Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
SoftICE
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
{{Short description|Kernel mode debugger}} {{Tone|date=January 2009}} {{anchor|Visual SoftICE}} {{Infobox software | name = SoftICE | title = SoftICE | logo = <!-- [[File: ]] --> | screenshot = | caption = SoftICE debugger interface | collapsible = | author = [[NuMega]] | developer = [[Compuware]] | released = {{Start date and age|1987}} (DOS) | discontinued = yes | latest release version = v4.05 | latest release date = {{Start date and age|2000}}<ref>{{Cite web|url=https://www.angelfire.com/bug/ass_1/Readme.htm|title=NuMega SoftICE 4.05 Release Notes|access-date=2012-06-04|archive-date=2018-01-01|archive-url=https://web.archive.org/web/20180101035553/http://www.angelfire.com/bug/ass_1/Readme.htm|url-status=live}}</ref> | latest preview version = | latest preview date = <!-- {{Start date and age|YYYY|MM|DD}} --> | frequently updated = <!-- DO NOT include this parameter unless you know what it does --> | programming language = | operating system = [[Microsoft Windows]] | platform = | size = | language = | status = | genre = [[Debugger]] | license = Proprietary | website = }} '''SoftICE''' is a [[kernel mode]] [[debugger]] for [[DOS]] and [[Windows]] up to [[Windows XP]]. It is designed to run underneath Windows, so that the [[operating system]] is unaware of its presence. Unlike an application debugger, SoftICE is capable of suspending all operations in Windows when instructed. Due to its low-level capabilities, SoftICE is also popular as a [[software cracking]] tool. Microsoft offers two kernel-mode debuggers, [[WinDbg]] and KD, without charges. However, the full capabilities of WinDbg and KD are available only when two interlinked computers are used. SoftICE, therefore, is an exceptionally useful tool for difficult driver-related development. The last released version was for Windows XP. Older versions exist for DOS and compatible operating systems. SoftICE was originally produced by the company [[NuMega]], and was subsequently acquired by [[Compuware]] in 1997, which in turn sold the property to [[Micro Focus]] in 2009. Currently, Micro Focus owns the [[source code]] and patents, but is not actively maintaining SoftICE. ==Naming== "Soft" refers to software, and "ICE" is an [[allusion]] to [[in-circuit emulator]]. ==History== The original '''SoftICE for DOS''' was written in 1987 by NuMega founders Frank Grossman and Jim Moskun. The program, written in [[80386]] [[assembly language]], played the role of an operating system and ran software in [[virtual 8086 mode]]. It sold for $386. '''SoftICE/W (for Windows)''' was developed in the 1990s, and was instrumental in the Writing of "Undocumented Windows", by Andrew Schulman, David Maxey and [[Matt Pietrek]]. SoftICE/W was derived from an earlier, lesser known product, '''SoftICE for [[NetWare]]''' (32-bit [[protected mode]]). One of the key advantages it had over Microsoft's debuggers is that it enabled single machine debugging, rather than requiring a second machine to be connected over a serial port. The principal developers of SoftICE were Dom Basile ('Mr. SoftICE'), Tom Guinther (Kitchen Sink, Symbol Engine), Gerald Ryckman (Video drivers and ''Kitchen Sink''), Ray Hsu (Video drivers for [[Windows 95]]), and Dan Babcock ('''SoftICE/NT''' 3.1/3.5: Universal video driver, symbol engine), with contributions by a variety of NuMega developers including Frank Grossman, Jim Moskun and Matt Pietrek. In 1998, the [[codebase]] for '''SoftICE/95''' was ported to run on the [[Windows NT]] platform. Newer versions of SoftICE patch deep into Microsoft Windows. As such, old versions of SoftICE are rarely compatible with new versions of Windows. Compuware therefore offered SoftICE as a subscription so that it could be kept up to date and in sync with the latest Microsoft Windows version. SoftICE was previously offered as part of Compuware's DriverStudio package, but was discontinued in April 2006. ===Termination=== As of April 3, 2006, the DriverStudio product family has been discontinued because of "a variety of technical and business issues as well as general market conditions". Maintenance support was offered until March 31, 2007. ===Anti-SoftICE measures=== Software vendors have put in place a wide range of countermeasures to protect themselves from people employing SoftICE as a tool to analyse software. For example, here is code some vendors used to detect the presence of SoftICE running in the same machine as an early countermeasure: <syntaxhighlight lang="asm"> mov eax, dword ptr [pIDT+2]; eax -> IDT add eax, 8 ; eax -> int 1 vector mov ebx, [eax] ; ebx == int 1 vector add eax, 16 ; eax -> int 3 vector mov eax, [eax] ; eax == int 3 vector and eax, 0FFFFh ; strip the selector and ebx, 0FFFFh ; part of it sub eax, ebx ; find displacement cmp eax, 10h jne HackedVector ; not equal, then chances are ; SoftICE had tampered with these vectors </syntaxhighlight> More and better such measures have evolved since. While most of them can only deter the less experienced and determined hackers, SoftICE is no longer a tool of choice for someone new to analysing software. Modern software anti-analysis methods are based on more sophisticated packers/protectors, e.g. Themida, Armadillo or ASProtect which pack the program code and tamper with entry point addresses so it is hard to find the program's original entry point ([[Entry point|OEP]]). That is also true for the program's [[Import Address Table|import address table]] (IAT). However, tools for hiding SoftICE are also available, such as IceStealth and IceExt for Windows NT, or Icedump and IcePatch for [[Windows 9x]].<ref>{{cite web|url=http://www.woodmann.com/collaborative/tools/index.php/Category:SoftICE_Extensions|title=Category:SoftICE Extensions - Collaborative RCE Tool Library|publisher=Woodmann.com|access-date=2014-04-24|archive-date=2014-07-31|archive-url=https://web.archive.org/web/20140731033213/http://www.woodmann.com/collaborative/tools/index.php/Category:SoftICE_Extensions|url-status=live}}</ref> ==Reception== In 1989, ''[[Byte (magazine)|BYTE]]'' listed Soft-ICE among the "Distinction" winners of the BYTE Awards, stating that, "If you're developing [[8086]]-based applications on an 80386 machine, this is an essential and affordable tool".<ref name="byte198901">{{Cite magazine|date=January 1989|title=The BYTE Awards|url=https://archive.org/stream/byte-magazine-1989-01/1989_01_BYTE_14-01_PC_Communications_and_Annual_Awards_and_Digitizing_Tablets#page/n371/mode/2up|magazine=BYTE|page=327}}</ref> =={{Anchor|RR0D}}Alternatives== A commercial [[kernel (operating system)|kernel]]-level debugger called Syser claims to continue where SoftICE left off. A [[shareware]] debugger, but free to use, [[OllyDbg]] is a [[32-bit]] assembler-level debugger from Oleh Yuschuk. However, it can only be used for user-mode debugging. An open source kernel debugger similar to SoftICE named ''Rasta Ring 0 Debugger'' (RR0D) is available.<ref>{{cite web|url=http://wiki.droids-corp.org/articles/r/r/0/RR0D/Presentation.html|title=RR0D/Presentation|publisher=Wiki.droids-corp.org|access-date=2014-04-24|archive-date=2014-04-24|archive-url=https://web.archive.org/web/20140424124309/http://wiki.droids-corp.org/articles/r/r/0/RR0D/Presentation.html|url-status=live}}</ref><ref>{{cite web|url=http://www.woodmann.com/collaborative/tools/index.php/Rasta_Ring_0_Debugger_%28RR0D%29|title=Rasta Ring 0 Debugger (RR0D) - Collaborative RCE Tool Library|publisher=Woodmann.com|date=2007-10-18|access-date=2014-04-24|archive-date=2016-03-04|archive-url=https://web.archive.org/web/20160304135950/http://www.woodmann.com/collaborative/tools/index.php/Rasta_Ring_0_Debugger_(RR0D)|url-status=live}}</ref> It provides low-level debugging for [[Microsoft Windows]], [[Linux]], [[OpenBSD]], [[NetBSD]], and [[FreeBSD]]. This project does not seem to be actively maintained. {{As of|2016|6}}, the last change in its [[GitHub]] [[source code repository]] occurred in December 2008.<ref>{{cite web|author=joe|url=https://github.com/ice799/rr0d|title=ice799/rr0d|publisher=Github.com|access-date=2016-06-05|archive-date=2018-12-22|archive-url=https://web.archive.org/web/20181222011217/https://github.com/ice799/rr0d|url-status=live}}</ref> A debugger called BugChecker is a 32-bit single-host kernel debugger for [[Windows 2000]] and XP, developed and made available as open source for educational purposes. BugChecker allows users to trace into both user and kernel code, both on uniprocessor and [[multiprocessor]] versions of Windows 2000 and XP.<ref>{{cite web|url=http://bugchecker.com/|title=BugChecker|publisher=BugChecker|access-date=2014-04-24|archive-date=2011-10-29|archive-url=https://web.archive.org/web/20111029004032/http://bugchecker.com/|url-status=live}}</ref> A modern successor to SoftICE named BugChecker (unrelated to the one mentioned above) was released by Vito Plantamura in 2023. Unlike the other local kernel debuggers, it supports Windows XP to Windows 11, both 32-bit and 64-bit. To achieve this, the debugger spoofs the machine as being debugged by a second system by intercepting serial cable communication, and then and draws its display directly to the [[framebuffer]]. This method significantly improves stability and compatibility compared to previous approaches, including that of SoftICE itself.<ref>{{cite web|url=https://github.com/vitoplantamura/BugChecker|title=BugChecker|publisher=Github.com|access-date=2024-04-28}}</ref> Many hypervisors allow debugging the kernel running in the [[virtual machine]] through exposing some kind of debugger interface that can control the [[virtualization|virtualized]] processor directly. This allows debugging even if the kernel does not have native debugging facilities. ==References== {{Reflist|30em}} ==External links== * [http://www.woodmann.com/collaborative/tools/index.php/Category:SoftICE_Extensions Collection of SoftICE extension] * {{cite web|title=More on SoftIce, from one of its parents|author-first=Matt|author-last=Pietrek|author-link=Matt Pietrek|date=2006-04-11|url=http://blogs.msdn.com/matt_pietrek/archive/2006/04/11/573621.aspx|access-date=2017-10-10|url-status=live|archive-url=https://web.archive.org/web/20171010101330/https://blogs.msdn.microsoft.com/matt_pietrek/2006/04/11/more-on-softice-from-one-of-its-parents/|archive-date=2017-10-10}} * {{cite book|publisher=[[Compuware Corporation]]|title=Using Visual SoftICE Release 1.3.0 for Windows NT / Windows 2000 / Windows XP|id=Doc. 11581|date=2003-05-19|url=https://supportline.microfocus.com/documentation/books/DevPartner/doc/NSH13/PDF/Using_VSI.pdf|access-date=2017-10-09|url-status=live|archive-url=https://web.archive.org/web/20171009232827/https://supportline.microfocus.com/documentation/books/DevPartner/doc/NSH13/PDF/Using_VSI.pdf|archive-date=2017-10-09}} * [https://www.neperos.com/journal/SoftICE Official SoftICE documentation from NuMega] {{DEFAULTSORT:Softice}} [[Category:Debuggers]] [[Category:Assembly language software]] [[Category:Micro Focus International]]
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)
Pages transcluded onto the current version of this page
(
help
)
:
Template:Ambox
(
edit
)
Template:Anchor
(
edit
)
Template:As of
(
edit
)
Template:Cite book
(
edit
)
Template:Cite magazine
(
edit
)
Template:Cite web
(
edit
)
Template:DMCA
(
edit
)
Template:Infobox
(
edit
)
Template:Infobox software
(
edit
)
Template:Main other
(
edit
)
Template:Reflist
(
edit
)
Template:Short description
(
edit
)
Template:Template other
(
edit
)
Template:Tone
(
edit
)