How SoftICE halt windows

NTDEV
1

For educational purpose, I would like to know how SoftICE halt windows while it is active. Is it disable all interrupts? Please help!

2

Oh my god… people do remember this more-then-10-years old software.

The software has its own video/keyboard mouse support, and relies on ISR hooks to pop itself up. When SoftICE’s UI is active, Windows is just plain “not here” for a while, SI is of the total control.

wrote in message news:xxxxx@ntdev…
> For educational purpose, I would like to know how SoftICE halt windows while it is active. Is it disable all interrupts? Please help!
>

3

Worse yet SoftIce had its own implementation of a number of kernel service
routines. Unfortunately, these did not do a great job of matching the real
code. I finally got to the point if a client required me to use SoftIce at
their facility, or if they were going to integrate my work into something
bigger and use SoftIce, a small 50% premium was charged. Of course I was in
need of contracts at the time, in retrospect the problems SoftIce created
warranted over 100% surcharge, it really was a piece of shit.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Tuesday, October 20, 2015 9:53 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How SoftICE halt windows

Oh my god… people do remember this more-then-10-years old software.

The software has its own video/keyboard mouse support, and relies on ISR
hooks to pop itself up. When SoftICE’s UI is active, Windows is just plain
“not here” for a while, SI is of the total control.

wrote in message news:xxxxx@ntdev…
> For educational purpose, I would like to know how SoftICE halt windows
while it is active. Is it disable all interrupts? Please help!
>


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

4

Now now. I can’t say that I exactly miss SoftICE, but it did do a few
things very well and before the pirates at Compuware bought NuMega, bundled
SoftICE with tools for VisualBasic and tripled the price, it was a lot
cheaper than a realistic target machine.

It did have a lot of problems, but it is how I got started in the kernel.

I will always remember it fondly.

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Tuesday, October 20, 2015 7:02 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How SoftICE halt windows

Worse yet SoftIce had its own implementation of a number of kernel service
routines. Unfortunately, these did not do a great job of matching the real
code. I finally got to the point if a client required me to use SoftIce at
their facility, or if they were going to integrate my work into something
bigger and use SoftIce, a small 50% premium was charged. Of course I was in
need of contracts at the time, in retrospect the problems SoftIce created
warranted over 100% surcharge, it really was a piece of shit.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Maxim S. Shatskih
Sent: Tuesday, October 20, 2015 9:53 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How SoftICE halt windows

Oh my god… people do remember this more-then-10-years old software.

The software has its own video/keyboard mouse support, and relies on ISR
hooks to pop itself up. When SoftICE’s UI is active, Windows is just plain
“not here” for a while, SI is of the total control.

wrote in message news:xxxxx@ntdev…
> For educational purpose, I would like to know how SoftICE halt windows
while it is active. Is it disable all interrupts? Please help!
>


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

5

I will always remember it as a grossly-invasive piece of animal waste.

“Single system debugging” wasn’t a good idea then, for the same reason it’s not a good idea now. It’s simply a flawed approach to kernel-mode development.

Not to mention that any debugger that relies on injecting third-party invasive hooks into the operating system for its very existence is, in my book, by definition unsuitable for use.

So, yeah… Mr. Burn and I are in FULL agreement on this one.

OTOH, I have fond memories of Mr. Russinovich being a true MASTER of SoftIce. It was his debugger of choice for ages. Man, he could make that shit sing. Much like Mr. Noon and WinDbg these days.

Peter
OSR
@OSRDrivers

6

For what it’s worth, if you wanted to debug Windows 9x, SoftIce was the ticket. For NT, not so much.

7

OMFG… Remember the MS supplied debugger that was available for Win9x? It made SoftICE look like a piece of gold.

So, I agree with you Mr. Grig. Gosh, I had forgotten about Win9x. With any luck, I’ll forget about it again for another 20 years.

Peter
OSR
@OSRDrivers

8

xxxxx@osr.com wrote:

OMFG… Remember the MS supplied debugger that was available for Win9x? It made SoftICE look like a piece of gold.

wdeb386, followed by wdeb98. Most of the commands and the tortured
syntax we use today originated in wdeb386.

One of my favorite features of that debugger was an “easter egg”
introduced by legendary hardware guy Adrian Oney. He added the CPU
detection code. If it found a CPU that was more advanced than the ones
he had already encountered, the debugger spewed out

(Wow, please tell AdriaO about this machine)

I asked him about that many years later. He said he caught a lot of
grief for letting that slip out in the wild.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

9

And in all fairness there was a period of time around NT4 where windbg was
far more problematic than softice. You had a choice of a debugger that had
been orphaned by its giant global mega corporation, worked at all only if
exactly the right version was locked down and archived by you, and even
then had major issues, and a horrible hack that actually worked as
intended. Meanwhile I pull out of my driveway every morning and look at the
huge faux french chateau on 25 acres that Compuware paid for when they
bought softice. Never underestimate the value of crap.

Mark Roddy

On Tue, Oct 20, 2015 at 2:00 PM, wrote:

>


>
> OMFG… Remember the MS supplied debugger that was available for Win9x?
> It made SoftICE look like a piece of gold.
>
> So, I agree with you Mr. Grig. Gosh, I had forgotten about Win9x. With
> any luck, I’ll forget about it again for another 20 years.
>
> Peter
> OSR
> @OSRDrivers
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

10

It was actually Windows 2000. That version of the debugger was so bad that when teaching our kernel debug class I would teach people how to use kd. I had crash dumps that WinDBG wouldn’t debug because the system was still running.

Things got much better after that, as they took the guts of KD, turned it into a DLL and had both kd and WinDBG call the common library.

Tony
OSR

11

That was it… WDEB386. I, thankfully, did not have to put up with writing drivers on Win9x for very long.

This was the Andre Vachon era, IIRC. People don’t give him the credit he deserves. WinDbg wouldn’t be a stable tool if it wasn’t for him.

I actually ran into him a year or so back. He’s still at MSFT…

Peter
OSR
@OSRDrivers

12

Softice was one of the greatest software tools I have ever used. I haven’t loaded it for 15 years, but loved how it allowed debugging both applications and drivers in Dos, Windows 3x, Windows 9x, and Windows NT/2000 with the same UI. That’s powerful. It was also much more advanced and efficient than any codeview / windbg junk back then. I still remember fondly the speed of being able to tap the step key a bunch of times and it was there immediately. Anything you did in Softice was ready microseconds, where Windbg is just so dog slow it will instead throws away keystrokes and spends god awful time accessing symbols unexpectedly at times with no progress bar. The amount of productivity increase I obtained from using Softice back then was so tremendous the price was insignificant. And boy compared to the alternative of a real in circuit emulator which was the fallback in many cases SoftICE was a whole lot cheaper and easier to setup than unplugging the CPU from the socket and attaching a big box to a computer with no symbols whatsoever and peering at a tiny black and white console.

13

> Not to mention that any debugger that relies on injecting third-party invasive hooks into the operating

system for its very existence is, in my book, by definition unsuitable for use.

This is MS-DOS and Win386/VMM legacy. In MS-DOS, most software was written this way.

What is - for me - worst in SI is not instability, but inability to either copy/paste from it or save a file from it.

BTW, I even once wrote a small tool to dump the info from their .NMS symbol tables (and they had the PDB -> NMS converter) to a pretty text file.


Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com

14

> introduced by legendary hardware guy Adrian Oney.

Wow… I remember hearing something about him. Is he the author of PnP? as of Win95?

Also: is he a brother of well-known book author Walter Oney?

Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com

15

Before 2001, WinDbg was really a problem. Some builds were not working at all.
“Mark Roddy” wrote in message news:xxxxx@ntdev…
And in all fairness there was a period of time around NT4 where windbg was far more problematic than softice. You had a choice of a debugger that had been orphaned by its giant global mega corporation, worked at all only if exactly the right version was locked down and archived by you, and even then had major issues, and a horrible hack that actually worked as intended. Meanwhile I pull out of my driveway every morning and look at the huge faux french chateau on 25 acres that Compuware paid for when they bought softice. Never underestimate the value of crap.

Mark Roddy

On Tue, Oct 20, 2015 at 2:00 PM, wrote:



OMFG… Remember the MS supplied debugger that was available for Win9x? It made SoftICE look like a piece of gold.

So, I agree with you Mr. Grig. Gosh, I had forgotten about Win9x. With any luck, I’ll forget about it again for another 20 years.

Peter
OSR
@OSRDrivers


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

16

> Things got much better after that, as they took the guts of KD, turned it into a DLL and had both kd

and WinDBG call the common library.

I think now Visual Studio calls the same.


Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com

17

Please, anyone know how it stops the windows? Is it disable thread scheduler?

18

He worked on pnp on win98 and windows 2000/xp, they are not related (you aren’t the first to ask)

Sent from Outlook Mailhttp: for Windows 10 phone

From: Maxim S. Shatskih
Sent: Tuesday, October 20, 2015 5:53 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How SoftICE halt windows

> introduced by legendary hardware guy Adrian Oney.

Wow… I remember hearing something about him. Is he the author of PnP? as of Win95?

Also: is he a brother of well-known book author Walter Oney?

Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.storagecraft.com&data=01|01|Doron.Holan%40microsoft.com|2d66b19b2ac84b30ef6108d2d9b1fc75|72f988bf86f141af91ab2d7cd011db47|1&sdata=2DxHnv%2BwSY2vToGniWmojkDazBliDOSk3GPAHyaEdoQ%3D


NTDEV is sponsored by OSR

Visit the list at: https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.osronline.com%2Fshowlists.cfm%3Flist%3Dntdev&data=01|01|Doron.Holan%40microsoft.com|2d66b19b2ac84b30ef6108d2d9b1fc75|72f988bf86f141af91ab2d7cd011db47|1&sdata=gG7HXyzNlCDsXNF3HTRdH%2Fo%2BX1kMY2vLcxadaX3xNeM%3D

OSR is HIRING!! See https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.osr.com%2Fcareers&data=01|01|Doron.Holan%40microsoft.com|2d66b19b2ac84b30ef6108d2d9b1fc75|72f988bf86f141af91ab2d7cd011db47|1&sdata=m%2BdJ9%2Bd1IBRSM%2FBa4ya1xtFgT8GIYOmnfXYANA2E0mM%3D

For our schedule of WDF, WDM, debugging and other seminars visit:
https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.osr.com%2Fseminars&data=01|01|Doron.Holan%40microsoft.com|2d66b19b2ac84b30ef6108d2d9b1fc75|72f988bf86f141af91ab2d7cd011db47|1&sdata=5sOCdPwd0JRItB6zFN%2FNZ%2B9FFjqXyE%2F9kQORBLaFywE%3D

To unsubscribe, visit the List Server section of OSR Online at https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.osronline.com%2Fpage.cfm%3Fname%3DListServer&amp;data=01|01|Doron.Holan%40microsoft.com|2d66b19b2ac84b30ef6108d2d9b1fc75|72f988bf86f141af91ab2d7cd011db47|1&amp;sdata=J6lKfZpi6YXDV3xI8dFOToLEnsBnYLHggl47f7GA5x4%3D</http:>

19

It intercepts the timer interrupt, and works with the keyboard itself, probably by polling.

For Windows, it is just a single very, very long runaway ISR.


Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com

wrote in message news:xxxxx@ntdev…
> Please, anyone know how it stops the windows? Is it disable thread scheduler?
>

20

In article , xxxxx@storagecraft.com says…
>
> It intercepts the timer interrupt, and works with the keyboard itself, probably by polling.
>
> For Windows, it is just a single very, very long runaway ISR.

How it polls if the keyboard is USB? (Differnet keyboard drivers?)