Results 1 to 3 of 3

Thread: Just another problem with sice in XP

  1. #1
    -K0K-
    Guest

    Just another problem with sice in XP

    Hi everybody...

    mi Driver Studio 2.7 wont go back in the code with F12 when I put a brakepoint and activate them. I could not find a solution to this, the strange thing is that DS has no other problem than that one... F12 doesn't work in my computer.
    I have configured my sice adding most of this dlls:

    hal.dll
    ntoskrnl.exe
    ntdll.dll
    kernel32.dll
    user32.dll
    csrsrv.dll
    basesrv.dll
    winsrv.dll

    Any suggestions?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    1)Look at the contents of winice.dat and find out if F12 is equal to ^p RET.

    2) Normally, F12 does not take you back to your code, it only traces until the next RET instruction is executed. You may be several calls deep into the code woods and need to press F12 several times to return to your code.

    F11 usually equal to ^G @SS:ESP a macro that USUALLY, but not always, gets you back to the calling code, your application, provided you press it before anything has been pushed into the stack, ie as soon as Sice breaks.
    Hope this makes sense
    Last edited by naides; October 21st, 2003 at 16:07.

  3. #3

    As Above

    First of all, make sure that you are not using the standalone version of SoftICE 4.05 (NT) - some warez sites also call it the standalone softice from Driver Studio. It is not.

    If that is all out of the way, you might try upgrading your system to SP1.

    If that does not seem to work too, the best tool for testing is already present. Notepad.exe. Copy the file to a temporary directory, run it, breakpoint on CreateWindowExA and when you hit it, press F12 (but check that F12 is actually ^p RET).

    If that also does not work, then open the command prompt and type in: SFC /SCANNOW. Keep your Windows XP CD ready. This will replace all files in virgin condition from the CD (.DLLs generally get corrupted because some lousy applications install their own versions of the same dlls.) Try the F12 bit again.

    If that does not work, you may try re-installing Windows XP. If it works this time around, you can be pretty sure some app is messing with the softice. And yes, make sure you have disabled the anti-virus before you have tried any of this stuff.

    If you really do not want to to go through all this trouble, you may try to put a breakpoint (normal, anywhere you prefer). Subsequently, scroll down and find a RET instruction. Breakpoint that instruction too. This will ALWAYS work.

    A better deal would be to upgrade to Driver Studio 3.

    Have Phun
    Blame Microsoft, get l337 !!

Similar Threads

  1. sice display
    By chami in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: October 22nd, 2002, 12:55
  2. sice on 2k (again...)
    By drcmda in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: April 30th, 2002, 09:42
  3. using sice under 2k
    By markedone in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: November 2nd, 2001, 11:01
  4. sice
    By dooral in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: March 6th, 2001, 21:54
  5. Some question about sice
    By Juergen in forum Malware Analysis and Unpacking Forum
    Replies: 4
    Last Post: January 18th, 2001, 23:42

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •