Page 2 of 2

Posted: Thu Dec 31, 2009 9:02 pm
by Kayaker
And SP3
Actually, the osinfo.dat file in theory supports, at least partially, supported OS's up to Server 2003 and perhaps Longhorn. As well as beta OS's that are defined in osinfob.dat.

I've been working on a parser for the mysterious osinfo.dat files, with the idea of being able to fix missing symbol definitions or hook locations. Such as those for MiAddValidPageToWorkingSet or EHCI_RemoveQueueHeadFromPeriodicList which has been discussed in other threads.

I have found a method to redefine some of the Mi* hook locations in the registry, which I should describe sometime, but I was trying for a more complete method that perhaps could even support Windows 7 (ha ha), though I'm sure the problems of running on that OS would go beyond symbols and hooks!

Anyway, here's a snapshot of the parser showing the version numbers that are defined within osinfo.dat. I'm still not sure what a lot of the values mean, I'm still trying to make sense of exactly how Sice uses the info.

The file itself is fairly logically laid out as a series of structures. Each structure begins with a Size field. There is a main header which gives the file offset of each of 4 different sections and the total number of symbols defined in each section. There are further similar header structures which tell the number of individual symbols within each section. There are 14 unique headers in total, which I believe separate eveything into OS version/build/service pack and free/check builds.

Sections 1 and 2 are similar in content and may define symbol information, Section 3 defines hooks, Section 4 I have no idea about..

Of course if this intrigues anybody and they want to play with idea further, they're welcome to the code. I was going to release it if it ever got to some point that made sense.

You'll notice in one of the snapshots that there is a version definition up to 6.0.4074 sp0

5.0.2195 Windows 2000
5.1.2600 Windows XP
5.2.3790 Windows Server 2003
6.0.6000 Windows Vista

Posted: Sat Jan 09, 2010 2:07 am
by countryman
I recommend that olly debugger.
Depending on your needs, and other plug-ins installed,
you attach the script used almost like a soft ice can use.

Posted: Sat Feb 06, 2010 4:55 am
by robby
hi all,

(sorry for my english, i do my best)

olly ? for kernel debugging ?
Syser :
Yes ... this project is evolving.
Since last year, this debugger has much improved and has become really effective.
Personally, I think this debugger is becoming as powerful as Softice ... maybe even more !
I use it every day (last Syser v1.99.1900.1195) on windows XP Pro (with 4 µPs Q6600), it works fine.


Softice ?

Posted: Sun Mar 07, 2010 8:20 am
by LOUZEW
Hi, all
coming back slowly on the scene, after some years of health trouble.

There is a few years, i've used Softice (with xp SP1), and i remember using some patches to make softice working with this SP1.

Wdich Softice ver are you using now, ans is there new patches to apply for working with XP SP3 ? ?

All help needed.

Thank's

Posted: Sun Mar 07, 2010 1:15 pm
by Silkut
Hi LOUZEW,

Welcome aboard...again :yay:

These threads may guide you to the use of SoftIce on the latter Windows XP versions:

http://www.woodmann.com/forum/showthread.php?t=11332
http://www.woodmann.com/forum/showthread.php?t=5806
http://www.woodmann.com/forum/showthread.php?t=7199

Have phun.

Posted: Mon Mar 08, 2010 12:27 pm
by Elenil
LOUZEW wrote:Hi, all
coming back slowly on the scene, after some years of health trouble.

There is a few years, i've used Softice (with xp SP1), and i remember using some patches to make softice working with this SP1.

Wdich Softice ver are you using now, ans is there new patches to apply for working with XP SP3 ? ?

All help needed.

Thank's

hello compuware driver studio 3.2 works good for xp sp1-3
also if you want to make the most detections to softice not apear you could use IceStealth:
http://www.woodmann.com/collaborative/t ... IceStealth

if you have problems in getting it to work you can write me a pm