Chapter 4: The SoftIce Debugger

Overview

There are different versions of SoftIce for all of Microsoft's operating systems from the Windows family and even for MS-DOS. First, it is necessary to mention that SoftIce is a kernel-mode debugger. This means that it can be used for debugging any programs that run under a specific operating system, including services and drivers running in the protection ring 0. Because SoftIce closely interacts with the operating system, it allows you to obtain lots of internal system information (private information, I'd say) related to the details of the operating system's operation. Therefore, SoftIce is an indispensable tool for everyone who studies the internal mechanisms of Windows operation. Among code diggers, SoftIce is considered the best debugger ever known.

The distribution set, along with the debugger, provides lots of utilities and tools, the most important of which is the Symbol Loader (in other words, the loader of the debug information). The Symbol Loader program (loader32.exe) loads the executable module into the memory and calls the SoftIce debugger window. In other words, it sets a breakpoint to the program entry point. If debug information recognizable by the loader is present in the executable module, it also loads this information into the debugger. The debugger allows you to debug executable code not only locally but also remotely. Remote debugging is carried out from a remote computer connected through the COM port to the local computer running the program being debugged.

SoftIce installation deserves separate consideration. Because this debugger operates at the kernel level, developers have to constantly elaborate their product to ensure support for all releases of the Windows operating system. Nevertheless, articles and discussions dedicated to problems related to SoftIce installation and troubleshooting swarm the Internet. I won't provide the installation topics here to economize on space. You can find all required information at the product's support site, http://www.compuware.com, where, having registered, you can download the SoftIce Reference Guide. My goal is to provide a brief introduction to application debugging using SoftIce. Therefore, I'll give detailed descriptions of the SoftIce commands most frequently used for debugging standard applications. Also covered will be examples of debugging when the debugging information is present in the modules being debugged, as well as when the debugging information is not available.

All examples provided in this chapter are applicable to Windows XP and Windows Server 2003.