MAES
Intel Architecture
Intel Architecture
References
IA-32 Intel® Architecture Software Developer’s Manual,
• Volume 1: Basic Architecture
• Volume 2: Instruction Set Reference
www.intel.com/design/pentiumii/manuals/
Number Systems
Decimal-to-Hexadecimal:
420.62510 =
420.62510 = 42010 + .62510
Division Quotient Remainder
420 ÷ 16 26 4 LSB
26 ÷ 16 1 10 (or A)
1 ÷ 16 0 1 MSB
Multiplication Product Carry-out
.625 x 16 10.00 10 (or A)
420.62510 = 1A4.A16
413510 = 102716
625.62510 = 271.A16
Number Systems
Binary-Coded Hexadecimal (BCH):
2AC = 0010 1010 1100
1000 0011 1101 . 1110 = 83D.E
Complements
Data are stored in complement form to represent
negative numbers
One’s complements of 01001100
1111 1111
-0100 1100
1011 0011
Two’s complements
1011 0011
+0000 0001
1011 0100
The 80x86 MICROPROCESSOR
...ha?
Some buzz words
CISC – Complex Instruction Set Computers
• Refers to number and complexity of instructions
• Improvements was: Multiply and Divide
• The number of instruction increased from
• 45 on 4004 to:
• 246 on 8085
• 20,000 on 8086 and 8088
RISC – Reduced Instruction Set Computer
• Executes one instruction per clock
Newer RISC - Superscaler Technology
• Execute more than one instruction per clock
Inside The 8088/8086
Concepts important to the internal operation
of 8088/8086
• Pipelining
• Registers
Inside The 8088/8086…pipelining
• Pipelining
– Two ways to make CPU process information faster:
• Increase the working frequency – technology dependent
• Change the internal architecture of the CPU
– Pipelining is to allow CPU to fetch and execute at the
same time
Inside The 8088/8086…pipelining
Intel implemented the concept of pipelining by splitting
the internal structure of the 8088/8086 into two
sections that works simultaneously:
• Execution Unit (EU) – executes instructions previously fetched
• Bus Interface Unit (BIU) – accesses memory and peripherals
Inside The 8088/8086
AH AL
BH BL
CH CL
DH DL
Overview
• Registers
– General purpose registers (8)
• Operands for logical and arithmetic operations
• Operands for address calculations
• Memory pointers
– Segment registers (6)
– EFLAGS register
– The instruction pointer register
• The stack
Inside The 8088/8086…registers
• Registers
AX
– To store information temporarily 16-bit register
AH AL
8-bit reg. 8-bit reg.
Category Bits Register Names
General 16 AX, BX, CX, DX
8 AH, AL, BH, BL, CH, CL, DH, DL
Pointer 16 SP (stack pointer), BP (base pointer)
Index 16 SI (source index), DI (destination index)
Segment 16 CS (code segment), DS (data segment)
SS (stack segment), ES (extra segment)
Instruction 16 IP (instruction pointer)
Flag 16 FR (flag register)
Anatomy of a Register
Extended Register
Word Register
Bits 16-31 Bits 8-15 Bits 0-7
High Byte Low Byte
Register Register
General Registers
32 bit Registers 16 bit Registers 8 bit Registers
EAX EBP AX BP AH AL
EBX ESI BX SI BH BL
ECX EDI CX DI CH CL
EDX ESP DX SP DH DL
Bits 16-31 Bits 8-15 Bits 0-7
General Registers I
• EAX – ‘Accumulator’
• accumulator for operands and results data
• usually used to store the return value of a procedure
• EBX – ‘Base Register’
• pointer to data in the DS segment
• ECX – ‘Counter’
• counter for string and loop operations
• EDX – ‘Data Register’
• I/O pointer
General Registers II
• ESI – ‘Source Index’
• source pointer for string operations
• typically a pointer to data in the segment pointed to
by the DS register
• EDI – ‘Destination Index’
• destination pointer for string operations
• typically a pointer to data/destination in the
segment pointed to by the ES register
General Registers III
• EBP – ‘Base Pointer’
• pointer to data on the stack
• points to the current stack frame of a procedure
• ESP – ‘Stack Pointer’
• pointer to the top address of the stack
• holds the stack pointer and as a general rule should
not be used for any other purpose
Segment Registers
• CS – ‘Code Segment’
– contains the segment selector for the code segment
where the instructions being executed are stored
• DS(ES,FS,GS) – ‘Data Segment’
– contains the segment selectors for the data segment
where data is stored
• SS – ‘Stack Segment’
– contains the segment selector for the stack
segment, where the procedure stack is stored
The EFLAGS Register I
• Carry Flag – CF (bit 0)
– Set if an arithmetic operation generates a carry
or a borrow out of the most-significant bit of the
result; cleared otherwise.
• Parity Flag – PF (bit 2)
– Set if the least-significant byte of the result
contains an even number of 1 bits; cleared
otherwise.
• Adjust Flag – AF (bit 4)
– Set if an arithmetic operation generates a carry
or a borrow out of bit 3 of the result; cleared
otherwise.
The EFLAGS Register II
• Zero Flag – ZF (bit 6)
– Set if the result is zero; cleared otherwise
• Sign Flag – SF (bit 7)
– Set equal to the most-significant bit of the result,
which is the sign bit of a signed integer
• Overflow Flag – OF (bit 11)
– Set if the integer result is too large a positive
number or too small a negative number
(excluding the sign-bit) to fit in the destination
operand; cleared otherwise
Instruction Pointer
• EIP
– ‘Instruction Pointer’
– Contains the offset within the code segment of
the next instruction to be executed
– Cannot be accessed directly by software
The Stack
The stack starts in high memory and grows
toward low memory
ESP
Current
stack
frame stack
EBP
Caller’s growth
stack
frame
Intel Assembly
Intel Assembly
Goal: to gain a knowledge of Intel 32-bit assembly instructions
References:
• M. Pietrek, “Under the Hood: Just Enough Assembly Language to Get By”
• MSJ Article, February 1998 www.microsoft.com/msj
• Part II”, MSJ Article, June 1998 www.microsoft.com/msj
•IA-32 Intel® Architecture Software Developer’s Manual,
• Volume 1: Basic Architecture
www.intel.com/design/Pentium4/documentation.htm#manuals
•Volume 2A: Instruction Set Reference A-M
www.intel.com/design/pentium4/documentation.htm#manuals
• Volume 2B: Instruction Set Reference N-Z
www.intel.com/design/pentium4/documentation.htm#manuals
Assembly Programming
• Machine Language
• binary
• hexadecimal
• machine code or object code
• Assembly Language
• mnemonics
• assembler
• High-Level Language
• Pascal, Basic, C
• compiler
Assembly Language Programming
What Does It Mean to
Disassemble Code?
Preprocessing
& Compiling
Source Code Assembly Code
Assembly
Executable Code Object Code
Linking
DLLs
What Does It Mean to
Disassemble Code?
Preprocessing
& Compiling
Source Code Assembly Code
Assembly
Executable Code Object Code
Linking
DLLs
Why is Disassembly Useful in
Malware Analysis?
• It is not always desirable to execute malware:
disassembly provides a static analysis.
• Disassembly enables an analyst to investigate
all parts of the code, something that is not
always possible in dynamic analysis.
• Using a disassembler and a debugger in
combination creates synergy.
32-bit Instructions
• Instructions are represented in memory by a series
of “opcode bytes.”
• A variance in instruction size means that
disassembly is position specific.
• Most instructions take zero, one, or two arguments:
instruction destination, source
For example: add eax, ebx
is equivalent to the expression eax = eax + ebx
Rule #3:
If a value less than FFH is moved into a 16-bit register, the rest of the
bits are assumed to be all zeros.
MOV BX, 5 BX =0005
BH = 00, BL = 05
Program Segments
• A segment is an area of memory that includes up to 64K bytes
• Begins on an address evenly divisible by 16
• 8085 could address a max. of 64K bytes of physical memory
- it has only 16 pins for the address lines (216 = 64K)
• 8088/86 stayed compatible with 8085
- Range of 1MB of memory, it has 20 address pins (220 = 1 MB)
- Can handle 64KB of code, 64KB of data, 64KB of stack
• A typical Assembly language program consist of three segments:
• Code segments
• Data segment
• Stack segment
Program Segments…a sample
Program Segments
Program Segments
Code segment
The 8086 fetches the instructions (opcodes and operands) from the code segments.
The 8086 address types:
– Physical address
– Offset address
– Logical address
• Physical address
– 20-bit address that is actually put on the address pins of 8086
– Decoded by the memory interfacing circuitry
– A range of 00000H to FFFFFH
– It is the actual physical location in RAM or ROM within 1 MB mem. range
• Offset address
– A location within a 64KB segment range
– A range of 0000H to FFFFH
• Logical address
– consist of a segment value and an offset address
Program Segments…example
Define the addresses for the 8086 when it fetches the instructions
(opcodes and operands) from the code segments.
• Logical address:
– Consist of a CS (code segment) and an IP (instruction pointer)
format is CS:IP
• Offset address
– IP contains the offset address
• Physical address
– generated by shifting the CS left one hex digit and then adding it to the IP
– the resulting 20-bit address is called the physical address
give me some numbers…ok
Program Segments…example
Suppose we have:
CS 2500
IP 95F3
• Logical address:
– Consist of a CS (code segment) and an IP (instruction pointer)
format is CS:IP 2500:95F3H
• Offset address
– IP contains the offset address which is 95F3H
• Physical address
– generated by shifting the CS left one hex digit and then adding it to the IP
25000 + 95F3 = 2E5F3H
Program Segments
Data segment
Data segment refers to an area of memory set aside for data
• Format DS:BX or DI or SI
• example:
DS:0200 = 25
DS:0201 = 12
DS:0202 = 15
DS:0203 = 1F
DS:0204 = 2B
Program Segments
Data segment
Example:
Add 5 bytes of data: 25H, 12H, 15H, 1FH, 2BH
Not using data segment
MOV AL,00H ;clear AL
ADD AL,25H ;add 25H to AL
ADD AL,12H
ADD AL,15H
ADD AL,1FH
ADD AL,2BH
Program Segments
Data segment
Example:
Add 5 bytes of data: 25H, 12H, 15H, 1FH, 2BH
using data segment with a constant offset
Data location in memory: Program:
DS:0200 = 25 MOV AL,0
DS:0201 = 12 ADD AL,[0200]
DS:0202 = 15 ADD AL,[0201]
DS:0203 = 1F ADD AL,[0202]
DS:0204 = 2B ADD AL,[0203]
ADD AL,[0204]
Program Segments
Data segment
Example:
Add 5 bytes of data: 25H, 12H, 15H, 1FH, 2BH
using data segment with an offset register
Program:
MOV AL,0
MOV BX,0200H
ADD AL,[BX]
INC BX ;same as “ADD BX,1”
ADD AL,[BX]
INC BX
ADD AL,[BX]
INC BX
ADD AL,[BX]
Endian conversion
• Little endian conversion:
In the case of 16-bit data, the low byte goes to the low
memory location and the high byte goes to the high memory
address. (Intel, Digital VAX)
• Big endian conversion:
The high byte goes to low address. (Motorola)
Example:
Suppose DS:6826 = 48, DS:6827 = 22,
Show the contents of register BX in the instruction MOV BX,[6826]
Little endian conversion: BL = 48H, and BH = 22H
Program Segments
Stack segment
Stack
A section of RAM memory used by the CPU to store
information temporarily.
• Registers: SS (Stack Segment) and SP (stack Pointer)
• Operations: PUSH and POP
– PUSH – the storing of a CPU register in the stack
– POP – loading the contents of the stack back into the CPU
• Logical and offset address format: SS:SP
Flag Register
• Flag Register (status register)
– 16-bit register
– Conditional flags: CF, PF, AF, ZF, SF, OF
– Control flags: TF, IF, DF
ZF
Flag Register and ADD instruction
• Flag Register that may be affected
– Conditional flags: CF, PF, AF, ZF, SF, OF
Flow Control I
• JMP location
Transfers program control to a different point in the
instruction stream without recording return
information.
jmp eax
jmp 0x00934EE4
Flow Control II
• CMP value, value / Jcc location
The compare instruction compares two values, setting
or clearing a variety of flags (e.g., ZF, SF, OF).
Various conditional jump instructions use flags to
branch accordingly.
cmp eax, 4 cmp [ebp+10h], eax
je 40320020 jne 40DC0020
Flow Control III
• TEST value, value / Jcc location
The test instruction does a logical AND of the two
values. This sets the SF, ZF, and PF flags. Various
conditional jump instructions use these flags to branch.
test eax, eax test edx, 0056FCE2
jnz 40DA0020 jz 56DC0F20
Looping using zero flag
• The zero flag is set (ZF=1), when the counter becomes zero
(CX=0)
• Example: add 5 bytes of data
MOV CX,05 ;CX holds the loop count
MOV BX,0200H ;BX holds the offset data address
MOV AL,00 ;initialize AL
ADD_LP: ADD AL,[BX] ;add the next byte to AL
INC BX ;increment the data pointer
DEC CX ;decrement the loop counter
JNZ ADD_LP ;jump to next iteration if counter
;not zero
Addressing Modes – Accessing operands (data) in various ways
;move contents of DS:2400H into DL
;move contents of DS:SI into CL
;move contents of AH into DS:DI
;moves contents of AX into memory
;locations DS:SI and DS:SI +1
;move DS:BX+10 & DS:BX+10+1
;into CX. PA= DS(sl) +BX+10
;PA = SS (sl) + BP + 5
;PA = DS (sl) + SI + 5
;PA = DS (sl) + DI + 20
;PA=DS(sl)+BX+DI +8
;PA=SS(sl)+BP+SI +29
Assembly Language
Programming
Assembly Programming
• Assembly Language instruction consist of four fields
[label:] mnemonic [operands] [;comment]
• Labels
• See rules
• mnemonic, operands
• MOV AX, 6764
• comment
• ; this is a sample program
Model Definition
MODEL directive –selects the size of the memory model
• MODEL MEDIUM
• Data must fit into 64KB
• Code can exceed 64KB
• MODEL COMPACT
• Data can exceed 64KB
• Code cannot exceed 64KB
• MODEL LARGE
• Data can exceed 64KB (but no single set of data should exceed 64KB)
• Code can exceed 64KB
• MODEL HUGE
• Data can exceed 64KB (data items i.e. arrays can exceed 64KB)
• Code can exceed 64KB
• MODEL TINY
• Data must fit into 64KB
• Code must fit into 64KB
• Used with COM files
Segments
Segment definition:
The 80x86 CPU has four segment registers: CS, DS, SS, ES
Segments of a program:
.STACK ; marks the beginning of the stack segment
example:
.STACK 64 ;reserves 64B of memory for the stack
.DATA ; marks the beginning of the data segment
example:
.DATA1 DB 52H
;DB directive allocates memory in byte-size chunks
Segments
.CODE ; marks the beginning of the code segment
- starts with PROC (procedures) directive
- the PROC directive may have the option FAR or NEAR
- ends by ENDP directives
Assemble, Link, and Run Program
STEP INPUT PROGRAM OUTPUT
1. Edit the program keyboard editor myfile.asm
2. Assemble the program myfile.asm MASM or TASM myfile.obj
myfile.lst
myfile.crf
3. Link the program myfile.obj LINK or TLINK myfile.exe
myfile.map
Assemble, Link, Run Files
.asm – source file
.obj – machine language file
.lst – list file
- it lists all the Opcodes, Offset addresses, and errors that
MASM detected
.crf – cross-reference file
- an alphabetical list of all symbols and labels used in the
program as well as the program line numbers in which they
are referenced
.map – map file
- to see the location and number of bytes used when there
are many segments for code or data
PAGE and TITLE directives
PAGE [lines],[columns]
• To tell the printer how the list should be printed
• Default mode is 66 lines per page with 80 characters per line
• The range for number of lines is 10 to 255 and for columns
is 60 to 132
TITLE
• Print the title of the program
• The text after the TITLE pseudo-instruction cannot be more
than 60 ASCII characters
Control Transfer Instructions
• NEAR – When control transferred to a memory location
within the current code segment
• FAR – When control is transferred outside the current code
segment
• CS:IS – This register always points to the address of the next
instruction to be executed.
• In a NEAR jump, IP is updated, CS remains the same
• In a FAR jump, both CS and IP are updated
Control Transfer Instructions
• Conditional Jumps
• Short Jump
– All conditional jumps are short jump
– The address of the target must be within –128 to +127 bytes
of the IP
– The conditional jump is a two-byte instruction:
• One byte is the opcode of the J condition
• The 2nd byte is between 00 and FF
- 256 possible addresses:
- forward jump to +127
- backward jump to –128
Control Transfer Instructions
• forward jump to +127:
• calculation of the target address:
• by adding the IP of the following instruction to the operand
• backward jump to –128
• the 2nd byte is the 2’s complement of the displacement value
• Calculation of the target address:
• the 2nd byte is added to the IP of the instruction after the jump
For More Information:
Ref: https://thestarman.pcministry.com/asm/2bytejumps.htm
Control Transfer Instructions
• Unconditional Jumps – “JMP label” - When control is transferred
unconditionally to the target location label
SHORT JUMP – “JMP SHORT label”
NEAR JUMP – “JMP label”
FAR JUMP – “JMP FAR PTR label”
• CALL statements – A control transfer instruction used to call a
procedure
• In NEAR call IP is saved on the stack
• In FAR call both CS and IP are saved on the stack
• RET – the last instruction of the called subroutine
Control Transfer Instructions
• Assembly Language Subroutine
one main program and many subroutines
main program – is the entry point from DOS and is FAR
subroutines – called within the main program
• can be FAR or NEAR
if after PROC nothing is mentioned, it defaults to NEAR
Procedure/Subroutines
• Procedures can be declaredExample: .MODEL SMALL
within the .CODE (code .DATA
segment). However, ensure msg DB “Hello World$”
that a procedure is not .STACK
executed without explicit .CODE
myProc PROC
invocation. MOV DX, offset msg
• Use CALL instruction to call MOV AH, 09H
INT 21H
the procedure. RET
Eg. CALL procedure-name myProc ENDP
.STARTUP
CALL myProc
.EXIT
END
Data Types and Data Definition
• 80x86 data types
8-bit or 16-bit
Positive or negative
example1:
number 510(1012) will be 0000 01010
example2:
number 51410(10 0000 00102) will be 0000 0010 0000 0010
Data Types and Data Definition
• Assembler data directives
ORG (origin) – to indicate the beginning of the offset address
example:
ORG 0010H
DB (define byte) – allocation of memory in byte-sized chunks
example:
DATA1 DB 25 ;decimal
DATA2 DB 10001001B ;binary
DATA3 DB 12H ;hex
DATA4 DB ‘2591’ ;ASCII numbers
DATA5 DB ? ;set aside a byte
DATA6 DB ‘Hello’ ;ASCII characters
DATA7 DB “O’ Hi” ;ASCII characters
Data Types and Data Definition
• Assembler data directives
DUP (duplicate) – to duplicate a given number of characters
example:
DATA1 DB 0FFH, 0FFH, 0FFH, 0FFH ;fill 4 bytes with FF
Can be replaced with:
DATA2 DB 4 DUP(0FFH) ;fill 4 bytes with FF
DATA3 DB 30 DUP(?) ;set aside 30 bytes
DATA4 DB 5 DUP (2 DUP (99)) ;fill 10 bytes with 99
Data Types and Data Definition
• Assembler data directives
DW (define word) – allocate memory 2 bytes (one word) at a time
example:
DATA1 DW 342 ;decimal
DATA2 DW 01010001001B ;binary
DATA3 DW 123FH ;hex
DATA4 DW 9,6,0CH, 0111B,’Hi’ ;Data numbers
DATA5 DW 8 DUP (?) ;set aside 8 words
EQU (equate) – define a constant without occupying a memory location
example:
COUNT EQU 25
;COUNT can be used in many places in the program
Data Types and Data Definition
• Assembler data directives
DD (define doubleword) – allocate memory 4 bytes (2 words) at a time
example:
DATA1 DD 1023 ;decimal
DATA2 DD 01010001001001110110B ;binary
DATA3 DD 7A3D43F1H ;hex
DATA4 DD 54H, 65432H,65533 ;Data numbers
DQ (define quadwordequate) – allocate memory 8 bytes (4 words) at a
time
example:
DATA1 DQ 6723F9H ;hex
DATA2 DQ ‘Hi’ ;ASCII characters
DATA3 DQ ? ;nothing
Data Types and Data Definition
• Assembler data directives
DT (define ten bytes) – allocates packed BCD numbers (used in
multibyte addition of BCD numbers)
example:
DATA1 DT 123456789123 ;BCD
DATA2 DT ? ;nothing
DATA3 DT 76543d ;assembler will convert decimal
number to hex and store it
User defined Data definition
• Structure: directives
Struct myStruct ;declares myStruct as a structure
var1 DB 0 ; Var1 data byte initialized with 0
var2 DB 1 ; Var2 data byte initialized with 1
Ends myStruct
• Structure variable:
structVar myStruct ? ;creates structure variable
• Acceccing structure:
MOV [structVar.var1], 20 ;move 20 in var1 in mystruct
Segment Directive
• The SEGMENT directive identifies the start of a memory segment and
ENDS identifies the end of a segment when full-segment definitions are in
use.
Syntax:
<logical-segment_name> SEGMENT
..
..
<logical-segment_name> ENDS
• E.g
mySegment SEGMENT
Mov Ax,BX
..
..
mySegment ENDS
•
Assume Directive
The ASSUME statement tells the assembler what names have been
chosen for the code, data, extra, and stack segments.
• Without the ASSUME statement, the assembler assumes nothing and
automatically uses a segment override prefix on all instructions that
address memory data.
• The ASSUME statement is only used with full-segment definitions
Syntax:
ASSUME <Physical-Segment>:<logica-segment_name>
E.g:
mySegment SEGMENT
ASSUME CS : mySegment ;Code segment is initialized to mySegment
Mov AX,BX
mySegment ENDS
Standard I/O
• DOS function calls are used for Standard input/output in Assembly
language(8086).
• To use a DOS function call in a DOS program,
1. Place the function number in AH (8 bit register) and other data that might be
necessary in other registers.
2. Once everything is loaded, execute the INT 21H instruction to perform the task.
• After execution of a DOS function, it may return results in some specific
registers.
• 01H: Read the Keyboard
– This function waits until a character is input from the keyboard.
– Returns ASCII key code of character in AL register.
E.g: MOV AH,01H ;load DOS function number in AH
INT 21H ;access DOS
;returns with AL = ASCII key code
Standard I/O (CONT..)
• 02H: Write to Standard Output device
– This function displays single character on the video display.
– ASCII key code of the character to be displayed must be loaded in DL register.
E.g MOV DL, ‘A’ ;load ASCII key code of Character ‘A’ in DL
MOV AH,02H ;load DOS function number in AH
INT 21H ;access DOS
Standard I/O (CONT..)
• 09H: Display a character String
– This function displays a character string on the video display.
– The character string must end with an ASCII of symbol ‘$’ (24H).
– The character string can be of any length and may contain control characters such as
carriage return (0DH) and line feed (0AH).
– DX must contain address of the character string.
E.g Buf DB “Hello World$” ;define character string
MOV DX, offset Buf ;load address of the string in DX, offset gives address of the
Buf.
MOV AH,09H ;load DOS function number in AH
INT 21H ;access DOS
Standard I/O (CONT..)
• 0AH: Buffered keyboard input
– This function continues to read the keyboard (displaying data as typed) until either the specified number of characters
are typed or until the enter key is typed.
– The first byte of the buffer contains the size of the buffer (up to 255).
– The second byte is filled with the number of characters typed upon return.
– The third byte through the end of the buffer contains the character string typed, followed by a carriage return (0DH).
Buffer e.g: Buf DB 13, 10, “Welcome$”
E.g Buf DB 10, ?, 10 dup(0) ;declare a buffer.
MOV DX, offset Buf ;load address of the buffer in DX, offset gives address of the Buf.
MOV AH,0AH ;load DOS function number in AH
INT 21H ;access DOS
EXE vs. COM
• COM files
• Smaller in size (max of 64KB)
• Does not have header block
• EXE files
• Unlimited size
• Do have header block (512 bytes of memory, contains
information such as size, address location in memory, stack
address)
Converting from EXE to COM
Procedure for conversion to COM from EXE
1. Change the source file to the COM format
2. Assemble
3. Link
4. Use utility program EXE2BIN that comes with DOS
C:>EXE2BIN program1, program1.com
http://www.asciitable.com/
Arithmetic and Logic
Instructions and Programs
Use to mask certain bits, test for zero
Use to test for zero
Use to clear the contents of a register
also to see if two register have the same value
y
y
Using MASM
• Developed by Microsoft
• Used to translate 8086 assembly language
into machine language
• 3 steps:
– Prepare .ASM file using a text editor
– Create .OBJ file using MASM
– Create .EXE file using LINK
– Once you have the .EXE file, debug can be used
to test and run the program