I've searched for this problem on Google and this forum, found 3 hits and tried all the suggestions mentioned therein to no effect.

I have DriverStudio 4.3.2 bld 2485 running with WinXP Pro SP2.
I'm using the latest downloaded symbol files from Microsoft with the "NTSYMBOLS=ON" function in winice.dat and I get the hook failure on MiCopyOnWrite.

However, if I turn this OFF and revert to using the OSINFO.DAT and OSINFOB.DAT files, the problem goes away and SoftIce starts cleanly.

I'm at a loss to know how to proceed from this point if I want to use symbol files instead of the OSINFOx route.
I'd be grateful for any suggestions.

Regards, Len

It does not appear that you searched very carefully in google. I just put "MiCopyOnWrite" (without the quotes) in google and came up with 107 hits, in various languages, about problems with Softice and MiCopyOnWrite. And rather than "DriverStudio 4.3.2 bld 2485 running with WinXP Pro SP2" I suspect that you have DriverStudio 3.2 running with WinXP Pro SP2 and probably Softice 4.3.2.

One of those hits is to a Thread on Exetools, where I am also a Moderator, which discusses "API Hook Failure: MiCopyOnWrite" That Thread is available at:

http://forum.exetools.com/printthread.php?t=6914&pp=40

In particular it mentions problems with Softice and certain windows updates leading to the problem which you describe, although it starts as a question about a 64 bit processor. This may or may not be your problem, since you have a slightly later version of Softice than is discussed there, which was Softice 4.3.1.

Part of the problem may be that Microsoft does not always have the latest stuff for download in the "regular" channel. This Thread offers this suggestion:

****************
Stepping back to an older kernel is not even necessary. I am running DS 3.01 on the most current XP. All you have to do is:

- Download latest WinDbg (free download from Microsoft) and install it.
- Pick symsrv.dll from WinDbg installation and replace the older version in the DS installation folder with it. Note: There are at least two instances of symsrv.dll in the DS folders.
- Run the DS symbol retriever. Configure output path etc. to your liking, then pick NTOSKRNL.EXE, ntdll.dll, kernel32.dll, user32.dll from your Windows/System32 directory and add them to the list of files.
- Download appropriate debug symbol files from MS and let the symbol retriever translate them to *.nms (Numega symbol format) - this may take a bit of time and the symbol retriever isn't too talkative about the progress. Just be patient until the program has done its work
- Run the DS setup program, add the following line to the advanced settings:
NTSYMBOLS=ON
- add the previously generated nms files to the list of symbols to import for SI.
- Download latest osinfo.dat just to make sure and replace the outdated file in your Windows/System32/Drivers (IIRC)
- Save the settings and reboot your comp.
- Open a dosbox, enter "net start ntice" and there ya go.
****************************

Here's the google search I used if other languages might be more helpful for you:

http://www.google.com/search?hl=en&lr=&q=MiCopyOnWrite&btnG=Search

Regards,

Sorry, error in nomenclature - Yes, I'm running DriverStudio 3.2 with Softice 4.3.2.
I was probably unclear about my Google search - I found loads of hits, including the one you quoted, but I found it confusing.
I think I may be misunderstanding the issue.
I thought that the use of symbol files was INSTEAD of using OSINFO files.
Reading this entry again it seems to be saying that you need BOTH.
Is this correct?

Regards, Len

PS: I've just tried NTSYMBOLS=ON with no OSINFO files present and SoftIce won't start, so I guess I've answered my own question.

I believe the answer is YES. Also, did you read this Thread?

http://www.woodmann.com/forum/showthread.php?t=7291

titled: The Softice-Won't-Work-In-XP/API-Hook-Failed!!! FAQ

which contains the statement:

"softice needs to insert itself in between all system level API calls in order to work. hence it needs to know where in memory critical functions (ntterminateprocess, reside. i guess this is typically stored in the osinfo.dat and osinfob.dat files. unfortunately, yours are out of date. "

Check that one out also, if you haven't already.

Regards,

Thanks, I'd already read that item.
It contains this information as well as the part you've quoted -
"add a new line at the top:
NTSYMBOLS=ON
this will tell softice to use symbol files instead of osinfo.dat."

Which is why I'm confused.

Regards, Len

PS: Hmm - am I getting confused about the information that Softice needs to set its hooks, and the symbol information that's useful during a debugging session?