Results 1 to 3 of 3

Thread: SOFTICE is writing to my disk!!!!

  1. #1
    Bratsch
    Guest

    SOFTICE is writing to my disk!!!!

    Hello again.

    I have been seing something in SoftIce that is driving me wild. I have RTFM and found no particular reference to the Issue. Here it goes:

    sometimes I patch the code in memory, using the A(ssemble) command of Sice, to see if it would work there before I modify the file with HIEW. ie I change a JZ to a JMP and so on in memory. Now when I go to change the file with HIEW, THE DAMN THING IS ALREADY CHANGED. Is softice writing the changes I perform in memory to the file? I even saw the op code for INT 3, CC, in the places I had placed a BPX!. WTF is going on? Is softIce suppossed to do this? I have never seen that documented in any tutorial. Or may be the program I am working on copies itself from the memory to the disk when it closes?

    I recently installed Sice 4.05, so I do not know if this is a relatively new feature or It is me going crazy.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,114
    Blog Entries
    5
    Hi again Bratsch,

    This is something that came to light some months back with MS Visual C++ v5.0 and v6.0. It happens fairly frequently it seems, but not with all programs, and you're not going crazy

    You must disable all BP's before exiting the program or CC's may be written as you noticed, and changes you make with 'a' will be hardwritten to the file. (I did mention it in my TracePlus tut actually). There were a few explanations put forth on the Board at one time, some weird paging fault error sounded plausible.

    Just make sure you've got a backup of the original file. BTW, what program were you working on with the disabled ListBox items? Sounds interesting...

    Regards,

    Kayaker

  3. #3
    Bratsch
    Guest
    Hi Kayaker, Thanks for being helpful, and afable. I am not sure if I should tell you the program I am working on In this public forum. It is not an internet available shareware, but rather a specialized software present in a CD, with a sort of reduced marker, so if that info gets in the wrong hands, The software company might trace it to me. Am I being overcautious? perhaps.
    However It does not mean I do not want to discuss about it with you. E-mail me to My avatar at picapiedra01@yahoo.com if you want and I can talk to you in a more private environment.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Raw disk writing in Windows98
    By xCoder in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: May 7th, 2011, 17:36
  2. SOFTICE Problems..
    By cRk in forum Tools of Our Trade (TOT) Messageboard
    Replies: 6
    Last Post: April 14th, 2003, 21:25
  3. SOFTICE : need a function for decrypt ...
    By SOLDIER8514 in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: August 24th, 2002, 14:01
  4. HIDING SOFTICE ?
    By Treks in forum Advanced Reversing and Programming
    Replies: 5
    Last Post: February 19th, 2001, 03:26
  5. RE: SOFTICE FREEZING
    By SilverWar in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: January 10th, 2001, 08:33

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •