Flag: Tornado!
Hurricane!
|
|
Topic created on: May 26, 2006 16:47 CDT by JCRoberts  .
I'm personally not a SoftICE user simply because I could never justify the cost of the product. I have occasionally been asked to use it by clients for their projects and thought it was a great tool for some jobs.
With the recent death of SoftICE as a product, does anyone around here think it's a worthwhile idea to see about getting Compuware to open source it?
If it was opensourced, is there anyone out there willing to work on it?
thoughts?
--
jcr
I doubt the source will be published. The main problem of Softice was the mighty Microsoft Windows os, with theirs version driver changing "all night long". If i remember correctly Microsoft Vista will not allow to load any driver which was not signed by Microsoft, so here's another problem - and softice had enough problems with XP already. Anyway currently most of researchers use some ring3 debuggers, i really enjoyed softice, specially while working ring0 stuffs like drivers and the kernel itself. If it will be somehow opensourced, surely i will take a look. If the market will bring something more advanced i will still keep CTRL-D unassigned.
|
|
i was/am a Visual SoftIce user , and i really liked it , the program itself and its good documentation and support , doubt if they even think about publishing the source code , but as a customer it's really hard to find any alternative for VSICE .
|
|
Just wondering what "other" alternatives everyone has used/tested/hated besides SoftIce?
|
|
Not counting SoftIce, RR0D is the only ring0 debugger for windows I am aware of: http://rr0d.droids-corp.org
|
I use WinDbg for ring0 nowadays. Loads of functionality, and well-supported; but requires two PC's or VMWare, and can be somewhat of a pain to use. Plus there is a marked absence of RCE related tutorials and plugins (though writing plugins is easy).
I've tried Syser 1.3, and the ring0 debugger in that wouldn't work on my test machine (WinXP, SP0).
|
|
Vista will not allow unsigned drivers on x64 cpus. On 32 bit processors you'll be able to still run unsigned drivers. Signing, afaik, will be done by Verisign, at least in the beginning. This issue should not block any ring 0 debugger for x86. But seriously, has anybody heard from Compuware/Numega that they are even considering such a move?
|
windbg is simple to use, has very useful features, is free, and is constantly being improved. works for user and kernel-mode code. yah, you do need either two computers (connected via serial, usb2 or firewire) or vmware for debugging kernel code, but do you really want to test ring0 code on the machine you're doing your development on?
as for the vista driver-signing issue, it's still in flux as to what, exactly, it will entail:
http://www.osronline.com/article.cfm?id=465
|
|
Doesn't livekd allow debugging in ring0 on the same machine?
|
>Doesn't livekd allow debugging in ring0 on the same >machine?
Well, yes, but its functionality is really limited. I worked with it few times, it was long time ago, about a 2 years? so maybe things got changed (forgive me any errors caused by that). Anyway you must consider the fact while working with livekd you are actually working with "local dump", moreover you can't do many things like setting breakpoints etc. etc. I still prefer to use two computers or vmware instead livekd-ing. Live-kd is really minimum option for the reverser (or for me if i speak for myself).
Most guys i know, specially drivers devlopers are using remote windbg debugging through com1(null modem)/firewire whatever, visualsoftice could be an cool product, however my system was crashing all the time so i have quit.
cheers!
|
livekd allows what is termed as local debugging (i am not aware of the right terminology) windbg with xp offers the same functionality without one having to install
livekd
you cannot trace (ie single step through )
its as good as having a disassembly of ring 0 in front of you that is all
you can also try windbg with -z option to load a sysfile
as dump
|
|
anybody here ever heard anything about a ring0 debugger which is not based on OS's api ?
|
anybody here ever heard anything about a ring0 debugger which is not based on OS's api ?
Check out the Rasta Ring 0 Debugger:
http://rr0d.droids-corp.org/
|
Well As a view specific approach it too used IDA , W32Disasm
mailnly.
It hink ites system specific in its context.You can see when we use win98 , 2000 i use Softice.CTRLDstuff.
For open source Gnu debugger is damn cool.
Well it depends on usage of one's.
|
Soleley speaking The pace is too fast.
We have our own vision to check the availability of the
required tool set.
|
Apparantely its mirco$oft who is killing these programs.
Syser is not so good, rr0d will be the future once it
evolves more.funny someone mentioned W32Dasm and IDA here.
|
softice left, syser debugger is coming.
syserdebugger is very good.
> JCRoberts: I\'m personally not a SoftICE user simply because I could never justify the cost of the product. I have occasionally been asked to use it by clients for their projects and thought it was a great tool for some jobs.
>
> With the recent death of SoftICE as a product, does anyone around here think it\'s a worthwhile idea to see about getting Compuware to open source it?
>
> If it was opensourced, is there anyone out there willing to work on it?
>
> thoughts?
>
> --
> jcr
|
hi i cannot find any download link of it .
anD OllyDBG is also opensource ask Olle
|
|
the open source part is only its disassembler engine dude
|
|
��Ҳϲ��soft-ice ��Ϊ�����㹻ǿ������ҽ���˺ö������ ���ҹ����ĺ���� = =
|
Note: Registration is required to post to the forums.
|
|
|
|
There are 31,323 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}