Welcome to the new Woodmann RCE Messageboards Regroupment

This Forum is now strictly read-only. New Memberships and Postings have stopped.

Remember that under the RCE Links tab are the classic sites:

Fravia's Archive of Reverse Engineering
Fravia's Searchlores
CrackZ's Reverse Engineering Page
Yates - Reverse-Engineering.info

Enjoy 20+ years of Reverse Engineering discussions!
So Long.

softice loading

All-in-one reversing related discussions
Locked
WaxfordSqueers
Senior Member
Posts: 1018
Joined: Tue Apr 06, 2004 11:00 am

softice loading

Post by WaxfordSqueers »

Just out of curiosity, how did softice load during Windows boot? My understanding, which is likely wrong, is that softice loads Windows on top of it. I would think that means softice hooks key windows modules. If that's close, what stops it hooking key W7 - x86 modules?
User avatar
Kayaker
Posts: 4179
Joined: Thu Oct 26, 2000 11:00 am

Re: softice loading

Post by Kayaker »

Oh you wild and crazy guy, still trying to break things?

For one thing, you might remember that the files osinfo.dat and osinfob.dat were involved in keeping hard coded offsets for Softice hooking key kernel functions, for each Windows version.

At one point I made a rudimentary osinfo parser to try to understand its format, with the possible idea of updating for Win7/32. If you take a look at the screenshot attachments in this thread from my initial crude parser, there was apparently already support in the last osinfo.dat version for Win2K, XP, Server 2003 and early Vista with various unidentified hook offsets.

viewtopic.php?f=3&t=13162&start=17

The driver osidata.sys seems to have related info as you can also see references to function names and service pack numbers, which may function as a backup to the osinfo.dat files.

So in theory, yeah there was a mechanism for updating Softice hooks, the last DS3.2.1 patch included updated cpthook.sys and ntice.sys files as well.

Someone over at exetools tried to run Softice under Vista with attempts at patching, but not suprisingly the idea is fraught with problems.

https://forum.exetools.com/showthread.php?t=11935

K.
WaxfordSqueers
Senior Member
Posts: 1018
Joined: Tue Apr 06, 2004 11:00 am

Re: softice loading

Post by WaxfordSqueers »

Kayaker wrote: Sat Oct 09, 2021 8:53 pm Oh you wild and crazy guy, still trying to break things?
You don't know the half of it. I have delusions of grandeur that I may even be able to convert it to 64 bit. It is always in the back of mind, awaiting times when other obligations give me the time.

Reminds me of my dreams as a kid. A friend's dad had an airplane propeller and wheels in his garage and we started making plans to build an airplane. Have not progressed much since age 8.

It's interesting that Amigo at the exetools site actually got it running on Vista. Since Vista is closer to W7 than XP it is encouraging. I noted that he added files to ntoskrnl, which is what I was working on for XP. Over at the win-raid site they have gone so far as to use W8 and W10 files on XP. They (not at win-raid) have replaced ntoskrnl with a modded version and they are using a released code version of Windows to to add functions as code then re-compiling using a DDK.

I noted that deroko contributed to thread. Wonder if he is still around, he helped me in the past with softice issues.
Kayaker wrote: Sat Oct 09, 2021 8:53 pmFor one thing, you might remember that the files osinfo.dat and osinfob.dat were involved in keeping hard coded offsets for Softice hooking key kernel functions, for each Windows version.
Remember them well but never fully understood the implication. If I am reading you correctly, the OSxxxx files could be used to hold functions required for ntoskrnl, or whatever.

The question remains as to whether something is built in to W7 security-wise to prevent hooking windows modules. Seems unlikely if VIsta allows it.
WaxfordSqueers
Senior Member
Posts: 1018
Joined: Tue Apr 06, 2004 11:00 am

Re: softice loading

Post by WaxfordSqueers »

Just a keep-alive message. Any of the former members checking in from time to time???? Would be good to hear from anyone interested in saying hello.
blabberer
Senior Member
Posts: 1536
Joined: Wed Dec 08, 2004 11:12 am

Re: softice loading

Post by blabberer »

hello yep sometimes
WaxfordSqueers
Senior Member
Posts: 1018
Joined: Tue Apr 06, 2004 11:00 am

Re: softice loading

Post by WaxfordSqueers »

Good to hear you are still around, Blabs.
Locked