Results 1 to 14 of 14

Thread: SoftIce strange behaviour

  1. #1
    robson
    Guest

    SoftIce strange behaviour

    I have a question regarding SoftIce. I'm running it on Windows 2000 Professional. When I was a debugging a program that contains calls like messageboxa and createdialogparama I encountered strange behaviour and it wasn't for the first time. It was breaking fine on both routines, but then after couple program restarts (10 or more) it stopped breaking on a program and started to break a program on a message that displays SoftIce "An error occurred during symbol translation/load. Load executable anyway?" after you re-load a program. I rebooted PC, but now it doesn’t break on any of these calls, even they are there and SoftIce is loaded. And this is not for the first time. It has happened to me before on different PCs with different programs. Please can you tell me what am I doing wrong?
    Thanx for any help.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    I just want to tell you that I have seen similar problems.

    In winXP ( I do not have a clue to what extent in win2k) the Sice "status" is saved when you hybernate or close(The previously placed BPX "survive" the boot off ) the puter, but I doubt compuware and microsoft are exchanging quality costumer info. So unpredictable problems will and may come through. . .
    No suggest appart from do your debug on a clean, reboot environment.

  3. #3
    robson
    Guest
    Thank you for a confirmation.
    I'm surprised, that 80 people have seen this thread, but just one response. I thought, that there is some logical explanation, or work around. If you can't depend on softice that it breaks a program execution at the set up point, than the toll is totally useless. I believe there has to be some explanation for such behaviour. If some experienced cracker could bring some light in ..... highly appreciated.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    I read your Post more carefully, see coments in red



    Quote Originally Posted by robson
    I have a question regarding SoftIce. I'm running it on Windows 2000 Professional. When I was a debugging a program that contains calls like messageboxa and createdialogparama I encountered strange behaviour and it wasn't for the first time. It was breaking fine on both routines, but then after couple program restarts (10 or more) it stopped breaking on a program and started to break a program on a message that displays SoftIce "An error occurred during symbol translation/load. Load executable anyway?"

    You have breakpoints on messageboxA and CreateDialogParamA. The SoftIce Symbol loader uses those API to display its messages. The API calls may be not thread specific, so surprise, you are just breaking on a Windows API

    . . .after you re-load a program. I rebooted PC, but now it doesn’t break on any of these calls, even they are there and SoftIce is loaded.

    But perhaps the symbol loader is not loaded, right?
    . . . And this is not for the first time. It has happened to me before on different PCs with different programs. Please can you tell me what am I doing wrong?

    The key to the erratic behavoir is the use of the Symbol Loader. Get used to it and it will be your friend. Also learn the concept of thread specifc versus global BPX and things may make more sense

    Thanx for any help.

  5. #5
    robson
    Guest
    Quote Originally Posted by naides
    I read your Post more carefully, see coments in red
    I clarify it little bit more. I used SoftIce symbol loader. It worked for a while (it broke program on a messagebox call), and then it simply stopped (It didn't breake on messagebox in a program, but it did on message box of the symbol loader.)
    After I rebooted a pc I started a symbol loader and loaded the applic again. Softice driver was set to load with windows automatically. I set up a break point on messageboxa, but I didn't work at all.

    I just outline the way how I used a symbol loader and how I set up a break point. I loaded a applic from the symbol loader and then the message appered "An error occurred during symbol translation/load. Load executable anyway?" I clicked OK and landed in softice window. I typed bpx messageboxa and pressed enter followed by ctrl+D.
    Is there anything I did wrong what explains that behaviour?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Quote Originally Posted by robson
    I clarify it little bit more. I used SoftIce symbol loader. It worked for a while (it broke program on a messagebox call), and then it simply stopped (It didn't breake on messagebox in a program, but it did on message box of the symbol loader.)
    After I rebooted a pc I started a symbol loader and loaded the applic again. Softice driver was set to load with windows automatically. I set up a break point on messageboxa, but I didn't work at all.

    For messageboxA, or other API breakpoint to "work", it has to be set in the right "address context": If you look at the lower right corner of the Sice window you will see which address context you are standing in. Also, when you use Symbol Loader, it will break for the first time within the address context of your App. Search the board on Address context and you will see other posts about it

    I just outline the way how I used a symbol loader and how I set up a break point. I loaded a applic from the symbol loader and then the message appered "An error occurred during symbol translation/load. Load executable anyway?"

    Pay no attention to this message, you have no debug symbols for a regular app

    I clicked OK and landed in softice window. I typed bpx messageboxa and pressed enter followed by ctrl+D.

    This sounds like I would do


    Is there anything I did wrong what explains that behaviour?
    Cheers

  7. #7
    robson
    Guest
    I want to thank everybody who replied and pointed me at the right direction. I have studied all articles posted to the forum about the address content and I tested it again, with AC in the mind and yes it worked. I can't see, what I did wrong before, but now it works as it should and I'm happy.
    Thanks.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Quote Originally Posted by robson
    but now it works as it should and I'm happy.
    Thanks.

    Happy Holidays, May the Gods keep you from getting married in 2005.

  9. #9
    Well it appears that "noboby" is unhappy about their state of marital bliss. And I doubt the "Gods" take responsibility for such choices. We have "nobody" to blame, but ourselves.

    Regards,
    JMI

  10. #10
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Quote Originally Posted by naides
    May the Gods keep you from getting married in 2005.
    Does that mean we will never get to hear about the solution to that "different execution path on different computers" problem?

  11. #11
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    That deal is with the girlfriend, a different story all together

  12. #12
    Wait until you have both a wife and a girlfriend to deal with.

    Regards,
    JMI

  13. #13
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    I do have a wife and a girlfriend, but for some strange reason, they don't like each other, and now They both are mad at me. . .

    How come? Go figure!

  14. #14
    Yes, but at least they both agree on that one point. Such is generally the way of such things.

    Regards,
    JMI

Similar Threads

  1. Armadillo App strange Mem-behaviour ?
    By SKiLLa in forum OllyDbg Support Forums
    Replies: 2
    Last Post: October 18th, 2005, 15:37
  2. Very strange behaviour
    By Firestream in forum Bugs
    Replies: 3
    Last Post: January 15th, 2003, 10:34
  3. strange program behaviour
    By NikDH in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: January 19th, 2002, 11:59
  4. Odd softice behaviour
    By matthew in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: December 17th, 2001, 12:26
  5. quite strange app behaviour
    By NikDH in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: February 7th, 2001, 06:47

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •