Log in

View Full Version : SoftIce 3.25 nt


mac53
March 24th, 2005, 09:37
I'm running Windows xp on the nt 5 file system. When I went to install SoftIce 3.25 nt a notice [warning] box apperared stating that there are several issues with installing SoftIce on NT 5. Below, I paste this warning:
*********************************************************

Using SoftICE with NT 5.0
-------------------------
NOTE: NT 5.0 is a beta operating system. Unfortunately, this means
that the subtle changes to NT 5.0 internals between interim builds can
break key functionality in SoftICE. We have tested SoftICE for NT
version 3.25 with Windows2000 (NT 5.0 beta 3) (1946). SoftICE is supported with known limitations on this build (see Windows2000 limitations later on in this section).

There are different manual configurations that can be made to SoftICE to
increase the chance of supporting builds other than 1946. However,
support cannot be guaranteed on builds of Windows2000 other than 1946 at this point.

Here is a list of changes that must be made for Windows2000 support.

1) Due to problems with file system access in boot drivers, if you want
to load SoftICE as a boot driver, you MUST read the text file
NT5BOOT.TXT in the SoftICE directory. It contains an explanation and
instructions to successfully use SoftICE as a boot device.

2) If using an Windows2000 build other than build 1946, you will need to do
the following. Place the NTSYMBOLS=ON keyword on a separate line in
winice.dat, and automatically load symbols for NTOSKRNL. This
keyword will allow SoftICE to use the kernel symbols for hooking key
routines and data. Be sure that the symbols being loaded are
properly matched to the build of NTOSKRNL.exe. The method that
SoftICE uses alternatively is impacted by binary changes in the
NTOSKRNL module. Using symbols eliminates this impact. Automatic
loading of symbols is done via the Symbol Loader (Loader32.exe)
Edit|SoftICE Initialization Settings menu item. Symbols for NTOSKRNL
are provide in the form of a ntoskrnl.dbg file. This file can be
translated, using the Loader32.exe or nmsym.exe, to create a .nms
file. NOTE: The debug binaries for Windows2000 Beta 3 are build with VC
6.0. Place the file 'mspdb60.dll' in the path to translate symbols
for this and later builds. This file is located on setup CD 1, in
the Common\MSDEV98\BIN directory.

3) Keyboard support will most likely break in builds of Windows2000 that are
not specifically tested. This is due to the fact that SoftICE's
keyboard driver patching is dependent on particular binary images.
For keyboard support on builds of Windows2000 that are not specifically
tested, download the i8042prt.sys driver on ftp.numega.com\anonymous\tech. Replace the driver currently
installed on your system with the downloaded driver (please backup
the original driver). This version of the driver is supported. It is
simply the i8042prt.sys driver from build 1946.

4) It is necessary to disable the boot GUI that was added in NT 5.0
build 1814. There have been some cases where the boot GUI causes
problems with SoftICE's VGA support. SoftICE will not be able to
popup in VGA or text mode if the boot GUI is not disabled. The
SoftICE version 3.25 installation will automatically add a /noguiboot switch to the Windows2000 configurations that are listed in the boot.ini file. To reenable the boot gui, remove the /noguiboot switch. Here is an example of boot.ini with a /noguiboot switch.

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Windows2000 Professional Edition" /noguiboot

* Known Limitations with SoftICE ver 3.25 and NT 5.0 builds 1773 and
greater:

1) SoftICE will most likely work improperly when loaded as a boot driver. One of two things can happen. One, the file I\O will not work in SoftICE. The file system is not initialized completely at this point. Therefore SoftICE cannot load symbol files, exports and configuration files. Secondly, a page fault can occur in the IoIsOperationSynchronous() kernel routine. These incompatibilities are a result of some major architectural changes in Windows2000. ICEPACK is the current solutions for this problem. If you experience either of these problems, read the NT5BOOT.txt file in the SoftICE install directory for instuctions on using this or, change the SoftICE startup mode to SYSTEM.
**********************************************************

The reason I do this is because after reading this I became very apprehensive as to whether to install it or not. I post this to get a professional opinion from one of our members. I see that according to this warning, they mention ICEPACK! Now whether that's the only solution to this issue, I don't know. Are there patches for this isue? Again, Idon't know! This is why I'm asking for help with this one.

Thank you...

lifewire
March 26th, 2005, 07:57
forget it, it won't work. get DS3.2. and if i were you i'd change my signature. but that is a matter of taste ofcourse

mac53
March 26th, 2005, 09:10
First off...you're not me. What's DS3.2 and what's wrong with my signature?

disavowed
March 26th, 2005, 13:08
Quote:
[Originally Posted by mac53]First off...you're not me.

that's why he said, "if"

you don't want to use softice, believe me. it's barely supported by compuware anymore, and as time goes on it will only get worse.

instead of softice, you're better off using ollydbg for user-mode debugging and windbg for kernel-mode (although i doubt you'll have a need for the latter)

you also might want to upgrade to xp pro instead of xp home (don't ask how i know that you're using xp home)

mac53
March 26th, 2005, 14:00
Ok...I won't ask...but I will ask why do you think that xp pro is better than the version I'm using? Oh yeah, by the way...I'm not changing my signature for anyone, furthermore I don't see where it's causing any harm! [suck it up]

disavowed
March 26th, 2005, 15:12
Quote:
[Originally Posted by mac53]Ok...I won't ask...but I will ask why do you think that xp pro is better than the version I'm using?


Well it's not necessary per se, but the things that I appreciate about XP Pro (vs. Home) are Remote Desktop and Access Control. To see all of the differences, you can look at: http://www.microsoft.com/windowsxp/home/howtobuy/choosing2.mspx ("http://www.microsoft.com/windowsxp/home/howtobuy/choosing2.mspx")
The advice was just general, not really reverse engineering related.

Quote:
[Originally Posted by mac53]Oh yeah, by the way...I'm not changing my signature for anyone, furthermore I don't see where it's causing any harm! [suck it up]

The advice was so that you would look less like a newbie/outsider here. It was actually constructive criticism. But, of course, it's your decision whether you want to keep it or not.

mac53
March 26th, 2005, 15:20
Ok...thanks for the explanation.

I'm not sure if those few extra options in an OS would benefit me or not, disavowed.
Especially for me to go out and purchase another OS...christ, I already have 5 Windows Os's as it is. But, in your opinion, if you know that upgrading to pro will help me in my endeavors, then I guess that's something I'll have to look into.