1.81
{
CHANGE: Function "Patch NTICE" Now Supports Selecting And Replacing The NTICE Files 
ADDED: Misc Menu 
ADDED: Overworked NTice Files
ADDED: Services.PDB File Error Alternative Function (Passiv)
CHANGE: More SoftICE Files 
ADDED: Iceext Commands !dump and !dumpscreen Now Also Work While NTKRNLPA.EXE Is Active
CHANGE: symrtrvr.exe Was Patched So It Works Without SoftICE Installed And Can Be Used From Any Folder (IceStealth\SIFILE FOLDER)
}
1.80
{
FIX: Fixed Some Internal Bugcode
CHANGE: "SDT Restore" Changed To Menu Function (Thus Second Exe Isnt Requied Anymore)
If you Plan To Use "SDT Restore" Do This Steps:
1: Start IceStealth
2: Go Menu And Hit "Restore SDT" 
3: Restart IceStealth And Hit "Stealth SoftICE"
}
1.79
{
FIX: Bug In "AntiSpy" Optional : (If Driver Still Doesnt Load Simply Restore Your SDT Table - I Added A Sample Tool To Solve This For You (Folder "SDT Restore"))
}
1.78
{
ADDED: KDHeapSize and KDStackSize into settings.txt
ADDED: Auto Rename (Random Length + Random Digits)  (If Not Manually Changed IceStealth Name To Different Name)
IMPROVE: Patch NTICE Now Can Be Used More Times Without Bugs + Some Small Other Improvments
ADDED: Test Function DR Print (Very Bugged Dont Use This)
IMPROVE: Command !bpr X Changed (Still Bugged) 
IMPROVE: Blocking Or Logging NTICE Code Was Improved
CHANGE: ICON Was Deleted Due Self Security Reasons
}
1.77
{
IMPROVE: Block Or Logging NTICE (Not The Best Method To Do This ATM But ...)
ADDED: Unloaded Drivers Detection (I Saw This Coming Now I Did Something Against That)
NOTE: M.S. Update To NTOSKRNL (5.1.2600.6165) (13.12.2011) IceStealth Still Makes SoftICE Work :)
NOTE: To Contact Me You Goto The Woodmann Forum And Write A Private Msg To "Elenil" I Dont Look So Much But Some Time I Sure Will Answer
}
1.76
{
ADDED: New Command To IceExt: !pn This Let You Switch Process Notify On or Off
FIX: Bug In "Patch NTICE"
}
1.75
{
ADDED: New Command To IceExt: !cr3 This Will Force You To Come Into The Process Context No Matter What - Only Active If IceExt Is Used // Note: Wrong Value = BSOD, SoftICE Will Not Show Currect Exe Name Just Scroll A Bit
FIX: Command !unhook Available Again 
ADDED: New Command To IceExt: !ts This Let You Turn Off/On IceExts Task Switch Method
}
1.74
{
FIX: Error In 1.73
}
1.73
{
IMPROVE: Improved Compatibility And A Few Other Small Improvments
ADDED/FIX: Compatible With "The New" NTOSKRNL (5.1.2600.6055) (MS Release December 2010) - To Do So Use ->Menu ->"Patch NTICE" Then IceStealth Will Patch The NTICE.SYS In "Other" Folder So That It Will Fix A Lot Of Problems Including The NTOSKRNL/NtTerminateProcess Problems - After This You Should Copy It To Your "Windows\System32\Driver" Folder (Or The Whole Other Folder And Use The Keyboard Batch File) , Note By This MS Release SoftICE Isnt Working Without IceStealth Anymore
}
1.72
{
FIX: Found A Solution For The Symbol Bug
ADDED: Option To Start SoftICE
ADDED: Option "Restore NtTerminateProcess" Note: If "Start SoftICE" And "Restore NtTerminateProcess" Is On IceStealth Can Start SoftICE Without The NtTerminateProcess Problem , Note2: The Button "Restore NtTerminateProcess" Is Now Pretty Useless Except You Want To Do All This Manual
ADDED: "settings.txt" What Let Choose The Settings What Will Be Checked In The IceStealth Dialog
In Other Way You Can Set The First Flag To 1 What Will Automatic Spawn The IceStealth Protection (And The Settings) And Closing IceStealth, This Is Good If You Want To Launch IceStealth Via "Autostart" If "Start SoftICE" And "Restore NtTerminateProcess" Is Choosen In Settings It Will Automatic Start SoftICE And Protect It With The Settings You Choosed, If You Autostart You Should Add A ;x In the INIT -> Old : INIT="code on; lines 57; wc 25; wd 10; faults off; altkey ctrl d;color f a 4f 1f e;" -> New : INIT="code on; lines 57; wc 25; wd 10; faults off; altkey ctrl d;color f a 4f 1f e; x;"
}
1.71
{
IMPROVE: Automatic Start Of SoftICE If It Was Not Started
CHANGE: Faster Load Of IceExt If Option "Load IceExt With IceStealth Protection" Is On
CHANGE: IceExt Added As Resource By Doing This IEP.exe Isnt Needed Anymore
IMRPOVE: Enterable Value For Ring 3 RDTSC
FIX: Error Message For Savedisk/BPM Option (This Was Important Due A Change In The Driver)
CHANGE: Protect Button Changed To Something "Stealth SoftICE" (Fits More To IceStealth) 
}
1.70
{
ADDED: New option "Refresh IDT" beware of using it no MP support or compatible
ADDED: Extended version of "Refresh IDT" beware not very compatible
ADDED: RDTSC for ring3 RDTSC commands -> can be turned on if protector is using RDTSC from ring 3 can cause detections also but here it goes 
CHANGE: Driver added as resource by doing this only the exe needs to be renamed
CHANGE: New easier dialog 
FIX: Some code improvements
}
1.69
{
FIX: Fixed softice crash in DbgMsg.sys due giving it an invalid parameter (known as int 2d bug) DbgMsg.sys patched !
}
1.68
{
ADDED: optional use of "IDT Trash"
IMPROVE: IceStealth now support renaming itself to do so give both (IceStealth.exe and IceStealth.sys) the same name like : "test.exe" and "test.sys"
FIX: bugfix "Registry Protection" 
FIX: due improve the ntice driver hwnd command is now avalible again (almost also works with addr command) example: addr explorer, then hwnd (bugnote: sometimes softice get a stack overflow - increase KDStackSize to 10000 or something)
IMPROVE: better "Device/Driver Object" hiding (new protection only)
}
1.6
{
ADDED: after i was tired of type "IceExt -s" i wrote something what start IceExt with IceStealth Protection if option "Load IceExt" is active (and also made something what set KDHeapSize too 0x8000 + set KDExtensions automatic to the registry)
ADDED: Protection for the IceExt what comes with IceStealth (only for the 1 what comes with IceStealth) 
CHANGE: IceExt SSDT removed (not needed with IceStealth)
WARNING: if you choose IceExt to load IceExt patch int1 dpl again to 0 (no i1here on)
IMPROVE: Microsoft Symbol bug (IceStealth need to close if a symbol error happens - bad code from microsoft)
IMPROVE: patched driver in "other" folder better against detection
IMPROVE: New Protection now support NTKRNLPA and NTKRNLMP
FIX: Checkbutton error
ADDED: "PE Header" kill for softice drivers
IMPROVE: Compatibility for Registry Protection + Regmon
FIX: Protection error not finding SiwvidStart
}

1.5
{
ADDED: SaveDisk/BPM Protection
ADDED: my winice.dat in "Other" folder
ADDED: SecuROM Protection
ADDED: Lastest Version Of SoftICE (patched against int detections) in "Other" folder
CHANGE: added "INT 1 Patch" as option to use (uncheck this if you use i1here on)
}
1.4
{
IMPROVE: more user friendly
IMPROVE: more compatibility for old hook buttons
ADDED: complete new type of protection
ADDED: NtTerminateProcess restore to fix a softice bug as option to use
ADDED: finally there no apis anymore to detect softice (for the new protection) future detections must be softice specific without a api
}
1.3
{
ADDED: MP support
FIX: 2 possible bugs
IMPROVE: int41 killed
}
1.2
{
ADDED: basic registry protection as option to use
}
1.12
{
IMPROVE: NtQuerySystemInformation
}
1.1 
{
FIX: Crash cause PDG file is not loaded + improved method
IMPROVE: NtQuerySystemInformation
}

note:
some anti virus software detect IceStealth as possible virus/malware or even as trojan 
but this is not true dont trust such issues !

what is IceStealth ?:
IceStealth is a tool to hide/protect SoftICE (NT versions NOT Win9x) against SoftICE detections and also giving some improvements for SoftICE (Mainly Windows XP)

how do you use IceStealth ?:
you choose your options/settings and hit the "Stealth SoftICE" button
you also can use other functions of it 
"Patch SoftICE": 
this patches SoftICE so it works on all windows xp sp3 versions (the ntoskrnl changend a few times) (ms release december 2010, NTOSKRNL (5.1.2600.6055))
"restore SDT":
this restores the SDT what can be used to block SoftICE/IceStealth from load

when do i use IceStealth ?:
after SoftICE was started or before it was started

what are the options/settings doing ?:

"Registry Protection" will protect registry entrys of softice (useally not useful)
"Seh bpm protection" will protect from DRx clearing after SEH happend its normally kinda usefull and make BPMs work better
"UEF" means UnhandledExceptionFilter and is a type of detection of SoftICE you can choose between "kill" (no possible detection on this method) or "patch" the patch itself can be theoretical detected
"SaveDisk/BPM Protection" will protect from the SaveDisk type of detection + Protect BPMs again in a different way as "SEH BPM Protection" 
"Patch INT1" will prevent a type of detection used against softice but this will cause the command "i1here on" not to work anymore (BSOD) so if you want to use "i1here on" turn this off
"Restore NtTerminateProcess" this will clear the NtTerminateProcess (SoftICE has a possible BUG if this is not done however SoftICE can work without this) (bugfix related)
"SecuROM Protection" this is for the SecuROM anti trace it (beware of using this it has it problems)
"Ring 3 RDTSC" this can avoid the RDTSC from ring3
"Refresh IDT" this is refreshing the IDT (not needed mostly)
"Trash IDT" another option for the IDT also not needed but let you stay flexible if you want
"Load IceExt With IceStealth Protection" this will also load the IceExt extentsion 
is there something IceStealth downloading?
yes IceStealth will download 3 .PDB files from microsoft (only once requied files : NTOSKRNL.PDB, Services.PDB and halaacpi.pdb in IceStealhss \SYM folder ) if you block connection via firewall some protections wont work
if you wanna place the .PDB files manual plz first create a \SYM folder
then copy your .PDB files in the \sym folder like this : ntoskrnl.pdb\1592B6763F33476B9BB560395B383FA62\ntoskrnl.pdb
note: the number is a checksum and different for every computers OS

(optional info) i have those files from a symbol pack but they dont have a folder with a checksum (like ntoskrnl.pdb\1592B6763F33476B9BB560395B383FA62\) :
the microsoft dlls search the ntoskrnl.pdb either from the \sym\ntoskrnl\checksum\ntoskrnl.pdb or
from the folder where its dll aka the IceStealths folder (IceStealth\ntoskrnl.pdb) if it find the file with the currect checksum it will move it to the sym folder (so you also know it worked)

why are those 3 files important ?:
it makes sure IceStealth is finding everything it needs for its things

i clicked the "Stealth SoftICE" button but the application closes why is IceStealth doing that:
IceStealth is closing because it no longer needed to be open and so IceStealth.exe can no longer be detected

can i use the Stealth SoftICE button use twice?:
no it will not set the new options/settings it will only bug
if you want to try new options/settings with IceStealth you have to reboot

what do i need to do after i used "Patch SoftICE"
you either select the files from softice you installed with IceStealth or
you gonna replace them manually (the patch goes to the IceStealh\Other folder) so you copy the files from there to your windows\system32\drivers directory
you have to reboot to take the effect ! (even if SoftICE was not loaded)

optinal info:
the symsrv.dll and dbghelp.dll from softice are outdated you can use the 1s from icestealth to so so copy them to the "Symbol Retriever" folder from softice
or you can work with the patched symrtrvr.exe what come with IceStealth\SIFILE folder

SoftICE Doesnt Show In VMware: 
svga.maxFullscreenRefreshTick = 5

(optional) menu function "place own system files for included (pdb) files (beware of using this)"
IceStealth has system files in the icestealth\sym folder if you place those to your OS it can use the pdb files what come with IceStealth
you also could add your files there 

menu function "protection suggestions"
"Most Inconspi"cuous make sure IceStealths Protection is on maximum
"Most Flexible" makes sure you can be flexible by having more misc stuff for SoftICE
"Recommended" just some options/settings i recommended

what is keymap.exe ?:
keymap.exe is a file from compuware and change keyboard settings for softice (you only need keymap.exe if you use this manually)
to change to your actual keyboard do: keymap ntice.sys or use my Keymap_Set_Keyboard_Langue.bat file

NVIDIA:
www.nvidia.com/object/winxp-2k_archive.html
drivers higher then 81.98 useally have the video bug
RADEON: 
dont have this problem but video card depent MSI cards did work with new drivers
VMware:
no problems
SP3:
"Patch SoftICE" function from icestealth make softICE work on any WINXP SP3 versions

protections:
{
CreateFileA, CreateFileW, NtCreateFile
NtQueryDirectoryObject
NtQueryObject
OpenServiceA, OpenServiceW, EnumServicesStatusA,EnumServicesStatusW,EnumServicesStatusExA, EnumServicesStatusExW
UnhandledExceptionFilter (2 Options)
SEH BPM Protection
NtQuerySystemInformation
int 41 killed + DPL 0        
int 1 DPL 0
Basic Registry Protection (if ever needed) 
(RegOpenKeyExA, RegOpenKeyExW, RegOpenKeyA, RegOpenKeyW)
BPM Protection
SaveDisk Protection

and more ...
also fixes and improvements for softice 
}


help me i didnt understand anything ? : start IceStealth click "Stealth SoftICE" -> done :)
