View Full Version : Symbol Loader wont work???
crassy
08-24-2002, 02:10 PM
Hi all.
When I load a prog into Symbol Loader (File/Open module and then Module/Load/Yes) SoftIce is supposed to break at the beginning of the prog, right? Well, mine doesn't... I wonder why?
I use Win98SE and SIce 4.05.334
nofurs
08-24-2002, 02:20 PM
where is the begining? youe question is vague
SilSaLaMaTa
08-24-2002, 03:38 PM
hi ,
maybe u have to change the section flags (charasteristics) .
Ohno2Cracked
08-24-2002, 07:16 PM
I have the same problem with SI. And I changed the characteristics of the starting section to 0xE0000020
(execute,read,write,code)
But it simply doesn't stop at entry. I tried the same with notepad, no success, it runs as a madmann.
BTW, a bpx on a win32 api does work, SI pops up.
background:
I'm hacking a packed program. For that I need to break the program just after it depacked.
note: I even re-installed SI, no success!!!
Anybody ideas???
nofurs
08-24-2002, 07:22 PM
Hi Ohno2Cracked,
Try icedump
crassy
08-25-2002, 11:28 AM
Quote:
Originally posted by cluesurf
Try icedump |
Could you please be more specific?
nofurs
08-25-2002, 12:02 PM
>Could you please be more specific?
RTFM before asking questions
Ohno2Cracked
08-25-2002, 09:27 PM
I already tried icedump :-)
Maybe there is something wrong with the version. I use SI 4.05.334
Has somebody else same problems with this version?
crassy
08-26-2002, 12:53 AM
As i said I have the same problem EXACTLY.
Tried IceDump + IceLoad... Wont even work with Notepad.
nofurs
08-26-2002, 12:56 PM
[>I already tried icedump :-)
>Maybe there is something wrong with the version. I use SI >4.05.334
>Has somebody else same problems with this version?
Ya should check the version before booting to windows
SoftICE 3.23 (Windows 95 / Windows 98 xxxx 1-2)
(C) Copyright 1994 - 1997 NuMega Technologies. All rights reserved.
1096K extended memory allocated for symbols
8K extended memory allocated for back trace
29K extended memory allocated for exports
256K extended memory allocated for display history
and select icedump 3.23
username
08-26-2002, 02:48 PM
Quote:
Originally posted by cluesurf
Ya should check the version before booting to windows
|
Wrong approach, you have to look at the Version Info resource in the corresponding ntice.sys and take the version/build info from there. Alternatively 'grep DriverStudio history.txt'. Any other source for version cannot be trusted and should not be relied upon.
Ohno2Cracked
08-26-2002, 07:38 PM
Just before my tennislessons writing this reply :-)
Ok then. I solved the problem with installing driverstudio 2.6. I don't know the problem with SI 4.05.334, maybe it has something to do with the combination SI and Athlon 1800 xp. But once again it's just guessing.
Yes finally I can set breakpoints.
Btw crassy, u can download it via eDonkey
serkul
08-26-2002, 11:45 PM
another way to 'step into an application' is possible using lordpe from yoda.
- 'bpint 3' in softice
- use 'Break & Enter' feature in lordpe
- patch the 1st byte of the app back to its original value because it was changed to int 3
Ohno2Cracked
08-26-2002, 11:47 PM
Just before my tennislessons writing this reply :-)
Ok then. I solved the problem with installing driverstudio 2.6. I don't know the problem with SI 4.05.334, maybe it has something to do with the combination SI and Athlon 1800 xp. But once again it's just guessing.
Yes finally I can set breakpoints.
Btw crassy, u can download it via eDonkey
vBulletin® v3.8.2, Copyright ©2000-2009, Jelsoft Enterprises Ltd.