Log in

View Full Version : ds 3.1 win2000 not breaking


jpfeffer
April 12th, 2004, 12:54
All,

I am having some issues with softice. I used 4.05 but had no luck getting it to work correctly on win2000 adavanced server. video issues, I suspect.

I then used 4.27 and it was better, usually if I did a clean install it would work correctly until I rebooted, then no more.. Ctrl D didn't pop up a think or.. if it did pop up setting breakpoints was useless. It never would break.

I recently downloaded Driver Studio 3.1, and now the Ctrl D seems rock solid. I seem to always get a popup.. Great.. Except that it doesn't seem to be hooking the API.. Setting things like GetDlgItemTextA or GetSystemTime do absolutely nothing. At the moment it is set to manual start, but I have tried other settings.

The install was from a full install of DS 3.1, I have looked at the patches on the vendors site, and even tried a couple of them, even though they were supposed to apply to ds 3.0 only.

Being somewhat new to the software, I am a bit confused about what to even look at. By the way it is running on a muli boot machine (Inspiron 8100 laptop)

Any ideas why it is not hooking into the api? or does it sound like someting else?

Thanks

dELTA
April 12th, 2004, 13:00
Search the board for "softice context sensitive breakpoints" and see if that helps you (also info about it in the FAQ).

Also, some packers/protectors prevent API breakpointing by emulating the first couple of bytes in several APIs...

JMI
April 12th, 2004, 14:44
There is also an option on the 3.1 version to set or not set context sensitive breakpoints.

You will find that thread here:

http://www.woodmann.com/forum/showthread.php?t=5470

Regards,

jpfeffer
April 12th, 2004, 17:12
Thanks for the tips.. I had already done a significat amount of searching prior to posting.. I did follow the advice and did the search again just to make sure.

I haven't not found anything that addresses my problem. I am using 2k advanced server and xp sp1, both with the same problem.

I have set the context sensitive to the previous versions behavior.. Still no change.,.. So for the moment, I am taking a break.. my head is sore from all the banging against the wall. LOL

Once I get into softice. .ctrl d then use the addr command and use winzip32 for example.. softice no longer says idle it says winzip32.. ctrl d back to hit enter on the reg code.. and then it says wrong code. softice never broke. ctrl d back.. and it is idle..

Running it through the symbol loader complains no symbols for winzip32, but did I want to continue loading,, yes,.. then softice pops su and says break due to symbol loader. ctrld back to app. hit enter on the reg screen, and again no breaks.

Even using GetSystemTime and then opening the clock on the taskbar doesn't pop up softice.

p.s winzip is 8.1... once in a great while on a magical reboot, softice does pop up correctly.. It is just inconsistent..

Thanks


Thanks for the ear

Aimless
April 13th, 2004, 00:01
1. Maybe Winzip32 does not use dlgbox or messagebox (try using a resource editor to see whether the nag screen/error message is a custom made resource rather than default windows API)

2. Maybe winzip 8.1 is ice sensitive and contains anti-debug tricks?

Hae Phun

.:hack3r2k:.
April 15th, 2004, 15:11
Tip:

Put a breakpoint at entrypoint (be sure to type first bpint3 in sice), start the program and when it breaks start puting breakpoints for the apis u'r interested to spy. After that replace the CC byte with the original one and press F5. Each time a function u'r bp sice will popup.

Br