hi,
I just want to know how to debug drivers using SoftIce, I would like to understand better what they do line-by-line, anyone knows good tutorial?
thanks
LordSoth

Hi,

Debugging drivers is as broad a subject as debugging anything else, what you'll need specifically is a basic understanding of ring 0, kernel mode api's and the driver model.
I would suggest you get hold of the windows driver development kit, it describes some kernel mode api's and the driver model.

I could give you a few tips, if you're looking for something specific.

Hi lordsoth,

I don't create device drivers for windows 9x anymore, just for
windows 2k/xp/2k3 and using assembly language.

Take a look at the excellent Four-F device driver tutorials:
hxxp://www.freewebs.com/four-f/

Download MASM32 at hxxp://www.masm32.com
and search at Google for the SoftICE PDF manual.

Good luck !

Thanks but I don't want to develp ( not yet) I just want to debug them and find how they works, I've just read first 3 tuts of Four-F,thanks
LordSoth

To be able to reverse-engineeer you need to know how it works. SO to be successful you still need to follow the steps of a developper.

What you do not need to worry too much about:
- what APIs can/cannot be used at different IRQLs
- Synchronization and Multiprocessor issues
- PNP, power management, Defered procedure calls
- ...

Interesting things to know:
- What happens when you createfile/readfile/writefile/closehandle/deviceiocontrol (particularly DeviceIoControl) on a driver handle.
- DriverExtensions, Filter Drivers
- Can you tell what context a driver executes in? Always?
- System threads

Drivers are much more complex than user-mode apps, and you probably won't be able to do much unless you do some serious reading. You'll find that it's almost like learning a new programming language; you won't get good unless you practice.

You probably should write small drivers to get a feeling how they work.