Log in

View Full Version : remove debug printing of kernel32

Solomon
December 18th, 2001, 02:25
Here is the SoftICE history. I just want to disable the debug output of kernel32. How? I tried DbgView from sysinternals, it can't capture this string. Which prog prints this string?


Code:


kernel32!xxxandledExceptionFilter

kernel32!xxxandledExceptionFilter

kernel32!xxxandledExceptionFilter

kernel32!xxxandledExceptionFilter

NTICE: Load32 START=77CA0000  SIZE=80000  KPEB=FF844020  MOD=clbcatq

kernel32!xxxandledExceptionFilter

kernel32!xxxandledExceptionFilter

kernel32!xxxandledExceptionFilter

kernel32!xxxandledExceptionFilter

NTICE: Load32 START=78000000  SIZE=46000  KPEB=FF844020  MOD=MSVCRT

kernel32!xxxandledExceptionFilter

kernel32!xxxandledExceptionFilter

kernel32!xxxandledExceptionFilter

kernel32!xxxandledExceptionFilter

kernel32!xxxandledExceptionFilter
Solomon
December 18th, 2001, 03:28
shit! This string is from NTICE.SYS! I removed it.
Lord_Soth
December 18th, 2001, 20:16
hmm, why would you wanna remove it ?

why does it bother you, and dont you
think there's a reason it's there ?

LS
Solomon
December 20th, 2001, 07:49
because it is printed too frequently and it coz the history buffer full. I just want to save softice history and analyze it later. Increasing the buffer size is a alternative.
DakienDX
December 20th, 2001, 12:15
Hello Solomon !

You can simply patch your KERNEL32.DLL. You need to locate OutputDebugString and replace the first three bytes with a C2h, 04h, 00h ("Ret 4" because it has no defined return value.

Of course you need to do this in DOS mode, since KERNEL32.DLL is opened under Windows all the time. If you're on Win9X you can also use the WININIT.INI for this job.
Solomon
December 20th, 2001, 21:14
DakienDX,

thx for your reply. OutputDebugString is a ring 3 API, NTICE.SYS does not use this to print this string. I have changed "kernel32!UnhandledExceptionFilter" to a empty string, but it still prints out many empty lines("\n\r" only).