Target: Few apps (year 2004)
Problem: App have some antidebugging tricks. When I execute it , it shows me messagebox with "Debugger detected!" error. So I bmsg xxx wm_destroy on it and I land in a code that don't have name in softice. I realized that app have sth like additional proccess with protection routine. The code of additional process is unreachable at start (app unpacks it.. I suppose). I can't dump it.

And...?

Something you might try, I don't know if it would detect the code section or not, is the Softice QUERY command to display the virtual address map of the process, specify either the process or the linear address of the code in question. Use ADDR to make sure you're in the correct context. The code might be executing in its own thread in which case THREAD -x might give useful info. Then there's the HEAP command, if the app allocates memory to run some code, it might pick that up (also shown by QUERY). Also, using the STACK command might be useful when you break into the code.

I don't know if any of the results would be useful for you, but it might give some info. Especially if you compare with results from a "debugger hidden" run (Iceext?). If not, I think at least some of the information could be obtained from other tools without Sice running.

Kayaker

ADDR will list out all running process,
ADDR processname will switch to the desired process where you can patch, dump and take a look ard your cryptic process