Dump a BIOS using DEBUG.COM

From Undumped
Jump to: navigation, search

Dump a BIOS using DEBUG.COM[edit]

This is just a quickly created page to save the info how to dump the BIOS and ROM-BIOS extensions of a PC that runs MS-DOS. Text with a “C:\>”, a ”-” or a ”:” before it is text the user needs to type. Text in parentheses is an explanation of what an entered line does. Other text is response from DEBUG.

Dumping the BIOS area (F0000-FFFFF)[edit]

C:\> DEBUG

-N MYF000.BIN (resulting file will be named MYF000.BIN)

-R BX (set BX=0000H/CX=8000H as count of bytes to write, 00008000H = 32K)

BX 0000

0000

-R CX

CX 0000

8000

-M F000:0 8000 0100 (copy 32K bytes from F000:0 to offset 0100 in local segment)

-W 0100 (write from offset 0100 in local segment)

Writing 8000 bytes

-N MYF800.BIN (resulting file will be named MYF800.BIN)

-M F800:0 8000 0100 (copy 32K bytes from F800:0 to offset 0100 in local segment)

-W 0100 (write from offset 0100 in local segment)

Writing 8000 bytes

-Q

C:\>copy /b myf000.bin+myf800.bin final.bin (optional, concatenates together the two myfxxx.bin files into final.bin)


Some BIOSes (particularly in IBM PS/2 machines) are also in the E0000-EFFFF area. To dump these:

C:\> DEBUG

-N MYE000.BIN (resulting file will be named MYE000.BIN)

-R BX (set BX=0000H/CX=8000H as count of bytes to write, 00008000H = 32K)

BX 0000

0000

-R CX

CX 0000

8000

-M E000:0 8000 0100 (copy 32K bytes from E000:0 to offset 0100 in local segment)

-W 0100 (write from offset 0100 in local segment)

Writing 8000 bytes

-N MYE800.BIN (resulting file will be named MYE800.BIN)

-M E800:0 8000 0100(copy 32K bytes from E800:0 to offset 0100 in local segment)

-W 0100 (write from offset 0100 in local segment)

Writing 8000 bytes

-Q

ROM-BIOS extensions (on certain expansion cards and on integrated mainboard video and sometimes Ethernet cards)[edit]

ROM-BIOS extensions can (and should!) be dumped as such:

C:\> DEBUG

-N MYC000.BIN (resulting file will be named MYC000.BIN)

-R BX (set BX=0000H/CX=8000H as count of bytes to write, 00008000H = 32K)

BX 0000

0000

-R CX

CX 0000

8000

-M C000:0 8000 0100 (copy 32K bytes from C000:0 to offset 0100 in local segment)

-W 0100 (write from offset 0100 in local segment)

Writing 8000 bytes

-N MYC800.BIN (resulting file will be named MYC800.BIN)

-M C800:0 8000 0100 (copy 32K bytes from C800:0 to offset 0100 in local segment)

-W 0100 (write from offset 0100 in local segment)

Writing 8000 bytes

-Q You can dump the D0000-DFFFF area using the same exact method too. Occasionally there is ROM located there, but usually it is used as 'upper RAM' or for LIM expanded memory cards (or EMM386 emulating such a card using extended memory).

Important Note[edit]

This will only work for dumping BIOSes and ROM-BIOS extensions which map themselves into the real mode/8086 mode space. For BIOSes which map themselves only partly into real mode, and mostly into protected mode (0xFxxxxx-0xFFFFFF on 286, 0xFFFxxxxx-0xFFFFFFFF on 386 or higher) you need to use Pete Trauner's 'dumpat' utility, which is available from here: dumpat.zip. Source code is included. Note that dumps produced by 'dumpat' may not match perfectly even on the same exact hardware, because usually extraneous data (usually memory mapped I/O from some random expansion cards) gets dumped as well in addition to the BIOS. The MAME devs should be able to trim this off fairly easily.

See also dumppc.zip and dump1000.zip (for Tandy).