Hi everybody,
I am very interrested in the method which SoftIce uses to start it self.

Does anybody know how is it started I mean the hidden debuger which pop ups by CTRL+D IN Windows environ.

It is not written in registry it is only in Autoexec but it is not an DOS program. So what does it do?

Thank you. Radim
Posted on 2002-04-30 14:19:41 by RAGuru
windows is loaded by win.com I think softice has it's own file wich first loads softice and then loads windows, I'm sure somone here will have more information
Posted on 2002-04-30 14:57:06 by Kudos
I'm guessing it's a VXD that calls the main program dlls when you do ctrl+D but I don't have it on this computer to look and I haven't really thought about it before now. It doesn't appear in the tasks from memory. I'm not sure if VXDs are dos.

I'm just not very bright :P

Raavin
Posted on 2002-04-30 21:42:13 by Raavin
In 9x, softice is loaded from dos before windows is started. Softice
then loads windows and hooks a bunch of stuff while it loads.
That's about as much as I know. I think Spath wrote a document
on softice internals, might be worth checking out.
Posted on 2002-05-01 04:10:42 by f0dder
Where can I find the Spath's document about SoftIce.

i would like to implement such method os starting in my program (I am developping an game engine working under Windows)

Probably no one on Soft ice website will help me ?!! :)
Posted on 2002-05-01 05:49:55 by RAGuru
An inportant API for any ring0 debugger in Win95 is INT 68h (in real!!! mode). I don't know if its fully documented, but you can view file debugsys.inc in the Win9x DDKs. With this API win9x gives kernel debuggers a chance to install GDT and IDT vectors.
Its used by SoftICE and WDEB386.
Posted on 2002-05-01 11:56:40 by japheth

Where can I find the Spath's document about SoftIce.

Try google. Even if I had a direct link and felt like helping
a lazy bast :), I probably shouldn't post it, as the information
is very likely to be on a site filled with RE information.


i would like to implement such method os starting in my program
(I am developping an game engine working under Windows)

No you wouldn't ;). There's nothing more annoying than those
windows-launching dos stubs. If I run 9x and choose to boot
in DOS mode, I usually have a very good reason to do so, and
would much rather have a "this program requires M$ windows"
instead of waiting for 9x to boot. Especially since i only run
9x on old boxes where starting windows takes "some time".
Besides 9x is obsolete these days, more and more people are
running NT based OSes, so launch-windows code is superfluous.
Posted on 2002-05-02 09:34:20 by f0dder