View Full Version : remove debug printing of kernel32
Solomon
12-18-2001, 02:25 AM
Here is the SoftICE history. I just want to disable the debug output of kernel32. How? I tried DbgView from sysinternals, it can't capture this string. Which prog prints this string?
Code:
kernel32!xxxandledExceptionFilter
kernel32!xxxandledExceptionFilter
kernel32!xxxandledExceptionFilter
kernel32!xxxandledExceptionFilter
NTICE: Load32 START=77CA0000 SIZE=80000 KPEB=FF844020 MOD=clbcatq
kernel32!xxxandledExceptionFilter
kernel32!xxxandledExceptionFilter
kernel32!xxxandledExceptionFilter
kernel32!xxxandledExceptionFilter
NTICE: Load32 START=78000000 SIZE=46000 KPEB=FF844020 MOD=MSVCRT
kernel32!xxxandledExceptionFilter
kernel32!xxxandledExceptionFilter
kernel32!xxxandledExceptionFilter
kernel32!xxxandledExceptionFilter
kernel32!xxxandledExceptionFilter
Solomon
12-18-2001, 03:28 AM
shit! This string is from NTICE.SYS! I removed it.
Lord_Soth
12-18-2001, 08:16 PM
hmm, why would you wanna remove it ?
why does it bother you, and dont you
think there's a reason it's there ?
LS
Solomon
12-20-2001, 07:49 AM
because it is printed too frequently and it coz the history buffer full. I just want to save softice history and analyze it later. Increasing the buffer size is a alternative.
DakienDX
12-20-2001, 12:15 PM
Hello Solomon !
You can simply patch your KERNEL32.DLL. You need to locate OutputDebugString and replace the first three bytes with a C2h, 04h, 00h ("Ret 4") because it has no defined return value.
Of course you need to do this in DOS mode, since KERNEL32.DLL is opened under Windows all the time. If you're on Win9X you can also use the WININIT.INI for this job.
Solomon
12-20-2001, 09:14 PM
DakienDX,
thx for your reply. OutputDebugString is a ring 3 API, NTICE.SYS does not use this to print this string. I have changed "kernel32!UnhandledExceptionFilter" to a empty string, but it still prints out many empty lines("\n\r" only).
vBulletin® v3.7.4, Copyright ©2000-2008, Jelsoft Enterprises Ltd.