View Full Version : Softice, VMWare and INT3
Hi,
i noticed several posts about vmware and softice. I made all necessary adjustments and they work more or less good. The problem I am still having however is that manually places int3 calls crash vmware.
For example if I place a 0xcc at the entry point of an application the vm goes down immediately (not the os running inside). breakpoints i set with softice work fine.
Does anyone else here know this problem or any workaround?
-asr
Harding
May 20th, 2004, 04:16
Put EB FE in the EP instead so the program is put into an infinite loop, then use softice to replace the first bytes again and keep tracing.
It would help if you had mentioned the versions of the software you are using and the OS. It's also not clear what you mean by "if I place a 0xcc at the entry point of an application the vm goes down immediately."
Are you saying that as soon as you change the byte to CCh, without doing anything else, VMWare crashes, or are you saying "after" you change the first byte to CCh and start the program, VMWare crashes??????
Have you turned "ON" "I3HERE" in softice? Did you use 'bpint 3' in softice ?
In short, think more carefully about what your setup is and about what you actually did and remember that WE WEREN'T WATCHING YOU DO IT and don't know your machine. Say what YOU DID like you wanted someone who WASN'T there to know EXACTLY how you set thing up and enough of the complete steps you followed to actually understand WHERE it started to go wrong.
Regards,
Quote:
[Originally Posted by JMI]It would help if you had mentioned the versions of the software you are using and the OS. It's also not clear what you mean by "if I place a 0xcc at the entry point of an application the vm goes down immediately."
Are you saying that as soon as you change the byte to CCh, without doing anything else, VMWare crashes, or are you saying "after" you change the first byte to CCh and start the program, VMWare crashes??????
Have you turned "ON" "I3HERE" in softice? Did you use 'bpint 3' in softice ?
In short, think more carefully about what your setup is and about what you actually did and remember that WE WEREN'T WATCHING YOU DO IT and don't know your machine. Say what YOU DID like you wanted someone who WASN'T there to know EXACTLY how you set thing up and enough of the complete steps you followed to actually understand WHERE it started to go wrong.
Regards, |
Thx for your reply. I'm using Driver Studio v3.1, VMWare v4.5.1 Workstation. The OS running inside VMWare is Windows 2000 Pro. Placing an endless loop wont help me since i want to break on application entry.
I changed the byte at an entry point of an application to 0xcc. Set "bpint 3" inside softice and ran the application. VMWare then came with a popup saying "Virtual Machine Kernel Stack fault..."
I hope this will reflect what i wanted to do.
-asr
Harding
May 21st, 2004, 13:25
Quote:
| [Originally Posted by asr]...Placing an endless loop wont help me since i want to break on application entry.-asr |
It will work if you place the infinte loop at the Entry Point.
Rummy
May 26th, 2004, 19:53
Quote:
[Originally Posted by asr]I'm using Driver Studio v3.1, VMWare v4.5.1 Workstation. The OS running inside VMWare is Windows 2000 Pro. Placing an endless loop wont help me since i want to break on application entry.
I changed the byte at an entry point of an application to 0xcc. Set "bpint 3" inside softice and ran the application. VMWare then came with a popup saying "Virtual Machine Kernel Stack fault..." |
I run the exact same versions and have not seen this problem. What's your base OS? Mine is also Windows 2000 Pro. Try I3HERE ON instead of bpint 3 and see what happens.
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.