June 1998
"Softice For Beginners"
Basic Tips and Help
Tutorial
Win Code Reversing
 
 
 
by The Sandman 
 
 
Quick Overview of Softice
 

If your reading this then you've just downloaded Softice and you want to know what to do next, then in which case, reading these hints and tips on configuring Softice might be useful to you. This is NOT a replacement to the Softice Manual or Reference manual available from the web, it's just a "quick get me started" tutorial.

Before installing Softice, check the zip file for any files ending with .DIZ, or with the filename of F4CG.nfo this file will contain the serial number to register this program with..:).  In order to open this file you will need to OPEN it with Notpad.  Left click on the file then select 'Open With' then select Notepad from the available programs..

During installation, you will be asked to choose the video driver Softice will use during normal operation, an incorrect choice here will more than likely cause you no end of problems, such as colored squares on your screen when you try and use Softice.  If in doubt I would suggest you opt for VGA Mode, this is a safe option and should not cause you any problems.

Once Softice has been fully installed you should have an entry in your Autoexec.bat file that looks like this:  C:\SIW95\WINICE.EXE

What's important here is that you have something that ends with WINICE.EXE, the directory name may be different on your computer, depending on where you installed Softice. What this line does is to start up Softice at the same time as Window's '95 loads, as this program cannot be run any other way.. That's why you won't find any shortcuts to Softice.. This allows Softice to co-exist with Windows  to become part of the Window's operating system.

Next, in order for Softice to be configured to your tastes and needs we can configure Softice through a special file called Winice.DAT, which can be found in the same directory as Softice itself.  The default values for Softice are not suitable for everyone and requires you to change them..

Here's what my Winice.dat looks like, I've made comments in red so you will know that they are not normally part of this file.


PENTIUM=ON   ;If you have a pentium pc then leave this to 'ON' else use =OFF
NMI=ON
ECHOKEYS=OFF
NOLEDS=OFF
NOPAGE=OFF
SIWVIDRANGE=ON
THREADP=ON
LOWERCASE=OFF
WDMEXPORTS=OFF
MONITOR=0

; *************************************************************************
; If your have MORE than 32MB of physical memory installed, change
; the PHYSMB line to the correct # of Megabytes.
; If you have LESS than 32MB you can save a bit of memory by
; specifying the correct # of Megabytes
; Example: PHYSMB=32
; *************************************************************************

PHYSMB=32 ;Change this value to reflect the total amount of RAM in your PC
SYM=1024  ;Reserves 1MB of memory to store symbols from source code
HST=256   ;Reserves 256K of memory for a History buffer
TRA=8
MACROS=32 ;Maximum number of Macro's for use in Softice
DRAWSIZE=2048

                            ;The next two lines configures Softice each time you turn on your pc.
                            ;These settings are recommended for beginners so you might want
                            ;to change your default settings to these.

X;            = Exit softice

wl;           = Switch on/off the 'local' variable window within Softice

code on;      = By default this is off, we want it on.. This displays the  hexadecimal
                bytes along side our disassembled source code.

altscr off;   = We don't want softice to use a different screen to display any of it's
                output.

Lines 57;     = Sets the 'window' size of Softice so it fills the whole screen.
                Default size is just too small.

wc;           = Softice Code Window, sets the size of this internal window.

wd;           = Softice Hexadecimal window size

wr;           = Shows you all the Registers at the top of the screen. Very Useful

faults off ;  = Do you want Softice to break on any General Protection Faults?

INIT="X;"
INIT="wl;code on; altscr off; lines 57; wc 32; wd 8; wr; faults off;"

;These settings 'program' your Function keys to do a particular job

F1="h;"      
F2="^wr;"
F3="^src;"
F4="^rs;"
F5="^x;"
F6="^ec;"
F7="^here;"
F8="^t;"
F9="^bpx;"
F10="^p;"          ;This F10 Key (Single-Step through code) is used heavily
                   ;during *cracking*

F11="^G @SS:ESP;"  ;This key F11 allows us to return from a call to a
                   ;routine.
F12="^p ret;"
SF3="^format;"
CF8="^XT;"
CF9="TRACE OFF;"
CF10="^XP;"
CF11="SHOW B;"
CF12="TRACE B;"
AF1="^wr;"
AF2="^wd;"
AF3="^wc;"
AF4="^ww;"
AF5="CLS;"
AF8="^XT R;"
AF11="^dd dataaddr->0;"
AF12="^dd dataaddr->4;"
CF1="code on; altscr off; lines 57; wc 32; wd 8; wr; wl; ww 2; faults off;X;"
CF2="^wr;^wd;^wc;"

; WINICE.DAT
; (SIW95\WINICE.DAT)

 

; Change the path to the appropriate drive and directory
 
;These lines lets Softice automatically load in these system DLL's so that
;it can tell you when your about to use any of the routines within these files.  Many programs uses these DLL's so it's worth letting Softice loads these in each time it is loaded.

EXP=c:\windows\system\kernel32.dll    EXP=c:\windows\system\user32.dll        
EXP=c:\windows\system\gdi32.dll
EXP=c:\windows\system\comdlg32.dll
EXP=c:\windows\system\shell32.dll
EXP=c:\windows\system\shell232.dll

;It's a good idea to add these two lines

EXP=C:\windows\system\vb40032.dll  ;VB4 Runtime support file
EXP=C:\windows\system\msvbvm50.dll ;VB5 Runtime support file


Any changes you make to the Winice.dat file requires you to re-boot your computer so that these changes take effect.

Make sure to verify that the setting PENTIUM=ON is correctly set according to wether or not you have a Pentium machine.
 
Don't expect to be able to 'use' Softice straight away, you won't, however, after plenty of practice and getting to know how to 'read' the information Softice gives you will change all of that.

To get into Softice all you need to do is press the 'Control' Key AND the 'D' TOGETHER, this will stop whatever windows is doing and allow Softice to start up. In many essay's and tutorials you will often see Ctrl-D which is the short version of saying "press the Control & D keys together".  Once inside Softice you will see several 'windows' of different sizes, all of which shows different kinds of information.. The bottom window is always your input Window. It is in this Input Window you can type commands into Softice.  Some examples of commands are:-

            = Exit Softice and let the program run as normal.
bpx 00443456  = Create a breakpoint at mem address 00443456
00443456      = Display this memory location and it's contents
d eax         = Display the memory location and contents in the eax register.
e 00443456    = Edit the memory contents starting at memory location  00443456
cls           = Clear the input window of all text.

Clicking anywhere 'inside' any of Softice's internal windows will allow you to directly alter the contents displayed within that window.  (Except the disassembly window)

  
 


 
 
 

Essay by:          The Sandman
Page Created: 07th June 1998
Page Updated: 15th October 1998