Here are some very nice articles with diagrams which were created by a Numega programmer (Tsuyoshi Watanabe) detailing some useful SoftIce commands. They no longer exist on the original site so I have reformatted them slightly and attach them here for archive purposes. The diagrams themselves are extremely instructive explanations of the output from some of the more complex Softice commands. Some may recognize these articles from the Spiralspace website originally. I hope they prove useful for those who have never seen them.


How Windows NT uses GDT to implement "kernel mode" and "user mode" (GDT)

Where is the memory block you just allocated with Win32 API HeapAlloc()? (HEAP 32)

Create your own heap in your process and see it with SoftICE (HEAP 32)

Interrupt Descriptor Table and SoftICE "IDT" command (IDT)

Program modules (EXE, DLL) and SoftICE "QUERY" command (QUERY)

Walking "page directory" with SoftICE - understanding "address context" (CPU, ADDR, PAGE, PHYS)

Two ways to cause "page fault" situations, and how SoftICE reports it (PAGE)

How to access objects in various sections of a PE file with SoftICE (MAP32, SYM)

"Symbol Table" - the most important thing for source level debugging with SoftICE (TABLE, MOD, SYM)

SoftICE uses symbolic names to label memory object if symbol table is loaded (TABLE, FILE, TYPES)

Cool!

Other people are of course also very welcome to submit such high-quality "rare" documents and similar here for archival reasons!

And so we can read up on them and attempt to figure out what the heck Kayaker is talking about when he gives us another one of his great low level lessons on the ins and outs of M$ beneath the covers.

Regards,

Hey I'm only fumbling around in the dark of what MS calls an OS, like everyone else. But I agree quality reference material not easily obtainable elsewhere is always welcomed, these things tend to get lost over time.

Cheers,
Kayaker

Nice work,thanks.

Thank you very much

Ok, new rule, if you bring a two months old thread to the top, only to say thanks, you will be banned...

[>Ok, new rule, if you bring a two months old thread to the top, only to say thanks, you will be banned...

LOL,its a bit too harsh.Its just 2 months old thread

Kayaker

AMAZING! I'll mirror them on wasm. Extremely nice!

Well then, I guess the fuss was all worth it. Phew, good thing too, cuz I didn't know there was a time limit involved...

Ok, ok, I was only kidding, and you know it. But you have to agree that it's at least just a little annoying when two people, completely unrelated to the subject (not to mention having post counts of 1 and 3 ) bring up a two months old thread just to say "thank you", huh?

Well "thank you" for pointing that out for us.

Regards,