Results 1 to 10 of 10

Thread: Not another bloody SoftICE problem.

  1. #1

    Not another bloody SoftICE problem.

    I have tried in vain to find the solution to this problem myselfl.

    A little history, I had DS3.01 installed and running well on XP Home + SP1,
    then one day it decided it no longer wanted to display the console. I can get it to work again by installing a fresh OS and reinstalling DS.

    Along comes SP2 which I want running regardless of how desparate I am to get DS up and running. I have downloaded the most recent version of osinfo.dat and ntoskrnl.nms and set NTSYMBOLS=ON in winice.dat. I've also applied the DS30SP2.DAT update.

    Launching softICE cause the mouse to freeze, although it works in the console. The console accepts keyboard input as expected. Upon exiting softICE the the mouse pointer remains static and the keyboard only seems to respond to Ctrl+D or numlock keys, capslock light remains off.

    I think the problem lies in the error messages displayed in the console, though I can't seem to find an answer on this forum or elsewhere.

    The errors are all API hook failures: MiMapViewOfImageSection
    MiUnMapViewofSection
    MiAddValid PageToWorkingSet
    KebugCheck2
    MiCopyOnWrite
    UhciInsertQh
    UhciUnlinkQh
    USBPORT_AlocateUSBAddress

    Most of the above hint at keyboard and mouse related funtions.
    My question is how do I fix this? My keyboard is PS/2 and my mouse is USB using a PS/2 adapter.

    Below these messages I see
    NTICE: NTRaiseHardError found at index 00b6
    IntOE fault in SoftICE at address F2471053 offset 00092D8F Fault Code 3B030000.

    Selecting the different combinations of the troubleshooting options didn't help.

    BTW. I have tried OllyDbg as an alternative, with erratic results. Perhaps I'll save that for another thread.

    I sincerely hope someone can help me in reaching a solution on this one as it is really annoying me.

    Thanks for any help or advice.

    5aLIVE.

  2. #2
    Hmmm.
    I found this although it it dated 2002

    "On Windows XP, After installing the Q317277 update from Microsoft's Windows Update site, SoftICE can no longer perform its process of matching symbol tables to loaded modules. The Q317277 update contains new versions of NTOSKRNL.EXE and NTKRNLPA.EXE. If these files are installed, SoftICE will report the following errors in its logging window at startup:

    *** API Hook Failure - SegLoad
    *** API Hook Failure - PageIn
    *** API Hook Failure - CopyOnWrite

    I've asked NuMega (now CompuWare) for an updated core file, NTICE.SYS, to address the problem. Wish me luck! CompuWare's site has been structured in such a way that all old links to helpful information now point to pages that offer to sell "enhanced" support. I guess that, if you already paid for support, that isn't good enough!"

    I wonder if there are any other further updates available to registered customers? Anyone?
    Last edited by 5aLIVE; October 18th, 2004 at 06:04.

  3. #3
    Registered User hobferret's Avatar
    Join Date
    Jul 2002
    Location
    Alien Area near Albuquerque
    Posts
    203
    Hi

    My advise would be to get rid of SP2 I had nothing but probs with all sorts of softs since installing it.

    WAIT till MS get rid of the bugs in it

    /hobferret

  4. #4
    Thanks for the reply Hobferret.
    It looks like I'll be using a spare hard disk with a fresh install of XP and no service packs just to get this to work properly again. Compuware must be losing customer confidence over this issue. What a PITA.

    5aLIVE

  5. #5
    Here's a quick update,
    I downloaded the latest symbols for NTKRNLPA.EXE
    and which has reduced the number of API hook failures down to the following three :

    UhciInsertQh
    UhciUnlinkQh
    USBPORT_AlocateUSBAddress

    Perhaps I need updated symbols for another kernel file? Anyone recognise these APIs, I did a Google search and came up with zilch.

    Thanks in advance,
    5aLIVE.

  6. #6
    son of Bungo & Belladonna bilbo's Avatar
    Join Date
    Mar 2004
    Location
    Rivendell
    Posts
    310
    I downloaded the latest symbols for NTKRNLPA.EXE
    So I suppose yo're using PAE (Physical Address Extension). Have you tried to disable it (switch /NOPAE in boot.ini)? In this way the kernel loaded will be the more familiar NTOSKRNL.EXE and the symbols will be taken from NTOSKRNL.NMS
    [/QUOTE]

    UhciInsertQh
    UhciUnlinkQh
    USBPORT_AlocateUSBAddress
    So I suppose you're using USB mouse and/or keyboard.
    First two symbols are in USBUHCI.SYS, and the third in USBPORT.SYS. You need the symbols of both drivers.

    Regards, bilbo
    Non quia difficilia sunt, non audemus, sed quia non audemus, difficilia sunt.[Seneca, Epistulae Morales 104, 26]

  7. #7
    The Hobbit has read many an ancient and forgotten lore during the course of his wandernings of Middle Earth. One would be wise to heed his advise.

    Regards,
    JMI

  8. #8
    Hi Bilbo, thanks for taking the time to write a reply.

    So I suppose yo're using PAE (Physical Address Extension).
    Have you tried to disable it (switch /NOPAE in boot.ini)?
    I'm not sure if I'm using this or not, I don't know what it is or what it does.
    Whatever is set as default on install I guess.
    I edited my boot.ini on C:\ as you suggested to give:

    [boot loader]
    timeout=30
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
    /noguiboot /NoExecute=OptIn
    /nopae

    Rebooting the PC and it now asks me which OS I wish to boot from (I only have XP Home). I removed the ref to load NTKRNLPA.nms in winice.dat and started up softICE. The batch file DOS box remains open this time.
    SoftICE can be seen using the usual hotkeys.

    Only the 3 API hooks fail for the USB drivers remain using this method.

    So I suppose you're using USB mouse and/or keyboard.
    >No, my keyboard is PS/2 and my mouse is a Logitech USB with a PS/2 adapter.
    >I tried disabling USB keyboard and mouse patching in the troubling shooting screen, but this reboots my machine when I start softICE.

    First two symbols are in USBUHCI.SYS, and the third in USBPORT.SYS. You need the symbols of both drivers.
    >Great! Now this is interesting, Okay, I downloaded and added both symbols, this didn't change anything. I winder if disabling/disconnecting my USB modem and pendrive would help?

    5aLIVE
    Last edited by 5aLIVE; October 19th, 2004 at 04:19.

  9. #9
    son of Bungo & Belladonna bilbo's Avatar
    Join Date
    Mar 2004
    Location
    Rivendell
    Posts
    310
    SoftICE can be seen using the usual hotkeys.
    What's the meaning of this? no more NTRaiseHardError? can you work with SoftICE now, at least as soon as it is loaded?

    Okay, I downloaded and added both symbols, this didn't change anything.
    Well, sorry, I supposed it... Anyway the missing functions are there...

    I winder if disabling/disconnecting my USB modem and pendrive would help?
    I'm afraid no... Maybe you should rather try to disable USB from BIOS if it is possible...

    Another question:
    Are you really sure you are using the latest OSINFO.DAT AND OSINFOB.DAT?
    Have you checked ftp://ftp.compuware.com/pub/driverstudio/outgoing/OsInfo/osinfo.dat and ftp://ftp.compuware.com/pub/driverstudio/outgoing/OsInfo/osinfob.dat?
    Sorry if I ask this again, but the three symbols you mentioned should be there, also for XP SP2...

    I've also applied the DS30SP2.DAT update.
    What's that, and how have you applied it? Is it in some way harmful to osinfo[b].dat, which are the only two files loaded and parsed by NTICE, as far as I know?

    Sorry if I cannot be more precise, but I cannot reproduce your problem... Maybe I should try to install SP2 but I'm afraid it is not a good idea :-)

    Regards, bilbo
    Non quia difficilia sunt, non audemus, sed quia non audemus, difficilia sunt.[Seneca, Epistulae Morales 104, 26]

  10. #10
    Quote Originally Posted by bilbo
    What's the meaning of this? no more NTRaiseHardError? can you work with SoftICE now, at least as soon as it is loaded?
    >I never had the NTRaiseHardError displayed. Yes I can work with softICE,
    but I could not do anything else when it closed as I have no keyboard or mouse control, therefore I cannot load any program I wish to debug.


    Well, sorry, I supposed it... Anyway the missing functions are there...
    >It's good information all the same


    I'm afraid no... Maybe you should rather try to disable USB from BIOS if it is possible...
    >No need for that, see below.

    Another question:
    Are you really sure you are using the latest OSINFO.DAT AND OSINFOB.DAT?
    Have you checked ftp://ftp.compuware.com/pub/driverstudio/outgoing/OsInfo/osinfo.dat and ftp://ftp.compuware.com/pub/driverstudio/outgoing/OsInfo/osinfob.dat?
    Sorry if I ask this again, but the three symbols you mentioned should be there, also for XP SP2...
    >Wow! That's it! I downloaded these OSINFOB.DAT and everything appears to work as it should (I already had the latest OSINFO.DAT installed). I'll test it properly later today. Many thanks Bilbo

    What's that, and how have you applied it? Is it in some way harmful to osinfo[b].dat, which are the only two files loaded and parsed by NTICE, as far as I know?
    >It's an service pack for Driver Suite, I don't know if it updates the OSINFO files, but I do know it updates the softICE display driver, without which I was seeing a corrupt video display when softICE is started.

    Sorry if I cannot be more precise, but I cannot reproduce your problem... Maybe I should try to install SP2 but I'm afraid it is not a good idea :-)
    No need to apologise, I can't thank you enough for helping me reach a solution. I hope others can benefit from this if they have trouble with SP2.

    UPDATE:SoftICE appears to be working well, having said that, it does display
    a NTRaiseHardError message. I didn't notice it at first as it wasn't highlighted in cyan like the previous API failures. As far as I know this is because it produced by the operating system and not softICE.

    I've searched for this, Compuware support site only mentions this in respect to sICE 1.x,2.x,3.x and Win 95,98 and NT. But I'm sure it is still relevant.

    It states that these messages are generated anytime the NTRaiseHardError routine is executed. SoftICE simply displays the message that NTRaiseHardError provides, i.e, these messages are not generated by SoftICE itself.

    Many times these hard errors are handled, and execution continues normally.
    There are many times when these actually do result in a problem as well. These errors are documented in the ntstatus.h header file in the DDK.

    Although this doesn't seem to be a problem I am curious as to why you asked about this before? Do you think I need to look at fixing this using the ntstatus.h file to identify the meaning of the errror?
    Error occurs at index 00B6h and Delta 00000000h.

    Thanks again,
    5aLIVE.
    Last edited by 5aLIVE; October 21st, 2004 at 04:47.

Similar Threads

  1. SoftICE problem
    By drneo in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: February 19th, 2008, 16:51
  2. SoftICE to printer problem
    By toolmanx in forum Tools of Our Trade (TOT) Messageboard
    Replies: 33
    Last Post: January 29th, 2007, 09:15
  3. SoftICE HMEMCPY problem!!!
    By ZasiuZ in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: May 20th, 2002, 11:35
  4. SoftICE HMEMCPY problem!!!
    By ZasiuZ in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: May 12th, 2002, 18:33
  5. Tracing problem with SoftICE
    By donMAMAvomito in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: October 7th, 2001, 13:51

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •