Results 1 to 10 of 10

Thread: SoftIce crash on System Enter

  1. #1

    SoftIce crash on System Enter

    I've tried to avoid bugging you guys with simple stuff but your
    the best source on SoftIce problems I know of.

    I'm trying to debug a program I'm writing using SI. I'm writing in C++
    using Borland on an AMD with SP1. I've had this problem
    everytime time I single step through kernel32 to Nt. I get about
    two steps in from "Enter System" and I crash. This particular
    time I am trying to find why I crash doing a ReadFile to fill
    BITMAPFILEINFO struct but I've seen this on other programs I've
    single stepped through also. If I "G" straight through, I don't
    crash.

    I did a search first before writing this thread using "Enter System"
    and "Crash on SoftIce Enter System" but come up blank. I feel sure this
    is an old SI problem others have had but I can't think of other
    items to search on.

    If I'm crashing because I'm entering ring 0, why don't I also
    crash when I blast through?

  2. #2
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    why are you using softice instead of ollydbg? the latter is much easier to learn and use for most people.

  3. #3
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Quote Originally Posted by toolmanx View Post
    I did a search first before writing this thread using "Enter System"
    and "Crash on SoftIce Enter System" but come up blank. I feel sure this
    is an old SI problem others have had but I can't think of other
    items to search on.
    You should have tried "sysenter"...

    http://www.woodmann.com/forum/showthread.php?t=7750

    http://www.woodmann.com/forum/showthread.php?t=6275

    http://www.woodmann.com/forum/showthread.php?t=8731

    http://www.woodmann.com/forum/showthread.php?t=6208

    http://www.exetools.com/forum/showthread.php?p=22708


    And disavowed, using Softice or OllyDbg has nothing to do with it...
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  4. #4
    To answer the first question. I worked hard to get SoftIce up and running and I like it.

    I solved my problem in my program using PEBrowse Dbg which allowed me to step through. I was trying to load a pointer with an address of "nada". That doesn't work well.

    Finally, Thanks for the threads. I'll read each one right now.

  5. #5
    hmm if I remember correctly I had same problem on XP without SP, softice used to crash system exactly a few instruction after sysenter at the point when r0.esp is read from KPCR and stored in esp, never was curious to figure what was the problem as SP2 solved the problem.

  6. #6
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    Quote Originally Posted by dELTA View Post
    And disavowed, using Softice or OllyDbg has nothing to do with it...
    i didn't mean to imply that the problem was softice-specific. i just try to discourage new people from trying learn softice instead of ollydbg and/or windbg.

  7. #7
    You can learn sice anyway and then switch to syser...
    ------------
    mmmh.... just reinstalled sice and it freezes huff...
    Last edited by Maximus; November 27th, 2007 at 14:55.
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  8. #8
    latest ds 3.2 patches?

    Anyhow, softice learning is worth, it helps new driver developers to learn driver writing much faster, instead of using vmware and windbg...

  9. #9
    I have a clean DS 3.1 installation on my WinXP Pro SP1 box, this setup works best for me

    Quote Originally Posted by Maximus View Post
    mmmh.... just reinstalled sice and it freezes huff...
    Remember to do a "Display detect" and then a "Test" while in the configuration. If i don't do this it freezes for me aswell :s

    JW.

  10. #10
    Yes i did, and test goes ok... I dont wanna run in the madness again...

    olly+advanced olly and few plugs does an excellent job anyway (all the times i right-click i find everything i could need). bah, i'll wait syser 2.0...
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

Similar Threads

  1. OLDB crash
    By dexta666 in forum OllyDbg Support Forums
    Replies: 4
    Last Post: July 14th, 2006, 10:15
  2. crash ollydbg 1.10, OD has a big bug
    By loveboom in forum Bugs
    Replies: 11
    Last Post: May 27th, 2004, 01:29
  3. 1.10c bug, crash OllyDBG
    By ssb in forum Bugs
    Replies: 7
    Last Post: May 16th, 2004, 23:51
  4. Help please about FLAIR.Enter please.
    By allex02 in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: July 17th, 2002, 03:43
  5. Softice and System crash when going into message loop
    By Joe Doe in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: June 24th, 2001, 23:34

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •