|
|
|
|
|
|
|
If your reading this then you've just downloaded Softice and want to know what to do next, then in which case, reading these hints and tips on configuring Softice might be useful to you. This is NOT a replacement to the Softice Manual or Reference manual available from the web, it's just a "quick get me started" tutorial.
Once Softice has been fully installed you should have an entry in your Autoexec.bat file that looks like this: C:\SIW95\WINICE.EXE
What's important here is that you have something that ends with WINICE.EXE, the directory name may be different on your computer, depending on where you installed Softice. What this line does is to start up Softice at the same time as Window's '95 loads, as this program cannot be run any other way.. That's why you won't find any shortcuts to Softice.. This allows Softice to co-exist with Windows to become part of the Window's operating system.
Next, in order for Softice to be configured to your tastes and needs we can configure Softice through a special file called Winice.DAT, which lives in the same directory as Softice itself. The default values for Softice are not suitable for everyone and requires you to change them..
Here's what my Winice.dat looks like, I've made comments in yellow so you will know that they are not normally part of this file.
PENTIUM=ON ;If
you have a pentium pc then leave this to 'ON' else
use =OFF
NMI=ON
ECHOKEYS=OFF
NOLEDS=OFF
NOPAGE=OFF
SIWVIDRANGE=ON
THREADP=ON
LOWERCASE=OFF
WDMEXPORTS=OFF
MONITOR=0
; *************************************************************************
; If your have MORE than 32MB of physical
memory installed, change
; the PHYSMB line to the correct # of
Megabytes.
; If you have LESS than 32MB you can save
a bit of memory by
; specifying the correct # of Megabytes
; Example: PHYSMB=32
; *************************************************************************
PHYSMB=32
;Change this value to reflect the total amount
of RAM in your PC
SYM=1024
;Reserves 1MB of memory to store symbols from source code
HST=256
;Reserves 256K of memory for a History buffer
TRA=8
MACROS=32
DRAWSIZE=2048
;The next two lines configures Softice each time you turn on your pc.
;These settings are recommended for beginners so you might want
;to change your default settings to these.
X;
= Exit softice and the semicolon is like pressing the Enter key
afterwards
wl;
= Switch on/off the 'local' variable window within
Softice
code
on; = By default this is off, we want it on.. This displays
the
hexadecimal bytes along side our disassembled source code.
altscr
off;= We don't want softice to use a different screen to display any
of it's output.
Lines
57; = Sets the overall window size of Softice so it fills the whole
screen. It's default size is just too small.
wc;
= Softice Code Window, sets the size of this internal window.
wd;
= Softice Hexadecimal window size
wr;
= Shows you all the Registers at the top of the screen. Very
Useful
faults
off;= Do you want Softice to break on any General Protection Faults?
INIT="X;"
INIT="wl;code on; altscr off; lines 57;
wc 32; wd 8; wr; faults off;"
F1="h;"
;These settings 'program' your Function keys to do
a particular job
F2="^wr;"
F3="^src;"
F4="^rs;"
F5="^x;"
F6="^ec;"
F7="^here;"
F8="^t;"
F9="^bpx;"
F10="^p;" ;This
key F10 (Single-Step through code) is used heavily during *cracking*
F11="^G @SS:ESP;" ;This
key F11 allows us to return from a call to a routine.
F12="^p ret;"
SF3="^format;"
CF8="^XT;"
CF9="TRACE OFF;"
CF10="^XP;"
CF11="SHOW B;"
CF12="TRACE B;"
AF1="^wr;"
AF2="^wd;"
AF3="^wc;"
AF4="^ww;"
AF5="CLS;"
AF8="^XT R;"
AF11="^dd dataaddr->0;"
AF12="^dd dataaddr->4;"
CF1="code on; altscr off; lines 57; wc
32; wd 8; wr; wl; ww 2; faults off"
CF2="^wr;^wd;^wc;"
; WINICE.DAT
; (SIW95\WINICE.DAT)
; for use with SoftICE Version 3.2 (Windows
95)
; 14 July 1997
; Change the path to the appropriate drive
and directory
EXP=c:\windows\system\kernel32.dll
;These lines lets Softice automatically load
EXP=c:\windows\system\user32.dll
;in these system DLL's so that it can tell you
EXP=c:\windows\system\gdi32.dll
;when your about to use any of the routines
EXP=c:\windows\system\comdlg32.dll
;within these files. Many programs uses these
EXP=c:\windows\system\shell32.dll
;DLL's so it's worth letting Softice loads these
EXP=c:\windows\system\shell232.dll
;in each time it is loaded.
Any changes you make
to the Winice.dat file requires you to re-boot your computer so that these
changes take effect.
Don't expect to
be able to 'use' Softice straight away, you won't, however, after plenty
of practice and getting to know how to 'read' the information Softice gives
you will change all of that.
To get into Softice all you need to do is press the 'Control' Key AND the 'D' TOGETHER, this will stop whatever windows is doing and allow Softice to start up. In many essay's and tutorials you will often see Ctrl-D which is the short version of saying "press the Control & D keys together". Once inside Softice you will see several 'windows' of different sizes, all of which shows different kinds of information.. The bottom window is always your input Window. It is in this Input Window you can type commands into Softice. Some examples of commands are:-
x
= Exit Softice and let the program run as normal.
bpx 00443456
= Create a breakpoint ( a memory location where you
want softice to stop the program)
d
00443456 = Display this
memory location and it's contents
d
eax = Display
the memory loction and contents pointed to by the
eax register.
e
00443456 = Edit the
memory contents starting at memory location
00443456
cls
= Clear the input window of all text.
Clicking anywhere 'inside' any of Softice's internal windows will allow you to directly alter the contents displayed within that window. (Except the dissasembly window)
I shall be adding to this page as-and-when the
need arises.
| [ Return ] |