Debugger

A machine debugger (e.g. debug command in DOS) views program as a stream of bytes.  It can examine content stored in registers and memory location.  It has no concept of variables or routines.

A symbolic debugger is a source level debugger.  To perform debugging on source level, it uses the target's program's debug symbol table.  The table contains a collection of variable length records which generated by compiler.  The records contains information about variable (name, type, address) and functions (name, start address, end address, statement start and end address range).

These information allow the debugger to step execute the source code by running the machine instructions within defined ranges.

All operating systems provide hooks for debugger.  Under DOS, debugger is driven off by 2 ISR:

INT 0x3 - signal to breakpoint.

INT 0x1 - allow single stepping

When the TF (Trace Flag) is set in the FLAGS/EFLAGS, the processor will execute a single instruction and then automatically execute an INT 0x1 instruction.  This caused the ISR for 0x1 to execute.  Processor will clear the TF automatically whenever it invokes a ISR so that the debugger does not need to operate in single step mode.