Best tools for reverse engineering dos programs?

[jonwil]

Can anyone tell me what tools are the best for reverse engineering old 16-bit DOS programs?

If Hex-Rays worked on 16-bit x86, I would use that but it doesn't so can anyone suggest something suitable (either a usable decent decompiler if one exists or if not, the best way to disassemble it and in particular match up the data segment so that when you look at the disassembly all the data references line up.

[wilson bibe]

I believe that you can use to debug the PEbrowse, to disassembling the HDasm and to recompile the executable if necessary the ETU-Dasm.
Regards

[Syoma]

IDA Pro + Borland TurboDebugger

[Naides]

SoftIce as a 16 bit debugger.
The learning curve is a little steep, but it is still the classical RCE Tool.

[N0P]

IDA + IDA dosbox plugin (https://github.com/wjp/idados)

[BlackWhite]

TR (Super Program TRace V2.52) may be your choice.

[giv]

I think SoftIce is suitable for that.

[RedBlkJck]

Insight worked well for me.
http://www.bttr-software.de/products/insight/

Description

Insight is a very small debugger for analyzing real-mode DOS programs. It features an i80486 disassembler, an i8086 assembler, 'Trace into' and 'Step over' functions, simple breakpoint handling, extended code or data navigation, simple color-highlighting, and a nice menu-driven interface comparable to Borland's Turbo Debugger.

[nuemga2000]

Normally i use IDA, and if this not sufficient, i have an old box with Periscope installed ...

[maktm]

What i have running on a daily instance:

- IDA
- OllyDbg
- x64Dbg (Don't ask why I have both. I know I need 'em both)
- RadASM
- Notepad(++)
- Cmd (Quick navigation)
- Chrome

[giv]

I think your debuggers can't debug a 16 bit app.
I don't know that Olly or X64DBG can handle a 16 bit program.

[tonyweb]

Try using this plugin (FullDisasm) with the old and good OllyDbg ...

Code:

https://tuts4you.com/download.php?view.1757

IIRC it should be able to debug 16 bit code.

Regards,
Tony

[chessgod101]

TRW2000 is a good 16-bit debugger from the saintly days of yore. It is a lot like ollydbg. I used it quite a few times with older applications. I do not quite remember if it works on XP. I think I may have used it on XP, but I don't fully recall how or if it worked.
Download:

Code:

https://exelab.ru/download.php?action=get&n=MzQw

[athapa]

Agree with Naides & Giv. SoftIce is great for 16bit debugging.

[an0rma1]

Hi, usually i try different approaches for debugging/reversing old DOS programs

1. Using a dos debugger under a old machine emulator

best dos debuggers are (in my opinion, there are many):
TR 2.52 by Liu Taotao (emulate instructions, very very good),
SoftIce (2.80 or 2.62, i remember 2.62 was better, but don't remember why) (also i don't think sice works under dosbox, maybe under Pcem)
Turbo Debugger o TD386 by Borland (3.1 or 5.0 versions are ok) (best gui ever)
Cup386 unpacker by Sage, contains a useful debugger, 3 versions, clasical, virtualized and emulated (a true work of art)
G3x by Wong Wing Kin, it s game oriented debugger, but useful, i've cracked many things with it

For running these programs in modern machines, i usually use dosbox (get last svn compiles in emucr.com),
but also i've set up a 486 emulated machine under PCem emulator (recently a 0.10 has been released)

Finally, dosbox has a emulated CPU debugger inside, but i've had problems using it, and sometimes don't work, but it's a very powerful option

2. Run these tools under a true dos box machine, an old 486 it's ok, but some very old softwares, need a 286, some antidebugger tricks don't work in "modern" machines (>386)

3. IDA disassembler for dos 16bit is very good, i always use it in another monitor while debugging with dosbox and TR, to make annotations, name functions, etc...

If you need some of these tools just ask me, i've already compiled a huge repository of old msdos tools time ago, and posted here, look for DOSEXE tools.

Also if you need it, i also compiled a huge pack of DOS compilers and linkers, look for DOSEXE compilers pack, already posted in this forum

if Links are not working or whatever just ask me

DOS cracking and reversing is very fun for me, i prefer it to modern windows protections

edit:
I've tried many times to use ida plugin for dos debugging with dosbox, but not been able to make it working.
Also take in account that many tips in this thread are plain wrong, for debugging old 16bit dos programs you need specific programs, not common modern tools.