#1
|
|||
|
|||
Softice - how do I return to calling code?
I've read several tutorials that suggest breaking on a Windows message api and when the break brings up SI, to use F11 to return to the calling code. When I use F11 I exit SI.
So what command is used to return to the calling code? I thought that F12 (P RET) would work, but it also exits SI. Last edited by sync; 08-20-2002 at 05:10. |
#2
|
|||
|
|||
two questions for ya
1. what operating system are you using? 2. what version of S-ice? R@dier |
#3
|
|||
|
|||
I'm using XP and SI DriverStudio 2.6.
|
#4
|
|||
|
|||
It is the F11 key as you thought, but it is not working for many people who use Win XP. There was a workaround for it, but I cannot remember exactly what it was. It had to do with, manually setting the breakpoint, but I do not remember the syntax.
Last edited by NE1; 08-20-2002 at 11:11. |
#5
|
|||
|
|||
BTW: I forgot to mention. Check your winice.dat and make sure it reads:
F11="^G @SS:ESP;" Also note that changes to winice.dat may not take effect until you reboot. Although I have other problems related to using Softice in Win XP, F11 does work for me. |
#6
|
|||
|
|||
default is the key F12
|
#7
|
|||
|
|||
Hmm, not sure why F12 is default for you, but it has always been F11 for me (from default install), and F12 is the Step until a return command ("^p ret;",).
|
#8
|
|||
|
|||
There are certain cases when debugging operating system files where f12 will lure you back to the system and though I am not sure what happens there I think theres a reason it exits. Just keep hitting f12...eventually you will be out of softice. Not sure the specifics for this but it is true.
Snatch |
#9
|
|||
|
|||
Remember, the original question was How to return to calling code, not return from calling code, for example, you set a breakpoint on an api and you want to see who or where the api was called from. That is where you would use F11.
On a side note: (so there is no confusion) Taken straight from Softice's help file. Default Function Key Assignments F1 = H; F2 = ^WR; F3 = ^SRC; F4 = ^RS; F5 = ^X; F6 = ^EC; F7 = ^HERE; F8 = ^T; F9 = ^BPX; F10 = ^P; F11 = ^G @SS:ESP; F12 = ^P RET; SF3 = ^FORMAT; AF1 = ^WR; AF2 = ^WD; AF3 = ^WC; AF4 = ^WW; AF5 = CLS; AF11=dd dataaddr->0; AF12=dd dataaddr->4; Last edited by NE1; 08-22-2002 at 05:26. |
#10
|
|||
|
|||
Is the address of the calling code stored in ESP?
|
#11
|
|||
|
|||
To answer sync's question, if you looked up CALL on a learning assembly site (like Randall Hyde's Art of Assembly Language Programming) you would see that the CALL instruction Pushes the offset of the next instruction following the call onto the stack.
As ESP is just a pointer to the top of the stack, the offset is stored at the address in ESP. So the answer to your question is yes, except that it is not the caller's address, but the address of the next instruction following the call. As for some of the other stuff in this thread. You may have noticed that I edited my last message and removed that part where I was trying to explain the difference between F11 and F12 in softice. I did this because it is hard to explain and I wasn't really explaining it right. My answer to this question better explains what F11 does. F12 is harder to explain because it is thread specific, but basically it executes one program step until it finds a return (within the current thread), and in the case of loops, or calls, etc., it runs the entire routine before returning control to softice. In a case where you are within a function (call) within your program (with the same thread, i.e. not an api call), then you would return at the next instruction following the call instruction. Now, if your in an API call, your are in a different thread, so using F12, will look for the return in that thread, which is not necessarliy, the return to the program that called it (as some API functions, call other API functions, etc.). Mix that in with Windows trying to manage everything, and providing time slices for all the different applications, etc, you could end up anywhere, and thus why sometimes, you hit F12 you end up skipping right over whatever your program was doing (i.e. it acts almost like you hit F5). Softice my not pop back up for a while, because it is basically single stepping through every instruction, and in a long routine, it can take a long time. Anyway, that is the best I can explain it right now. Hopefully, I explained it enough to give a basic understanding of the differences between F11 and F12 (as they are setup by default in Softice). |
#12
|
|||
|
|||
Quote:
I did a 'bpx getwindowtexta'. Then I selected a menu to enter a password. When SI popped up on the breakpoint I wrote down the value of ESP. Then I entered a bpx using the value in ESP. Then I selected the menu item again, got the password window, selected 'OK' and the breakpoint wasn't triggered. What am I missing? Last edited by sync; 08-22-2002 at 08:02. |
#13
|
|||
|
|||
I think you just didn't understand the wording I used.
Quote:
Also, don't forgot that this is what F11 does for you in Softice. So the easier way to do it would be to set your breakpoint on getwindowtexta. When softice pops up, hit F11, and you will land on that address (the address that was in ESP). Then you can manually set the bpx on the current address (type it in or double click on the line), if you need to use it again (as F11 just sets a one shot breakpoint). Then next time you choose your menu item, you will skip that call to getwindowtexta, and softice will popup on the line right after that call. EDIT: Oops, just noticed the you were the person that originally started this thread, and thus F11 may not be working for you. If it is not, then just ignore the second part of this message and do it the way I explained in the first paragraph. (Also double check the the F11 key is setup correctly in winice.dat. One again it should read F11="^G @SS:ESP;" with the quotes. Winice.dat should be in your WINDOWS/SYSTEM32/DRIVERS folder and can be edited with any text editor.) Last edited by NE1; 08-22-2002 at 08:26. |
#14
|
|||
|
|||
Yes, that works now. It's great to be actually making some progress. Thanks!
Last edited by sync; 08-22-2002 at 09:06. |
#15
|
|||
|
|||
Quote:
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Calling function from a class | AdamD | General Discussion | 0 | 02-17-2005 22:59 |
how do you stop a program from calling home? | sb1855 | General Discussion | 4 | 03-29-2003 04:40 |