IceExt INT3 protection

[bedrock]

I've been looking at a couple of apps this weekend, one protected with pex 0.99 and the other with exestealth 2.7?

I am running XP SP 1 with SoftICE Driver Studio 3.01 and IceExt 0.53

I basically set bpint 3 and use lordpe 'break n enter' function to break a programs entry point, from here i have been single steping through packer code to locate oep, i can get to oep of both protector ok, but whilst i've been working on these two protections i noticed they are both using int3, if i single step there int3 instrcution iceext prints out 'PROTECT:' message, actually 'ROTECT: Backdoor interface' for pex 0.99 and 'PROTECT: BoundChecker interface' for exestealth 2.7?

But problem is this, as i was about to say, when i single step there int3 iceext prints out 'PROTECT:' message, and then floods SoftICE with more 'PROTECT:' message and then causes KeBugCheck with double fault.

I tried looking at IceExt source some time, but i am not asm coder, i am C/C++ coder

@Sten Should IceExt cause double fault when single steping int3 or can protection be improved to not cause double fault?

I had to turn int3 protection off to finish the work i was doing.

ps. IceExt is best tool i use after SoftICE

--
bedrock