Zeak
October 23rd, 2009, 20:14
What do I need to begin ? What do I need to learn, tools to use? etc..? Is softice still very popular and used alot?
View Full Version : beginner help, what do i need?
naides
October 23rd, 2009, 20:55
Lena's tutorials
OllyDbg.
OllyDbg.
Zeak
October 23rd, 2009, 21:05
How about softice? Is it still in use?
JMI
October 23rd, 2009, 22:34
Since you have twice posted questions which indicate that you have not done any searching on your own, it appears that is it time for me to remind you of the BIG RED LETTERS at the top of the Forums, which you were supposed to have already read.
You will never really learn anything about "reversing" until you adopt the attitude/mindset that YOU are determined to learn what you need to know to accomplish what YOU want to do and that YOU are going to go and actually LOOK for that information YOURSELF, instead of asking someone else to spoon feed you even the most simple of questions.
What have YOU done to try to find the answer to your own question? Have you actually tried to search here and/or on the net to find out what the current thinking is on the continued use of Softice in reversing? It is obvious that you haven't done ANYTHING or you would, at the very least, know that there are certain difficulties in attempting to get Softice to properly function with the newer Microsoft software versions. There are a great many Threads on these forums which discuss some of these issues.
There are also Threads on these and other Fourms discussing the strengths and difficulties with using many different Debuggers. But you haven't searched for or read any of them, it would appear.
I suspect you have found a tutorial you wish to follow, which is quite old, and you want to do EXACTLY what it tells you to do, so you won't have to actually think about the subject matter, yourself.
You need to back up several steps and rethink what you are about to attempt. Before you can really try to understand the use of a debugger, you need to acquire some basic understanding of what it is you will actually see displayed in a debugger. If you really don't understand what the various collections of numbers and letters, called opcodes, are telling you, your task will be impossible beyond following, exactly, step by step, what someone may have written down for you to follow.
You need to spend some time just reading various subjects about how code works and how the processor works and how the memory mapping issues might be handled, so that you can make some sense out of what you would see in the debugger's output window.
It is difficult to determine, from the little you have written, whether any of what I have written will make any sense to you.
So, if the answer to your question: "is softice still in use" is either "yes" or "no" or maybe "not much," what difference does that mean in your life? How does that answer help you get to the point where you might actually understand what you are going to see if you actually tried to USE softice or some other debugger???
Regards,
You will never really learn anything about "reversing" until you adopt the attitude/mindset that YOU are determined to learn what you need to know to accomplish what YOU want to do and that YOU are going to go and actually LOOK for that information YOURSELF, instead of asking someone else to spoon feed you even the most simple of questions.
What have YOU done to try to find the answer to your own question? Have you actually tried to search here and/or on the net to find out what the current thinking is on the continued use of Softice in reversing? It is obvious that you haven't done ANYTHING or you would, at the very least, know that there are certain difficulties in attempting to get Softice to properly function with the newer Microsoft software versions. There are a great many Threads on these forums which discuss some of these issues.
There are also Threads on these and other Fourms discussing the strengths and difficulties with using many different Debuggers. But you haven't searched for or read any of them, it would appear.
I suspect you have found a tutorial you wish to follow, which is quite old, and you want to do EXACTLY what it tells you to do, so you won't have to actually think about the subject matter, yourself.
You need to back up several steps and rethink what you are about to attempt. Before you can really try to understand the use of a debugger, you need to acquire some basic understanding of what it is you will actually see displayed in a debugger. If you really don't understand what the various collections of numbers and letters, called opcodes, are telling you, your task will be impossible beyond following, exactly, step by step, what someone may have written down for you to follow.
You need to spend some time just reading various subjects about how code works and how the processor works and how the memory mapping issues might be handled, so that you can make some sense out of what you would see in the debugger's output window.
It is difficult to determine, from the little you have written, whether any of what I have written will make any sense to you.
So, if the answer to your question: "is softice still in use" is either "yes" or "no" or maybe "not much," what difference does that mean in your life? How does that answer help you get to the point where you might actually understand what you are going to see if you actually tried to USE softice or some other debugger???
Regards,
Zeak
October 23rd, 2009, 23:49
Wow JMI, you wrote me a really big answer. I'll give you a big reply back.
I've have searched the internet for a while, and haven't found any updated/current information about softice. Most information is really old, and most people now use OllyDbg or IDA. But those debugger isn't like softice, which runs in background behind windows.
I want to start learning softice, but I dont want to learn something outdated, and its't useful anymore or later in future. So just wondering if its still being used. I installed & it works great on windows xp.
I'm really new to "reversing", had attempted with a tutorial back when softice was the tool to use. But was too complicated back then, so I kinda gave up, and learn some programming java, c++ and some assembly irvine masm.
How does softice still in use answer help me? Its just a curious question, to be updated. I guess my real question is what tools are being used now. etc.. Mostly debugger are pretty much same I think, maybe different navigate menu or extra features. Are you trying to say, tools are not important? Just learn assembly & debugger?
I've have searched the internet for a while, and haven't found any updated/current information about softice. Most information is really old, and most people now use OllyDbg or IDA. But those debugger isn't like softice, which runs in background behind windows.
I want to start learning softice, but I dont want to learn something outdated, and its't useful anymore or later in future. So just wondering if its still being used. I installed & it works great on windows xp.
I'm really new to "reversing", had attempted with a tutorial back when softice was the tool to use. But was too complicated back then, so I kinda gave up, and learn some programming java, c++ and some assembly irvine masm.
How does softice still in use answer help me? Its just a curious question, to be updated. I guess my real question is what tools are being used now. etc.. Mostly debugger are pretty much same I think, maybe different navigate menu or extra features. Are you trying to say, tools are not important? Just learn assembly & debugger?
JMI
October 24th, 2009, 01:04
What is apparent is that you are not "really" paying attention to "details". If you were paying attention you would, perhaps, have noticed the title under my username and the implication which goes with such a title that, just perhaps, I was attempting to acquaint you with "policy" about what is expected of Posters on these Forums.
Again the issue is what YOU are attempting to do to "help yourself", specifically in the area of actually searching for relevant information about your own topic. For example, one potentially useful search topic might have led you to search using something such as: "softice alternative" (without the quotes). If you had actually done any real searching about Softice, I repeat, you would have found out about all the difficulties inherent in attempting to get it to work on more recent operating systems.
All this information is widely available and there is much already available on this subject to one who actually searches for it. Which was my main point. Kayaker, another of the administration here, has posted some extremely detailed and "under the hood" type information on the use of softice and its problems in current usage.
I have no prejudice AGAINST softice, I just wonder at your apparent fascination with a debugger which has not actually been updated in many years. Are you even aware that there is another debugger which is, at least somewhat patterned after Softice? Had you done some searching you should have come across Syser Debugger, which advertises itself as a "GUI like Softice like Debugger."
Again, I'm not arguing for it's use, just pointing out that information about its existence and use would have been easily discovered with just a little "intelligent" searching. And in your searching, you should pay attention to the differences between "Ring 0 and Ring 3 debuggers, but you already knew that, right?
If you REALLY want to find out what debugging tools are in current use today, actually read some of the Threads on this and other Forums by searching using the word "debugger" (without the quotes).
How hard could that be for a place to start? How about searching, using your favorite search engine for ring 3 debuggers and then ring 0 debuggers and actually reading some of the information.
How lazy do you want to prove you are being?
And of course I am not attempting to say "tools aren't important" and if you aren't a complete idiot you would have a clue that most often what you would see in a debugger, and what you would have seen in Softice IS something that "looks like assembly." So it just might be "somewhat useful" to learn about what you would be observing. What the heck to you think all those mov; jmp; cmp; call; etc. little "thingies" are?
As my kids would have said, before they grew up: "Well Duh!"
Finally, I know that this may come as a shock to your system, but no matter what you use to attempt to take programs apart, the process of learning how things work will neither be swift nor easy. So far, you've certainly demonstrated that you do not have the patience to do so.
Regards,
Again the issue is what YOU are attempting to do to "help yourself", specifically in the area of actually searching for relevant information about your own topic. For example, one potentially useful search topic might have led you to search using something such as: "softice alternative" (without the quotes). If you had actually done any real searching about Softice, I repeat, you would have found out about all the difficulties inherent in attempting to get it to work on more recent operating systems.
All this information is widely available and there is much already available on this subject to one who actually searches for it. Which was my main point. Kayaker, another of the administration here, has posted some extremely detailed and "under the hood" type information on the use of softice and its problems in current usage.
I have no prejudice AGAINST softice, I just wonder at your apparent fascination with a debugger which has not actually been updated in many years. Are you even aware that there is another debugger which is, at least somewhat patterned after Softice? Had you done some searching you should have come across Syser Debugger, which advertises itself as a "GUI like Softice like Debugger."
Again, I'm not arguing for it's use, just pointing out that information about its existence and use would have been easily discovered with just a little "intelligent" searching. And in your searching, you should pay attention to the differences between "Ring 0 and Ring 3 debuggers, but you already knew that, right?
If you REALLY want to find out what debugging tools are in current use today, actually read some of the Threads on this and other Forums by searching using the word "debugger" (without the quotes).
How hard could that be for a place to start? How about searching, using your favorite search engine for ring 3 debuggers and then ring 0 debuggers and actually reading some of the information.
How lazy do you want to prove you are being?
And of course I am not attempting to say "tools aren't important" and if you aren't a complete idiot you would have a clue that most often what you would see in a debugger, and what you would have seen in Softice IS something that "looks like assembly." So it just might be "somewhat useful" to learn about what you would be observing. What the heck to you think all those mov; jmp; cmp; call; etc. little "thingies" are?
As my kids would have said, before they grew up: "Well Duh!"
Finally, I know that this may come as a shock to your system, but no matter what you use to attempt to take programs apart, the process of learning how things work will neither be swift nor easy. So far, you've certainly demonstrated that you do not have the patience to do so.
Regards,
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.