Results 1 to 6 of 6

Thread: Softice, VMWare and INT3

  1. #1
    asr
    Guest

    Softice, VMWare and INT3

    Hi,

    i noticed several posts about vmware and softice. I made all necessary adjustments and they work more or less good. The problem I am still having however is that manually places int3 calls crash vmware.
    For example if I place a 0xcc at the entry point of an application the vm goes down immediately (not the os running inside). breakpoints i set with softice work fine.
    Does anyone else here know this problem or any workaround?

    -asr
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Put EB FE in the EP instead so the program is put into an infinite loop, then use softice to replace the first bytes again and keep tracing.

  3. #3
    It would help if you had mentioned the versions of the software you are using and the OS. It's also not clear what you mean by "if I place a 0xcc at the entry point of an application the vm goes down immediately."

    Are you saying that as soon as you change the byte to CCh, without doing anything else, VMWare crashes, or are you saying "after" you change the first byte to CCh and start the program, VMWare crashes??????

    Have you turned "ON" "I3HERE" in softice? Did you use 'bpint 3' in softice ?

    In short, think more carefully about what your setup is and about what you actually did and remember that WE WEREN'T WATCHING YOU DO IT and don't know your machine. Say what YOU DID like you wanted someone who WASN'T there to know EXACTLY how you set thing up and enough of the complete steps you followed to actually understand WHERE it started to go wrong.

    Regards,
    JMI

  4. #4
    asr
    Guest
    Quote Originally Posted by JMI
    It would help if you had mentioned the versions of the software you are using and the OS. It's also not clear what you mean by "if I place a 0xcc at the entry point of an application the vm goes down immediately."

    Are you saying that as soon as you change the byte to CCh, without doing anything else, VMWare crashes, or are you saying "after" you change the first byte to CCh and start the program, VMWare crashes??????

    Have you turned "ON" "I3HERE" in softice? Did you use 'bpint 3' in softice ?

    In short, think more carefully about what your setup is and about what you actually did and remember that WE WEREN'T WATCHING YOU DO IT and don't know your machine. Say what YOU DID like you wanted someone who WASN'T there to know EXACTLY how you set thing up and enough of the complete steps you followed to actually understand WHERE it started to go wrong.

    Regards,
    Thx for your reply. I'm using Driver Studio v3.1, VMWare v4.5.1 Workstation. The OS running inside VMWare is Windows 2000 Pro. Placing an endless loop wont help me since i want to break on application entry.
    I changed the byte at an entry point of an application to 0xcc. Set "bpint 3" inside softice and ran the application. VMWare then came with a popup saying "Virtual Machine Kernel Stack fault..."

    I hope this will reflect what i wanted to do.

    -asr
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Quote Originally Posted by asr
    ...Placing an endless loop wont help me since i want to break on application entry.-asr
    It will work if you place the infinte loop at the Entry Point.

  6. #6
    Quote Originally Posted by asr
    I'm using Driver Studio v3.1, VMWare v4.5.1 Workstation. The OS running inside VMWare is Windows 2000 Pro. Placing an endless loop wont help me since i want to break on application entry.
    I changed the byte at an entry point of an application to 0xcc. Set "bpint 3" inside softice and ran the application. VMWare then came with a popup saying "Virtual Machine Kernel Stack fault..."
    I run the exact same versions and have not seen this problem. What's your base OS? Mine is also Windows 2000 Pro. Try I3HERE ON instead of bpint 3 and see what happens.

Similar Threads

  1. SoftICE and VMWare
    By SynApsus in forum Tools of Our Trade (TOT) Messageboard
    Replies: 6
    Last Post: September 5th, 2006, 10:55
  2. VMWare Player
    By nikolatesla20 in forum Off Topic
    Replies: 2
    Last Post: October 23rd, 2005, 10:15
  3. VMWare & Softice - Experiences, problems and solutions
    By dELTA in forum Tools of Our Trade (TOT) Messageboard
    Replies: 11
    Last Post: April 20th, 2005, 01:27
  4. a protection algorithm using INT3
    By Hero in forum The Newbie Forum
    Replies: 27
    Last Post: September 29th, 2004, 11:25
  5. INT3 and process
    By Hero in forum The Newbie Forum
    Replies: 2
    Last Post: September 22nd, 2004, 09:01

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •