Session 1: SoftICE Install for Beginners
Be warned, this is very basic stuff, great for newbyes, yet it has NO value at all for seasoned (or even half-seasoned) reversers.
Hello there newbies! This is the first article in a series which will take you from an 'Ultimate Beginner', on to become a full fledged cracker. I know, it sounds like a daunting task, but, as you will see, we can learn together.
In the first session I will show you how to install and setup the best debugger for
windoze, SoftICE version 3.20. What's that you say? You don't have SoftICE? Well go
get it. It's on the NET everywhere. You can't swing a dead cat around out there
without hitting at least one copy. :-)
Try it out for the allowed period and then BUY it. It's a great tool and it deserve to be bought.
What is SoftICE?
SoftICE, by NuMega Technologies, is a debugger. A debugger is a software (or hardware) device that is used to disassemble program code as it is running. Why would we want to do that? Well, if you have a bug in a program, it is nice to be able to open up the program while it is running to find the bug and eradicate it.;=) Or just to see what the bug is.
NOTE: A disassembler/debugger can only change the code that is in memory at the moment. If you want to change the program code permanently you have to use a Hex Editor. I recommend UltraEdit-32 version 5.0a by IDComp (http://www.idcomp.com/).
For instance, a lot of programs nowadays have a 'registration' bug. This insidious bug usually pops up at the beginning of a program and asks you to input some arcane code. If you don't put in the right code then the program limits what you can do, or wont run at all. Now why would any one release software that has bugs in it? Following Micro$oft's lead, I guess. :P
Most Reverse Engineers (RE) will tell you that SoftICE is the very best debugger for breaking in and reversing code. Now that it has the Universal Video driver, I would have to agree. Older versions of SoftICE (3.0 and below) required you to use a video driver specific to your video card. The problem with these versions? They didn't have drivers for all cards. My card (Creative Labs 3D Blaster PCI) wasn't supported. It was difficult to use this great debugger when you couldn't see it's output. My computer would switch to SoftICE with the standard CTRL-D hotkey, but my screen wouldn't. Now, with version 3.20 of SoftICE, they have incorporated a 'Universal Video Driver' which works just fine with most video cards.
OK, so by now you have searched for and found the SoftICE 3.2 program and it is time to show you how to install it.
You should have found the install program for SoftICE in a zip file (si95win320.zip perhaps?). Unzip that file to the c:\temp directory, or where ever you want to, and run setup.exe. This will start the install process for SoftICE 3.20.
After all the boring welcome screens and registrations screens, Setup asks you for the directory where SoftICE will be installed (FIG. 1). I chose C:\ICE, because it has a nice ring to it. Your results may differ ;). Be aware though, later on when I use 'C:\ICE' to setup the Config.sys and AutoConfig.bat, you should use the directory where YOU installed SoftICE. Other than that there is no difference.
Video Driver Selection
Go through all the initial screens (i.e., registration, License Agreement, etc.) until you get to the Display Adapter Selection Screen (FIG. 2). Thumb through all the different display adapter cards and find yours. Be sure to test the display with the handy 'TEST' button that they include. If you don't see a text message when you Test the driver, then it isn't working correctly. Try another driver or use the 'Universal Video Driver'. This is the one that I used, as you can see from FIG. 2.
When you get to the mouse driver screen (FIG. 3) select the type of mouse that you have. If you have a PS/2 mouse it will have a small circular connector on the end. A Serial mouse will have a 'D' type connecter. This is a rectangular connector that has lock down screws on it. The 'D' type looks like a 'D', hence the name. If you do have the Serial type, make sure you select the proper one, i.e., COM 1 or COM 2. Check the back of your computer to see which Port it hooks up to. They should be labeled 1 and 2. Select the correct one, and we are off.
SoftICE System Configuration
The last screen you can edit is the Configuration screen. It has what you have set up so far, plus three (3) options (FIG. 4). Select the last option-- "Do not make any changes." The changes that it would make wouldn't be the best changes (as most automated ones aren't). We will make the required changes to the files ourselves.
OK, you have selected the third option, and now we will press the 'NEXT' button and complete the installation. Press 'FINISH' on the next screen and come back when it is done installing...
...Back already? OK, let's move on.
If you haven't already, download the patch from NuMega or some other site that has it, to Upgrade to version 3.22. The file should be called SI322ServicePack95.exe. Run this .exe file (automatic setup) and then come back...
There that wasn't too hard was it?
Now we just have to setup the Config.sys and AutoExec.bat files to our liking. The setup I am about to show you originally came from exact's Windows 95 Cracking tutorial. I have modified it a little to fit my system, as you will to fit yours.
This setup will allow you to select whether or not you want to load SoftICE at startup. It uses the [menu] command in config.sys and allows user selection of options.
-----------Begin File: C:\CONFIG.SYS-------------------------------- [menu] menuitem SoftICE,Start Windows with 'Soft-Ice v3.22' Debugger [CTRL-D Popup] menuitem NORM,Start Windows without Soft-Ice menuitem DOSICE,Start DOS with 'S-ICE v2.62' Debugger [CTRL-D Popup] menuitem DOS,Start DOS without Soft-Ice menudefault SoftICE,10 [DOSICE] e:\arena\emmsetup e:\arena\s-ice.exe DEVICE=e:\arena\s-ice.exe /sym 50 [SoftICE] [NORM] [DOS] [COMMON] DEVICE=C:\WINDOWS\HIMEM.SYS DEVICE=C:\OCTEK\CDR812.SYS /D:MSCD001 /V FILES=40 BUFFERS=40 -------------------------END CONFIG.SYS------------------------------
This config will give 4 options: (Screen looks like this)
1. Start Windows with 'Soft-Ice v3.22' Debugger [CTRL-D Popup] 2. Start Windows without Soft-Ice 3. Start DOS with 'S-ICE v 2.62' Debugger [CTRL-D Popup] 4. Start DOS without Soft-Ice Selection: 1 Time Remaining: 3
The 'menudefault' setting makes this default to SoftICE (selection 1) in 10 seconds. The start of each 'menuitem' gives the value to jump to below the menu, and the value that %CONFIG% will be set to when we get to the AUTOEXEC.BAT file. Case is important in this, so be careful that you keep everything the same. You can add more menuitem 's if you choose, just remember to keep the case constant.
The third option is to load S-ice.exe, the DOS debugger from NuMega. Note the path of each program (ie, e:\arena\emmsetup e:\arena\s-ice.exe). This is my path, it may not be yours.
Currently I can't get DOS Ice to run on my system; it gives me a GPF and pops up in SoftICE where I have to reboot; but I keep the selection there just in case. If you have any suggestions that might help, please let me know.
Your devices would go in the [COMMON] section. The ones I have won't necessarily be the ones that you have.
OK, so let's take a look at the Autoexec.bat and see where we are.
-------------------Begin File: C:\AUTOEXEC.BAT----------------------- REM***************** Common Stuff ****************** REM your common stuff would go here... REM **************** SoftIce below here ****************** REM ******************************** REM ***** ***** REM ***** S O F T I C E 3.22 ***** REM ***** & S-ICE DOS v2.62 ***** REM ***** LOADER ***** REM ***** ***** REM ***** by ***** REM ***** Exact aka Siceboy ***** REM ***** i_magnus '98 ***** REM ***** ***** REM ******************************** GOTO %CONFIG% :DOSICE ECHO DOS Soft-ICE Loaded GOTO END :NORM WIN :COMMON :END eof :SoftICE WINICE.EXE eof -------------------------END AUTOEXEC.BAT---------------------------
As you can see, if we select option 1 in the Config.sys, then %CONFIG% is set to 'SoftICE' and we GOTO SoftICE when Autoexec.bat runs.
If we select option 2, we goto COMMON, which just loads windoze.
If we had selected option 3, 'DOSICE', config sys would have loaded s-ice.exe as a device and then quit to DOS.
Finally, option 4, jumps to [DOS] in the Config.sys which just runs the [COMMON] files and when it gets to the Autoexec.bat, it does the Common funtions and then not finding a :LABEL for :DOS, it quits to the command prompt.
The main point of using this configuration is that you can decide at startup whether you want to run SoftICE for DOS or SoftICE for Windows or nothing at all. I usually just have SoftICE for Windows installed by default.
So now that you have SoftICE installed what do you do with it? Well, now you can start learning from all those tutorials that reverser+ has on his site :?)
Look for Session 2: An Ultimate Beginners Guide to using SoftICE 3.22, coming as soon as I finish writing it.