amois
October 16th, 2001, 01:18
I am searching for Kayaker's Jump Generator. I could'nt find on the net.
View Full Version : jump generator
Kayaker
October 16th, 2001, 12:27
Gee, I don't even remember creating that one. Is it any good?
Heh, No I don't think that was mine. If you saw it at one of the high quality professional Toolz sites, then it *definitely*wasn't mine
I did a little jump proggy example thingy during a project a while back, but I don't think that's what you want. Do you mean an Opcode Jump Generator? Neural Noise made one and there's a few others around as well.
You might find what you're looking for at
h**p://www.programmerstools.org/
regards,
Kayaker
PS, If I create any more cool toolz I don't know about, let me know.
Heh, No I don't think that was mine. If you saw it at one of the high quality professional Toolz sites, then it *definitely*wasn't mine
I did a little jump proggy example thingy during a project a while back, but I don't think that's what you want. Do you mean an Opcode Jump Generator? Neural Noise made one and there's a few others around as well.
You might find what you're looking for at
h**p://www.programmerstools.org/
regards,
Kayaker
PS, If I create any more cool toolz I don't know about, let me know.
Js
October 16th, 2001, 14:31
Hiya,
Kayaker, I have a feeling he means your backtrace buffer disassembler.
Kayaker, I have a feeling he means your backtrace buffer disassembler.
Kayaker
October 16th, 2001, 15:53
Quote:
| Originally posted by Js Hiya, Kayaker, I have a feeling he means your backtrace buffer disassembler. |
Hi,
If that's the case, wait until the hot new improved version Clandestiny and I have been working on. Complete with vxd, winice memory patching, BCHK triggered INT1 Softice popup for target memory access, and auto search/dumping of the Softice backtrace buffer for viewing or saving.
Easily crackable commercial version also available for a nickel...
Kayaker
Scally6
October 16th, 2001, 19:19
But does it make toast?
Regards
Scally
Regards
Scally
amois
October 16th, 2001, 21:02
I don't know exactly this Kayaker's Jump Generator. My friend said to me. I have a problem about BPR and BPRW SoftIce commands. When i try to run thoose commands, 99% my computer is crushing. Also, MAP32 and MOD commands don't work. Therefor i need alternative for SoftIce back tracing.
regards
amois
regards
amois
Kayaker
October 16th, 2001, 23:58
TO DO LIST: Implement breakfast features for Scally. LOL
Those are strange symptoms amois. If Softice is working properly the MOD command should display the windows module list, the command either works or it doesn't. MAP32 as well as BPRW might appear not to work if you use the module name given under TASK and the filename is longer than 8 characters. You need to use the full name you see under MOD instead (which is rather ironic). A guess is that you may be working with a funny filename, change it to a standard 8 character filename and see if that works.
If you're crashing on the BPR commands this is really strange. Is this only when using the Trace option or does it occur on ReadWrites as well? If the advanced breakpoint you set while setting up the backtrace is never reached (or if you didn't set one), then the system might never return to Softice, your system will seem to hang and maybe you crash.
How does your system work when just dealing with notepad? Try breaking at program start using the SI loader and set up a backtrace with
BPRW Notepad T
Then set breakpoint a few lines down, or on an API, that you know will be called. Then press F5. Softice should immediately break and the SHOW command should show you the code lines just executed within the address range of notepad. Try this and see if it works.
Read the Softice Command Reference for the exact usage of the BPR trace functions.
The backtrace buffer disassembler/dumper is meant ultimately to be able to save the output of ongoing traces. It works with an existing backtrace you've done, or to one with the program loaded so you are able to access its memory or trace packed code. Normally you use the SHOW or TRACE commands. You need to make sure you can generate a backtrace in Softice properly first.
Then make toast
Hope this helps,
Kayaker
Those are strange symptoms amois. If Softice is working properly the MOD command should display the windows module list, the command either works or it doesn't. MAP32 as well as BPRW might appear not to work if you use the module name given under TASK and the filename is longer than 8 characters. You need to use the full name you see under MOD instead (which is rather ironic). A guess is that you may be working with a funny filename, change it to a standard 8 character filename and see if that works.
If you're crashing on the BPR commands this is really strange. Is this only when using the Trace option or does it occur on ReadWrites as well? If the advanced breakpoint you set while setting up the backtrace is never reached (or if you didn't set one), then the system might never return to Softice, your system will seem to hang and maybe you crash.
How does your system work when just dealing with notepad? Try breaking at program start using the SI loader and set up a backtrace with
BPRW Notepad T
Then set breakpoint a few lines down, or on an API, that you know will be called. Then press F5. Softice should immediately break and the SHOW command should show you the code lines just executed within the address range of notepad. Try this and see if it works.
Read the Softice Command Reference for the exact usage of the BPR trace functions.
The backtrace buffer disassembler/dumper is meant ultimately to be able to save the output of ongoing traces. It works with an existing backtrace you've done, or to one with the program loaded so you are able to access its memory or trace packed code. Normally you use the SHOW or TRACE commands. You need to make sure you can generate a backtrace in Softice properly first.
Then make toast
Hope this helps,
Kayaker
Unregistered
October 17th, 2001, 08:00
I am just reflecting my problem directly from SoftIce.
:task
TaskName SS:SP StackTop StackBot StackLow TaskDB hQueue Events
Loader32 0000:0000 007FB000 00800000 2FD6 3037 0000
Notepad 0000:0000 0063D000 00640000 2B8E 2E0F 0000
Wincmd32 0000:0000 0070E000 00720000 2BC6 2C17 0000
Pstores 0000:0000 0056D000 00570000 250E 298F 0000
Stmgr 0000:0000 0056C000 00570000 2A5E 2AC7 0000
Wmiexe 0000:0000 0056B000 00570000 25DE 0000 0000
Msmsgs 0000:0000 0069D000 006A0000 29A6 25C7 0000
Ctmix32 0000:0000 0063D000 00640000 216E 295F 0000
Newsupd 0000:0000 0063D000 00640000 284E 2967 0000
Internat 0000:0000 0057D000 00580000 2786 27CF 0000
Systray 0000:0000 0063D000 00640000 26BE 280F 0000
Taskmon 0000:0000 0063E000 00640000 248E 2507 0000
Rpcss 0000:0000 0056D000 00570000 1F4E 1F6F 0000
Explorer 0000:0000 005A9000 005B0000 2266 227F 0000
Mstask 0000:0000 0056D000 00570000 1A9E 1B1F 0000
Mprexe 0000:0000 0072E000 00730000 193E 199F 0000
MMTASK 1E57:1F80 00B2 201C 201C 1B26 1E6F 0000
MSGSRV32 15C7:7D40 0174 7DDE 7DDE 15A6 0C5F 0000
KERNEL32 * 0167:1218 00034530 00044530 00D7 0C5F 0000
:map32 notepad
:map32 wincmd32
:mod notepad
hMod Base PEHeader Module Name File Name
:mod wincmd32
hMod Base PEHeader Module Name File Name
:bprw notepad t
Module Not Found
:bprw wincmd32 t
Module Not Found
:task
TaskName SS:SP StackTop StackBot StackLow TaskDB hQueue Events
Loader32 0000:0000 007FB000 00800000 2FD6 3037 0000
Notepad 0000:0000 0063D000 00640000 2B8E 2E0F 0000
Wincmd32 0000:0000 0070E000 00720000 2BC6 2C17 0000
Pstores 0000:0000 0056D000 00570000 250E 298F 0000
Stmgr 0000:0000 0056C000 00570000 2A5E 2AC7 0000
Wmiexe 0000:0000 0056B000 00570000 25DE 0000 0000
Msmsgs 0000:0000 0069D000 006A0000 29A6 25C7 0000
Ctmix32 0000:0000 0063D000 00640000 216E 295F 0000
Newsupd 0000:0000 0063D000 00640000 284E 2967 0000
Internat 0000:0000 0057D000 00580000 2786 27CF 0000
Systray 0000:0000 0063D000 00640000 26BE 280F 0000
Taskmon 0000:0000 0063E000 00640000 248E 2507 0000
Rpcss 0000:0000 0056D000 00570000 1F4E 1F6F 0000
Explorer 0000:0000 005A9000 005B0000 2266 227F 0000
Mstask 0000:0000 0056D000 00570000 1A9E 1B1F 0000
Mprexe 0000:0000 0072E000 00730000 193E 199F 0000
MMTASK 1E57:1F80 00B2 201C 201C 1B26 1E6F 0000
MSGSRV32 15C7:7D40 0174 7DDE 7DDE 15A6 0C5F 0000
KERNEL32 * 0167:1218 00034530 00044530 00D7 0C5F 0000
:map32 notepad
:map32 wincmd32
:mod notepad
hMod Base PEHeader Module Name File Name
:mod wincmd32
hMod Base PEHeader Module Name File Name
:bprw notepad t
Module Not Found
:bprw wincmd32 t
Module Not Found
Bengaly
October 17th, 2001, 11:40
Heya all...
*g*, someone asked help..give it to da man ;D
Jump Generator by Muad'D1 ;D
anyway, get the JumpGenerator from :http://muaddib.immortaldescendants.org
Work Well
*g*, someone asked help..give it to da man ;D
Jump Generator by Muad'D1 ;D
anyway, get the JumpGenerator from :http://muaddib.immortaldescendants.org
Work Well
Js
October 17th, 2001, 12:52
Bengaly,
he isn't alking about jump gen.
Kayaker, look how much interest I generated in your backtrace disassember, do I get a percentage?
he isn't alking about jump gen.
Kayaker, look how much interest I generated in your backtrace disassember, do I get a percentage?
Kayaker
October 18th, 2001, 00:57
Sure Js, you name the cut and I guarantee the cheque is in the mail...
Amois, it looks like maybe Softice doesn't have any data on the loaded modules, so the commands requiring a module name fail. When a program is mapped into memory, winice monitors the loading of each section of it including the dlls it uses.
For example, when I load notepad and immediately Ctrl-D into Softice I see this in the command window:
WINICE: Load32 Obj=0001 Add=0167:00401000 Len=00004000 Mod=NOTEPAD
WINICE: Load32 Obj=0002 Add=016F:00405000 Len=00001000 Mod=NOTEPAD
WINICE: Load32 Obj=0003 Add=016F:00406000 Len=00001000 Mod=NOTEPAD
WINICE: Load32 Obj=0004 Add=016F:00407000 Len=00005000 Mod=NOTEPAD
WINICE: Load32 Obj=0005 Add=016F:0040C000 Len=00001000 Mod=NOTEPAD
WINICE: Load32 Obj=0001 Add=0167:7FCB1000 Len=00086000 Mod=SHELL32
WINICE: Load32 Obj=0002 Add=016F:7FD37000 Len=00001000 Mod=SHELL32
......
Do you see this? If not, then Softice probably isn't behaving properly.
Softice likely gets some of the information it needs for certain commands from the Process and Environment Database. If you type
: proc -x notepad
you should see lots of pointers to process information.
When you type MOD you should see:
:mod notepad
hMod Base PEHeader Module Name File Name
2667 00400000 817156C8 NOTEPAD C:\WINDOWS\NOTEPAD.EXE
From the PEHeader address you can get the information you see in the MAP32 command:
:map32 notepad
Owner Obj Name Obj# Address Size Type
NOTEPAD .text 0001 0167:00401000 00003E9C CODE RO
NOTEPAD .data 0002 016F:00405000 0000084C IDATA RW
NOTEPAD .idata 0003 016F:00406000 00000DE8 IDATA RO
NOTEPAD .rsrc 0004 016F:00407000 00004FB8 IDATA RO
NOTEPAD .reloc 0005 016F:0040C000 00000A9C IDATA RO
I'm not sure why TASK gives you some information, but these other 2 commands don't. Perhaps one of your other programs is interfering with Softice for some reason, try a reboot with minimal programs loaded, get rid of wincommander and anything else that starts up automatically. Are you running on a network? (Pstores looks familiar). Try not logging on and see if SI behaves any differently.
As a desperate measure try reinstalling Softice. I'm not sure what your problem might be otherwise.
regards,
Kayaker
Amois, it looks like maybe Softice doesn't have any data on the loaded modules, so the commands requiring a module name fail. When a program is mapped into memory, winice monitors the loading of each section of it including the dlls it uses.
For example, when I load notepad and immediately Ctrl-D into Softice I see this in the command window:
WINICE: Load32 Obj=0001 Add=0167:00401000 Len=00004000 Mod=NOTEPAD
WINICE: Load32 Obj=0002 Add=016F:00405000 Len=00001000 Mod=NOTEPAD
WINICE: Load32 Obj=0003 Add=016F:00406000 Len=00001000 Mod=NOTEPAD
WINICE: Load32 Obj=0004 Add=016F:00407000 Len=00005000 Mod=NOTEPAD
WINICE: Load32 Obj=0005 Add=016F:0040C000 Len=00001000 Mod=NOTEPAD
WINICE: Load32 Obj=0001 Add=0167:7FCB1000 Len=00086000 Mod=SHELL32
WINICE: Load32 Obj=0002 Add=016F:7FD37000 Len=00001000 Mod=SHELL32
......
Do you see this? If not, then Softice probably isn't behaving properly.
Softice likely gets some of the information it needs for certain commands from the Process and Environment Database. If you type
: proc -x notepad
you should see lots of pointers to process information.
When you type MOD you should see:
:mod notepad
hMod Base PEHeader Module Name File Name
2667 00400000 817156C8 NOTEPAD C:\WINDOWS\NOTEPAD.EXE
From the PEHeader address you can get the information you see in the MAP32 command:
:map32 notepad
Owner Obj Name Obj# Address Size Type
NOTEPAD .text 0001 0167:00401000 00003E9C CODE RO
NOTEPAD .data 0002 016F:00405000 0000084C IDATA RW
NOTEPAD .idata 0003 016F:00406000 00000DE8 IDATA RO
NOTEPAD .rsrc 0004 016F:00407000 00004FB8 IDATA RO
NOTEPAD .reloc 0005 016F:0040C000 00000A9C IDATA RO
I'm not sure why TASK gives you some information, but these other 2 commands don't. Perhaps one of your other programs is interfering with Softice for some reason, try a reboot with minimal programs loaded, get rid of wincommander and anything else that starts up automatically. Are you running on a network? (Pstores looks familiar). Try not logging on and see if SI behaves any differently.
As a desperate measure try reinstalling Softice. I'm not sure what your problem might be otherwise.
regards,
Kayaker
amois
October 18th, 2001, 02:09
I erased Win Me, than installed Win 98. Now SoftIce is full working. I don't have problem's about MOD, BPR etc..
Thanks to Kayaker for helping.
regards
amois
Thanks to Kayaker for helping.
regards
amois
Bengaly
October 18th, 2001, 09:42
Heya all..
ahh ok sorry, i though u ment JumpGenerator ;-)
didn't know he ment BackTrace utile.
BackTrace is cool, but never worked ;-) no BPR/BPMs works..(win98),
anyway cya
ahh ok sorry, i though u ment JumpGenerator ;-)
didn't know he ment BackTrace utile.
BackTrace is cool, but never worked ;-) no BPR/BPMs works..(win98),
anyway cya
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.