View Full Version : Symbol Loader wont work???
crassy
August 24th, 2002, 13:10
Hi all.
When I load a prog into Symbol Loader (File/Open module and then Module/Load/Yes) SoftIce is supposed to break at the beginning of the prog, right? Well, mine doesn't... I wonder why?
I use Win98SE and SIce 4.05.334
nofurs
August 24th, 2002, 13:20
where is the begining? youe question is vague
SilSaLaMaTa
August 24th, 2002, 14:38
hi ,
maybe u have to change the section flags (charasteristics) .
Ohno2Cracked
August 24th, 2002, 18:16
I have the same problem with SI. And I changed the characteristics of the starting section to 0xE0000020
(execute,read,write,code)
But it simply doesn't stop at entry. I tried the same with notepad, no success, it runs as a madmann.
BTW, a bpx on a win32 api does work, SI pops up.
background:
I'm hacking a packed program. For that I need to break the program just after it depacked.
note: I even re-installed SI, no success!!!
Anybody ideas???
nofurs
August 24th, 2002, 18:22
Hi Ohno2Cracked,
Try icedump
crassy
August 25th, 2002, 10:28
Quote:
Originally posted by cluesurf
Try icedump |
Could you please be more specific?
nofurs
August 25th, 2002, 11:02
>Could you please be more specific?
RTFM before asking questions
Ohno2Cracked
August 25th, 2002, 20:27
I already tried icedump :-)
Maybe there is something wrong with the version. I use SI 4.05.334
Has somebody else same problems with this version?
crassy
August 25th, 2002, 23:53
As i said I have the same problem EXACTLY.
Tried IceDump + IceLoad... Wont even work with Notepad.
nofurs
August 26th, 2002, 11:56
[>I already tried icedump :-)
>Maybe there is something wrong with the version. I use SI >4.05.334
>Has somebody else same problems with this version?
Ya should check the version before booting to windows
SoftICE 3.23 (Windows 95 / Windows 98 xxxx 1-2)
(C) Copyright 1994 - 1997 NuMega Technologies. All rights reserved.
1096K extended memory allocated for symbols
8K extended memory allocated for back trace
29K extended memory allocated for exports
256K extended memory allocated for display history
and select icedump 3.23
username
August 26th, 2002, 13:48
Quote:
Originally posted by cluesurf
Ya should check the version before booting to windows
|
Wrong approach, you have to look at the Version Info resource in the corresponding ntice.sys and take the version/build info from there. Alternatively 'grep DriverStudio history.txt'. Any other source for version cannot be trusted and should not be relied upon.
Ohno2Cracked
August 26th, 2002, 18:38
Just before my tennislessons writing this reply :-)
Ok then. I solved the problem with installing driverstudio 2.6. I don't know the problem with SI 4.05.334, maybe it has something to do with the combination SI and Athlon 1800 xp. But once again it's just guessing.
Yes finally I can set breakpoints.
Btw crassy, u can download it via eDonkey
serkul
August 26th, 2002, 22:45
another way to 'step into an application' is possible using lordpe from yoda.
- 'bpint 3' in softice
- use 'Break & Enter' feature in lordpe
- patch the 1st byte of the app back to its original value because it was changed to int 3
Ohno2Cracked
August 26th, 2002, 22:47
Just before my tennislessons writing this reply :-)
Ok then. I solved the problem with installing driverstudio 2.6. I don't know the problem with SI 4.05.334, maybe it has something to do with the combination SI and Athlon 1800 xp. But once again it's just guessing.
Yes finally I can set breakpoints.
Btw crassy, u can download it via eDonkey
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.