Log in

View Full Version : :( SoftICE

Dav
January 14th, 2004, 13:58
I'm a beginner in the assembly language. I have softice 4.05 NT installed on Windows Xp Pro.
The softice has all the patches and fixes but still when i use BPX HMEMCPY i get an error "Symbol not defined". And the address of the memory always starts from 806.. instead of 040..

Please, Help me
LOUZEW
January 14th, 2004, 14:08
Hi, Dav

HMEMCPY Don't exist under XP ! ! ! !
Dav
January 14th, 2004, 15:37
What about addresses that always starts from 806.. instead of 040..?
Can you help me?

Thank you.
naides
January 14th, 2004, 16:23
Quote:
[Originally Posted by Dav]What about addresses that always starts from 806.. instead of 040..?
Can you help me?

Thank you.


code window addresses starting with 80....(Like 80637B3B) are high in the OS reserved memory and dlls. Look into the lower right corner of Sice window and you will see which mod you are in. more than often it is Idle or something like Kernel32 USER32, something like that.
To see addresses 040. . . which belong to the application memory space you need to break inside the application, or trace until you are back into the application space (use F11 or F12 in Sice). Another way to set your feet into the application space and code is to use the Sice symbol loader, select your app, and select the option to break at the application entry point(WinMain). Read the Sice manual and look inside this board.
JMI
January 14th, 2004, 21:17
And Softice NT 4.05 is a little old for Win XP Pro. There are plenty of threads to read here about Softice and XP. Check some of them out before you make a switch.

Regards,
Aimless
January 15th, 2004, 01:46
Softice 4.0.5 + Windows XP = Nitro + Glycirine

Be careful, it'll go boom

Best bet is to leech driver studio 3 from somewhere...

Have Phun
Aquatic
January 15th, 2004, 03:01
Or just get Ollydbg.