Here is an article with some "details" about the new memory protection in Windows XP SP2:

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2mempr.mspx

I can't really understand why several of the big packers are having problems adapting to it (Armadillo is apparently discontinuing its "copymem2" feature because of it, as mentioned in this thread (http://www.woodmann.net/forum/showthread.php?t=6269), and I know that Asprotect is having problems with certain of its features too).

Does anyone know why this is? As far as I can see, all they need to do is properly VirtualProtect() their memory, and all will be fine again? I guess the SafeSEH features might have something to do with it, especially the registered function table handler requirement, but it shouldn't be really hard to get around for a packer either I think?

Any ideas?

As an offshoot, can we expect SoftICE to malfunction again and _once again_ NOT break at the beginning of executables?



Have Phun

This would probably solve it in that case anyway:

http://www.woodmann.net/forum/showthread.php?t=6253

I'm still hoping for some info on my question above though...

The CopyMem II protection from Armadillo should work fine on SP2, according to this topic: hxxp://support.siliconrealms.com/?showtopic=2045&st=0. It is probably just your debugger having trouble with SP2. All memory protection flags are valid in Armadillo.

Greetz,
Heathcliff

Welll for those who want a quick break at the beginning of all exe's:

Simple put a bpx at: RegisterWaitForInputIdle+0046 >call [ebp+08]

(used to be: getcurrentdirectoryw+0041 allso call [ebp+08] )

SpeKK.

Well I did it. I installed SP2, an it DID produce some problems with Sice.
I have not gone into deep, hardcore testing, but the breakpoints have become erratic, and the exception handling is firing at pseudorandom frequency.
I uninstalled and reisntalled Sice (3.1) but does not make a difference. I did uninstall SP2 and things calmed down somewhat, not completely.

The problems is I had other misadventures in parallel, I burned up a CPU and had to replace it, and the mother board, so I did a lot of patching in my system, ergo I am not sure if the problem is indeed in SP2 or in all the other tweeking I did to my computer.

Question to the public:

Someone else installed WXP SP2, and how did it behaved with Sice?

Regards

Naides

Did you apply the patch(es?) from Compuware to make DriverStudio 3.1 work correctly in SP2?

One example is referenced in the following thread:

http://www.woodmann.com/forum/showthread.php?t=6253

Yes sir I did, it did not help

Ok, that sucks, I'm out of ideas. Damn I hate SP2...

Well, you could always uninstall it.

Regards,

No, because there are some security patches that are only included in SP2 and not available as stand-alone, and also, new stuff from both Microsoft and others will start requiring it pretty soon, as always...

Alternative No. 2, then stop complaining.

Regards,

Never!

We know, we know.

Regards,

Delta, personally I don't see a need to worry about SP2. I still use Win2k on my "everyday" machines. Unless you're directly connected to the net, not using a gateway firewall and using Internet exploder to browse, you're at minimal risk of anything bad happening...

This is, of course, an alternative solution for the short run, but as my friend dELTA indicates, M$ is determined to move everyone in the direction of WinXP and the features of sp2 because of all the criticism of its vulernabilities and the inroads which have incurred in its dominance in the world market as a result of all the attacks which have been successful against its OS without sp2. As more and more software manufactures adapt and correct for the new problems created by this "innovation" older systems will become less and less functional, except with older software. We clearly aren't there yet, but M$ will offer less and less support for other flavors of the OS in the months to come to continue to force those migrations.

Regards,

I agree with that too. It's frustrating when vendors force an upgrade on you, for example as I'm a DX coder I'm going to be forced to upgrade to Longhorn to code anything for the next DX platform. However I think this is a slightly different discussion - XP SP2 is a security related upgrade, and isn't a pre-requisite for applications (and it's unlikely to be). The next versions of Windows will force mandatory upgrades though, as you say.

After lot's of troubles with ds 3.1 : errors patches not breaking installing uninstalling etc.........i switched back to 2.7 with the latest osinfo.dat file.
Puted in my winice.dat file under a function key :bpx RegisterWaitForInputIdle+0046 and it breaks on winmain.
Pffff.. no more troubles anymore, bpx on every api nomore atach or addr....

Back to yesterday

Spekk.

Hi Spekk

We old folks need to stick together.

Regards,

Yep, therefore we need this board !

Old and Rare ?Live goes on,..sjit i become sentimentel

Hi Woody

Spekk.

there was already a post how to get bp on api working again in 3.1