Determining the State of the Processor

Once control has been given to the debugger, the prompt character used will provide the protected mode status of the processor. The following list shows what prompt characters may be displayed and the meaning of each:

The mode the processor is in will be a good indication of what code is being executed. For example, if the prompt is a "#" (number sign), protected mode code is running. This can be a Windows-based application, DLL, or even the system itself. Stopping in ring 0 code may or may not be desirable. It is useful for VxD developers who need to examine and control execution of their VxDs, but it is not particularly useful for application or DLL developers.

If you are in V86 mode, then a DOS app, DOS device driver or DOS TSR has gone bad. Use the .DOSMGR commands to identify where you are. Do not use the LN command since it won't provide correct V86 information.

If you are in protected mode, then the lower two bits of CS can be used to identify the ring of execution (zero indicates ring 0, 3 indicates ring 3).

The preceding selectors may be subject to changes in the future. Device driver developers generally debug VxD code, so the corresponding code selector value is usually 0028.

When in ring 0, the EIP should be of the form Cxxxxxxx. If it is not, some code jumped to an invalid address. Use ds esp to attempt to find out who did it.

A Win32 app's EIP should be in the range of 0x00400000-0xBFFFFFFF.

Regardless of the state of the processor, you can use the following command keys and the debugger prompt:

If the target system is executing code, CTRL+S and CTRL+Q are ignored.