Page 2 of 2 FirstFirst 12
Results 16 to 18 of 18

Thread: softice commands removed or changed ?

  1. #16
    i want to show a other softice error i found recently
    when ssdt table -> NtTerminateProcess is changed from anti virus driver software like Avira anti virus (i think kaspersky also does cant check yet)
    SoftICE make itself to a endless loop (EBFE) this lags the whole computer then
    + softice window change to confusing only WR WD WC restore the SI window back
    solution is kinda simple you restore the orignal SSDT address for NtTerminateProcess
    Last edited by Elenil; November 12th, 2008 at 21:12.

  2. #17
    Quote Originally Posted by WaxfordSqueers View Post
    Oops, spoke too soon. Just upgraded to NVidia driver a few days ago and it does not work.
    Update...had to drop back to my old NVidia drivers,, and they work with ice. Don't confuse the end set of numbers, 7813 and 8198, with how current they are. The 7813 drivers are most recent and do not work with ice. The 8198's are listed as 81.98 by NVidia whereas the 7813 are something like 178.13 and are quite recent version.

  3. #18
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Blog Entries
    The EBFE seems to be Softice protecting itself and the system from catastrophic destruction. That particular occurence is later in the Int0E page fault handler. And you're right, shutting off the various windows seems to be part of it since the WD etc commands are called internally, as well as outputting a Raw Stack Dump before hitting the spin loop.

    Continuing with the useless information..

    The other two cases of EBFE would give an indicative error message if their loop routine was called:
    - Breakpoint table has been corrupted

    It would be interesting to know where the fault lies with those AV SSDT hooks. The Raw Stack Dump output might indicate something.

    Quote Originally Posted by Elenil View Post
    when ssdt table -> NtTerminateProcess is changed

Similar Threads

  1. Why my Topic is removed
    By yano in forum OllyDbg Support Forums
    Replies: 2
    Last Post: August 1st, 2005, 03:38
  2. Things have changed...
    By _xhp_ in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: July 4th, 2005, 05:37
  3. breakpoints get removed when DLL is unloaded
    By dsula in forum OllyDbg Support Forums
    Replies: 3
    Last Post: December 31st, 2002, 14:17
  4. The isp was changed just today
    By tsehp in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: May 26th, 2001, 17:17


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts