Results 1 to 13 of 13

Thread: jump generator

  1. #1
    amois
    Guest

    jump generator

    I am searching for Kayaker's Jump Generator. I could'nt find on the net.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,157
    Blog Entries
    5

    Question

    Gee, I don't even remember creating that one. Is it any good?

    Heh, No I don't think that was mine. If you saw it at one of the high quality professional Toolz sites, then it *definitely*wasn't mine

    I did a little jump proggy example thingy during a project a while back, but I don't think that's what you want. Do you mean an Opcode Jump Generator? Neural Noise made one and there's a few others around as well.

    You might find what you're looking for at

    h**p://www.programmerstools.org/

    regards,
    Kayaker

    PS, If I create any more cool toolz I don't know about, let me know.

  3. #3
    Hiya,

    Kayaker, I have a feeling he means your backtrace buffer disassembler.

  4. #4
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,157
    Blog Entries
    5
    Originally posted by Js
    Hiya,

    Kayaker, I have a feeling he means your backtrace buffer disassembler.
    Hi,

    If that's the case, wait until the hot new improved version Clandestiny and I have been working on. Complete with vxd, winice memory patching, BCHK triggered INT1 Softice popup for target memory access, and auto search/dumping of the Softice backtrace buffer for viewing or saving.

    Easily crackable commercial version also available for a nickel...



    Kayaker

  5. #5
    Scally6
    Guest
    But does it make toast?
    Regards
    Scally
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    amois
    Guest

    jump generator --> back trace buffer

    I don't know exactly this Kayaker's Jump Generator. My friend said to me. I have a problem about BPR and BPRW SoftIce commands. When i try to run thoose commands, 99% my computer is crushing. Also, MAP32 and MOD commands don't work. Therefor i need alternative for SoftIce back tracing.

    regards
    amois
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,157
    Blog Entries
    5
    TO DO LIST: Implement breakfast features for Scally. LOL

    Those are strange symptoms amois. If Softice is working properly the MOD command should display the windows module list, the command either works or it doesn't. MAP32 as well as BPRW might appear not to work if you use the module name given under TASK and the filename is longer than 8 characters. You need to use the full name you see under MOD instead (which is rather ironic). A guess is that you may be working with a funny filename, change it to a standard 8 character filename and see if that works.

    If you're crashing on the BPR commands this is really strange. Is this only when using the Trace option or does it occur on ReadWrites as well? If the advanced breakpoint you set while setting up the backtrace is never reached (or if you didn't set one), then the system might never return to Softice, your system will seem to hang and maybe you crash.

    How does your system work when just dealing with notepad? Try breaking at program start using the SI loader and set up a backtrace with
    BPRW Notepad T

    Then set breakpoint a few lines down, or on an API, that you know will be called. Then press F5. Softice should immediately break and the SHOW command should show you the code lines just executed within the address range of notepad. Try this and see if it works.

    Read the Softice Command Reference for the exact usage of the BPR trace functions.


    The backtrace buffer disassembler/dumper is meant ultimately to be able to save the output of ongoing traces. It works with an existing backtrace you've done, or to one with the program loaded so you are able to access its memory or trace packed code. Normally you use the SHOW or TRACE commands. You need to make sure you can generate a backtrace in Softice properly first.

    Then make toast

    Hope this helps,
    Kayaker

  8. #8
    Unregistered
    Guest

    my problem

    I am just reflecting my problem directly from SoftIce.

    :task
    TaskName SS:SP StackTop StackBot StackLow TaskDB hQueue Events
    Loader32 0000:0000 007FB000 00800000 2FD6 3037 0000
    Notepad 0000:0000 0063D000 00640000 2B8E 2E0F 0000
    Wincmd32 0000:0000 0070E000 00720000 2BC6 2C17 0000
    Pstores 0000:0000 0056D000 00570000 250E 298F 0000
    Stmgr 0000:0000 0056C000 00570000 2A5E 2AC7 0000
    Wmiexe 0000:0000 0056B000 00570000 25DE 0000 0000
    Msmsgs 0000:0000 0069D000 006A0000 29A6 25C7 0000
    Ctmix32 0000:0000 0063D000 00640000 216E 295F 0000
    Newsupd 0000:0000 0063D000 00640000 284E 2967 0000
    Internat 0000:0000 0057D000 00580000 2786 27CF 0000
    Systray 0000:0000 0063D000 00640000 26BE 280F 0000
    Taskmon 0000:0000 0063E000 00640000 248E 2507 0000
    Rpcss 0000:0000 0056D000 00570000 1F4E 1F6F 0000
    Explorer 0000:0000 005A9000 005B0000 2266 227F 0000
    Mstask 0000:0000 0056D000 00570000 1A9E 1B1F 0000
    Mprexe 0000:0000 0072E000 00730000 193E 199F 0000
    MMTASK 1E57:1F80 00B2 201C 201C 1B26 1E6F 0000
    MSGSRV32 15C7:7D40 0174 7DDE 7DDE 15A6 0C5F 0000
    KERNEL32 * 0167:1218 00034530 00044530 00D7 0C5F 0000
    :map32 notepad
    :map32 wincmd32
    :mod notepad
    hMod Base PEHeader Module Name File Name
    :mod wincmd32
    hMod Base PEHeader Module Name File Name
    :bprw notepad t
    Module Not Found
    :bprw wincmd32 t
    Module Not Found
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  9. #9
    Programmer Run Amock... Bengaly's Avatar
    Join Date
    Aug 2001
    Location
    Somewhere over the Rainbow
    Posts
    289
    Blog Entries
    1
    Heya all...

    *g*, someone asked help..give it to da man ;D
    Jump Generator by Muad'D1 ;D

    anyway, get the JumpGenerator from :http://muaddib.immortaldescendants.org

    Work Well

  10. #10

    ..

    Bengaly,
    he isn't alking about jump gen.
    Kayaker, look how much interest I generated in your backtrace disassember, do I get a percentage?

  11. #11
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,157
    Blog Entries
    5
    Sure Js, you name the cut and I guarantee the cheque is in the mail...

    Amois, it looks like maybe Softice doesn't have any data on the loaded modules, so the commands requiring a module name fail. When a program is mapped into memory, winice monitors the loading of each section of it including the dlls it uses.

    For example, when I load notepad and immediately Ctrl-D into Softice I see this in the command window:

    WINICE: Load32 Obj=0001 Add=0167:00401000 Len=00004000 Mod=NOTEPAD
    WINICE: Load32 Obj=0002 Add=016F:00405000 Len=00001000 Mod=NOTEPAD
    WINICE: Load32 Obj=0003 Add=016F:00406000 Len=00001000 Mod=NOTEPAD
    WINICE: Load32 Obj=0004 Add=016F:00407000 Len=00005000 Mod=NOTEPAD
    WINICE: Load32 Obj=0005 Add=016F:0040C000 Len=00001000 Mod=NOTEPAD
    WINICE: Load32 Obj=0001 Add=0167:7FCB1000 Len=00086000 Mod=SHELL32
    WINICE: Load32 Obj=0002 Add=016F:7FD37000 Len=00001000 Mod=SHELL32
    ......

    Do you see this? If not, then Softice probably isn't behaving properly.

    Softice likely gets some of the information it needs for certain commands from the Process and Environment Database. If you type
    : proc -x notepad
    you should see lots of pointers to process information.


    When you type MOD you should see:

    :mod notepad
    hMod Base PEHeader Module Name File Name
    2667 00400000 817156C8 NOTEPAD C:\WINDOWS\NOTEPAD.EXE

    From the PEHeader address you can get the information you see in the MAP32 command:

    :map32 notepad
    Owner Obj Name Obj# Address Size Type
    NOTEPAD .text 0001 0167:00401000 00003E9C CODE RO
    NOTEPAD .data 0002 016F:00405000 0000084C IDATA RW
    NOTEPAD .idata 0003 016F:00406000 00000DE8 IDATA RO
    NOTEPAD .rsrc 0004 016F:00407000 00004FB8 IDATA RO
    NOTEPAD .reloc 0005 016F:0040C000 00000A9C IDATA RO


    I'm not sure why TASK gives you some information, but these other 2 commands don't. Perhaps one of your other programs is interfering with Softice for some reason, try a reboot with minimal programs loaded, get rid of wincommander and anything else that starts up automatically. Are you running on a network? (Pstores looks familiar). Try not logging on and see if SI behaves any differently.

    As a desperate measure try reinstalling Softice. I'm not sure what your problem might be otherwise.

    regards,
    Kayaker

  12. #12
    amois
    Guest

    Win ME --> Win 98

    I erased Win Me, than installed Win 98. Now SoftIce is full working. I don't have problem's about MOD, BPR etc..

    Thanks to Kayaker for helping.

    regards
    amois
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13
    Programmer Run Amock... Bengaly's Avatar
    Join Date
    Aug 2001
    Location
    Somewhere over the Rainbow
    Posts
    289
    Blog Entries
    1

    Hahh..ohh welll :-)

    Heya all..

    ahh ok sorry, i though u ment JumpGenerator ;-)
    didn't know he ment BackTrace utile.
    BackTrace is cool, but never worked ;-) no BPR/BPMs works..(win98),

    anyway cya
    "knowledge is now free at last, everything should be free from now on, enjoy knowledge and life and never work for everybody else"

Similar Threads

  1. The error of different vendor ID generator same code
    By hanzi in forum Advanced Reversing and Programming
    Replies: 12
    Last Post: November 26th, 2005, 10:53
  2. newbie Q: far jump?
    By chitech in forum The Newbie Forum
    Replies: 5
    Last Post: September 5th, 2002, 20:24
  3. How to calculate which jump I want to use...
    By Six Black Roses in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: March 12th, 2002, 19:28
  4. opcode generator
    By dunno in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: December 10th, 2001, 12:22
  5. Reprogramming a passcode generator
    By peterg70 in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: December 9th, 2001, 08:29

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •