I'm using VMware to run a guest OS. Both host and guest are Win2K SP3. Traditional SoftICE doesn't work very well on a VMware guest: you can only run it in full-screen VGA mode, and that's a show stopper for my reversing. So.... I installed Visual SoftICE with the "target" piece on the guest and the "host" piece on the host. I added a second network adapter to the guest (dedicated to SoftICE) and this arrangement seems to be working OK.

Visual SI is like the old SI in many ways, but in many other ways it is very different. Getting used to the different windows takes a while. I managed to set my first breakpoint that actually worked in a process context for CreateFileA. When it breaks I typed in "d ss:esp->4" like I used to do on the old SI to display the memory where the file name is. It doesn't work. The old '->' notation for indirect addressing no longer works at all. I'm reading both manuals for VSI (Visual SoftICE) - the user's guide and the reference - and how to do what I want is unclear. I tried 'd *(dword)(esp+4)' but it interpreted the data at esp+4 as a 64-bit address and gave an error that the huge 8-byte address was invalid.

Can anyone tell me how to do a good old-fashioned d ss:esp->4 ? There's not a lot of VSI information yet on this or any other board. Some tutorials are needed very badly. I hope that more people will install and start to use VSI so we can pool our knowledge and make the learning curve shorter. VSI is the wave of the future so we all better get used to it IMO

VSI (Win2K) Tip #1:
Get your network cards in order BEFORE configuring your remote target VSI core connection!

When VSI grabs one of your NICs to use (they recommend to dedicate one to VSI and leave another for general network usage) it updates the driver for the card. In doing this it manages to completely remove all traces of the old driver! From that moment on you will not be able to install a same-type network card (or re-install one) ever again without completely re-installing Windows 2000. Whenever you try to (re)install a NIC your Win2K box will insist on configuring it as a SICE network controller. This will happen even if you completely remove VSI from your system; the VSI drivers remain forever bound to that type of NIC. So make sure you already have both NICs configured and working BEFORE you install a VSI driver on top of one of them. This is almost definitely a VSI bug, but there are no Compuware forums or newsgroups where any of this is discussed. (NuMega, where oh where have you gone?) Compuware's website sucks.

VSI (Win2K) Tip #1a:
When you select the NIC that you want VSI to use, WAIT FOR THE DRIVER TO COMPLETE its installation. As the driver installs it appears to hang the system. I interrupted the process at this point and re-booted 5 or 6 times and was totally bummed out. Then as I was doing it one more time I got called away for something. When I returned about 15 min. later the damn thing had finished installing and I had control of my system back with a 'success' message waiting for me. Just wait for it to finish. It's not unusual to wait 5 minutes or more and see NO disk or CPU activity while it goes about its business.

As far as the driver not being removed, try simply going into windows 2000 Safe Mode, and then going to Device Manager and removing the driver from there. A lot of times, you'll even find old drivers just laying around, since SafeMode will show you ALL drivers, and not just the active ones. This is really only the TRUE way to make sure a driver is every completely gone from your system.

-nt20

Thanks for that tip. I will try that the next time I am ready to re-install.... the way I'm going that should be in another hour or two