I have installed SoftIce and under the installtion when I tested the video driver it said okay for it.

My problem is that when I start SoftIce from the start menu the dos screen only stays on for half a second. In the SoftIce symbol loader it also says: "SoftICE is not active".

Any ideas, or is just easier to install win98?

Thanks in advance.

/Faxe

Never heard of that before... Did you try reinstalling Windows XP?

Read the FAQ

Search the board, Use Ollydbg.
Do I get Brownie points Dissa??

My windows installation is completely new.

Use Ollydbg... hmm.. I could do that, but many of the tuts around uses SoftIce, so it would be better with that...

/Faxe

If you read other posts, you will find out that the relationship between Win XP and Sice has been tenous. As you have already experienced in your own computer, Sice Video Drivers and Mouse Drivers often need quite a bit of tweaking.
The cutomer support of Compuware has not been very friendly, I don't know exactly why .

The DOS window only stays on briefly, then it appears that nothing is happening. If you hit Ctrl-D, the softice screen should appear. Ice may be running and Symbol Loader can't detect it. See my comments about firewalls below since that is a symptom.

What version are you running? Softice in DS31 starts from the start menu, but I've never heard of other versions doing that. I may be wrong. Softice from DS31 runs fine in XP with SP2. I found a problem with the Sygate firewall older than version 5.6 build 2808. Older version mess up softice, making the DOS window stay on permanently.

Do you have the proper drivers for SP2?

Check a recent message in Tools of our Trade regarding interesting reading in a newsgroup.

You might start Sice from a command prompt instead of the Start menu, which should give a semi-useful (less?) diagnostic message as to whether it actually started or not.

Open a command prompt, i.e. Start->Run->cmd.exe
then type in

net start ntice

I can't get any of your suggestions to work, but it doesn't matter now. I have started using Ollydbg and IDA instead. A friend of mine meant that these tools were the future. My problems is that I only can find one page with beginner tutorials for Ollydbg.

/Faxe

nothing personal, but I find it a little disappointing that you gave up so easily.
I told you in a previous message that softice works fine in DS31 on XP with SP2. There's a post in the archives in which a guy goes through the procedure methodically, revealing problems with a firewall and a wireless mouse.

Your friend said that Ollydebug is a tool of the future. How does it get the most recent signatures from Microsoft? It used to be that you could find special kernel, user, gdi, etc., files with debug information in them, but that's now coming direct from Microsoft. Without those signatures, you're groping in the dark.

Technology is advancing in leaps and bounds. If you can't get softice running on XP, I wonder what you'll do when it comes to much tougher stuff.

There's far more material available out there about reversing with softice than Olly. I tried Olly briefly, but after using softice, I found it hard to fathom. I'm not saying it's bad, I'm just saying it wasn't intuitive for me.

So, I think your friend's opinion that Olly and IDA are tools of the future is just an opinion. IDA is not a tool of the future, it's a tool for now. As far as Olly, that's a matter of opinion and personal preference. A lot of people seem to like it and all the more power to them. But giving up on softice because you didn't have the expertise to install it is not a good enough reason to go to Olly in itself. There's a certain tenacity required in certain aspects of reversing, and if you don't develop that, you're in for a long, frustrating time.

well you can configure olly to get the symbols from ms server
and as a newbie if you get yourself familiarised with ollydbg then
you can dive into kernel with windbg which is growing up pretty nice
only grudge i have against windbg at present is it needs two computers
anyway i really say sice isnt so much of neccessity and both the above options are free whereas sice isnt it

really i neither use ida nor sice

thanks for the info on Olly. I consider myself an advanced newbie, so I'm not offering expertise on anything.

With regard to needing two computers for windebug, don't quote me on this, but I think Sysinternals has an app to bypass that and let you use it on one monitor. Maybe someone could confirm that.

For me, IDA is invaluable. Sometimes, in fact a lot of the time, a dead-listing will quickly show you things it would take a long time to discover otherwise. I'm not as advanced with it as I should be, but I can see how powerful it could be. I recommend learning it. It's very handy for locating code that needs to be patched and finding that code in an exe file.

My whole point here, however, is not to knock olly, or push softice. I was away from reversing for quite a while, and when I got back, XP was the vehicle. I needed it for other ventures, so I was faced with relearning a lot of stuff, particularly getting softice up on XP. I avoided it at first, then took the plunge.

It wasn't easy, but using the archives judicially and asking questions on the forum, I got enough information and clues to get a working system that was stable. I've faced that many times over the years, and all I was saying to Faxe, was to have more persistence. You reach points in reversing where something seems impossible, or too much work. Yet someone else has done it.

I took a couple of years of electrical engineering at university, although I didn't graduate. The work load in engineering (applied science) is almost double the load of other disciplines and the courses are often honours-level. A group of us studied together, and there were times when we'd collectively scratch our heads wondering how we were going to handle the workload. It seemed impossible. Yet, we managed to pull through in the end. The key was in ignoring the chatter in your mind

The human brain does not, and cannot, understand it's potential. Most of what we encounter in our conscious minds is what we knew in the past. It's often a storehouse of illusionary and useless junk. Creativity and insight are not normally available to the human conscious state.

When you face a problem in reversing, particularly as a raw newbie, you have to ignore the sometimes overwhelming feeling that you can't do something. That notion is just a thought...it's empty....no matter how strong it may seem. Of course, I'm referring to things that have already been done, and not new and advanced exploits outside the main reversing field.

oh i am not quoting you yes sysinternals has livekd yes it is nice but you still need two computers if you want it live ( live kd just fools the system to think it is live and manages to smuggle out the information normally unavailable )
1)but you cant single step
2)bp bpx g t etc will not work
3)but if you want to disassemble ntoskrnl or hal and poke inside its dead list
sure it rocks
actually ms took the idea and now offer local debugging in windbg on winxp and later exactly emulating whatever livekd does in w2k
my point was not to elicit a who is greater argument i just offered possibilities that exist and still be on par with those who are using sice

yes