Hi,

I installed SoftIce (4.05) and followed a configuration tutorial from Woodmann.com (newbies). He said to modify the winice.dat file after installation by removing the semicolons from the files that I have in my c:\windows\system\ folder. For example, I have user.dll so I changed this...

;EXP c:\windows\system\user.dll

to...

EXP c:\windows\system\user.dll

I did this to all the files I had in the system folder and if I didn't have it, I didn't change it. I also do not have the SDK so I left that portion alone.

I rebooted and opened the first tutorial program. It used bpx hmemcpy so I was okay and did it. Then I opened the second program and typed bpx GetDlgTextItemA and I got that it was "symbol not defined." I tried some others ("Get" commands that is) but the tutorial wasn't working so I opened up the target program in Wdasm and found that it did use the GetDlgTextItemA line so I closed Wdasm and looked at my Winice dat. I double checked that all files on my hard drive were un-semi-coloned and rebooted. I tried again and still got the symbol not defined error.

Can someone please tell me what I need to do? I reached an impasse since the rest of my tutorials use that command line a lot.

Also, I tried a tutorial that used bpx msvbm60!rtcmsgbox and I got the same error. I don't know if that helps. I am running Win 98 and have 256Mb RAM. I have installed some free developers and compilers as well as MSVS6 with the processor pack and that 100+ MB service pack for it.

Thanks for any help you can give. It felt good to have finished the first tutorial and saw it worked.

Adri_Magnon

Hi,

Ignore my previous post. I was reading some of the posts on the search of this forum for "softice bpx" and I read some things that helped. I decided to post my dat file and a detailed description of exactly how I installed SoftIce and such. I opened up my dat file and only half of my .dlls were un semicoloned.

See, I couldn't get SoftIce to display when I hit cntrl-D. The screen would go blank so I reinstalled. Then I cut and past my old dat file into the new one and I missed the lower third of it.

Sorry about the post. I had posted on another forum and searched around but had no luck. I forgot about this fourm until I was browsing my bookmarks. Since I had no luck on the other one I posted here.

I figured since I read the installation guide then my question was valid since I did the ";" removals. I have the c4nfaq open and the RCE Messageboard FAQ. I should be fine now.

However, if anyone wants to answer this question I'd appreciate it....

After I installed SoftIce, Adobe Acrobat no longer opens. It shows the splash screen and the loading of the files and then it just quits. It was working before the installation. Any ideas on how to fix this?

Thanks and I apologize for the "useless" question on SoftIce.

Adri_Magnon

Hi,

Looks like you got it figured out, so I'll just merge your threads and delete my explanation. Careful with the "32" in your dll names, it's user32.dll of course, not user.dll.

Type EXP in Softice and you'll get a listing of all the exports loaded by SI on your system, the 16 bit ones first. If your function isn't listed there then the dll exports weren't properly loaded by SI.

KERNEL, USER and GDI (the 16 bit variants) are loaded by default and represent the functions exported by Krnl386.exe, User.exe and Gdi.exe. Hmemcpy is a Krnl386.exe function and that's why it worked for you.

To be able to break on functions in any other dll you need to add the full path in an EXP= statement. This includes the VB dlls or any other application dll with exports you want to set a breakpoint on. To start with you really only need the 3 main 32 bit system dlls, and maybe the VB ones.

Correct me if I'm wrong since I don't use it much, but I think the syntax you'd need for a VB breakpoint is
bpx __rtcmsgbox
note the double underscore...


As for the Adobe problem, yep, this is some kind of stupid Softice detection, do a board Search here for Adobe Acrobat and you'll find some answers.

Good Luck,
Kayaker

Hiya,

Yeah, Adobe Acrobat has SI detection and will hang on something called DocBox API. If you run IceDump with /protect on, you will see where it tries to access the IDT. A couple of lines down is a simple cmp / jmp that you can modify in memory to enable Acrobat to finish loading. There have been a couple of threads discussing this in the past. Patching it to bypass the SI detection should be quite easy. Don't know why Adobe even bothered

Cheers,
Clandestiny

Hi Clandestiny:

A small correction: Yes, it is a Adobe plugin. But it is not written by Adobe. It is a third-party plugin for enabling higher security in PDF document written by a company called InterTrust. They put in this "small" SoftICE check

Signed,
-- FoxThree