yet another softice bp question [Archive] - RCE Messageboard's Regroupment

View Full Version : yet another softice bp question

0rp

May 13th, 2004, 13:50

i'm using driverstudio3.1 visual softice.

i added kernel32.dll with "addsym ......\kernel32.dll" and if i do a "bpx getlocaltime", i get "invalid process id".

i won't switch to any context, because my victim isn't loaded at this time.

where is my mistake?
thanks

doug

May 13th, 2004, 17:01

Quote:

[Originally Posted by 0rp]i'm using driverstudio3.1 visual softice.

i added kernel32.dll with "addsym ......\kernel32.dll" and if i do a "bpx getlocaltime", i get "invalid process id".

i won't switch to any context, because my victim isn't loaded at this time.

where is my mistake?
thanks

so you are attempting to set a system-wide breakpoint.

You should first switch SoftICE's breakpoints mode to system-wide. Although I don't use ds3.1, I remember seeing quite a few guides on how to do that, here and/or exetools forum. It's been discussed many times already.

Or you should load your target and break at the EntryPoint, THEN context-switch into it & resume the process.

I attached a lame exe loader that does a CreateProcess( ... suspended ...)
try playing with that.

0rp

May 13th, 2004, 17:46

Quote:

[Originally Posted by doug]so you are attempting to set a system-wide breakpoint

yes
and i read the thread from the faq, but:
SI>set BreakInSharedMods on
Error executing command.

anyways, creating suspended should work

thanks