I am new to this reverse engineering lark and am having problems getting to grips with SoftICE. I am using SI via DriverStudio 2.6 under XP.

My target is a CrackMe from one of the forums. The CrackMe is built with no debug info so I used IDA pro to get a MAP file which I subsequently use to produce a NMS symbol file using Util16/nsym.exe and mnsym.exe

The EXE uses MSVBVM60.DLL, so I load this as an export into Symbol Loader. I also open and load CrackMe.NMS, which appears to be successfully read by SL - this is comfirmed when I enter "sym" in SI command window.

I then insert the following breakpoint, "bpx msvbvm60!rtcmessagebox", as directed by the CrackMe help text. Again, this is accepted without error.

Finally I open and load the EXE in SL (module settings, debugging: load executable, translation: publics only). SL gives the following translation Error "No debug info ..", but carries on and runs the application.

However, IT DOESN'T BREAK !

What am I doing wrong ?

you are not wrong, it's a bug of Compuware.

Is there a workaround for the bug ?

Toonboy.

Do a search in the board using 'XP' and 'driverstudio 2.6'. You will see that SIce has quite an unpredictable behavoir in XP.
The solution to the 'bug' may be DSv2.7.

I had never luck with ice on xp, ds27 is even freezing the system, always when I start the service. i've given up and keep it installed on win98 which seems imo generally better for debugging sessions.

No, DS 2.7 still has this "NO break" bug.

This works for me:SICE + W2K SP0/1/2
Loader32 2.6.0 (build 336)

File/Open/EXE file
Module/Settings/Debugging/Load Executable (even it is already selected on the interface, just select ii once again and Apply)
make sure Stop at WinMain etc. is checked
Module/Load and all works flawlessly...

Please let me know if it works for you.This should work for 2.7 too.

Regards,
toteu

I also had a lot of trouble with SoftIce in XP, so I decided to go dual boot, keeping XP and installing 2000 on a partition. It took a lot of effort, as Windows XP doesn't want to let you install 2000. (I only have one harddrive). I had to boot up to MS-DOS (I used a boot disk, but if your 2000 cd is bootable you're set) and installed 2000 on a partition. Then I had to boot up with the XP install disk and go into the Recovery Console to fix the MBR. Here's what you have to do:
-FIXBOOT ;Fixes the mbr
-cd .. ; changes dir to c:\

-attrib -h ntldr
-attrib -r ntldr
-attrib -s ntldr
-copy D:\i386\ntldr C:\ ;copy a good version of ntldr from the XP install cd to XP partition

-attrib -h ntdetect.com
-attrib -r ntdetect.com
-attrib -s ntdetect.com
-copy D:\i386\ntdetect.com c:\ ;copy a good version of ntdetect from the XP install cd.

Then I had to install SoftIce for NT on my 2000 partition. I also had to add \noguiboot to the reference to the 2000 install in c:\boot.ini on the XP partition.

Hope that helps you get started.

Local

I recommend a product called "System commander" it allows the loading of multiple operating systems on a single hard drive. The most important feature is it can help you fix stuff when you wipe out a portion of the operating system, but that would never happen to anyone we know? This is a lot easier than using the microsoft boot manager which works some of the time, but not all of the time. SC even lets you use Linux.

There are free ware versions of this and similar programs, you can try hxxp://www.cnet.com for help, look under software downloads.

MTB

I have the "No break" problem in XP for DS2.6 .
After install DS2.7 , it work normal now .
You should look for the error message show on SI after initialize
the net start ntice service .
There are some API hook failuar message there .
I search google and find someone request the ntice.sys from compuware to fix the bugs. He mention the bugs coming from the XP patch.