首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 峰会 看雪商城 证书查询
  1. 社区
  2. 软件逆向
    3. 发新帖
Compuware SoftICE Driver Suite Release 3.0的问题
发表于: 2004-5-3 01:19 9688

Compuware SoftICE Driver Suite Release 3.0的问题

psyche 活跃值
2004-5-3 01:19
9688
由于2.7的SIWVID.SYS有问题,所以装上了3.0,于是问题就来了.
问题1
Symbol Loader not breaking at WinMain
用nmtranspatch打补丁后可以中断在WinMain.
问题2
下断点后不能中断,哪的原因?(仅仅是3.0,2.7可以)

;ver 详细的信息.
SoftICE (R) - DriverStudio (tm) 4.3.0 (Build 1268)
Windows NT (server) Version 5.0 - Build 2195 (Free) SP 4

;以下是我的Winice.dat文件.
;-------------------------------------------------------
NMI=ON
LOWERCASE=OFF
VERBOSE=OFF

HST=1024
DRAWSIZE=2048
INIT="lines 60;wd 4;wc 20;code on;faults off;data 3;dd;dex 3 ss:esp;data 0;X;"
SYM=512

EXP=\SystemRoot\system32\advapi32.dll
EXP=\SystemRoot\system32\comctl32.dll
EXP=\SystemRoot\system32\comdlg32.dll
EXP=\SystemRoot\system32\msvbvm60.dll
EXP=\SystemRoot\system32\oleaut32.dll
AUTOCONNECT=OFF
NETSUPPORT=OFF
HOSTNAME=HEART
F1="h;"
F2="^wr;"
F3="^src;"
F4="^rs;"
F5="^x;"
F6="^ec;"
F7="^here;"
F8="^t;"
F9="^bpx;"
F10="^p;"
F11="^G @SS:ESP;"
F12="^p ret;"
SF3="^format;"
AF1="^wr;"
AF2="^wd;"
AF3="^wc;"
AF4="^ww;"
AF5="CLS;"
AF11="^dd dataaddr->0;"
AF12="^dd dataaddr->4;"
CF1="altscr off; lines 60; wc 32; wd 8;"
CF2="^wr;^wd;^wc;"
MACROS=32

MACRO svonsy="s 10:0 L FFFFFFFF 'vonsy'"
MACRO sddg="s 10:0 L FFFFFFFF 'vonsy_ddg'"
MACRO s82="s 10:0 L FFFFFFFF '82828282'"
MACRO sall="svonsy;sddg;s82"
MACRO bpxmsga="bpx MessageBoxA"
MACRO bpxmsgw="bpx MessageBoxW"
MACRO bpmsg="bpxmsga;bpxmsgw"
MACRO argesp8="D esp->8;p ret"
MACRO argespc="D esp->c;p ret"
MACRO bpxgeta="bpx GetWindowTextA do \"argesp8\""
MACRO bpxgetw="bpx GetWindowTextW do \"argesp8\""
MACRO bpxgda="bpx GetDlgItemTextA do \"argespc\""
MACRO bpxgdw="bpx GetDlgItemTextW do \"argespc\""
MACRO bpgeta="bpxgeta;bpxgda"
MACRO bpgetw="bpxgetw;bpxgdw"
MOUSE=ON
ECHOKEYS=OFF
NOLEDS=OFF
NOPAGE=OFF
PENTIUM=ON
THREADP=ON
SIWVIDRANGE=ON
MENU=Copy         ,   NMPD_COPY         , 0
MENU=Paste         ,    NMPD_PASTE         , 0
MENU=Copy&Paste      ,    NMPD_COPYANDPASTE   , 0
MENU=Display      ,    NMPD_DISPLAY      , 0
MENU=Un-Assemble   ,    NMPD_UNASSEMBLE      , 0
MENU=What         ,    NMPD_WHAT           , 0         
MENU=Prev         ,    NMPD_PREV           , 0         
MENU=Reip         ,    r eip %cp%          , 0
MENU=Add Watch      ,    watch %cp%          , 0
MENU=Break On Text  ,   bpx %cp%            , 0
; WINICE.DAT
; (SystemRoot\System32\Drivers\WINICE.DAT)
; for use with SoftICE for Windows NT (versions 3.0 and greater)
;
; ***** Examples of export symbols that can be included *****
;        Change the path to the appropriate drive and directory
; EXP=\SystemRoot\System32\hal.dll
; EXP=\SystemRoot\System32\ntoskrnl.exe
; EXP=\SystemRoot\System32\ntdll.dll
; EXP=\SystemRoot\System32\kernel32.dll
; EXP=\SystemRoot\System32\user32.dll
; EXP=\SystemRoot\System32\csrsrv.dll
; EXP=\SystemRoot\System32\basesrv.dll
; EXP=\SystemRoot\System32\winsrv.dll
;-----------------------------------------------------------

                         vonsy 2004/5/2

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 6
支持
分享
最新回复 (4)
doskey
雪    币: 329
活跃值: (343)
能力值: ( LV10,RANK:170 )
在线值:
发帖
回帖
粉丝
私信
2
; EXP=\SystemRoot\System32\hal.dll
; EXP=\SystemRoot\System32\ntoskrnl.exe
; EXP=\SystemRoot\System32\ntdll.dll
; EXP=\SystemRoot\System32\kernel32.dll
; EXP=\SystemRoot\System32\user32.dll
; EXP=\SystemRoot\System32\csrsrv.dll
; EXP=\SystemRoot\System32\basesrv.dll
; EXP=\SystemRoot\System32\winsrv.dll

前面的分号去掉
2004-5-3 01:23
0
psyche
雪    币: 207
活跃值: (40)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
3
可是Symbol Loader显示都己经加载了呀?我的桌面如下图:
http://www.qxcomm.com/p_html/vonsy/softice.jpg
2004-5-3 01:31
0
psyche
雪    币: 207
活跃值: (40)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
4
最初由 doskey 发布
; EXP=\SystemRoot\System32\hal.dll
; EXP=\SystemRoot\System32\ntoskrnl.exe
; EXP=\SystemRoot\System32\ntdll.dll
; EXP=\SystemRoot\System32\kernel32.dll
; EXP=\SystemRoot\System32\user32.dll
; EXP=\SystemRoot\System32\csrsrv.dll
; EXP=\SystemRoot\System32\basesrv.dll
; EXP=\SystemRoot\System32\winsrv.dll

前面的分号去掉


分号去掉也不行。这几个可能是softice自动加载的.

================ Mon May 03 01:46:08 2004
NTICE: Pentium TSC calibration, processor set to 851.0 MHZ
SoftICE (R) - DriverStudio (tm) 4.3.0 (Build 1268)
Windows NT Version 5.0 - Build 2195 (Free) SP 4
Bill Gates
Microsoft
78593180DFBF
Copyright (c) 2003 Compuware Corporation.  All rights reserved.
NTICE: LPT1 = Port: 0378
NTICE: PS/2 Mouse Detected
NTICE: 512K allocated for SYM memory
NTICE: 1024K allocated for HST memory
NTICE: 32K allocated for HEAP memory
NTICE: 2048 bytes allocated for NAME memory
NTICE: EXP=\SystemRoot\system32\kernel32.dll
NTICE: EXP=\SystemRoot\system32\user32.dll
NTICE: EXP=\SystemRoot\system32\gdi32.dll
NTICE: EXP=\SystemRoot\system32\ntoskrnl.exe
NTICE: EXP=\SystemRoot\system32\hal.dll
NTICE: EXP=\SYSTEMROOT\SYSTEM32\ADVAPI32.DLL
NTICE: EXP=\SYSTEMROOT\SYSTEM32\COMCTL32.DLL
NTICE: EXP=\SYSTEMROOT\SYSTEM32\COMDLG32.DLL
NTICE: EXP=\SYSTEMROOT\SYSTEM32\MSVBVM60.DLL
NTICE: EXP=\SYSTEMROOT\SYSTEM32\OLEAUT32.DLL
NTICE: EXP=\SYSTEMROOT\SYSTEM32\HAL.DLL
       Error: Exports already loaded for this module
NTICE: EXP=\SYSTEMROOT\SYSTEM32\NTOSKRNL.EXE
       Error: Exports already loaded for this module
NTICE: EXP=\SYSTEMROOT\SYSTEM32\NTDLL.DLL
NTICE: EXP=\SYSTEMROOT\SYSTEM32\KERNEL32.DLL
       Error: Exports already loaded for this module
NTICE: EXP=\SYSTEMROOT\SYSTEM32\USER32.DLL
       Error: Exports already loaded for this module
NTICE: EXP=\SYSTEMROOT\SYSTEM32\CSRSRV.DLL
NTICE: EXP=\SYSTEMROOT\SYSTEM32\BASESRV.DLL
NTICE: EXP=\SYSTEMROOT\SYSTEM32\WINSRV.DLL
NTICE: 180K allocated for 32 bit exports
Macro: Memory allocated for 32 Macro entries
Macro: 'SVONSY' defined
Macro: 'SDDG' defined
Macro: 'S82' defined
Macro: 'SALL' defined
Macro: 'BPXMSGA' defined
Macro: 'BPXMSGW' defined
Macro: 'BPMSG' defined
Macro: 'ARGESP8' defined
Macro: 'ARGESPC' defined
Macro: 'BPXGETA' defined
Macro: 'BPXGETW' defined
Macro: 'BPXGDA' defined
Macro: 'BPXGDW' defined
Macro: 'BPGETA' defined
Macro: 'BPGETW' defined
NTICE: IoConnectInterrupt found at 804CF0E3
NTICE: IoDisconnectInterrupt found at 804CF93B
NTICE: MiMapViewOfImageSection found at 8044384E
NTICE: MmUnmapViewOfSection found at 804A240A
NTICE: MiAddValidPageToWorkingSet found at 80442C25
NTICE: KeBugCheckEx found at 8042C762
NTICE: MiCopyOnWrite found at 8044F26B
NTICE: HalDisplayString found at 8006748C
NTICE: RtlAssert found at 8045A91B
NTICE: USBD_AllocateUsbAddress found at ED35331E
NTICE: USBD_ParseConfigurationDescriptorEx found at ED353D6E
NTICE: UHCD_RemoveQueueHeadFromSchedule found at ED33A02C
NTICE: UHCD_InsertQueueHeadInSchedule found at ED339ED6
NTICE: HalpBiosDisplayReset found at 800670C4
NTICE: RtlAssert end found at 8045A9CF
NTICE: NTTerminateProcess found at index 00E0.
NTICE: NTRaiseHardError found at index 00A0.  Delta=0000033B
NTICE: KDExtensions are disabled KDHeapSize=00000000 and KDStackSize=00000000
NTICE: Patching Keyboard using method 0
NTICE: Keyboard driver found - i8042prt.sys
NTICE: Keyboard successfully patched using RPUC hook
NTICE: Found UHCI Host Controller at Bus 00 Device 07 Function 02
NTICE: Found UHCI Host Controller at Bus 00 Device 07 Function 03
NTICE: Found 2 USB Host Controllers. USB HID support will be available.
NTICE: 6688 bytes allocated for use by USB HID devices
:LINES 60
:WD 4
:WC 20
:CODE ON
:FAULTS OFF
:DATA 3
:DD
:DEX 3 SS:ESP
:DATA 0
:X
:x
2004-5-3 01:51
0
vonsy
雪    币: 106
活跃值: (62)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
5
faint,哪位用的也是3.0呀。
2004-5-7 01:46
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//