hello. since getting Softice 4.05 i have managed to get it going on my WinME Operating system. But unfortunatly thats all ive got it to actually do. I started following a tutorial and when it came to entering a command "bpx getwindownamea" Softice replies with "symbol not defined (getwindowname)

i then found that i needed to remove the comments before ";EXP" in kernal32.dll etc.. which i did do. then i tried again. Same thing happened. Then i went to symbol loader looking for a solution, II used the Edit feature to enter the symbols that way and then rebooted expecting this to solve my problem. Bah no such luck. Finaly i came to this forum to look for people who had the same problem. I found a post by "Goat" about how he had this problem, the solution someone offered which fixed his was to put the loader from "wmldr.zip" to C:/Windows/SYSTEM/.. whatver it was. This then loaded softice before windows ME started up. Im guessing this was instead of using the "io.sys" method that i used to get Softice running on my computer. BUT even ater doing all this stuff i still get the same old errorr "Symbol not defined (******) for whatever i enter.


PLEASE PLEASE help if u have any clue as to what is wrong.. ive run out of ideas and getting sick of messing about probably harming ym computer. ty in advance

im on msn messanger = maxmadx@hotmail.com
Aim = crexasation

Hello R I Z E N !

The reason why SoftICE does not find GetWindowNameA is that there isn't any function with that name.
You might be searching for GetWindowModuleFileNameA or GetWindowTextA, but this functions are exported from USER32.DLL and not from KERNEL32.DLL.

ok thanks, BUT. i meant to say getwindowtexta :/ and also, im working from a very good tutorial by Prophet which i guess should be right here, i followed all the steps from this
http://www.woodmann.net/fravia/prophe_1.htm please have a look, midway down where we start to break point is where i get the error. has the writer of this handy tut missed something that the average newbie would overlook or is it just my stupidity

ps.

does the fact that kernel written at the bottom right of softice hold any relevance? (just a thought when u said that getwindownamea is from user not kernel

Hello R I Z E N !

I've looked over (not deep) the tutorial and could not find any special errors which might be overlooked by newbies.

I don't know where you've see the word "kernel", since there is usually nothing on the bottom right, just in the middle. This shows to which process the code in the code window is belonging to.
And there is no library called "KERNEL", only "KERNEL32" would be possible. This would mean that you're in some KERNEL32 code.

ok, it sais at the bottom right kernel32, i suppose this is what u meant but if getwindowtexta isnt for kernel, why softice say that the register part of the program (target) is? or do i have to physicaly change it to read user32 ?? i dont know :/
do u think that the version 4.05 requires the user to do something that 3.0 didnt have? (the person who made the tutorial used SI 3.0)
i dont understand why it wouldnt pick up that its a user32 automaticaly ..

ps sorry for not having much clue what im talking about
and thanks for having the patience

ok, my original problem was all about loading symbols, but since then i have realised that this wasnt the problem. I can breakpoint with commands that are associated with kernel32. The thing u said about there not being a kernel32 at the bottom right, well there is when im jsut sitting on desktop, but if i go into retail, bigger programs like Rainbow 6, the kernel32 is replaced with the name Rainbow. so this is just the name of the program that softice is analysing? if this is so, why doesnt "teleport pro" name come up there, because where i follow in that tutorial im told to use a command that is for user32, and thats why i get "symbol not defined" because the name kernel32 is at the bottom right :/
sorry im not that great at explaining things. hope u can decrypt what i jsut said.

Hello R I Z E N !

Just some general things:

If you just activate SoftICE with it's hotkey, you'll break somewhere in memory in some process. If to program is bigger and needs much computing, it's more likely that you'll break in the process, if it's just small and does nearly no computing, it'll be very difficult to break in this process and you'll end up most time in some system kernel code like KERNEL32.DLL.
Setting a BPX on a KERNEL32 or USER32 export has nothing to do with what's written at the bottom of the SoftICE window. It will work always if it's exports are loaded.
There shouldn't be any difference in handling exports in version 3.0 and 4.05 expect that 3.0 might not work with WinME.

hehe ok, if ive de-commented everything in winice.DAT, why do u think that its not recognising getwindowtexta when it is such a common symbol. also when kernel32 is writen at the bottom of softice, it recognises all the commands specific to kernel32 :/

this is the part of the tutorial i am up to:

Okey then, let's enter a name in the Name box, eg Prophecy, and a bogus code,
eg 666777888. Now we need to set a breakpoint in SoftIce so that we pop into
SoftIce at a point close to where the target is going to generate the code and
compare it to our bogus code. Okay, let's pop into SoftIce (Ctrl-D or whatever)
and set a breakpoint: BPX getwindowtexta. This means SoftIce will pop up
on execution of the getwindowtexta command, which is a common command a target
uses to read info supplied by a user (eg name and (bogus) serial number). Okey,
hit < F5 > to go back to the target and click OK. Bang! we're in SoftIce.
Press < F11 > to trace the call back to the target.

so, why would BPX getwindowtexta get recognised by his and not by mine

let me know when ure fed up of me and ill give up btw. and again thanks

Hello R I Z E N !

You can't go on with the tutorial unless you can set breakpoints on exported functions.

So if you've removed all comments from WINICE.DAT and the path to the files is correct, you may try to add the DLLs with the Symbol Loader, else I don't know where the problem could be.

If I've understood you right, you can break on KERNEL32 exports but not on USER32 exports, right?

Hi,
check your winice.dat just uncomment these only

EXP=c:\windows\system\kernel32.dll
EXP=c:\windows\system\user32.dll
EXP=c:\windows\system\gdi32.dll
EXP=c:\windows\system\comdlg32.dll
EXP=c:\windows\system\shell32.dll
EXP=c:\windows\system\shell232.dll
EXP=C:\windows\system\advapi32.dll

btw hi DakienDX

i already did that :///

ok its ok it works with getwindowtext, so thats cool. try for ure help all

hi, when i call Softiceup (ctrl-D) and im connected to the internet, my connection is suddenly lost. I use pay dial-up connection and am hoping that there is something i can do to stop this from happening. thanks

i read somewhere u can fix this by the '/AWAY asuidsodj' command?? dunno. thoughts welcome

hi again ^^.

ok i dont know why getwindowtexta doesnt work when getwindowtext does. I think im runnign a different softice to everyone else lol. Anyway... seen as getwindowtext does the same job i aint worying.

the new problem(s)

are in the next part of that tutorial.

once ive broken into the program at the call where it asks me to enter name/password - i press F11 to trace back to the tartget.
the tut then tells me to enter "s 0 1 ffffffff "Prophecy" but unlike the guy in the tutorial , i get a sysntax error. . . so, what u think is up. seen as i typed in exactly what it sais to type in. u can look at the tut again for reference if u need to. http://www.woodmann.net/fravia/prophe_1.htm

are u sure the commands havent changed with the new versions of Sice?

ps.#
i get disconected from the internet when i call SoftICE up ... any ideas?

Hi RIZEN:

Here is what SoftICE Command Reference manual says:

<QUOTE>

S : Search Memory for Data
S [-cu][address L length data-list]
address Starting address for search.
length Length in bytes.
data-list List of bytes or quoted strings separated by commas or spaces. A
quoted string can be enclosed with single or double quotes.
-c Make search case-insensitive.
-u Search for Unicode string.

</QUOTE>

BTW, can I suggest you to read the FINE manual as all your questions might already have been answered there!

Signed,
-- FoxThree

PS: If you still didn't get it, the command you must type in is
"s 0 L ffffffff "Prophecy" (Note the "L" instead of "1"

thanks man!, i realise looking after newbies is alittle boring haha, but i appreciate it soo much .TY ;D

also, can anyone answer my question about disconeting (

Hello R I Z E N !

This is a quite common problem with no solution so far.
Please read this (http://www.woodmann.net/forum/showthread.php?threadid=2610) thread or this (http://www.woodmann.net/forum/showthread.php?threadid=819) thread.

Hello R I Z E N !

Yes, I can answer your question about disconnecting, I already did it in the other thread you've started. Please never use more than one thread for the same problem. Because of this I merged the three threads.

You said you can break on GETWINDOWTEXT but not on GetWindowTextA?
It seems like you've the same problem like before.
GETWINDOWTEXT isn't exported by USER32.DLL, but by USER.EXE. You don't need to load it's exports, since SoftICE loads them automatic, even if they're commented out in WINICE.DAT.

oh.. so how do i load its exports for user32.dll then?

Hello R I Z E N !

It should be done exacly like the KERNEL32.DLL exports. Use the Symbol Loader and use the add exports from DLL function.

If this doesn't work, buy SoftICE and ask NuMega for support.