Debuggers

Debuggers

SoftICE by NuMega Corp.25.II.2000. SoftICE 4.05 Win 9x version. SoftICE 4.05 Win NT version. NuMega products SN maker (177K) by gAnZ. NuMega SoftICE Updates For Win 2000. ATI Macxw4.vxd driver fix by HaCkEr^Uk. News: - Event viewing for BoundsChecker events (EVENT command) - Windows 2000 (NT 5.0) Beta 3 support - Remote SoftICE via IP Network Connection - Pentium III opcode support - Support for FPO data and an improved STACK command - Stack Window (WS command) - New Informational Commands - Numerous bug fixes SoftICE, the Advanced Windows Debugger, is the only "all purpose" debugger for C/C++, ASM programmers developing for Windows NT and Windows 95/98. Solving complex Windows problems requires a deeper view into Windows internals. Unlike conventional SDK/DDK tools, only SoftICE gives the absolute system-wide control and visibility programmers need to fix tough software application/system-level problems. With SoftICE, programmers can view, explore or debug any EXE, DLL, device driver or system component with powerful, reliable, source/kernel-mode debugging on a single PC. TRW2000 for Win9x by LiuTaoTao & ZhuNanHao. 01.VI.2000. TRW2000 for Win9x v1.22. News: - fix a bug: bpio not work - fix a bug: Ctrl+M not work - add a new command: int41 on|off - ... TRW2000 is a system-level advanced debugger running on Windows 9x. What is system-level? It means that TRW2000 is bewteen OS and hardware. So, TRW2000 can debug/trace any code that running on Windows (DOS COM, DOS EXE, DOS protected mode, 16bit NE, 32bit PE applications and ring 0 kernel VxD..., include other system-level debugger!!!) Cool Debugger by Wei Bao. 14.XII.1999. Cool Debugger 2.0 (705K). Unassembly upto MMX/P6 opcode. Assembly upto Pentium opcode(without FPU opcode). Hook all imported functions (like system dll call) that are called APIs. All hooked APIs are counted when called. MultiThread enabled. Emulation - Automatic trace through the debugee until a breakpoint is met. Log the API call history. When a value is needed, an expression can be used. (like eax + ebx, [ecx + 3] + ebx). Delphi 3.0 object structure recognizing(only for registered user).

SoftICE tools

FrogsICE by Frog's Print+. 02.IX.2000. FrogsICE v1.08.7 (64K). News: - fixed problem with large fonts users. - fixed problem with anti-Sice protections/softs packed with Petite (crashed). - new detections added to FPLoader's database. - miscellaneous enhancements. FrogsICE is a VxD (Virtual device driver for Windows, just like a good old TSR for DOS). It allows you to intercept programs (exe or COM, DOS/Win16 or Win32) which would try to detect if SoftICE is loaded. It is particularly useful for packed/encrypted programs. NT ALL by Pulsar. 29.II.2000. NT ALL 0.6 (7K). FrogIce clone for NT/2K. Tricks Detected: - BCHK. - Magic values in SI et DI. - Int 41h. - Meltice. - Suspicious Int01 instruction. SoftICE Backdoor Keeper by Execution. 07.XII.1999. SoftICE Backdoor Keeper (5K). FrogsICE is able to defend almost all Anti-SI tricks and hide Soft Ice (big thx to +Frogs's Print for that tool!). Just 2 well known ways still exist: the BoundsChecker interface and 'Soft Ice's Backdoor Commands'. Both are executed by Int 03 that can't be hooked when SoftIce is in memory :( and FrogsICE can't detect them. This tool modify WinIce.ExE and switch the BoundsChecker Interface and 'Back Door Commands' off. The progy create a backup of the original WinIce.ExE to WinIce.ExE.org. It should work with all SI-Version (tested on v4.01). Bang for Win9x by r!sc. 11.II.2000. Bang for Win9x (4K). This tool is useful in bypassing anti-softice code which checks the offset between int1 & int3 to detect the presence of SoftICE. IcePatch v2 by Magic Mike & The Owl. 25.II.2000. IcePatch v2b (24K). With the ever increasing number of programs that employ some form of winice detection it is our hope to provide you with at least a basic protection against these methods. Do not expect too much from this little tool as there are really countless ways of both detecting and crashing winice... IceDump by IceDump Team. 13.IX.2000. IceDump 6.019 and nticedump 1.9 (841K). News: - added RDMSR and WRMSR - fixed lookup for VWIN32_W32_SuspendThread/VWIN32_W32_ResumeThread, SUSPEND/SUSPENDX/RESUME should work now (broken since 6.016) - added anti detection/self-defense code - some code cleanup in taskmod - tracer does not log control flow above 0x80000000 - ... Generic extension for SoftICE for Win9x and NT. - nticedump supports dumping and Bhrama only. - Implemented as an internal Winice/NTice command (PAGEIN). - Subcommands: dump memory to file, load file into memory, dump via Bhrama/Procdump, dump winice screen to file, suspend/resume thread/process, set page table entry flags, change FPU registers, start/stop playing tracks on CD, start/stop playing mp3 songs, print usage info... - Parser accepts expressions whereever possible. - Supports V86, ring-3/16, ring-3/32 and ring-0/32 protected mode clients whenever possible. - Fool-proof internal parser (but do RTFM ;-). - Sources are included. Sex by defiler & ultraschall. 12.IX.2000. Sex 1.2 (6K). This tool is an experimental project entirely written in Win32ASM. It is a SoftICE extension via dot command, with neat features. Winice Loader by IceDump team. 09.VIII.2000. WinICE loader 0.2 (5K). This utility is a small loader designed to load Winice on Windows Millennium, without the need of the checked build of io.sys, which is part of the Millennium DDK, and is not freely available yet. SuperBPM by EliCZ. 26.V.1999. SuperBPM (2K). Sometimes your breakpoints can be (BPM, BPIO -h, G, HERE, P, P RET) ignored. With SuperBPM everything is all super, zuprgut. NTDump by EliCZ. 26.V.1999. NTDump 1.03 (13K). Dumper for SoftICE NT. Interrupter by LaZaRuS. 07.V.2000. Interrupter 1.04 (6K). News: - Win2K compatible. SoftICE loader doesn't work with certain packed files. This litle program puts CC (which is the opcode for Int03) at the entry point of all PE files. Now you can set a breakpoint "bpint 03" and your problem is solved. Log2Bin by defiler [EXECUTiON]. 16.XII..1999. Log2Bin 1.0 (21K). Log2Bin converts winice.log files into binary files. It collects information of the data lines dumped with SoftIce's 'Display Memory' command (db [adress [L length]]), converts the string data to binary data and writes it back to a file. So its just another 'memory-dumper' created for your needs (keyfiles, unwrapping, ripping ressources and so on...).