Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Softice Discussions

All-in-one reversing related discussions
Post Reply
User avatar
evaluator
Posts: 1538
Joined: Tue Sep 18, 2001 2:00 pm

Softice Discussions

Post by evaluator »

EDIT: This thread was split from another to remain on topic

Kayaker
WaxfordSqueers
Senior Member
Posts: 1000
Joined: Tue Apr 06, 2004 11:00 am

Post by WaxfordSqueers »

evaluator wrote:I see in firefox folder file 'blocklist.xml'. if you remove it, will addons unbloked?
Brilliant. Yes, changing it's name reactivates all my plugin. I need to be careful with the script because I know some plugins and extensions stop FF working correctly. I'll have to look closer at the script to see which ones to activate.

Thanks, very helpful. I am currently trying to update the Adobe Acrobat plugin version 5?????? Has not been updated since 10 September 2001.!!!!! :devil: Don't know if Adobe supplies plugins for XP anymore.

Ultimately, I want to get XP going on my new mobo with a 300 series chipset so I can debug apps that I cannot be debug easily otherwise, For example, I have a DirectX 3D game going that has video problems. Another freezes at startup. I want to get into the code to see what is going on and I can't do that in a VM because the video requirements are high.

I am learning to use windbg but I am still not convinced that it can single-step through ring 0 code like softice can. I will keep trying but any time I try to 'step' into ring 0 with windbg I get thrown out the other end immediately. I suppose I could use BPs in ring 0 but sometimes I prefer single-stepping to see what the code is doing.

I am thinking of starting a new thread since softice has frozen the system when I try to start it on this new chipset. We have reasoned it is the video driver. However, I was running in 800x600 mode the other day for a game and decided to try sice for the fun of it. It did not freeze the system this time but it gave an error about cpthook.sys not working. Have no idea what that's about yet. I also came across this interesting article in how to set up softice in the registry so it will catch a driver early in the loading sequence. You guys probably know about it already.

https://community.microfocus.com/t5/Dev ... -p/1753634

Don't know why the hyperlink doesn't work. I used both the link button above and the bracket method with the URL inside and it does not produce a clickable link.
Elenil
Senior Member
Posts: 140
Joined: Tue Sep 30, 2008 7:53 pm

Post by Elenil »

i wanted to fix the video problem for a long time

it wasnt neccesary games it also apeared if i had a video running

so i tryed 2 different grafic cards of the same type and even the same pcp manufactor

what i could see is diffrent is the video load screen (one was a asus 7800 gt , the other a msi 7800)
those got the same identical pcb looks like only the firmware/bios is diffrent

so i run a video to cause the problem to happen for the asus 7800 gt directly bsod
so then i switched the cards and tryed out the msi 7800 gt and did the same thing again (same driver version and same drivers)
and nothing no bosd everything works

i also tryed some different driver versions and yes that affected the bsod problem for example the bsod apeared on a different driver version
and the msi 7800 gt also got the bsod problem


the dumpfile says it happens in ntice.sys , but it could be anywhere maybe even a wrong address that came from a different part

so what i done next is i tryed to set up a vm and trying to debug softice over a vm debugger
but when i was about to do that i saw a other problem

the problem does not apear in vmware not at all not any card not any version of drivers

so what i would need is to debug softice while the problem apears then i very likely can find out what cause this problem

making a road with the dumpfile, a non runtime debugger and having no source code leaded to nothing
the function is very big chained so that road didnt work

a other thing is that this problem seems to apear when softice wants to apear or maybe draw itself

as i might sayed in the past if some1 can make a vm where this problem happen and i take a look on the softice process i can very certain see the problem
User avatar
Kayaker
Posts: 4169
Joined: Thu Oct 26, 2000 11:00 am

Post by Kayaker »

I know you guys are familiar with this, but have you ever played with the settings in winice.dat to see if something might overcome the problems with certain video drivers?

It's probably not that simplistic, but I've always wondered what effect certain settings like these for example might have
SIWVIDRANGE on|off
VDD
DDRAW
DRAWSIZE=size (video memory size in K)
MONITOR
DISPLAY=type (type is VIPE, S3, MACH32,MACH86, 0, or VD)

From the classic Mammon's Tales

https://mammon.github.io/tales/ice.html
WaxfordSqueers
Senior Member
Posts: 1000
Joined: Tue Apr 06, 2004 11:00 am

Post by WaxfordSqueers »

Kayaker wrote:... have you ever played with the settings in winice.dat
Thanks for tip kayaker...worth checking out. I have been busy doing more work on XP to get it working close to 100% on my 300-series B360 chipset. I'll reply to elenil later because I am going to see if I can do a kernel debug from my W7 laptop to XP on a desktop.

I noticed while playing with softice that the selection for an Nvidia card driver is an old model. I am wondering about finding where it interacts with that driver to see if a newer video card driver can be implemented. Or, if an interface can be designed between sice and the newer Nvidia card.

It would help immensely if I could set up a kmode debugging session using windbg to see exactly how sice interfaces with the video driver. More to learn, how a video card works. :p

BTW...one of the main problems I was having with XP on the 300-series chipset has been solved. I could not get a browser to work, like Firefox, and games would not run. The sound and video looked fine but every so often the game would stall for no reason. Turned out to be an issue with intelppm.sys which turned out to be the processor driver and an issue with hal.dll. Anyway, a few tweaks and everything runs like magic.

Maybe this stuff will help with sice.

To sum up the issues getting XP to run on a 300-series chipset with an Intel i5-8400 processor, one needs:
1)a SATA driver
2)a tweaked ACPI driver
3)tweaked USB 3 drivers
4)a tweaked intelppm driver
5)a tweaked hal.dll

to do...a tweaked LAN driver.

I was not involved with the tweaking of any of the drivers but I have looked at the mods and they seem pretty minor. Ergo, there is not nearly as much preventing XP running on modern chipsets/processors as it first appeared.


BTW..great to see the old Mammon tales re-surface.
Elenil
Senior Member
Posts: 140
Joined: Tue Sep 30, 2008 7:53 pm

Post by Elenil »

yes that with the debug at runtime what softice is actually doing was some idea i think i meantioned that idea somewhere

i have to set up i vm with option to debug the vm before that
i need to read into that i think



about the options hmm that i could try out some video options again changing some display settings the universal method was the only 1 working in play settings
the video buffer size it was not that i tryed out at first
drawsize being the video memory thats hard to say on a modern hardware useally got more then 4 GB

i used youtube clips in the past to test for this problem

but since that 7800 GT is a very old card i dont got the second card anymore

and maybe i got the dumpfile somewhere

the directdraw didnt we talk about that ? i remember we did discuss what method might be used and where
but there are no imports to see that would do that
maybe they used a different approach if they did so

im pretty out what the other methods are VIPE, S3, MACH32,MACH86
besides using direktdraw and writing to the video frame buffer i dont know those at all
to write to the frame buffer you have to know the resolution and mode for this what useally comes from a inf files from the grafic card devloper

i did use that for the debugger i wrote, but the information about the graficcards i/o is very low on the net or outdated
WaxfordSqueers
Senior Member
Posts: 1000
Joined: Tue Apr 06, 2004 11:00 am

Post by WaxfordSqueers »

Elenil wrote:...drawsize being the video memory thats hard to say on a modern hardware useally got more then 4 GB
I have noticed that some older games have trouble recognizing how much memory is available. I have 8 Gigs and one old game told me I did not have enough. Maybe sice is having the same problem.
Elenil
Senior Member
Posts: 140
Joined: Tue Sep 30, 2008 7:53 pm

Post by Elenil »

WaxfordSqueers wrote:I have noticed that some older games have trouble recognizing how much memory is available. I have 8 Gigs and one old game told me I did not have enough. Maybe sice is having the same problem.
the video card probaly has something like a end buffer
its useally the display mode 32 bit 1920*1080 for example - thats just how the things work

my debugger dont use a own buffer to write that "own buffer" to the video mem
thus my debugger dont need a own space buffer that might lead to a buffer overflow that the drawsize might do if the devlopers didnt write solutions for that - but thats what i expect

even on a 2 gb card and a drawsize of of only 4 mb that worked for me


a other thing with games is that the video buffer is not used for (how should i call it "pixel buffer"?)
for example it write a grafical object like a flower into this ram and later use that for processing, this is done multiple times, also it also can be used as "normal ram"
for grafics this is good since the grafic card has a shorter way to accress this memory instead of the memory from cpu over the normal ram
the end buffer is not that big

i thought maybe the buffer is protected and softice does not unprotect the pages
i did so but that instead of a bsod leaded to a freez
but that doesnt mean the problem is touched it could also access a invalid page or something and then somehow lead to a such result

yep i will try to setup a VM with a debug port kay did something like this ? when i find time i will check sources
i have to set up a vm for vm workstation 12 with a debug port capable to debug the machine outside the VM and trace softice
WaxfordSqueers
Senior Member
Posts: 1000
Joined: Tue Apr 06, 2004 11:00 am

Post by WaxfordSqueers »

Elenil wrote:yep i will try to setup a VM with a debug port kay did something like this ? when i find time i will check sources
You take the VM road and I'll take the serial port road and see if you'll get to Scotland before me.

For ye'll take the high road
And I'll take the low road
And I'll be in Scotland afore ye
For me and my true love will never meet again
On the bonny bonny banks of Loch Lomond

slow intro...wait for it...verse 2

https://www.youtube.com/watch?v=1H310L7o5gs
Post Reply