HOME

TheInfoList



OR:

SoftICE is a
kernel mode In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Computer ...
debugger A debugger is a computer program used to test and debug other programs (the "target" programs). Common features of debuggers include the ability to run or halt the target program using breakpoints, step through code line by line, and display ...
for
DOS DOS (, ) is a family of disk-based operating systems for IBM PC compatible computers. The DOS family primarily consists of IBM PC DOS and a rebranded version, Microsoft's MS-DOS, both of which were introduced in 1981. Later compatible syste ...
and
Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
up to
Windows XP Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct successor to Windows 2000 for high-end and business users a ...
. It is designed to run underneath Windows, so that the
operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...
is unaware of its presence. Unlike an application debugger, SoftICE is capable of suspending all operations in Windows when instructed. Due to its low-level capabilities, SoftICE is also popular as a
software cracking Software cracking (known as "breaking" mostly in the 1980s) is an act of removing copy protection from a software. Copy protection can be removed by applying a specific ''crack''. A ''crack'' can mean any tool that enables breaking software p ...
tool. Microsoft offers two kernel-mode debuggers,
WinDbg WinDbg is a multipurpose debugger for the Microsoft Windows computer operating system, distributed by Microsoft. It can be used to debug user mode applications, device drivers, and the operating system itself in kernel mode. Overview Like the ...
and KD, without charges. However, the full capabilities of WinDbg and KD are available only when two interlinked computers are used. SoftICE, therefore, is an exceptionally useful tool for difficult driver-related development. The last released version was for Windows XP. Older versions exist for DOS and compatible operating systems. SoftICE was originally produced by the company
NuMega NuMega Technologies, Inc. (also known as NuMega), was a software company founded in 1987 by Frank Grossman and Jim Moskun in Nashua, New Hampshire. The company developed a Kernel mode debugger, now SoftICE, for DOS and the Windows NT family.Mark R ...
, and was subsequently acquired by Compuware in 1997, which in turn sold the property to
Micro Focus Micro Focus International plc was a British multinational software and information technology business based in Newbury, Berkshire, England. The firm provided software and consultancy. The company was listed on the London Stock Exchange and t ...
in 2009. Currently, Micro Focus owns the
source code In computing, source code, or simply code or source, is a plain text computer program written in a programming language. A programmer writes the human readable source code to control the behavior of a computer. Since a computer, at base, only ...
and patents, but is not actively maintaining SoftICE.


Naming

"Soft" refers to software, and "ICE" is an
allusion Allusion, or alluding, is a figure of speech that makes a reference to someone or something by name (a person, object, location, etc.) without explaining how it relates to the given context, so that the audience must realize the connection in the ...
to
in-circuit emulator In-circuit emulation (ICE) is the use of a hardware device or in-circuit emulator used to debug the software of an embedded system. It operates by using a processor with the additional ability to support debugging operations, as well as to carr ...
.


History

The original SoftICE for DOS was written in 1987 by NuMega founders Frank Grossman and Jim Moskun. The program, written in
80386 The Intel 386, originally released as the 80386 and later renamed i386, is the third-generation x86 architecture microprocessor from Intel. It was the first 32-bit processor in the line, making it a significant evolution in the x86 architect ...
assembly language In computing, assembly language (alternatively assembler language or symbolic machine code), often referred to simply as assembly and commonly abbreviated as ASM or asm, is any low-level programming language with a very strong correspondence bet ...
, played the role of an operating system and ran software in
virtual 8086 mode In the 80386 microprocessor and later, virtual 8086 mode (also called virtual real mode, V86-mode, or VM86) allows the execution of real mode applications that are incapable of running directly in protected mode while the processor is running ...
. It sold for $386. SoftICE/W (for Windows) was developed in the 1990s, and was instrumental in the Writing of "Undocumented Windows", by Andrew Schulman, David Maxey and
Matt Pietrek Matt Pietrek (born 1966) is an American spirits and drinks writer, publisher, and rum historian. His 2022 book, ''Modern Caribbean Rum'' won the Tales of the Cocktail Spirited Award for Best New Book on Drinks Culture, History, or Spirits.
. SoftICE/W was derived from an earlier, lesser known product, SoftICE for
NetWare NetWare is a discontinued computer network operating system developed by Novell, Inc. It initially used cooperative multitasking to run various services on a personal computer, using the IPX network protocol. The final update release was ver ...
(32-bit
protected mode In computing, protected mode, also called protected virtual address mode, is an operational mode of x86-compatible central processing units (CPUs). It allows system software to use features such as Memory_segmentation, segmentation, virtual mem ...
). One of the key advantages it had over Microsoft's debuggers is that it enabled single machine debugging, rather than requiring a second machine to be connected over a serial port. The principal developers of SoftICE were Dom Basile ('Mr. SoftICE'), Tom Guinther (Kitchen Sink, Symbol Engine), Gerald Ryckman (Video drivers and ''Kitchen Sink''), Ray Hsu (Video drivers for
Windows 95 Windows 95 is a consumer-oriented operating system developed by Microsoft and the first of its Windows 9x family of operating systems, released to manufacturing on July 14, 1995, and generally to retail on August 24, 1995. Windows 95 merged ...
), and Dan Babcock (SoftICE/NT 3.1/3.5: Universal video driver, symbol engine), with contributions by a variety of NuMega developers including Frank Grossman, Jim Moskun and Matt Pietrek. In 1998, the
codebase In software development, a codebase (or code base) is a collection of source code used to build a particular software system, application, or software component. Typically, a codebase includes only human-written source code system files; thu ...
for SoftICE/95 was ported to run on the
Windows NT Windows NT is a Proprietary software, proprietary Graphical user interface, graphical operating system produced by Microsoft as part of its Windows product line, the first version of which, Windows NT 3.1, was released on July 27, 1993. Original ...
platform. Newer versions of SoftICE patch deep into Microsoft Windows. As such, old versions of SoftICE are rarely compatible with new versions of Windows. Compuware therefore offered SoftICE as a subscription so that it could be kept up to date and in sync with the latest Microsoft Windows version. SoftICE was previously offered as part of Compuware's DriverStudio package, but was discontinued in April 2006.


Termination

As of April 3, 2006, the DriverStudio product family has been discontinued because of "a variety of technical and business issues as well as general market conditions". Maintenance support was offered until March 31, 2007.


Anti-SoftICE measures

Software vendors have put in place a wide range of countermeasures to protect themselves from people employing SoftICE as a tool to analyse software. For example, here is code some vendors used to detect the presence of SoftICE running in the same machine as an early countermeasure: mov eax, dword ptr IDT+2 eax -> IDT add eax, 8 ; eax -> int 1 vector mov ebx, ax ; ebx

int 1 vector add eax, 16 ; eax -> int 3 vector mov eax, ax ; eax

int 3 vector and eax, 0FFFFh ; strip the selector and ebx, 0FFFFh ; part of it sub eax, ebx ; find displacement cmp eax, 10h jne HackedVector ; not equal, then chances are ; SoftICE had tampered with these vectors
More and better such measures have evolved since. While most of them can only deter the less experienced and determined hackers, SoftICE is no longer a tool of choice for someone new to analysing software. Modern software anti-analysis methods are based on more sophisticated packers/protectors, e.g. Themida, Armadillo or ASProtect which pack the program code and tamper with entry point addresses so it is hard to find the program's original entry point ( OEP). That is also true for the program's import address table (IAT). However, tools for hiding SoftICE are also available, such as IceStealth and IceExt for Windows NT, or Icedump and IcePatch for
Windows 9x Windows 9x is a generic term referring to a line of discontinued Microsoft Windows operating systems released from 1995 to 2000 and supported until 2006, which were based on the kernel introduced in Windows 95 and modified in succeeding version ...
.


Reception

In 1989, ''
BYTE The byte is a unit of digital information that most commonly consists of eight bits. Historically, the byte was the number of bits used to encode a single character of text in a computer and for this reason it is the smallest addressable un ...
'' listed Soft-ICE among the "Distinction" winners of the BYTE Awards, stating that, "If you're developing
8086 The 8086 (also called iAPX 86) is a 16-bit microprocessor chip designed by Intel between early 1976 and June 8, 1978, when it was released. The Intel 8088, released July 1, 1979, is a slightly modified chip with an external 8-bit data bus (allo ...
-based applications on an 80386 machine, this is an essential and affordable tool".


Alternatives

A commercial kernel-level debugger called Syser claims to continue where SoftICE left off. A
shareware Shareware is a type of proprietary software that is initially shared by the owner for trial use at little or no cost. Often the software has limited functionality or incomplete documentation until the user sends payment to the software developer. ...
debugger, but free to use,
OllyDbg OllyDbg (named after its author, Oleh Yuschuk) is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and st ...
is a
32-bit In computer architecture, 32-bit computing refers to computer systems with a processor, memory, and other major system components that operate on data in a maximum of 32- bit units. Compared to smaller bit widths, 32-bit computers can perform la ...
assembler-level debugger from Oleh Yuschuk. However, it can only be used for user-mode debugging. An open source kernel debugger similar to SoftICE named ''Rasta Ring 0 Debugger'' (RR0D) is available. It provides low-level debugging for
Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
,
Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...
,
OpenBSD OpenBSD is a security-focused operating system, security-focused, free software, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by fork (software development), forking NetBSD ...
,
NetBSD NetBSD is a free and open-source Unix-like operating system based on the Berkeley Software Distribution (BSD). It was the first open-source BSD descendant officially released after 386BSD was fork (software development), forked. It continues to ...
, and
FreeBSD FreeBSD is a free-software Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version was released in 1993 developed from 386BSD, one of the first fully functional and free Unix clones on affordable ...
. This project does not seem to be actively maintained. , the last change in its
GitHub GitHub () is a Proprietary software, proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GitHub itself provides access control, bug trackin ...
source code repository In version control systems, a repository is a data structure that stores metadata for a set of files or directory structure. Depending on whether the version control system in use is distributed, like Git or Mercurial, or centralized, like Subv ...
occurred in December 2008. A debugger called BugChecker is a 32-bit single-host kernel debugger for
Windows 2000 Windows 2000 is a major release of the Windows NT operating system developed by Microsoft, targeting the server and business markets. It is the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RT ...
and XP, developed and made available as open source for educational purposes. BugChecker allows users to trace into both user and kernel code, both on uniprocessor and
multiprocessor Multiprocessing (MP) is the use of two or more central processing units (CPUs) within a single computer system. The term also refers to the ability of a system to support more than one processor or the ability to allocate tasks between them. The ...
versions of Windows 2000 and XP. A modern successor to SoftICE named BugChecker (unrelated to the one mentioned above) was released by Vito Plantamura in 2023. Unlike the other local kernel debuggers, it supports Windows XP to Windows 11, both 32-bit and 64-bit. To achieve this, the debugger spoofs the machine as being debugged by a second system by intercepting serial cable communication, and then and draws its display directly to the
framebuffer A framebuffer (frame buffer, or sometimes framestore) is a portion of random-access memory (RAM) containing a bitmap that drives a video display. It is a memory buffer containing data representing all the pixels in a complete video frame. Mode ...
. This method significantly improves stability and compatibility compared to previous approaches, including that of SoftICE itself. Many hypervisors allow debugging the kernel running in the
virtual machine In computing, a virtual machine (VM) is the virtualization or emulator, emulation of a computer system. Virtual machines are based on computer architectures and provide the functionality of a physical computer. Their implementations may involve ...
through exposing some kind of debugger interface that can control the virtualized processor directly. This allows debugging even if the kernel does not have native debugging facilities.


References


External links


Collection of SoftICE extension
* *
Official SoftICE documentation from NuMega
{{DEFAULTSORT:Softice Debuggers Assembly language software Micro Focus International