In softice,when I am cracking a program, how am i supposed to know whether to use:
? [register]

or

d [register]

for instance, I have just F10'd past

Shl eax,7

if I do d eax afterwards I get alot of crap characters like

....E....E...E
...ax..derys
...crap.......

but if I do ? eax I can see my real reg code
like

0012345678

how am I supposed to know which one to use, is it just a feeling, is there some sort of rule???

"d" means to show the memory location of an address. For example, "d eax" means "show me the memory at location [eax]". If eax is 0x00401000, for example, the "d eax" command will show memory at 0x00401000.

In most cases, you only are using "d" if you wish to see what is in memory itself. ? would be more for evaluating a register or a calculation. A lot of times if I want to see what is on the stack I'll do a "d esp", for example.

If you ever see code like "mov [ebx], ecx" or something you can "d ebx" to see the area in memory where the value of ecx is being copied to.

So once again "d" is for "display memory" or "display data" whereas ? is more for evaluating, like "? esp+8" will tell you what esp+8 is, not what the value at [esp+8] is.

-nt20