Anyone still use softice ? What is good replacement or alternative to it?

WinDBG

IDA Debugger is pretty OK too...

Have Phun

You could also try syser debugger, its a ring0 debugger, but i dont know about its use as ive never used it.

Olly is pretty good too

Softice works fine under XP with SP2. There is no good replacement for it.

Ice is like the perfect girlfriend, once you lose her you'll never find another like her.

And SP3. True, there is no good replacement for it.

Sorry, deroko, forgot to mention SP3. Dumb of me since it was you who told me ice worked fine with SP3. I'm running SP3 and it works fine.

no worries mate still it would be great to have similar tool for Vista or even windows 7, would make things much easier for rce

Hyuk, Hyuk... or you could try getting a HARDWARE ICE.... heh! *NOTHING* beats that, wot?

Have Phun

that may be coming if Intel ever cooperates with microsoft to build some of the kernel into the processor. Hard drives use a similar system where the drive bios is shared between the drive BIOS and a special set of sectors on the drive which are inaccessible to an OS. A Russian group got around that using a hardware card the drive plugs into. It uses low level signals to access those hidden sectors.

definatly in my opinion i dont see a alternative like softice what dont depent on much apis and have ring0 rights

the other question is how long softice will "stay alive" its almost pretty dead there not much ppl anymore who use softice small interests is 1 reason what not keep it alive also the dead of winxp will come as microsoft did with 98 then it will be simply sayed : your os is not supported anymore and almost every new user buy windows7 with the computer so not even a "try with softice" happens
also the video card bsod-problem with softice is a reason

Syser

http://www.sysersoft.com/

I see use SoftIce. There is no good replacement for it (imho).

-Fyyre

I use Syser every day. Syser works very well and it's a very powerful kernel debugger.
This is a tool in progress but it is already very powerfull.
I also used Softice for years. I have followed the evolution of Syser since the beginning
and I say that now Syser becomes a very good and effective tool. (last version of Syser, "1182")
http://www.sysersoft.com
sorry for my bad english

well i use softice since 98 thats almost 11 yrs now the older versions i never used

when i use the kernel mode settings i got a bad view in DirectX mode
the same for the usermode setting when i run in DirectX mode

a possible problem i saw in a speedy manner
i found 4 driver"sdbgmsg.sys, syserboot.sys, syser.sys, syserlang.sys" the communication should not depent on ring/ring0 apis (or better 1 driver only) - i didnt like when softice used more drivers as the siwvid.sys and ntice.sys but the good is their communication dont depent due ring0 apis
if syser can the possible replacement should stay:
pure kernel mode
own keyboard hook for its controlment
closing everything to ring3 after driver is active
as less depents on ring0 apis as possible like : (manual task switching, manual reading information)
stability (+ flexibility in stability)
if not wanted from other users to make plugins they could make own what inlcude more as only a "dump" function (btw i dont know about the syserdumper but also i dont like callings apis to do that rtlmemcpy or something like that)

thats only i can tell "quicky"

and sorry about my bad english too

i tryed syser a few and i must say it definatly need improments (but it improved since i last used it 1 year ago)

for example if i trace exitprocess with f10 syser close

the other was i get a BSOD with a protected exe

i was about to try the protected exe i know it calls openservicea

so i made a "bpm openservicea x"
and as soon i start the exe -> bsod

i have attached the file to this reply so other syser users can make a meaning of this

i found a few other things what could be better solver (like when you want to edit the asm code it maked the old white so you dont see it anymore) but i must say definatly a "good debugger" shows itself in not giving up quick
i like how naides sayed that : bite the dust

Actually, the osinfo.dat file in theory supports, at least partially, supported OS's up to Server 2003 and perhaps Longhorn. As well as beta OS's that are defined in osinfob.dat.

I've been working on a parser for the mysterious osinfo.dat files, with the idea of being able to fix missing symbol definitions or hook locations. Such as those for MiAddValidPageToWorkingSet or EHCI_RemoveQueueHeadFromPeriodicList which has been discussed in other threads.

I have found a method to redefine some of the Mi* hook locations in the registry, which I should describe sometime, but I was trying for a more complete method that perhaps could even support Windows 7 (ha ha), though I'm sure the problems of running on that OS would go beyond symbols and hooks!

Anyway, here's a snapshot of the parser showing the version numbers that are defined within osinfo.dat. I'm still not sure what a lot of the values mean, I'm still trying to make sense of exactly how Sice uses the info.

The file itself is fairly logically laid out as a series of structures. Each structure begins with a Size field. There is a main header which gives the file offset of each of 4 different sections and the total number of symbols defined in each section. There are further similar header structures which tell the number of individual symbols within each section. There are 14 unique headers in total, which I believe separate eveything into OS version/build/service pack and free/check builds.

Sections 1 and 2 are similar in content and may define symbol information, Section 3 defines hooks, Section 4 I have no idea about..

Of course if this intrigues anybody and they want to play with idea further, they're welcome to the code. I was going to release it if it ever got to some point that made sense.

You'll notice in one of the snapshots that there is a version definition up to 6.0.4074 sp0

5.0.2195 Windows 2000
5.1.2600 Windows XP
5.2.3790 Windows Server 2003
6.0.6000 Windows Vista

I recommend that olly debugger.
Depending on your needs, and other plug-ins installed,
you attach the script used almost like a soft ice can use.

hi all,

(sorry for my english, i do my best)

olly ? for kernel debugging ?
Syser :
Yes ... this project is evolving.
Since last year, this debugger has much improved and has become really effective.
Personally, I think this debugger is becoming as powerful as Softice ... maybe even more !
I use it every day (last Syser v1.99.1900.1195) on windows XP Pro (with 4 µPs Q6600), it works fine.

Hi, all
coming back slowly on the scene, after some years of health trouble.

There is a few years, i've used Softice (with xp SP1), and i remember using some patches to make softice working with this SP1.

Wdich Softice ver are you using now, ans is there new patches to apply for working with XP SP3 ? ?

All help needed.

Thank's

Hi LOUZEW,

Welcome aboard...again

These threads may guide you to the use of SoftIce on the latter Windows XP versions:

http://www.woodmann.com/forum/showthread.php?t=11332
http://www.woodmann.com/forum/showthread.php?t=5806
http://www.woodmann.com/forum/showthread.php?t=7199

Have phun.

hello compuware driver studio 3.2 works good for xp sp1-3
also if you want to make the most detections to softice not apear you could use IceStealth:
http://www.woodmann.com/collaborative/tools/IceStealth

if you have problems in getting it to work you can write me a pm