Best tools for reverse engineering dos programs?
 

Can anyone tell me what tools are the best for reverse engineering old 16-bit DOS programs?

If Hex-Rays worked on 16-bit x86, I would use that but it doesn't so can anyone suggest something suitable (either a usable decent decompiler if one exists or if not, the best way to disassemble it and in particular match up the data segment so that when you look at the disassembly all the data references line up.

I believe that you can use to debug the PEbrowse, to disassembling the HDasm and to recompile the executable if necessary the ETU-Dasm.
Regards

IDA Pro + Borland TurboDebugger

Old but powerful
 

SoftIce as a 16 bit debugger.
The learning curve is a little steep, but it is still the classical RCE Tool.

IDA + IDA dosbox plugin (https://github.com/wjp/idados)

TR (Super Program TRace V2.52) may be your choice.

I think SoftIce is suitable for that.

Insight worked well for me.
http://www.bttr-software.de/products/insight/

Description

Insight is a very small debugger for analyzing real-mode DOS programs. It features an i80486 disassembler, an i8086 assembler, 'Trace into' and 'Step over' functions, simple breakpoint handling, extended code or data navigation, simple color-highlighting, and a nice menu-driven interface comparable to Borland's Turbo Debugger.

Normally i use IDA, and if this not sufficient, i have an old box with Periscope installed ...

What i have running on a daily instance:

- IDA
- OllyDbg
- x64Dbg (Don't ask why I have both. I know I need 'em both)
- RadASM
- Notepad(++)
- Cmd (Quick navigation)
- Chrome

I think your debuggers can't debug a 16 bit app.
I don't know that Olly or X64DBG can handle a 16 bit program.

Try using this plugin (FullDisasm) with the old and good OllyDbg ...
IIRC it should be able to debug 16 bit code.

Regards,
Tony

TRW2000 is a good 16-bit debugger from the saintly days of yore. It is a lot like ollydbg. I used it quite a few times with older applications. I do not quite remember if it works on XP. I think I may have used it on XP, but I don't fully recall how or if it worked.
Download:

Agree with Naides & Giv. SoftIce is great for 16bit debugging.

Hi, usually i try different approaches for debugging/reversing old DOS programs

1. Using a dos debugger under a old machine emulator

best dos debuggers are (in my opinion, there are many):
TR 2.52 by Liu Taotao (emulate instructions, very very good),
SoftIce (2.80 or 2.62, i remember 2.62 was better, but don't remember why) (also i don't think sice works under dosbox, maybe under Pcem)
Turbo Debugger o TD386 by Borland (3.1 or 5.0 versions are ok) (best gui ever)
Cup386 unpacker by Sage, contains a useful debugger, 3 versions, clasical, virtualized and emulated (a true work of art)
G3x by Wong Wing Kin, it s game oriented debugger, but useful, i've cracked many things with it

For running these programs in modern machines, i usually use dosbox (get last svn compiles in emucr.com),
but also i've set up a 486 emulated machine under PCem emulator (recently a 0.10 has been released)

Finally, dosbox has a emulated CPU debugger inside, but i've had problems using it, and sometimes don't work, but it's a very powerful option

2. Run these tools under a true dos box machine, an old 486 it's ok, but some very old softwares, need a 286, some antidebugger tricks don't work in "modern" machines (>386)

3. IDA disassembler for dos 16bit is very good, i always use it in another monitor while debugging with dosbox and TR, to make annotations, name functions, etc...

If you need some of these tools just ask me, i've already compiled a huge repository of old msdos tools time ago, and posted here, look for DOSEXE tools.

Also if you need it, i also compiled a huge pack of DOS compilers and linkers, look for DOSEXE compilers pack, already posted in this forum

if Links are not working or whatever just ask me

DOS cracking and reversing is very fun for me, i prefer it to modern windows protections

edit:
I've tried many times to use ida plugin for dos debugging with dosbox, but not been able to make it working.
Also take in account that many tips in this thread are plain wrong, for debugging old 16bit dos programs you need specific programs, not common modern tools.

2.80 had a problem displaying MCBs in memory dumps.

What problem you got ? you could try my dosbox build, I use it for IDA 6.6 https://mega.nz/#!YAcRCRaC!rmh_sleyg...VCCvDHTIgSzxQ8

I remembered in my old days, when I discovered the happiness of reverse
engineering DOS programs, I was a big fan of Sourcer, the "commented disassembler". IDA wasn't yet born!

The last version is available here:
http://xlb.es/Disassemblers/Disassemblers/Sourcer8.01/

Best regards

The debugger which I first used is Turbo Debug (Borland)

Debug.com and the Norton Guide with the list of interrupts IBM PC/AT. All in 5 1/4 diskette
GOD!!! I'm very old X-)

Sorry for the offtopic!

You should use dosbox or qemu for debugging or reversing. The main reason - these programs can emulate _every_ instruction and both opensource, so you can modify them to accompany your research.

E.g. you can add some unique feature: breakpoint on register value (break, when ax=3), breakpoint on memory value, breakpoint on register access, etc. This helps reversing a lot.

This is what i have in my DOSEXE tools folder:

If anyone needs something i can reup the complete collection to somewhere

Good old W32Dasm can never let you down !

https://tuts4you.com/download.php?view.1138

Unfortunately, W32dasm (very good in its time,btw) only is for Windows programs, for msdos exes, you need IDA, or if running in DOS Sourcer (best disassembler for DOS)

Some user asked me for a updated version of DOSEXE pack, so i uploaded:

if you are familiar with IDA you should give it a try with the DOSBox plugin ;)

also give a try to Olly

Olly for DOS? :))

SoftICE
Turbo Debugger
debug.com
TRW

Pardon me bumping this old good thread, but
@an0rma1 - any chance to reup your great ancient DOS collection?
thx in advance

Sorry, I think I asked about it too but in the wrong thread (https://forum.exetools.com/showpost.php?p=126381&postcount=8).

https://forum.exetools.com/showthread.php?t=19599
>
ftp://ftp.oldskool.org/pub/ANORMAL%20executable%20tools/DOSEXE%20Executable%20Tools%20Pack%202020-07-28.rar
ftp://ftp.oldskool.org/pub/ANORMAL%20executable%20tools/MUSTREAD.TXT

Interesting fact that FTP support was fully removed in modern browsers!
https://www.howtogeek.com/744569/chrome-and-firefox-killed-ftp-support-heres-an-easy-alternative/

but one could use http:// for above links, works like a charm
eg:
http://ftp.oldskool.org/pub/ANORMAL%20executable%20tools/

Hi,

As a TRUE DOS FANATIC :D, I've keep the collection upgraded all these years, downloading from old warez cd in archive, etc, etc ... So lots of new stuff.

I guess I can upload a new updated pack, give some days ...

Also, these last years I've been building a DOS Scene cracks release collection, that is, releases from old DOS groups, UCF, PC, CIA, CORE, etc, etc... If it's a crack for a DOS program, I want it in the collection. Is this of enough interested to anyone to be uploaded and maintained in github for example, a LOT of releases are missing.

If anyone thinks old DOS scene software is worth preserving, just write here :D