SOFTICE symblo loader won't break on program execution please help.

After loading a .exe into soft-ice symbol loader and starting the program with the loader the loader doesn't automatically break.
I know about changen the .text section characteristics into E0000020 but this doesn't seem to work. I use the new driver's suite 2.7 under XP.
Can someone please help me fixing this?


LogicalBit

[_Servil_]

thats knwon issue

seach fravia's forum for patch respective
/* don;t know if publishing their new IP alowed */

[amigo]

when the program is running go to sice, change context to this process (addr) and set breakpoint on entrypoint (read from PE header). When you'll start the program once again sice will stop on EP

amigo

[LOUZEW]

Hi,logicalbit

This pb is well know now, i can tell you how to do and send you the patch to apply.
PM me a valid Email addy and i give you what you need (a complete guide to make DS2.7 breaking at entry point under XP SP1).

Thanx for all your help , I have been out of the assembly scene a long time so I need to learn some things again.

LogicalBit

At entry point change 1st byte to c3 (if i remember well this INT 3 break) and try. When (if) you break change this byte back to original state and continue as you want.

The_Philosopher

Guys, please, go over the opcodes again, and do not provide people with wrong information.
"C3" is the "ret" opcode; the correct one (for "int3") is "CC".

logicalbit,
try changing the radiobuttons settings in the "Debugging" tabsheet, then deselect and re-select the checkbox "Prompt for missing source files", and load the program again.
This works on my systems (Windows 2000 Build 2128 with DS25 and Windows 2000 Build 2195 SP3 with DS26)
Let me know

Thanx.

My email is logicalbit@hotmail.com

[LOUZEW]

Hi, Logicalbit

YOU HAVE MAIL !

Vox Humana as i write "if i remember well", so this was not my intention...to provide logicalbit with wrong info. My fault is that when i make programs in asm, look silly, i don't use at all CC opcode or INT 3, or whatever shit. Strange Vox Humana, right? So excuse my stupid brain that won't remember this stuff. But thanks god that we have you Vox Humana. You can teach us. Again thanks a lot, and yes Vox Humana, i will not anymore provide people intentionally with wrong info. But who knows what my brain will think this evening, tomorrow, in a few days. I will notice you, so we will stay in touch.

Greetings from The_Philosopher

hehehe...I'd only emphasized that absence of information is better than wrong information... if logicalbit puts a "ret" at entrypoint, his/her program crashes, your "if i remember well" notwithstanding...and no, I'm not in a such prominent position that allows any lesson...I'm not capable of teaching at all, and my knowledge isn't so deep.

On the other hand, you don't need any lesson. Nobody could teach you anything; your brain is already too much busy in sharp-witted irony, so probably not enough room is left...

I'm in debt to the community, because I've learnt a lot from it. So, if I guess that I can give any piece of advice, I do it, no matter what people think. That's my way to pay off the debt. The_Philosophers' "constructive" critcism regardless

My "if i remember well" means look in opcode help file.

logicalbit you can try Olly Debugger too, It will stop on program entry point (if it is not packed of course).

The_Philosopher

k, thanx to you all, especially louwez. I was trying to crack an older version of securom(diablo 2) but it is done now. As I have said I have been out of the scene for years, a lot has changed,and am trying to level up again.

THANX!

LogicalBit

SORRY FOR SPELLING YOUR NAME WRONG LOUZEW