Log in

View Full Version : Not another bloody SoftICE problem.


5aLIVE
October 18th, 2004, 03:55
I have tried in vain to find the solution to this problem myselfl.

A little history, I had DS3.01 installed and running well on XP Home + SP1,
then one day it decided it no longer wanted to display the console. I can get it to work again by installing a fresh OS and reinstalling DS.

Along comes SP2 which I want running regardless of how desparate I am to get DS up and running. I have downloaded the most recent version of osinfo.dat and ntoskrnl.nms and set NTSYMBOLS=ON in winice.dat. I've also applied the DS30SP2.DAT update.

Launching softICE cause the mouse to freeze, although it works in the console. The console accepts keyboard input as expected. Upon exiting softICE the the mouse pointer remains static and the keyboard only seems to respond to Ctrl+D or numlock keys, capslock light remains off.

I think the problem lies in the error messages displayed in the console, though I can't seem to find an answer on this forum or elsewhere.

The errors are all API hook failures: MiMapViewOfImageSection
MiUnMapViewofSection
MiAddValid PageToWorkingSet
KebugCheck2
MiCopyOnWrite
UhciInsertQh
UhciUnlinkQh
USBPORT_AlocateUSBAddress

Most of the above hint at keyboard and mouse related funtions.
My question is how do I fix this? My keyboard is PS/2 and my mouse is USB using a PS/2 adapter.

Below these messages I see
NTICE: NTRaiseHardError found at index 00b6
IntOE fault in SoftICE at address F2471053 offset 00092D8F Fault Code 3B030000.

Selecting the different combinations of the troubleshooting options didn't help.

BTW. I have tried OllyDbg as an alternative, with erratic results. Perhaps I'll save that for another thread.

I sincerely hope someone can help me in reaching a solution on this one as it is really annoying me.

Thanks for any help or advice.

5aLIVE.

5aLIVE
October 18th, 2004, 05:47
Hmmm.
I found this although it it dated 2002

"On Windows XP, After installing the Q317277 update from Microsoft's Windows Update site, SoftICE can no longer perform its process of matching symbol tables to loaded modules. The Q317277 update contains new versions of NTOSKRNL.EXE and NTKRNLPA.EXE. If these files are installed, SoftICE will report the following errors in its logging window at startup:

*** API Hook Failure - SegLoad
*** API Hook Failure - PageIn
*** API Hook Failure - CopyOnWrite

I've asked NuMega (now CompuWare) for an updated core file, NTICE.SYS, to address the problem. Wish me luck! CompuWare's site has been structured in such a way that all old links to helpful information now point to pages that offer to sell "enhanced" support. I guess that, if you already paid for support, that isn't good enough!"

I wonder if there are any other further updates available to registered customers? Anyone?

hobferret
October 18th, 2004, 06:49
Hi

My advise would be to get rid of SP2 I had nothing but probs with all sorts of softs since installing it.

WAIT till MS get rid of the bugs in it

/hobferret

5aLIVE
October 18th, 2004, 07:20
Thanks for the reply Hobferret.
It looks like I'll be using a spare hard disk with a fresh install of XP and no service packs just to get this to work properly again. Compuware must be losing customer confidence over this issue. What a PITA.

5aLIVE

5aLIVE
October 18th, 2004, 08:16
Here's a quick update,
I downloaded the latest symbols for NTKRNLPA.EXE
and which has reduced the number of API hook failures down to the following three :

UhciInsertQh
UhciUnlinkQh
USBPORT_AlocateUSBAddress

Perhaps I need updated symbols for another kernel file? Anyone recognise these APIs, I did a Google search and came up with zilch.

Thanks in advance,
5aLIVE.

bilbo
October 19th, 2004, 01:45
I downloaded the latest symbols for NTKRNLPA.EXE
So I suppose yo're using PAE (Physical Address Extension). Have you tried to disable it (switch /NOPAE in boot.ini)? In this way the kernel loaded will be the more familiar NTOSKRNL.EXE and the symbols will be taken from NTOSKRNL.NMS
[/QUOTE]



UhciInsertQh
UhciUnlinkQh
USBPORT_AlocateUSBAddress

So I suppose you're using USB mouse and/or keyboard.
First two symbols are in USBUHCI.SYS, and the third in USBPORT.SYS. You need the symbols of both drivers.

Regards, bilbo

JMI
October 19th, 2004, 02:06
The Hobbit has read many an ancient and forgotten lore during the course of his wandernings of Middle Earth. One would be wise to heed his advise.

Regards,

5aLIVE
October 19th, 2004, 04:02
Hi Bilbo, thanks for taking the time to write a reply.

Quote:

So I suppose yo're using PAE (Physical Address Extension).
Have you tried to disable it (switch /NOPAE in boot.ini)?

I'm not sure if I'm using this or not, I don't know what it is or what it does.
Whatever is set as default on install I guess.
I edited my boot.ini on C:\ as you suggested to give:

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
/noguiboot /NoExecute=OptIn
/nopae

Rebooting the PC and it now asks me which OS I wish to boot from (I only have XP Home). I removed the ref to load NTKRNLPA.nms in winice.dat and started up softICE. The batch file DOS box remains open this time.
SoftICE can be seen using the usual hotkeys.

Only the 3 API hooks fail for the USB drivers remain using this method.

So I suppose you're using USB mouse and/or keyboard.
>No, my keyboard is PS/2 and my mouse is a Logitech USB with a PS/2 adapter.
>I tried disabling USB keyboard and mouse patching in the troubling shooting screen, but this reboots my machine when I start softICE.

First two symbols are in USBUHCI.SYS, and the third in USBPORT.SYS. You need the symbols of both drivers.
>Great! Now this is interesting, Okay, I downloaded and added both symbols, this didn't change anything. I winder if disabling/disconnecting my USB modem and pendrive would help?

5aLIVE

bilbo
October 20th, 2004, 04:58
Quote:
SoftICE can be seen using the usual hotkeys.

What's the meaning of this? no more NTRaiseHardError? can you work with SoftICE now, at least as soon as it is loaded?

Quote:
Okay, I downloaded and added both symbols, this didn't change anything.

Well, sorry, I supposed it... Anyway the missing functions are there...

Quote:
I winder if disabling/disconnecting my USB modem and pendrive would help?
I'm afraid no... Maybe you should rather try to disable USB from BIOS if it is possible...

Another question:
Are you really sure you are using the latest OSINFO.DAT AND OSINFOB.DAT?
Have you checked ftp://ftp.compuware.com/pub/driverstudio/outgoing/OsInfo/osinfo.dat and ftp://ftp.compuware.com/pub/driverstudio/outgoing/OsInfo/osinfob.dat?
Sorry if I ask this again, but the three symbols you mentioned should be there, also for XP SP2...

Quote:
I've also applied the DS30SP2.DAT update.
What's that, and how have you applied it? Is it in some way harmful to osinfo[B].dat, which are the only two files loaded and parsed by NTICE, as far as I know?

Sorry if I cannot be more precise, but I cannot reproduce your problem... Maybe I should try to install SP2 but I'm afraid it is not a good idea :-)

Regards, bilbo

5aLIVE
October 20th, 2004, 07:33
Quote:
[Originally Posted by bilbo]What's the meaning of this? no more NTRaiseHardError? can you work with SoftICE now, at least as soon as it is loaded?

>I never had the NTRaiseHardError displayed. Yes I can work with softICE,
but I could not do anything else when it closed as I have no keyboard or mouse control, therefore I cannot load any program I wish to debug.


Well, sorry, I supposed it... Anyway the missing functions are there...
>It's good information all the same


I'm afraid no... Maybe you should rather try to disable USB from BIOS if it is possible...
>No need for that, see below.

Another question:
Are you really sure you are using the latest OSINFO.DAT AND OSINFOB.DAT?
Have you checked ftp://ftp.compuware.com/pub/driverstudio/outgoing/OsInfo/osinfo.dat and ftp://ftp.compuware.com/pub/driverstudio/outgoing/OsInfo/osinfob.dat?
Sorry if I ask this again, but the three symbols you mentioned should be there, also for XP SP2...
>Wow! That's it! I downloaded these OSINFOB.DAT and everything appears to work as it should (I already had the latest OSINFO.DAT installed). I'll test it properly later today. Many thanks Bilbo

What's that, and how have you applied it? Is it in some way harmful to osinfo[B].dat, which are the only two files loaded and parsed by NTICE, as far as I know?
>It's an service pack for Driver Suite, I don't know if it updates the OSINFO files, but I do know it updates the softICE display driver, without which I was seeing a corrupt video display when softICE is started.

Quote:

Sorry if I cannot be more precise, but I cannot reproduce your problem... Maybe I should try to install SP2 but I'm afraid it is not a good idea :-)

No need to apologise, I can't thank you enough for helping me reach a solution. I hope others can benefit from this if they have trouble with SP2.

UPDATE:SoftICE appears to be working well, having said that, it does display
a NTRaiseHardError message. I didn't notice it at first as it wasn't highlighted in cyan like the previous API failures. As far as I know this is because it produced by the operating system and not softICE.

I've searched for this, Compuware support site only mentions this in respect to sICE 1.x,2.x,3.x and Win 95,98 and NT. But I'm sure it is still relevant.

It states that these messages are generated anytime the NTRaiseHardError routine is executed. SoftICE simply displays the message that NTRaiseHardError provides, i.e, these messages are not generated by SoftICE itself.

Many times these hard errors are handled, and execution continues normally.
There are many times when these actually do result in a problem as well. These errors are documented in the ntstatus.h header file in the DDK.

Although this doesn't seem to be a problem I am curious as to why you asked about this before? Do you think I need to look at fixing this using the ntstatus.h file to identify the meaning of the errror?
Error occurs at index 00B6h and Delta 00000000h.

Thanks again,
5aLIVE.