Hello.

I am trying to reverse the protection of a 16 bit program written for windows 3.x.
I have had quite a bit of problems tracing it with SoftIce: Unpredictable behavior, The computer frequently lockup, A BPX on a place in the code I am 100% sure is going to be executed never breaks etc. etc etc.
My questions are:

Is softice as good as a debugger with 16 bit code?
Perhaps the program itself is messing softIce? I dug another old windows 3.1 program and tried to trace it with Sice and found less problems but still some.
Or there is a set up option I missed?
I searched the FM and found no specific mention of 16 bit code debugging settings.

Thanks in advance

Hi Bratsher,

I've had that problem sometimes too with 16-bit. SI just refuses to break, even if you're within the same code segment. That of course is the other problem working with 16 bit, you need to specify the code segment selector to set a bp in another segment from the one you're in. You probably know this already, but you can use the HEAP command to get a listing of all the Segments as you see displayed in W32Dasm (01,02...) and the corresponding Selector (which changes each time the program is run) that has so far loaded into memory. If the current CS:EIP belongs to one of the heap entries, that entry displays with the bold video attribute. You may have to step into a few calls for Windows to load the other code segments of the program as they are needed, but by watching the command window you should eventually find the selector for the segment you are interested in creating a break in. Once that selector has been allocated for that segment, you can use it until the next time you run the program.

Beyond that I have no idea if there's a way to optimize SI for 16-bit. You could try SuperBPM from one of the toolz sites, it *might* help make the bp's stick.

Regards,
Kayaker

Thank you Kayaker. You as usual came up with helpful suggestions.
The erratic behavoir I have been talking about happens even if the BPXs are set up within the same code segment.
BPX placed inside 16 bit windows functions, like the ones in USER.DLL, work dandy. only BPXs inside the program code seem to give trouble, and the trouble is computer freeze, not even blue screen of death.
I tried to stay away from *all* BPX and manually placed BPM instead into the program code, with very limited success. The computer does not freeze, but Sice does not break.
Any suggestions about a pure 16 bit debugger that is able to perform decently in a windows 32 bit environment?

TIA