i have a question about SoftIce if any1 here can help. Is it possible to set a breakpoint on EVERY exported function from EVERY DLL ? I used the "Symbol Loader" to add a DLL to the exported functions list. Now, i can set a breakpoint on the Function i need from the DLL (it works fine - Softice allows it), but somehow, i run a program that summons that function, but softice is not being invoked - the program just launches as if there is no debugger in the background. how do i make it break when the function is called from the application (or at least when it's trying to use the DLL file) ?
Posted on 2001-04-19 11:18:00 by lsx
You may need to modify the code of your exe. Softice fails to be triggered under a variety of conditions, a common one being a jump at the entry point to somewhere else in the code where execution actually begins (this is a common anti-Softice strategy). Use IDA to disassemble the code at the entry point, then it should be clear what to do. A good exercise along these lines is to disassemble the code for NanJiXing Chinese wordprocessor (an excellent program well worth the price). That program illustrates a number of effective anti-Softice tricks (including the immediate jump, a "damaged" import section, and what looks like self-modifying code). It also places crucial data near the entry point in such a way that patching is difficult, but it can be done. Even so, it's tedious to understand what the code is actually doing -- it builds up the code to be executed in increments elsewhere in the executable (the code is writable as well as readable), then executes it. I don't think there's any way to tell Softice to break on all the functions in a dll. You could try breaking on one of the standard startup routines (called before the entry point winmain is reached), such as _EH_prolog.
Posted on 2001-04-19 12:38:00 by Xmas
Where do I get IDA? :confused:
Posted on 2001-04-21 11:37:00 by Qweerdy
You can buy the latest version directly from DataRescue as I did, but it's $300. Or, you can download a trial version from their site (I actually tested this, but was denied permission--but it's supposed to work). Earlier versions of the software (version 3.7 I think) are freeware now, try simtel -- yes, that's right. I just went to http://www.simtel.net/pub/pd/27629.shtml and it's there. This is not the latest version, but it's quite functional. Try getting the trial download from DataRescue (you'll need to register with them). It has fewer bugs and a much improved user interface. By the way, NuMega has switched its policy and is now offering trial downloads of their software (including Softice) from their site.
Posted on 2001-04-21 13:27:00 by Xmas