (C) Copyright IBM Corp, 1990,1991,1992. IBM Internal Use Only Written by Takaaki Nonaka (JL08928 at YMTVM1) 0. About 32bit applications support I planed to make a new FINDSEG for OS/2 V2 32bit applictions. But OS/2 displays TRAP-D module name in TRAP-D dialog panel from dirver 6.304E. So I decided to enhance FINDSEG only for OS/2 V1.X 16 bit applications. 1. Why FINDSEG.EXE was made. Our department developed a large application system which runs under OS/2. It consists of many EXEs and DLLs. After shipment, some TRAP-Ds were reported from customers. The information about them were only register values in TRAP-D pop-up panel. And some of the problems didn't occur under our environment because the problem depended on timing or memory size. So we had to find out the module where TRAP-D occurred from the information of TRAP-D panel only. "FINDSEG" was made for this reason. 2. How to use FINDSEG.EXE This program searches the specified segments from executable files. The key word for this search is the length of a segment. +- -+ Usage: findseg Õswitchþ |Õdrive:þÕpathþ| |ÕUNC nameþ | +- -+ switch: 1.Segment type -c : Report code segments only. -d : Report data segments only. -b : Report code and data segments. These three switches can't be set two or three at once. If you do so, the last switch will be effective. None of those is set, this program searches the specified segments from code and data segments. (i.e. default is -b) 2.Segment length -l : The string after this switch is the length of the target segment. If the length is specified as HEX format, it must start with X (or x). Spaces aren't allowed between -l and the string. If the string is 0 (or x0) the length is 65536. If this switch isn't set, all segments will be reported. -r : Report the segments whose length are between LENGTH - DELTA and LENGTH + DELTA. (LENGTH is the specified length by -l and DELTA is the specified length by this switch.) Default is -r1. 3.File type -E : Search EXE and COM files. -D : Search DLL, ISF and DRV files. -S : Search SYS files only. -B : Search EXE, COM, DLL, ISF and DRV files. -F : Search the specific files. The file names after this switch will be searched. These file names are separated by comma. And wildcard characters are permitted. Spaces aren't allowed between -F and the string. ex. -F*.OS2,PM*.DDD (for *.OS2 and PM*.DDD) You may set two or more switches form these. Default is -E -D -S. 4.Access rights byte -A : The string after this switch is the access right byte of the target segment. If it is specified as HEX format, it must start with X (or x). Spaces aren't allowed between -A and the string. PRESENT, ACCESSED and EXPANSION DIRECTION(data segment) bits will not be tested. This access rights byte is displayed as **ACC=?? in the TRAP-D popup panel.(**:CS, DS, SS, ES, ER, ??:Access rights byte) 5.Disassemble -I : Output disassembled code. The string after this switch is the IP value. If it is specified as HEX format, it must start with X (or x). Spaces aren't allowed between -I and the string. This switch is valid for CODE segments. In this disassembled code, the relocation information is not resolved. 6.Miscellaneous -p : Pause after a screen is full. This switch is ignored when OUTPUT is redirected to a file. -s : Search from sub-directories. drive : Drive name. Default is the current drive. path : Path name. Default is the current path. UNC name : Universal naming convention name. \\server name\net work nameÕ\pathþ Example: findseg -lx6000 -rx1000 -s -D -Ix400 C:\ This searches DLL files from a root and its all sub-directories in drive C. And it reports file names and length and attribute of segments whose size are between 0x5000 and 0x7000 bytes. They are output in the following format. Search path : C:\ and its sub-directories Search file : *.DLL Search range : 0x05000(20480)-0x07000(28672) bytes Access rights: not specified C:\MYDLL\TEST.DLL 12610bytes 90-05-10 15:25:00 004 05200 DATA FIXED NONSHARED PRELOAD R-O NORELOC PL3 DISCARDABLE C:\OS2\DLL\PMGPI.DLL 265110bytes 90-03-30 01:20:00 002 05FCC CODE MOVABLE NONSHARED LOADONCALL E/R RELOC PL2 NONDISCARDABLE Instruction: push es:Õbx+siþ C:\OS2\DLL\OS2SM.DLL 64512bytes 90-03-30 01:20:00 001 05789 CODE MOVABLE NONSHARED PRELOAD E/R RELOC PL3 NONDISCARDABLE IP is invalid value. C:\OS2\DLL\DISPLAY.DLL 342016bytes 90-03-30 01:20:00 002 067DE CODE MOVABLE SHARED PRELOAD E/R RELOC PL2 NONDISCARDABLE IP is invalid value. 00A 050BE DATA MOVABLE SHARED PRELOAD R/W NORELOC PL2 NONDISCARDABLE 5 segments in 4 files Note : Meaning of each value is as follows. C:\OS2\DLL\PMGPI.DLL <--- File name 265110bytes 90-03-30 01:20:00 <--- File size and update time 001 05FCC CODE MOVABLE NONSHARED LOADONCALL E/R RELOC PL2 NONDISCARDABLE (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Instruction: push es:Õbx+siþ <-- Disassembled code at IP=0x400 (1) : Entry id in segment table (2) : Minimum allocation size for the segment (3) : Segment type (CODE/DATA) (4) : Fixed or Movable segment (5) : Shared or Nonshared segment (6) : Preload or Load on call segment (7) : Execute/read or Execute-only if code, Read/Write or Read-only if data (8) : Relocation table present or not (9) : Privilege level (10): Discardable or Nondiscardable segment 3. Hints to find out TRAP-D module To search TRAP-D module, you had better set CSLIM value in TRAP-D panel as segment length(-l switch) rather than DSLIM, ESLIM or SSLIM because data segments(DS, ES, SS) might be allocated or reallocated after the process started. You had better set IP value(by -I switch). When two or more modules are found, you can determine TRAP-D module from disassembled code. For example, TRAP-D may not occur on the following instructions mov ax, 0 inc cx : etc. and the following instructions have potential of TRAP-D (or TRAP-C). TRAP-D occurs on the following condition. pop ax <--- sp exceeds SSLIM (In this case TRAP-C will occur). les bx, es:Õbx+siþ <--- bx+si exceeds ESLIM or ES is invalid rep movs <--- si exceeds DSLIM or di exceeds ESLIM : etc. 4. Requirements and comments. If you have some bug reports, comments or requirements, please send note to JL08928 at YMTVM1. 5. About disassemble function. I use DIS386 package(version. 1.1) on PCTOOLS for disassemble function. I could not add this disassemble function to FINDSEG.EXE without it. The owner of this package is R.K. Abrams (ROGER at RALVM0). 6. History Ver 0.00 90/04/19 Initial. Ver 0.01 90/04/23 Change default of search range to -r1. Ver 0.02 90/06/06 Add search "OS2KRNL*.*" Ver 0.03 90/06/14 Add check access rights byte Ver 0.04 90/08/24 Add file size and date Ver 1.00 90/08/24 Release to OS2TOOLS Ver 1.10 90/10/22 Add disassemble option Ver 1.10A 90/12/03 Minor bug fix (output format) Ver 1.10B 90/12/03 Bug fix. (file timestamp was wrong under OS/2 Ver 1.2) Ver 1.20 90/12/11 Change a default help message to short version. Release to ESDTOOLS. ESDTOOLS version does not have disassemble function. Ver 1.30 91/01/25 Change to accept UNC name Ver 1.31 92/02/18 Add search "*.IFS and *.DRV" Ver 1.32 92/03/12 Add search the specific files. Ver 1.33 92/03/18 Bug fix. (Trap-D occurs when -F switch is not set.)