Page 4 of 5 FirstFirst 12345 LastLast
Results 46 to 60 of 64

Thread: soft ice in a VM and Windbg growing pains

  1. #46
    Quote Originally Posted by blabberer View Post
    thats is 3 os (one xp which is a physical machine and host for two vms running windows 98 side by side )
    Win 98...AAAAAARRRRRRGH!! Dual Win98....double AAAAAARRRRRRGH!!.

    Actually, my ploy in this post is to con you into using softice so much that you'll like it. I gather from your blog that you have never given it much of a shot. I have spent hundreds of hours on it and I swear by it, when it's running. Running on XP with SP3, it's so solid it's sickening. It never crashes no matter what routes I take through Ring 0.

    Sysini files...triple AAAAAARRRRRRGH!!

    I'll have a closer look at your blog when my head clears. Thanks for the link.

    Quote Originally Posted by blabberer View Post
    instead of this i think you should do
    this end is client and other end is physical host in the vm (not sure i dont have vmware installed to provide you correct info)
    I'll work it out. I just wondered if there was an advantage to having the host in the VM or elsewhere.

    Quote Originally Posted by blabberer View Post
    as far as usb debugging is concerned reports are that it doesn't work properly
    Technically, I'm not using USB, I am using serial with the USB acting as a conduit to the serial interface. I figured as long as Windbg sees a legitimate serial interface with full RS232 handshaking it should not care what is on the other side of the serial - USB adapter.

    I have to study this more but the config for Windbg seems only concerned about what Windbg sees. If it's talking to a serial port, it should be happy. That may answer the question I posed to you. Since the only serial port I have is on the desktop, Windbg will have to be on the desktop.

  2. #47
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,456
    Blog Entries
    15
    Technically, I'm not using USB
    i dont know i replied back what i read around

    if you buy it and if it worked post back the details

    my ploy in this post is to con you into using softice so much that you'll like it
    i never said i disliked it

    like you qualified your statement with if it ran it ran solid it never runned or ranned

    and i didn't have the expertise / skill / time / internet connection to scavenge / download megabytes ( no not talking about dvd rip of 4.4 gb much much smaller mbs at 28.8 kbps meant days together )to make it run while i was crawling

    and i found free alternatives that were much more stable and support for them too from official channels were easily available so never used softice much
    that is all

  3. #48
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,047
    Blog Entries
    5
    Quote Originally Posted by blabberer View Post
    i never said i disliked it

    i found free alternatives that were much more stable and support for them too from official channels were easily available so never used softice much
    that is all
    I can't help but hearing that in the voice of Tom Selleck in the movie Quigley Down Under. In a final scene, the overconfident bad guy assumes the injured Quigley doesn't know how to use a Colt revolver very well, so challenges him to an unfair duel. After shooting all the bad guys before they can even draw their guns, Quigley walks over to the dying villian and drawls,

    "I said I never had much use for one. Never said I didn't know how to use it."

  4. #49
    Quote Originally Posted by blabberer View Post
    ...much much smaller mbs at 28.8 kbps meant days together )
    I painfully recall days the old pre-internet days on BBS's running x-modem, y-modem and z-modem. 9600 baud was the order of the day with some people actually running 300 baud. 28k was like lightning and 56k seemed impossible. Then again, in the early 80s, a removable disk drive cartridge was 18" in diameter and held all of 5 megs. You get 3 1/2" disks these days holding a third of a terabyte (1000 gigabytes), with three of them holding a terabyte. The track density was 1000 tracks per inch circa 1980. I used to repair computers in which the CPU was transistorized.

    When I look at my thumb drive, which is essentially the length of my thumb, and holds 20 gigs of data, the mind boggles.

    I got interested in softice reading Matt Pietrek's book on Windows 95 in which he talked openly about 'spelunking', which was his name for reverse engineering. He worked for Numega, I think on the Boundschecker program. In those days, softice was not that big in size.

  5. #50
    whats is the actual state now ?
    like hwnd command is working but its still not accepting valid handles ?

  6. #51
    Quote Originally Posted by Elenil View Post
    whats is the actual state now ?
    like hwnd command is working but its still not accepting valid handles ?
    No...hwnd only works after using 'addr explorer', then a 'hwnd' by itself lists all the window handles.

    If I select any of the valid handles and use

    bmsg <hwnd> <message>

    I get an error message stating that the window handle is invalid.

    I have confirmed the handles using SPYXX and the cdb debugger from Debugger Tools for Windows. Softice even displays all the correct handles with the HWND command but when I enter one in BMSG it claims the handle is invalid.

    I have moved on from that problem for now. I am currently creating a new VM with a fresh windows install and a fresh installation of ice.

  7. #52
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,456
    Blog Entries
    15
    I am currently creating a new VM

    that sounds as if it is a mammoth project

    you can reuse the virtual hard drives

    make one vhd and use it on 100's different virtual machines
    one with softice
    one with visual studio
    one with malware
    one with network
    one without network
    one with page file
    one without page file


    all you have to do is save away a copy of a fresh vm to some place

    when you want to make xpsp3hotdog version

    copy the saved vm to a new folder and use the option with an existing vhd instead of create new vhd

    install hotdogs and you have xpsp3hotdogs vm in say 15 minutes at the max including a break to the piss room

  8. #53
    Quote Originally Posted by blabberer View Post
    I am currently creating a new VM

    that sounds as if it is a mammoth project
    It shouldn't be but I get right into it with hammers, saws, and whatnot and by the time I finish it is a mammoth project.

    Quote Originally Posted by blabberer View Post
    you can reuse the virtual hard drives
    Yeah...I do reuse them. I even have DOS and Win 98SE setup. I may even try Linus again to see if they have advanced from the dark days of Unix, pre-1980. They were making headway with their GUIs, like KDE (I hated Gnome), but their command line setup was still a horror show for a newbie.

    With my present VM install, I wanted to be absolutely sure I had a clean install of XP so I started from square one.

    Right now I am getting grief from that piece of crap otherwise known as Internet Explorer. I am trying to d/l Comodo's free firewall/antivirus package and IE tells me it can't connect to a certain site. So I d/led Firefox, which I should have done right off rather than fiddle with that over-bloated monstrosity. When Firefox asked if I wanted to make it the default, I said, "yes, please".

    What kind of addled brain would one need to design something like IE? I tred to download a file that is fairly large and IE insisted on saving it as a link to my desktop. When I refused the offer and guided it to another directory, it d/l'd the large file as a link. Have you ever seen a file with a .lnk extension that is 145 megs long?

    I see now what the problem was, I was trying to open the aforementioned lnk file before it was fully downloaded, but IE did not know that. It kept telling me it was a lnk file.

    Then I opened its brother, File Explorer. There's another joke. If you want a dual pane situation, you have to open another instance of file explorer. Why...after all these years, have they not built in functionality to have a dual pane setup? Give up...I'll tell you why? They want you to do it there way. What you want as a user means nothing to msoft. Who else would gear an OS (win 8) at touch screens? Prefer a mouse...to bad...msoft is telling you how the future will be.

    When you open explorer to view files, it insists on opening in documents and settings, and as you try to click on the file you want, it goes on resizing, forcing you to chase your desired directory with the mouse.

    I had to edit this post to ad another whine. When you open file explorer under normal conditions, it lists the files but does not tell you the directory or path. That is pure Unix bs and that's what microsoft is trying to implement. In Unix, everything is a file, even a directory, and that's how msoft has designed the NTFS file system. I am discovering all that from my MFT project/thread which is on hold till I get softice running again.

    It may be of interest to you to realize that the old DOS-style directory/file path is now merely a wrapper around the namespace base that msoft bases file explorer on. Yes...there is yet another hidden file system between the user and the MFT on an NTFS system. You might say the MFT is part of that hidden file system, and it gets processed by shell32 and shlwapi in conjunction with ole32. I haven't gotten into objects yet which have totally obfuscated the real hardware lying underneath the msoft OS.

    The shell in shell32 is related to the shell the user sees. The user sees files and directories and shell32 translated them into item lists that break the path into objects.

    To me, having grown up with computers in the early 80s. that kind of thinking is a major step backwards.

    End of whine.

    Talk about Big Brother. Microsoft knows best which directory you want to start in and how you will think in the future, which is actually the dark Unix past.
    Last edited by WaxfordSqueers; August 21st, 2013 at 16:03.

  9. #54
    Quote Originally Posted by WaxfordSqueers View Post
    End of whine.
    Happy(er) camper, here (happier than I wuz while whining about msoft in my last post).

    No more error messages on bmsg...just the sweet acceptance of handles, and the subsequent listing of bl's showing the set breakpoint.

    The clean install of both XP and ice seems to have done the trick.

    Speaking of 's, where's JMI these days? He used those a lot.

  10. #55
    if you want wax you can use the patch ntice function (i can think you need the ds 3.2 to work this instead of the older softice dunno if its possible just to replace the ntice file on the old version of ntice)
    this makes the hwnd command work on every exe - so you dont need the spy++

    theres a rare scenario it does not work with the addr command but useally it should be fine and it work 100 % if you was in proper context like after a breakpoint in the executable

  11. #56
    He's still here, just very busy at the moment.
    JMI

  12. #57
    Quote Originally Posted by JMI View Post
    He's still here, just very busy at the moment.
    Glad to hear you are alive and well, JMI.

  13. #58
    Quote Originally Posted by WaxfordSqueers View Post
    Happy(er) camper, here
    A bit premature...sigh!!

    Got ice to break in the VM on a bmsg and traced till a jump came to User32!CallWindowProcA. Upon entering U32, the mouse and kbrd disappeared. There is a blinking cursor in the ice window but I cannot access it.

    Even worse, can't get out of the ice window.

    May have something to do with the entries in the VM config file for softice. There are two versions of them, one for older VMs and one for newer VMs. I am using

    vmmouse.present = FALSE
    svga.forceTraces = "TRUE"

    NOT

    vmmouse.present = FALSE
    svga.maxFullscreenRefreshTick = 5

    I don't want to shut softice down yet and was hoping someone in the know was hovering (or paddling) nearby.

  14. #59
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,047
    Blog Entries
    5
    Oh Boy, now you did it! If you're locked up in Sice I'm not sure what you could do, other than maybe suspending the VM, change to the RefreshTick config, and resume to see if that fixes it. Might be borked now though.

    Interesting if you could do an exact snapshot with and without the glitch, and binary compare the snapshots. Would the "glitch" be visible as a byte difference I wonder, even if not understood as representing such?

  15. #60
    Quote Originally Posted by Kayaker View Post
    If you're locked up in Sice I'm not sure what you could do
    Played around a bit and found that ctrl-alt-esc gets me out of ice and the vm. I can get right back to the host. However, if I re-enter the vm, I'm back in ice with a frozen mouse cursor and a blinking cursor in the command window. Weird.

    I'll see if I can get a snapshot somehow.

Similar Threads

  1. One soft protect by crypkey.
    By banch in forum The Newbie Forum
    Replies: 10
    Last Post: June 7th, 2013, 06:11
  2. newnie want ollydebug soft
    By ugam in forum OllyDbg Support Forums
    Replies: 2
    Last Post: January 6th, 2006, 08:14
  3. win16 soft over nt
    By potros in forum The Newbie Forum
    Replies: 1
    Last Post: September 23rd, 2005, 19:09
  4. can soft-ice for dos be load in the lower memory
    By robertyonghu in forum Tools of Our Trade (TOT) Messageboard
    Replies: 6
    Last Post: November 10th, 2001, 22:21
  5. Armadillo protected soft
    By LaptoniC in forum Advanced Reversing and Programming
    Replies: 8
    Last Post: May 7th, 2001, 06:57

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •