SoftIce !!!

Hi there,
Anyone knows how the Cool debugger “SoftIce” works?
I really want to know the kernel mechanism of softice .
What makes it so powerful?

Thanks a million!

Andy

They cheat …

Personally I think WinDbg is the cool one, and it’s free!

–
Gary G. Little
Have Computer, Will Travel …
909-698-3191
909-551-2105
http://www.wd-3.com

“Andy Hao” wrote in message news:xxxxx@ntdev…
>
> Hi there,
> Anyone knows how the Cool debugger “SoftIce” works?
> I really want to know the kernel mechanism of softice .
> What makes it so powerful?
>
> Thanks a million!
>
> Andy
>
>

We don’t “cheat”. We just talk directly to the iron. Whenever SoftICE pops
up, it is in full control of the machine.

Alberto.

-----Original Message-----
From: Gary G. Little [mailto:xxxxx@aerosurf.net]
Sent: Monday, March 24, 2003 12:36 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

They cheat …

Personally I think WinDbg is the cool one, and it’s free!

–
Gary G. Little
Have Computer, Will Travel …
909-698-3191
909-551-2105
http://www.wd-3.com

“Andy Hao” wrote in message news:xxxxx@ntdev…
>
> Hi there,
> Anyone knows how the Cool debugger “SoftIce” works?
> I really want to know the kernel mechanism of softice .
> What makes it so powerful?
>
> Thanks a million!
>
> Andy
>
>

—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

Now Alberto … you have spent many letters of the alphabet detailing
“cheats” to end run the OS to gert SI that close to the iron, and many more
detailing why these “cheats” are ok. I never said this is a bad thing to do
… I can’t, since I use a “cheat” here and there.

–
Gary G. Little
Have Computer, Will Travel …
909-698-3191
909-551-2105
http://www.wd-3.com

“Moreira, Alberto” wrote in message
news:xxxxx@ntdev…
>
> We don’t “cheat”. We just talk directly to the iron. Whenever SoftICE pops
> up, it is in full control of the machine.
>
> Alberto.
>
>
> -----Original Message-----
> From: Gary G. Little [mailto:xxxxx@aerosurf.net]
> Sent: Monday, March 24, 2003 12:36 PM
> To: NT Developers Interest List
> Subject: [ntdev] Re: SoftIce !!!
>
>
> They cheat …
>
> Personally I think WinDbg is the cool one, and it’s free!
>
> –
> Gary G. Little
> Have Computer, Will Travel …
> 909-698-3191
> 909-551-2105
> http://www.wd-3.com
>
> “Andy Hao” wrote in message news:xxxxx@ntdev…
> >
> > Hi there,
> > Anyone knows how the Cool debugger “SoftIce” works?
> > I really want to know the kernel mechanism of softice .
> > What makes it so powerful?
> >
> > Thanks a million!
> >
> > Andy
> >
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
disclose
> it to anyone else. If you received it in error please notify us
immediately
> and then destroy it.
>
>
>
>

So then its not just another driver controlled by the OS,
it seems to be the driver “controlling” the OS,
But its interesting to know how, if Im not breaking any rules
here.

-Taher

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Moreira, Alberto
Sent: Monday, March 24, 2003 11:14 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

We don’t “cheat”. We just talk directly to the iron. Whenever SoftICE pops
up, it is in full control of the machine.

Alberto.

-----Original Message-----
From: Gary G. Little [mailto:xxxxx@aerosurf.net]
Sent: Monday, March 24, 2003 12:36 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

They cheat …

Personally I think WinDbg is the cool one, and it’s free!

–
Gary G. Little
Have Computer, Will Travel …
909-698-3191
909-551-2105
http://www.wd-3.com

“Andy Hao” wrote in message news:xxxxx@ntdev…
>
> Hi there,
> Anyone knows how the Cool debugger “SoftIce” works?
> I really want to know the kernel mechanism of softice .
> What makes it so powerful?
>
> Thanks a million!
>
> Andy
>
>

—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

—
You are currently subscribed to ntdev as: xxxxx@veritas.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Again, I wouldn’t call it “cheating”. We just don’t let the OS know that it
happened.

Alberto.

-----Original Message-----
From: Gary G. Little [mailto:xxxxx@aerosurf.net]
Sent: Monday, March 24, 2003 1:02 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

Now Alberto … you have spent many letters of the alphabet detailing
“cheats” to end run the OS to gert SI that close to the iron, and many more
detailing why these “cheats” are ok. I never said this is a bad thing to do
… I can’t, since I use a “cheat” here and there.

–
Gary G. Little
Have Computer, Will Travel …
909-698-3191
909-551-2105
http://www.wd-3.com

“Moreira, Alberto” wrote in message
news:xxxxx@ntdev…
>
> We don’t “cheat”. We just talk directly to the iron. Whenever SoftICE pops
> up, it is in full control of the machine.
>
> Alberto.
>
>
> -----Original Message-----
> From: Gary G. Little [mailto:xxxxx@aerosurf.net]
> Sent: Monday, March 24, 2003 12:36 PM
> To: NT Developers Interest List
> Subject: [ntdev] Re: SoftIce !!!
>
>
> They cheat …
>
> Personally I think WinDbg is the cool one, and it’s free!
>
> –
> Gary G. Little
> Have Computer, Will Travel …
> 909-698-3191
> 909-551-2105
> http://www.wd-3.com
>
> “Andy Hao” wrote in message news:xxxxx@ntdev…
> >
> > Hi there,
> > Anyone knows how the Cool debugger “SoftIce” works?
> > I really want to know the kernel mechanism of softice .
> > What makes it so powerful?
> >
> > Thanks a million!
> >
> > Andy
> >
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
disclose
> it to anyone else. If you received it in error please notify us
immediately
> and then destroy it.
>
>
>
>

—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

Which by definition, if one is over 50, is a good “hack”. Maybe “hack” is
better phraseology.

And to answer the enquirer … No … the SI kernel mode code is not
controlling the OS … they “hook” certain critical areas that allow them
the exce[tion/debug control they need, but control always remains with the
OS. But I defer to Alberto to answer specifics.

–
Gary G. Little
Have Computer, Will Travel …
909-698-3191
909-551-2105
http://www.wd-3.com

“Moreira, Alberto” wrote in message
news:xxxxx@ntdev…
>
> Again, I wouldn’t call it “cheating”. We just don’t let the OS know that
it
> happened.
>
> Alberto.
>
>
> -----Original Message-----
> From: Gary G. Little [mailto:xxxxx@aerosurf.net]
> Sent: Monday, March 24, 2003 1:02 PM
> To: NT Developers Interest List
> Subject: [ntdev] Re: SoftIce !!!
>
>
> Now Alberto … you have spent many letters of the alphabet detailing
> “cheats” to end run the OS to gert SI that close to the iron, and many
more
> detailing why these “cheats” are ok. I never said this is a bad thing to
do
> … I can’t, since I use a “cheat” here and there.
>
> –
> Gary G. Little
> Have Computer, Will Travel …
> 909-698-3191
> 909-551-2105
> http://www.wd-3.com
>
> “Moreira, Alberto” wrote in message
> news:xxxxx@ntdev…
> >
> > We don’t “cheat”. We just talk directly to the iron. Whenever SoftICE
pops
> > up, it is in full control of the machine.
> >
> > Alberto.
> >
> >
> > -----Original Message-----
> > From: Gary G. Little [mailto:xxxxx@aerosurf.net]
> > Sent: Monday, March 24, 2003 12:36 PM
> > To: NT Developers Interest List
> > Subject: [ntdev] Re: SoftIce !!!
> >
> >
> > They cheat …
> >
> > Personally I think WinDbg is the cool one, and it’s free!
> >
> > –
> > Gary G. Little
> > Have Computer, Will Travel …
> > 909-698-3191
> > 909-551-2105
> > http://www.wd-3.com
> >
> > “Andy Hao” wrote in message news:xxxxx@ntdev…
> > >
> > > Hi there,
> > > Anyone knows how the Cool debugger “SoftIce” works?
> > > I really want to know the kernel mechanism of softice .
> > > What makes it so powerful?
> > >
> > > Thanks a million!
> > >
> > > Andy
> > >
> > >
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@compuware.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >
> > The contents of this e-mail are intended for the named addressee only.
It
> > contains information that may be confidential. Unless you are the named
> > addressee or an authorized designee, you may not copy or use it, or
> disclose
> > it to anyone else. If you received it in error please notify us
> immediately
> > and then destroy it.
> >
> >
> >
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
disclose
> it to anyone else. If you received it in error please notify us
immediately
> and then destroy it.
>
>
>
>

It’s not a hack either - it’s a hardware level piece of code. It’s got a
DriverEntry so that Windows can install it, but that’s where the similarity
with a device driver ends. SoftICE runs the hardware to achieve its
debugging objectives. Consider: the breakpoint you hit may be caused by a
bug in the OS, therefore, we can’t rely on the OS being alive when we get
control. All we can trust is the machine, well, maybe. And that is, for
example, why we have the ability to preload symbols and source code: because
when SoftICE is popped up, we can’t assume we have an operational file
system to go find source or symbols.

So, while Windbg may be a Windows debugger, the SoftICE engine is a hardware
level debugger. That’s why the founders called it “Soft ICE”, because the
functionality was designed to replace an In-Circuit Emulator ! SoftICE is an
ICE replacement, and at least in theory, it should be independent of the OS
running above it. Actually, this is a philosophy behind debugging I learned
many years ago, that a real debugger does not use code that may need to be
debugged: a real debugger is a self-contained piece of code.

When SoftICE is popped up, it has control. The OS is out of the picture. We
say that the machine is “stopped” when that happens, that is, when SoftICE
has control. Everything of interest that happens inside the machine gets to
SoftICE first, the OS only knows about it if SoftICE lets it through. But
chances are it won’t, because SoftICE never assumes that the OS is
operational when SoftICE is popped up. It’s a very special mode of
operation, SoftICE is not a regular OS and hence it doesn’t run programs:
it’s a debugging environment, therefore it runs machine instructions. To
SoftICE, deep down, there’s no such thing as an OS or a program,
everything’s no more than machine code with possibly symbols and source code
to match.

Alberto.

-----Original Message-----
From: Gary G. Little [mailto:xxxxx@aerosurf.net]
Sent: Monday, March 24, 2003 3:03 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

Which by definition, if one is over 50, is a good “hack”. Maybe “hack” is
better phraseology.

And to answer the enquirer … No … the SI kernel mode code is not
controlling the OS … they “hook” certain critical areas that allow them
the exce[tion/debug control they need, but control always remains with the
OS. But I defer to Alberto to answer specifics.

–
Gary G. Little
Have Computer, Will Travel …
909-698-3191
909-551-2105
http://www.wd-3.com

“Moreira, Alberto” wrote in message
news:xxxxx@ntdev…
>
> Again, I wouldn’t call it “cheating”. We just don’t let the OS know that
it
> happened.
>
> Alberto.
>
>
> -----Original Message-----
> From: Gary G. Little [mailto:xxxxx@aerosurf.net]
> Sent: Monday, March 24, 2003 1:02 PM
> To: NT Developers Interest List
> Subject: [ntdev] Re: SoftIce !!!
>
>
> Now Alberto … you have spent many letters of the alphabet detailing
> “cheats” to end run the OS to gert SI that close to the iron, and many
more
> detailing why these “cheats” are ok. I never said this is a bad thing to
do
> … I can’t, since I use a “cheat” here and there.
>
> –
> Gary G. Little
> Have Computer, Will Travel …
> 909-698-3191
> 909-551-2105
> http://www.wd-3.com
>
> “Moreira, Alberto” wrote in message
> news:xxxxx@ntdev…
> >
> > We don’t “cheat”. We just talk directly to the iron. Whenever SoftICE
pops
> > up, it is in full control of the machine.
> >
> > Alberto.
> >
> >
> > -----Original Message-----
> > From: Gary G. Little [mailto:xxxxx@aerosurf.net]
> > Sent: Monday, March 24, 2003 12:36 PM
> > To: NT Developers Interest List
> > Subject: [ntdev] Re: SoftIce !!!
> >
> >
> > They cheat …
> >
> > Personally I think WinDbg is the cool one, and it’s free!
> >
> > –
> > Gary G. Little
> > Have Computer, Will Travel …
> > 909-698-3191
> > 909-551-2105
> > http://www.wd-3.com
> >
> > “Andy Hao” wrote in message news:xxxxx@ntdev…
> > >
> > > Hi there,
> > > Anyone knows how the Cool debugger “SoftIce” works?
> > > I really want to know the kernel mechanism of softice .
> > > What makes it so powerful?
> > >
> > > Thanks a million!
> > >
> > > Andy
> > >
> > >
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@compuware.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >
> > The contents of this e-mail are intended for the named addressee only.
It
> > contains information that may be confidential. Unless you are the named
> > addressee or an authorized designee, you may not copy or use it, or
> disclose
> > it to anyone else. If you received it in error please notify us
> immediately
> > and then destroy it.
> >
> >
> >
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
disclose
> it to anyone else. If you received it in error please notify us
immediately
> and then destroy it.
>
>
>
>

—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

I used SoftICE rather a lot several years back, and I was impressed. But
something it could not do then (at least I didn’t know how) was to debug
a driver that had gone into real mode. I inferred that SoftICE depended
on parts of the OS – like control registers – being “good.” For
example, if my code faulted, there followed (presumably; hard to know
for sure) a triple fault that rebooted the machine.

Is SoftICE now so independent of the hardware that it could handle such
a situation, at least to the extent of a developer being able to examine
the machine’s state (registers, etc)?

–
If replying by e-mail, please remove “nospam.” from the address.

James Antognini

Out of curiousity, what do you use to debug SoftIce? (I’ve set
breakpoints within SoftIce before, although it doesn’t want to let me.)

• Nicholas Ryan

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
Moreira, Alberto
Sent: Monday, March 24, 2003 12:32 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

It’s not a hack either - it’s a hardware level piece of code.
It’s got a DriverEntry so that Windows can install it, but
that’s where the similarity with a device driver ends.
SoftICE runs the hardware to achieve its debugging
objectives. Consider: the breakpoint you hit may be caused by
a bug in the OS, therefore, we can’t rely on the OS being
alive when we get control. All we can trust is the machine,
well, maybe. And that is, for example, why we have the
ability to preload symbols and source code: because when
SoftICE is popped up, we can’t assume we have an operational
file system to go find source or symbols.

We have an internal tool to debug SoftICE.

Alberto.

-----Original Message-----
From: Nicholas Ryan [mailto:xxxxx@nryan.com]
Sent: Monday, March 24, 2003 4:40 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

Out of curiousity, what do you use to debug SoftIce? (I’ve set
breakpoints within SoftIce before, although it doesn’t want to let me.)

• Nicholas Ryan

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
Moreira, Alberto
Sent: Monday, March 24, 2003 12:32 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

It’s not a hack either - it’s a hardware level piece of code.
It’s got a DriverEntry so that Windows can install it, but
that’s where the similarity with a device driver ends.
SoftICE runs the hardware to achieve its debugging
objectives. Consider: the breakpoint you hit may be caused by
a bug in the OS, therefore, we can’t rely on the OS being
alive when we get control. All we can trust is the machine,
well, maybe. And that is, for example, why we have the
ability to preload symbols and source code: because when
SoftICE is popped up, we can’t assume we have an operational
file system to go find source or symbols.

—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

And how do you debug that tool?

Mat

-----Original Message-----
From: Moreira, Alberto [mailto:xxxxx@compuware.com]
Sent: Monday, March 24, 2003 4:49 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

We have an internal tool to debug SoftICE.

Alberto.

-----Original Message-----
From: Nicholas Ryan [mailto:xxxxx@nryan.com]
Sent: Monday, March 24, 2003 4:40 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

Out of curiousity, what do you use to debug SoftIce? (I’ve set
breakpoints within SoftIce before, although it doesn’t want to let me.)

• Nicholas Ryan

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
Moreira, Alberto
Sent: Monday, March 24, 2003 12:32 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

It’s not a hack either - it’s a hardware level piece of code.
It’s got a DriverEntry so that Windows can install it, but
that’s where the similarity with a device driver ends.
SoftICE runs the hardware to achieve its debugging
objectives. Consider: the breakpoint you hit may be caused by
a bug in the OS, therefore, we can’t rely on the OS being
alive when we get control. All we can trust is the machine,
well, maybe. And that is, for example, why we have the
ability to preload symbols and source code: because when
SoftICE is popped up, we can’t assume we have an operational
file system to go find source or symbols.

—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

—
You are currently subscribed to ntdev as: xxxxx@guillemot.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

And how do you debug the internal tool?

I guess your previous explanation is incomplete as SI depends on OS some way
(hooks etc.) and has to interpret current OS state. It would be impossible
to debug drivers efficiently without it.

Best regards,

Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]

---

From:
xxxxx@compuware.com[SMTP:xxxxx@compuware.com]
Reply To: xxxxx@lists.osr.com
Sent: Monday, March 24, 2003 10:49 PM
To: xxxxx@lists.osr.com
Subject: [ntdev] Re: SoftIce !!!

We have an internal tool to debug SoftICE.

Alberto.

-----Original Message-----
From: Nicholas Ryan [mailto:xxxxx@nryan.com]
Sent: Monday, March 24, 2003 4:40 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

Out of curiousity, what do you use to debug SoftIce? (I’ve set
breakpoints within SoftIce before, although it doesn’t want to let me.)

• Nicholas Ryan

> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of
> Moreira, Alberto
> Sent: Monday, March 24, 2003 12:32 PM
> To: NT Developers Interest List
> Subject: [ntdev] Re: SoftIce !!!
>
>
> It’s not a hack either - it’s a hardware level piece of code.
> It’s got a DriverEntry so that Windows can install it, but
> that’s where the similarity with a device driver ends.
> SoftICE runs the hardware to achieve its debugging
> objectives. Consider: the breakpoint you hit may be caused by
> a bug in the OS, therefore, we can’t rely on the OS being
> alive when we get control. All we can trust is the machine,
> well, maybe. And that is, for example, why we have the
> ability to preload symbols and source code: because when
> SoftICE is popped up, we can’t assume we have an operational
> file system to go find source or symbols.

>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
> disclose
> it to anyone else. If you received it in error please notify us
> immediately
> and then destroy it.
>
>
>
> —
> You are currently subscribed to ntdev as: michal.vodicka@st.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

With hardware. Don’t ask how you debug the hardware tool, or I will slap you.

At 11:47 AM 3/24/2003, you wrote:

And how do you debug that tool?

Mat

-----Original Message-----
From: Moreira, Alberto [mailto:xxxxx@compuware.com]
Sent: Monday, March 24, 2003 4:49 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

We have an internal tool to debug SoftICE.

Alberto.

-----Original Message-----
From: Nicholas Ryan [mailto:xxxxx@nryan.com]
Sent: Monday, March 24, 2003 4:40 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

Out of curiousity, what do you use to debug SoftIce? (I’ve set
breakpoints within SoftIce before, although it doesn’t want to let me.)

• Nicholas Ryan

> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of
> Moreira, Alberto
> Sent: Monday, March 24, 2003 12:32 PM
> To: NT Developers Interest List
> Subject: [ntdev] Re: SoftIce !!!
>
>
> It’s not a hack either - it’s a hardware level piece of code.
> It’s got a DriverEntry so that Windows can install it, but
> that’s where the similarity with a device driver ends.
> SoftICE runs the hardware to achieve its debugging
> objectives. Consider: the breakpoint you hit may be caused by
> a bug in the OS, therefore, we can’t rely on the OS being
> alive when we get control. All we can trust is the machine,
> well, maybe. And that is, for example, why we have the
> ability to preload symbols and source code: because when
> SoftICE is popped up, we can’t assume we have an operational
> file system to go find source or symbols.

>
>
>
>—
>You are currently subscribed to ntdev as: xxxxx@compuware.com
>To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>The contents of this e-mail are intended for the named addressee only. It
>contains information that may be confidential. Unless you are the named
>addressee or an authorized designee, you may not copy or use it, or disclose
>it to anyone else. If you received it in error please notify us immediately
>and then destroy it.
>
>
>
>—
>You are currently subscribed to ntdev as: xxxxx@guillemot.com
>To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>—
>You are currently subscribed to ntdev as: zeppelin@io.com
>To unsubscribe send a blank email to xxxxx@lists.osr.com

Well, by hand. We might need a real ICE, but I haven’t bumped into that
situatio yet. It ain’t easy, and we don’t do it very often.

Alberto.

-----Original Message-----
From: Mathieu Routhier [mailto:xxxxx@guillemot.com]
Sent: Monday, March 24, 2003 4:47 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

And how do you debug that tool?

Mat

-----Original Message-----
From: Moreira, Alberto [mailto:xxxxx@compuware.com]
Sent: Monday, March 24, 2003 4:49 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

We have an internal tool to debug SoftICE.

Alberto.

-----Original Message-----
From: Nicholas Ryan [mailto:xxxxx@nryan.com]
Sent: Monday, March 24, 2003 4:40 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

Out of curiousity, what do you use to debug SoftIce? (I’ve set
breakpoints within SoftIce before, although it doesn’t want to let me.)

• Nicholas Ryan

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
Moreira, Alberto
Sent: Monday, March 24, 2003 12:32 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

It’s not a hack either - it’s a hardware level piece of code.
It’s got a DriverEntry so that Windows can install it, but
that’s where the similarity with a device driver ends.
SoftICE runs the hardware to achieve its debugging
objectives. Consider: the breakpoint you hit may be caused by
a bug in the OS, therefore, we can’t rely on the OS being
alive when we get control. All we can trust is the machine,
well, maybe. And that is, for example, why we have the
ability to preload symbols and source code: because when
SoftICE is popped up, we can’t assume we have an operational
file system to go find source or symbols.

—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

—
You are currently subscribed to ntdev as: xxxxx@guillemot.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

WindBag is good if you have the time and the hardware to use it; and, it
was written by the company who developed the OS.

However, SoftIce is a very fast and efficient for debugging when you are
limited on resources and time.

In fact, I have never, not once in my life, ever loaded or used WindBag.
I started using SoftIce with version 1.1 under DOS and know it so well,
I see no reason to change; there is nothing I have not been able to
debug in SoftIce.

I would like to learn WindBag someday.

Jamey

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Monday, March 24, 2003 9:36 AM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

They cheat …

Personally I think WinDbg is the cool one, and it’s free!

–
Gary G. Little
Have Computer, Will Travel …
909-698-3191
909-551-2105
http://www.wd-3.com

“Andy Hao” wrote in message news:xxxxx@ntdev…
>
> Hi there,
> Anyone knows how the Cool debugger “SoftIce” works?
> I really want to know the kernel mechanism of softice .
> What makes it so powerful?
>
> Thanks a million!
>
> Andy
>
>

—
You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

I make a difference between the essential debugging engine and the hooks we
place in an attempt to debug the OS. The debugging engine knows about the
hardware, while the OS bit, well, of course, it knows about the OS to the
extent it needs to do its debugging. So, for example, I may need to know
about the OS to figure out what’s happening to a thread or to a process, but
not to single-step through code.

As for debugging the debugger debugger, well, that’s a black art. We do it
by hand, and not very often.

Alberto.

-----Original Message-----
From: Michal Vodicka [mailto:xxxxx@veridicom.cz.nospam]
Sent: Monday, March 24, 2003 5:00 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

And how do you debug the internal tool?

I guess your previous explanation is incomplete as SI depends on OS some way
(hooks etc.) and has to interpret current OS state. It would be impossible
to debug drivers efficiently without it.

Best regards,

Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]

---

From:
xxxxx@compuware.com[SMTP:xxxxx@compuware.com]
Reply To: xxxxx@lists.osr.com
Sent: Monday, March 24, 2003 10:49 PM
To: xxxxx@lists.osr.com
Subject: [ntdev] Re: SoftIce !!!

We have an internal tool to debug SoftICE.

Alberto.

-----Original Message-----
From: Nicholas Ryan [mailto:xxxxx@nryan.com]
Sent: Monday, March 24, 2003 4:40 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

Out of curiousity, what do you use to debug SoftIce? (I’ve set
breakpoints within SoftIce before, although it doesn’t want to let me.)

• Nicholas Ryan

> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of
> Moreira, Alberto
> Sent: Monday, March 24, 2003 12:32 PM
> To: NT Developers Interest List
> Subject: [ntdev] Re: SoftIce !!!
>
>
> It’s not a hack either - it’s a hardware level piece of code.
> It’s got a DriverEntry so that Windows can install it, but
> that’s where the similarity with a device driver ends.
> SoftICE runs the hardware to achieve its debugging
> objectives. Consider: the breakpoint you hit may be caused by
> a bug in the OS, therefore, we can’t rely on the OS being
> alive when we get control. All we can trust is the machine,
> well, maybe. And that is, for example, why we have the
> ability to preload symbols and source code: because when
> SoftICE is popped up, we can’t assume we have an operational
> file system to go find source or symbols.

>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
> disclose
> it to anyone else. If you received it in error please notify us
> immediately
> and then destroy it.
>
>
>
> —
> You are currently subscribed to ntdev as: michal.vodicka@st.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

If you mean Virtual 8086 mode, it should work fine, if it doesn’t it’s a bug
and I would be interested in knowing what the problem is. Real mode, I’m not
sure, although we still ship SoftICE for DOS with our system for those
people who need it. Don’t laugh - a few months ago a disk drive manufacturer
asked us for SoftICE for DOS, they wanted a test system that fit in one
diskette. Also, I know of no problems related to reading or writing system
registers, if you bump into such a problem it’s a bug and I’ll be happy to
take care of it !

Alberto.

-----Original Message-----
From: James Antognini [mailto:xxxxx@mindspring.nospam.com]
Sent: Monday, March 24, 2003 3:52 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

I used SoftICE rather a lot several years back, and I was impressed. But
something it could not do then (at least I didn’t know how) was to debug
a driver that had gone into real mode. I inferred that SoftICE depended
on parts of the OS – like control registers – being “good.” For
example, if my code faulted, there followed (presumably; hard to know
for sure) a triple fault that rebooted the machine.

Is SoftICE now so independent of the hardware that it could handle such
a situation, at least to the extent of a developer being able to examine
the machine’s state (registers, etc)?

–
If replying by e-mail, please remove “nospam.” from the address.

James Antognini

You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

Do you block timer?

Govind

-----Original Message-----
From: Moreira, Alberto [mailto:xxxxx@compuware.com]
Sent: Tuesday, March 25, 2003 12:28 AM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

Again, I wouldn’t call it “cheating”. We just don’t let the OS know that it
happened.

Alberto.

-----Original Message-----
From: Gary G. Little [mailto:xxxxx@aerosurf.net]
Sent: Monday, March 24, 2003 1:02 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

Now Alberto … you have spent many letters of the alphabet detailing
“cheats” to end run the OS to gert SI that close to the iron, and many more
detailing why these “cheats” are ok. I never said this is a bad thing to do
… I can’t, since I use a “cheat” here and there.

–
Gary G. Little
Have Computer, Will Travel …
909-698-3191
909-551-2105
http://www.wd-3.com

“Moreira, Alberto” wrote in message
news:xxxxx@ntdev…
>
> We don’t “cheat”. We just talk directly to the iron. Whenever SoftICE pops
> up, it is in full control of the machine.
>
> Alberto.
>
>
> -----Original Message-----
> From: Gary G. Little [mailto:xxxxx@aerosurf.net]
> Sent: Monday, March 24, 2003 12:36 PM
> To: NT Developers Interest List
> Subject: [ntdev] Re: SoftIce !!!
>
>
> They cheat …
>
> Personally I think WinDbg is the cool one, and it’s free!
>
> –
> Gary G. Little
> Have Computer, Will Travel …
> 909-698-3191
> 909-551-2105
> http://www.wd-3.com
>
> “Andy Hao” wrote in message news:xxxxx@ntdev…
> >
> > Hi there,
> > Anyone knows how the Cool debugger “SoftIce” works?
> > I really want to know the kernel mechanism of softice .
> > What makes it so powerful?
> >
> > Thanks a million!
> >
> > Andy
> >
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
disclose
> it to anyone else. If you received it in error please notify us
immediately
> and then destroy it.
>
>
>
>

—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

—
You are currently subscribed to ntdev as: xxxxx@nestec.net
To unsubscribe send a blank email to xxxxx@lists.osr.com

We don’t block anything.

Alberto.

-----Original Message-----
From: ARUN GOVIND [mailto:xxxxx@nestec.net]
Sent: Tuesday, March 25, 2003 3:33 AM
To: NT Developers Interest List
Subject: [ntdev] RE: SoftIce !!!

Do you block timer?

Govind

-----Original Message-----
From: Moreira, Alberto [mailto:xxxxx@compuware.com]
Sent: Tuesday, March 25, 2003 12:28 AM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

Again, I wouldn’t call it “cheating”. We just don’t let the OS know that it
happened.

Alberto.

-----Original Message-----
From: Gary G. Little [mailto:xxxxx@aerosurf.net]
Sent: Monday, March 24, 2003 1:02 PM
To: NT Developers Interest List
Subject: [ntdev] Re: SoftIce !!!

Now Alberto … you have spent many letters of the alphabet detailing
“cheats” to end run the OS to gert SI that close to the iron, and many more
detailing why these “cheats” are ok. I never said this is a bad thing to do
… I can’t, since I use a “cheat” here and there.

–
Gary G. Little
Have Computer, Will Travel …
909-698-3191
909-551-2105
http://www.wd-3.com

“Moreira, Alberto” wrote in message
news:xxxxx@ntdev…
>
> We don’t “cheat”. We just talk directly to the iron. Whenever SoftICE pops
> up, it is in full control of the machine.
>
> Alberto.
>
>
> -----Original Message-----
> From: Gary G. Little [mailto:xxxxx@aerosurf.net]
> Sent: Monday, March 24, 2003 12:36 PM
> To: NT Developers Interest List
> Subject: [ntdev] Re: SoftIce !!!
>
>
> They cheat …
>
> Personally I think WinDbg is the cool one, and it’s free!
>
> –
> Gary G. Little
> Have Computer, Will Travel …
> 909-698-3191
> 909-551-2105
> http://www.wd-3.com
>
> “Andy Hao” wrote in message news:xxxxx@ntdev…
> >
> > Hi there,
> > Anyone knows how the Cool debugger “SoftIce” works?
> > I really want to know the kernel mechanism of softice .
> > What makes it so powerful?
> >
> > Thanks a million!
> >
> > Andy
> >
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
disclose
> it to anyone else. If you received it in error please notify us
immediately
> and then destroy it.
>
>
>
>

—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.

—
You are currently subscribed to ntdev as: xxxxx@nestec.net
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.