Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Softice still in used? replacement?

Questions concerning tools (other than OllyDbg) - IDA Pro, SoftIce, member contributions, etc.
<b>NOTE:</b> You must <b>always</b> make sure you cannot find what you are looking for in our <a href="/collaborative/tools">Collaborative RCE Tool Library</a> before asking for <b>any</b> tools that can do this or that though!
User avatar
Kayaker
Posts: 4179
Joined: Thu Oct 26, 2000 11:00 am

Post by Kayaker »

And SP3
Actually, the osinfo.dat file in theory supports, at least partially, supported OS's up to Server 2003 and perhaps Longhorn. As well as beta OS's that are defined in osinfob.dat.

I've been working on a parser for the mysterious osinfo.dat files, with the idea of being able to fix missing symbol definitions or hook locations. Such as those for MiAddValidPageToWorkingSet or EHCI_RemoveQueueHeadFromPeriodicList which has been discussed in other threads.

I have found a method to redefine some of the Mi* hook locations in the registry, which I should describe sometime, but I was trying for a more complete method that perhaps could even support Windows 7 (ha ha), though I'm sure the problems of running on that OS would go beyond symbols and hooks!

Anyway, here's a snapshot of the parser showing the version numbers that are defined within osinfo.dat. I'm still not sure what a lot of the values mean, I'm still trying to make sense of exactly how Sice uses the info.

The file itself is fairly logically laid out as a series of structures. Each structure begins with a Size field. There is a main header which gives the file offset of each of 4 different sections and the total number of symbols defined in each section. There are further similar header structures which tell the number of individual symbols within each section. There are 14 unique headers in total, which I believe separate eveything into OS version/build/service pack and free/check builds.

Sections 1 and 2 are similar in content and may define symbol information, Section 3 defines hooks, Section 4 I have no idea about..

Of course if this intrigues anybody and they want to play with idea further, they're welcome to the code. I was going to release it if it ever got to some point that made sense.

You'll notice in one of the snapshots that there is a version definition up to 6.0.4074 sp0

5.0.2195 Windows 2000
5.1.2600 Windows XP
5.2.3790 Windows Server 2003
6.0.6000 Windows Vista
Attachments
Snap3.png
Snap2.png
Snap1.png
User avatar
countryman
Junior Member
Posts: 28
Joined: Fri Jan 07, 2005 6:12 am

Post by countryman »

I recommend that olly debugger.
Depending on your needs, and other plug-ins installed,
you attach the script used almost like a soft ice can use.
robby
Junior Member
Posts: 4
Joined: Fri Mar 21, 2008 6:04 pm

Post by robby »

hi all,

(sorry for my english, i do my best)

olly ? for kernel debugging ?
Syser :
Yes ... this project is evolving.
Since last year, this debugger has much improved and has become really effective.
Personally, I think this debugger is becoming as powerful as Softice ... maybe even more !
I use it every day (last Syser v1.99.1900.1195) on windows XP Pro (with 4 µPs Q6600), it works fine.

LOUZEW
Member
Posts: 83
Joined: Tue Dec 25, 2001 8:11 am

Softice ?

Post by LOUZEW »

Hi, all
coming back slowly on the scene, after some years of health trouble.

There is a few years, i've used Softice (with xp SP1), and i remember using some patches to make softice working with this SP1.

Wdich Softice ver are you using now, ans is there new patches to apply for working with XP SP3 ? ?

All help needed.

Thank's
Silkut
Senior Member
Posts: 579
Joined: Fri Mar 31, 2006 11:29 am

Post by Silkut »

Hi LOUZEW,

Welcome aboard...again :yay:

These threads may guide you to the use of SoftIce on the latter Windows XP versions:

http://www.woodmann.com/forum/showthread.php?t=11332
http://www.woodmann.com/forum/showthread.php?t=5806
http://www.woodmann.com/forum/showthread.php?t=7199

Have phun.
Please consider donating to help Woodmann.com staying online (here is why).
Any amount greatly appreciated. Thank you.
Elenil
Senior Member
Posts: 140
Joined: Tue Sep 30, 2008 7:53 pm

Post by Elenil »

LOUZEW wrote:Hi, all
coming back slowly on the scene, after some years of health trouble.

There is a few years, i've used Softice (with xp SP1), and i remember using some patches to make softice working with this SP1.

Wdich Softice ver are you using now, ans is there new patches to apply for working with XP SP3 ? ?

All help needed.

Thank's

hello compuware driver studio 3.2 works good for xp sp1-3
also if you want to make the most detections to softice not apear you could use IceStealth:
http://www.woodmann.com/collaborative/t ... IceStealth

if you have problems in getting it to work you can write me a pm
Locked