home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
HPAVC
/
HPAVC CD-ROM.iso
/
ICE95.ZIP
/
README.1ST
< prev
next >
Wrap
Text File
|
1995-10-10
|
40KB
|
978 lines
----------------------------------------------------------------------------
TABLE OF CONTENTS FOR Soft-ICE/W Version 1.95 Windows 95 Beta
Nu-Mega Technologies, Inc.
----------------------------------------------------------------------------
1. Overview and Installation
2. New in version 1.95
3. Starting Soft-ICE/W
4. Troubleshooting/Known problems
5. Source Level Debugging of 32 bit applications and DLL's
6. Source level debugging of static and dynamic VxDs
7. Address contexts
8. 32 bit symbols
9. 32 bit exports
10. Setting Break Points on 32 bit source and symbols
11. DBG2MAP utility
12. THREAD command
13. ADDR command
14. 32 bit heap support
15. MAP32 command
16. 32 bit call stack
17. Step until Return function
18. INT 41h DOT Commands
19. VERBOSE keyword
20. WLDR
21. TASK command
22. MOD command
23. Displaying owner of an address for code and data window
24. Entering prefixes in command recall
25. VxD Service Changes
26. Positioning to beginning or end of a source file
27. New Video Support
28. VXD command
29. Display transitions from Ring3 to Ring0 code.
Overview and Installation
-------------------------
Soft-ICE/W beta version 1.95 is intended for use with the final beta
version of Windows 95 (M8).
This readme file is a supplement to the Soft-ICE/W documentation and
contains information on all the Windows 95 specific changes and other
changes that might not have made it into the written documentation.
To install Soft-ICE/W run the setup.exe program from Windows 95. This
will prompt you for the necessary information and then unpack and copy
the files.
New in version 1.95
-------------------
Soft-ICE/W version 1.95 is first major release since version 1.92. Some
of the differences are listed below:
- Full support for win95 address contexts. This includes tying
breakpoints, exported symbols and symbol tables to specific address
contexts. This also includes the ability to debug dll's
that exist in multiple contexts.
- I/O breakpoints are now fully functional.
- Fault trapping has been added for all page faults, gp faults, stack
faults and invalid opcode faults occurring in win32, win16 or v86
mode code.
- Range breakpoints are functional for win32, win16 and v86 mode code.
- Source level debugging support for vxd's built with the MSVC linker.
- Support has been added for VMM and DEBUGCMD .M and .P debug commands.
This provides a wide variety of new informational displays concerning
paging, memory management, threads, mutexes and semaphores.
- Many commands have been enhanced including VXD, HEAP32, TSS, ADDR,
CR, LDT and VCALL.
- Disassembler now comments any transitions from application level code
to vxd code. This includes both from V86 code and protected mode
code.
- Numerous bug fixes. Several of these bugs would result in seemingly
random hangs and crashes. If win95 seemed less stable when running
under winice, theres a good chance this release will fix it.
- All 32 bit exports are now displayed including exported entry points
that don't have symbol names.
Starting Soft-ICE/W
-------------------
Soft-ICE/W is a kernel debugger and must be loaded before win.com.
To run Soft-ICE/W, type winice at the command prompt. Once
loaded, Soft-ICE/W executes win.com to start windows 95.
By default, windows 95 boots directly into the GUI shell without stopping
at DOS. There are several ways to change this behavior:
1) While booting up, press F8, and when the win95 boot menu appears
select the option for "Command Prompt Only". This would have to
be done each time the machine is booted.
2) Place a PAUSE command at the end of autoexec.bat and press CTRL-C
when it pauses to escape to DOS.
3) Create a dummy batch file called win.bat. When windows 95 starts
it will exec in win.bat instead of win.com and you will end up
at the DOS prompt.
4) Run winice from autoexec.bat.
5) In Windows 95 the hidden file MSDOS.SYS is just an INI text file.
After removing the hidden, read-only and system attributes, edit
the file and change the line BootGUI=1 to BootGUI=0.
Troubleshooting/Known problems
------------------------------
This is a beta release of Soft-ICE/W and does contain some known problems.
This section lists those problems and potential work arounds where one
exists and also has some common trouble shooting items.
- The class command lists only classes belonging to USER.
- All forms of the BPR command will trap only level3 code. VxD code
(level 0) will never be trapped.
- Both the WLDR and WLOG programs are combined DOS/Windows programs.
In WIN95 the default behavior is to run windows programs from the
DOS command prompt. This would result in the Windows portion of
the program being run. For this reason, the files DLDR and DLOG are
included on this release which contain the DOS only portions of the
utilities.
Source Level Debugging of 32 bit applications and DLL's
-------------------------------------------------------
Version 1.95 32 bit source/symbol support works only with .SYM files.
It will not read debug information directly out of .EXE files.
This means this release will not support local variables in 32 bit
applications. The procedure for debugging a 32 bit app/dll would be as
follows:
- Build your applications and DLL's with full debug information
- Run the provided DBG2MAP utility to produce a detailed map file.
- Run the provided MSYM utility to produce a .SYM file.
- Use WLDR to load source/symbols for your application and
to start your application.
Source level debugging of static and dynamic VxDs
-------------------------------------------------
Version 1.95 VxD source/symbol support works only with .SYM files.
It will not read debug information directly out of .VXD files.
The procedure for debugging a static or dynamic VxD would be as follows:
- Compile and assemble your source files with full debug info.
The following flags will work for MASM 6.11c and the MSVC C
compiler.
MASM:
-coff -DBLD_COFF -DIS_32 -W2 -Zd -c -Cx -DMASM6 -DDEBLEVEL=1 -DDEBUG
C:
-Zdp -Gs -c -DIS_32 -Zl -DDEBLEVEL=1 -DDEBUG
- Link with the MSVC linker producing a map with line number info.
The switches that must be added to the link are as follows:
-DEBUG
-DEBUGTYPE:MAP,COFF
- Run the provided MSYM utility to produce a .SYM file.
- Use a LOAD= statement in WINICE.DAT, or the WLDR utility to load
source/symbols for your VxD.
Note: Included in the M8 DDK are updated copies of MASM 6.11 and the MSVC
linker intended for VxD development. The updated MASM is in
directory MASM611C and the updated linker is in MSVC20.
Soft-ICE/W also still supports the Windows 3.X development tools for
building VxDs, so if you are still using MASM 5.10B and LINK386 these
will still work.
Address contexts
----------------
In Windows 95 every 32 bit application runs in a separate virtual address
space. The linear address range 400000h to 7fffffffh is reserved for
32 bits apps and private DLL's. When Windows 95 switches between 32 bit
tasks a new set of page tables are used for this address space.
When Soft-ICE/W pops up, it is in whatever context Windows 95 is currently
executing. This can be determined by using the ADDR command. Address
contexts can be changed explicitly by using the ADDR command. This can
be confusing if you are viewing code or data that is located in
the 400000h to 7fffffffh range. When you switch address contexts the
data or code being displayed will change even though the selector:offset
address does not change.
Soft-ICE/W will also automatically switch address contexts in the
following situations:
If the TABLE command is used to switch to a 32 bit symbol table
the current address context will be set to that modules address
context.
If the FILE command is used to display a source file from a 32 bit
table the current address context will be set to that modules address
context.
If a symbol-name is used in an expression, the address context will
be changed to the appropriate context. This is true for both
symbols and export symbols loaded through the EXP directive.
If you are using bare addresses in an expression you must make sure you
are in the desired address context.
ie. D 137:401000 will display memory at 401000 in the current
address context.
WARNING: Before setting breakpoints using bare addresses make sure you
are in the desired address context since Soft-ICE/W will use
the current context.
Once a break point is set Soft-ICE/W will remember the address context
it was set in and will ensure that it only goes off in the correct
address context.
32 bit symbols
--------------
Support has been added for 32 bit .SYM files. Soft-ICE/W can handle
.SYM files produced by the Microsoft MAPSYM utilities or ones produced
by our own MSYM utility. For source level debugging you must use
our DBG2MAP utility followed by our MSYM utility.
.SYM files can be loaded in two different ways:
Preloaded from WINICE.DAT.
Use the LOAD32 keyword specifying either the executable file name
or the .SYM file name. For example:
LOAD32=c:\windows\system\kernel32.dll
OR
LOAD32=c:\windows\system\kernel32.sym
Loaded from the WLDR utility.
Run WLDR from Windows and specify the executable file name.
Symbols are displayed in Soft-ICE/W using the SYM command. If the module
is not yet loaded, the segment displayed will be the section number from
the 32 bit executable file. (i.e. 1,2,3 etc.). The offset will be the
offset from the section base. Once the module is loaded into memory
a selector:offset will be displayed where the offset now contains the
section base address added in. When a 32 bit module is unloaded, all
addresses will return to the section number:offset address.
32 bit exports
--------------
Support has been added for 32 bit exported symbols. Use the EXP directive
in WINICE.DAT to load 32 bit export symbols for any 32 bit DLL. The EXP
command lists all exported symbols that WINICE knows about. These
symbols can be used in any WINICE expression and are automatically
displayed when disassembling code.
The winice.dat file contains sample exp lines for Windows 95 that are
commented out. Just change the directory names to wherever your Windows
95 is installed and remove the ; preceding the exp statement.
When displaying exports in Soft-ICE/W, if the module is not yet loaded,
the segment will be displayed as FE: and the offset will be the offset
from the 32 bit image base. Once the module is loaded into memory
a selector:offset will be displayed where the offset now contains the
image base address added in. When a 32 bit module is unloaded, all
addresses will return to the FE:offset address.
Soft-ICE/W will show all exported entry points even if they do not have
names associated with them. For exported entry points without names,
Soft-ICE/W will form a name in the following format:
ORD_XXXX where XXXX is the ordinal number.
Since multiple DLL's can have unnamed ordinals, there can be an overlap
of names of this form. To be sure you are using the correct symbol you
can precede the symbol with the module name followed by exclamation
point. For example to refer to KERNEL32's export ordinal number 1, the
following expression could be used:
kernel32!ord_0001
The number following the ord_ string does not have to have the correct
number of leading zeroes. ord_0001 and ord_1 will both work correctly.
For Windows 95, Soft-ICE/W will search all 32 bit export tables before
any 16 bit export tables. If the same name exists in each type of table
Soft-ICE/W will use the 32 bit one. If you need to override this
behavior, precede the export symbol with the module name followed by an
exclamation point. For example, if specifying the symbol GlobalAlloc,
Soft-ICE/W would use kernel32!GlobalAlloc rather than kernel!GlobalAlloc.
Setting Break Points on 32 bit Source and Symbols
-------------------------------------------------
Break points can be set on any symbol or source line regardless of
whether the module is loaded or the underlying code or data is actually
present in memory. If the code or data is not currently available the
break point will remain in an unarmed state. When Soft-ICE/W detects
the module being loaded or the page becoming present the break point
is automatically armed.
All BPX and BPM style break points are "permanent" break points. That
is no matter how many times the code/data is paged in and out or how
many times the module is loaded and unloaded the break points will
remain active. Soft-ICE/W will automatically update the state and
address of these break points.
DBG2MAP utility
---------------
DBG2MAP is a command line utility that accepts a Win32 (PE)
executable file with debug information as input, and emits a .MAP
file. This .MAP file can then be run through Nu-Mega's MSYM program
to create a .SYM file for use by Soft-Ice/W. At the present time,
.SYM files are the only way for Soft-Ice/W to load 32 bit symbol tables.
DBG2MAP works on executables produced with Microsoft Visual C++ 32 bit
Edition, Borland C++ 4.0, and the Microsoft Win32 SDK compiler. The
.SYM files generated by DBG2MAP/MSYM can be loaded into Soft-Ice/W
via a LOAD32= statement in the WINICE.DAT file, or by the WLDR
program. When using WLDR to load the symbols, specify the name of
the EXE or DLL, not the .SYM file name.
Using DBG2MAP
-------------
The syntax for DBG2MAP can be seen by running DBG2MAP.EXE from a
command prompt without any arguments:
********
DBG2MAP - Win32 debug info to .MAP file program
(C) Copyright Nu-Mega Technologies 1994, All rights reserved.
Syntax: DBG2MAP [switches] filename
/A Include arguments in C++ functions names (default: no)
/M Run MSYM to create a .SYM file from the .MAP file
/P<filename> Use PELE .SMF file
********
To create a .MAP file, type "DBG2MAP filename", where "filename" is
the name of your Win32 EXE or DLL that contains debugging
information. After DBG2MAP finishes, there will be a .MAP file in
the current directory with the same base filename as your EXE or DLL.
The "/A" option tells DBG2MAP to leave in the arguments from the
function names of Microsoft C++ programs. By default, DBG2MAP
truncates Microsoft C++ function names starting with the '('
character. If you instruct DBG2MAP to leave in the arguments in the
symbol names, the symbols may be long and difficult to type in
correctly.
The "/M" option tells DBG2MAP to automatically invoke MSYM after the
map file is created.
The "/P" option is used to support Vireo's VtoolsD package. VtoolsD
has a utility to convert PE header files to LE header files.
Using DBG2MAP In Your Build Process
-----------------------------------
DBG2MAP is a console mode Win32 program. If run under a version of
Win32 that supports console mode applications, it will run natively.
Otherwise, it uses a bound in version of Phar-Lap's TNT DOS Extender.
When building with the command line tools, you may experience
problems in both the Microsoft and Borland environments. For Borland
users, Phar-Lap says that Borland's MAKE.EXE is incompatible with
other DPMI tools such as the TNT DOS extender. Phar Lap recommends
using the real mode MAKER.EXE program instead of the protected mode
MAKE.EXE.
Microsoft users may have problems when running DBG2MAP from within an
NMAKE makefile. This is due to memory conflicts between the DBG2MAP
version of the TNT DOS Extender, and the older Phar Lap DOS extender
used in the Microsoft tools (CL.EXE and LINK.EXE). To work around
this, we suggest running DBG2MAP from a batch file. For instance:
File: M.BAT
----
NMAKE YOURAPP.MAK
DBG2MAP YOURAPP.EXE
MSYM YOURAPP.MAP
----
DBG2MAP Limits
--------------
Due to constraints in the .SYM file format, type information and
local variables are not supported. Only PUBLIC symbols will be put
into the .SYM file. The included information will only contain symbol
names and the symbol's associated address.
THREAD command
--------------
The THREAD command has been added to display all threads currently
running. The top line of the display is the current thread. The syntax
is as follows:
THREAD [task-name | TCB | ID]
If the optional task-name is specified, only threads belonging to the
task will be displayed. If the TCB or ID is specified only information
about the one specific thread will be displayed. For each thread the
following information is dislayed:
RING0TCB - This is the address of the ring 0 thread control block.
This is the address that is passed to VxDs for thread
creation and thread termination.
ID - This is the word ID number of the thread.
CONTEXT - This is the context handle for the thread that determines
what address space is used for the thread.
RING3TCB - This is the address of the ring 3 thread control block.
This is the one that would be used by applications.
PROCESS - This is the address of the process block that owns the
thread.
TASKDB - This is the selector of the task database that owns the
thread.
PDB - This the selector of the program database (protected mode
PSP).
SZ - This is the size of the thread either 16 or 32 bit.
OWNER - This is the task name of the owner. For 32 bit tasks,
the module name with the extension stripped off is
displayed.
An asterisk '*' displayed in front of the owner name indicates that the
thread is the current thread for the task.
If a TCB or ID is specified the following information is displayed for
that one specific thread:
The current register contents for the thread
All thread local storage offsets within the thread. This shows
the offset in the thread control block of the local storage entry,
the contents of the TLS entry and the owner of the TLS entry.
ADDR command
------------
The ADDR command has been added to both display and switch to specific
address contexts. Each 32 bit task is currently given the address space
from 400000h to 7fffffffh. This is called an address context. The
syntax of the ADDR command is as follows:
ADDR [context-handle | task-name]
If no parameters are specified information will be displayed for each
address context. The top line of the display is the context that was
active when Soft-ICE/W popped up. The line that is highlit is the
current address context in Soft-ICE/W.
For each address context, the following information is displayed.
HANDLE - This is the address of the context control block. This
is the handle that would be passed in VxD calls that
require a context handle.
PGTPTR - This is the address of an array of page table addresses.
Each entry in the array represents a 4 meg page table.
When address contexts are switched this array is copied
to the appropriate spot in the page directory.
TABLES - This is the number of entries in the PGTPTR array. Not all
entries contain valid page directory entries. This is
only the number of entries reserved.
MINADDR - This is the minimum virtual address of the address context.
MAXADDR - This is the maximum virtual address of the address context.
MUTEX - This is the mutex handle used when VMM manipulates the
page tables for the context.
OWNER - This is the task name of the first task that uses
this address context.
If a context-handle or task-name are entered, WINICE will switch to that
address context. The proper address context will be restored before
WINICE continues.
Sample output is provided below for ADDR with no parameters.
Handle PGTPTR Tables Min Addr Max Addr Mutex Owner
C103FC84 C1058D3C 0003 00400000 7FFFF000 C104E15C KERNEL32
C10594AC C105A6E4 01FD 00400000 7FFFF000 C10597F8 MSGSRV32
C105BF80 C10624B8 01FE 00400000 7FFFF000 C105CAC0 Explorer
C105F5D0 C1062CB4 01FB 00400000 7FFFF000 C0FE57A4 WINOLDAP
C105E588 C10608C8 01FB 00400000 7FFFF000 C105F15C Systray
C105DABC C105FC68 01FD 00400000 7FFFF000 C105DB8C MMTASK
C105A3DC C105B3A8 01FD 00400000 7FFFF000 C105A410 Mprexe
C10D9030 C10D9048 0002 00400000 7FFFF000 C10D9074
32 bit heap support
-------------------
Support has been added in the HEAP command for 32 bit heaps. This
includes both ring3 heaps and ring0 heaps. The syntax for 32 bit heaps
is as follows:
HEAP 32 [task-name | heap-base]
If no parameters are specified, all 32 bit heaps that can be found will
be displayed. The following heaps will be displayed:
Kernel32's system heap.
Each process's private heaps. These are the heaps created by the
HeapCreate call.
The two ring 0 heaps created by VMM. The first heap shown is the
locked heap. The second heap shown is the pageable heap.
One ring0 heap for every existing virtual machine.
For each 32 bit heap the following information will be displayed:
The heap base address.
The maximum size that the heap can grow too.
The current committed memory in the heap. This reflects the number
of pages that are actually present in memory.
The number of segments in the heap. Each time the heap grows past
its initial max length a new heap segment is created.
The heap type.
The owner of the heap.
If a task-name is provided, WINICE will display the entire process heap
for that task. The address context will automatically be changed to the
correct one.
If an actual heap base address is given that entire heap will be
displayed. If the heap is in private address space, you must make sure
you are in the right address context for that heap.
When displaying an individual 32 bit heap the following information is
displayed:
The address of each heap element.
The size in bytes of each element.
The thread-id of the allocating thread
The EIP address of the code that allocated the element.
The nearest symbol to the EIP address.
The last three pieces of information are only available in the debug
versions of Windows 95. For ring3 heaps this means the SDK debug versions,
for ring0 heaps this means the DDK debug version of VMM.
Sample output is provided below for HEAP32 with no parameters.
HeapBase Max Size Committed Segments Type Owner
00410000 1028K 8K 1 Private Systray
00440000 1028K 40K 1 Private Explorer
00510000 1028K 8K 1 Private Mprexe
00400000 1024K 8K 1 Private MMTASK
00400000 1024K 8K 1 Private MSGSRV32
00410000 1024K 8K 1 Private WINOLDAP
81579000 1024K 64K 1 System KERNEL32
00880000 1024K 8K 1 Private KERNEL32
C0FDA000 1024K 560K 1 Ring 0 VMM
C10DA000 5120K 940K 2 Ring 0 VMM
C3520000 512K 20K 1 VM 01 VMM
C5920000 512K 20K 1 VM 02 VMM
MAP32 command
-------------
MAP32 provides a memory map of all 32 bit modules currently loaded in
memory. Its syntax is as follows:
MAP32 [module-name | module-handle]
MAP32 with no parameters displays a map of all 32 bit modules. If either
a module-name or module-handle is specified only sections from that one
module will be displayed. For each module one line is displayed for
every section/object owned by that module. Each line contains the
following information:
Owner This is the module name
Name This is the section/object name from the executable file.
Obj# This is the section/object number from the executable file.
Address This is the selector:offset address of the object/section.
Size This is the memory size in bytes.
Type This is the type and attributes of the object/section
CODE code
IDATA Initialized data
UDATA uninitialized data
RO read only
RW read/write
SHARED Object is shared
Sample output is provided below for MAP32 on a single module:
MAP32 MSVCRT10
Owner Obj Name Obj# Address Size Type
MSVCRT10 .text 0001 2197:86C81000 00024A00 CODE RO
MSVCRT10 .bss 0002 219F:86CA6000 00001A00 UDATA RW
MSVCRT10 .rdata 0003 219F:86CA8000 00000200 IDATA RO
MSVCRT10 .edata 0004 219F:86CA9000 00005C00 IDATA RO
MSVCRT10 .data 0005 219F:86CAF000 00006A00 IDATA RW
MSVCRT10 .idata 0006 219F:86CB6000 00000A00 IDATA RW
MSVCRT10 .reloc 0007 219F:86CB7000 00001800 IDATA RO
32 bit call stack
-----------------
The STACK command has been changed to work in 32 bit code. Since 32 bit
support is limited to .SYM files, local variables will not be displayed
in the call stack. The stack display is arranged like a real stack
where the topmost entry is the oldest one and the bottom most entry
is the newest one. The bottom line will always be the current eip.
For each line in the call stack both the nearest symbol to the address
and the actual address are displayed. If there is no symbol available
the module name and object/section name are displayed instead. A sample
call stack follows:
KERNEL32!GetProcessFlags+179D at 0137:BFF887A6
KERNEL32!GetProcessFlags+128A at 0137:BFF88293
NOTE32!.text+48A3 at 0137:004058A3
NOTE32!.text+511B at 0137:0040611B
=> KERNEL32!GetStdHandle+000C at 0137:BFF92604
The 32 bit call stack support is not limited to applications. It will
also work for VxD code at ring 0. However, since most VxDs are written
in assembly language, many times there is not a valid call stack to walk.
The call stack code will not trace through thunks or level changes.
Step until Return function
--------------------------
The P command has been modified to provide a step until return function.
This function will automatically step over code until the next return or
return from interrupt is encountered. This function will work in either
16 or 32 bit code and will also work in VxD code.
The syntax of the command is P RET. To make the function easier to use
the default WINICE.DAT file assigns this command to the F12 function key.
Thus pressing F12 at any time will automatically step out of the current
procedure. If you are in an unusually large procedure there can be a
noticeable delay since Soft-ICE/W is single stepping every instruction.
INT 41h DOT Commands
--------------------
Support has been added for the following int 41h dot commands.
function 70h register 32 bit dot command
72h deregister dot command
73h printf32
75h get registers
76h set registers
77h get character from command line
78h evaluate expression
79h verify memory address
7ah display registers
7bh stack dump
These functions are used by the dot command handlers embedded in various
pieces of windows 95.
There are three types of dot commands present in windows 95 supported by
Soft-ICE/W:
- registered dot command handlers. These are new to windows 95. To
get a list of registered dot commands type .?
Sample output of .? follows:
.P - Dump scheduler data. Type '.P?' for more information.
.C - Dos Call trace information.
.M - dump memory manager structures. Type '.M?' for more information.
.P and .C are present only if DEBUGCMD.VXD is specified in system.ini.
DEBUGCMD.VXD is included in the win95 DDK.
.M is provided by VMM and is present in both the retail and debug
builds.
- VxD Debug_Query handlers. These dot handlers are invoked by typing
a VxD name following the dot. Most of these commands if implemented
will display a menu. For example in win95(M8) the following VxDs
have dot handlers in both the retail and debug versions:
.VMM
.VPICD
.VXDLDR
.CONFIGMG
The only way to know if a VxD has a dot handler is to try it.
The dot handlers in the debug version of the ddk sometimes provide
more functionality than the ones in the retail version.
- dot commands embedded in VMM. To get a list of dot functions
supported by VMM type ..? In the M8 retail build ..? yielded the
following:
.R [#] ------- Displays the registers of the current thread
.VM [#] ------ Displays complete VM status
.VC [#] ------ Displays the current VMs control block
.VH [#] ------ Displays a VMM linked list, given list handle
.VR [#] ------ Displays the registers of the current VM
.VS [#] ------ Displays the current VM's virtual mode stack
.VL ---------- Displays a list of all valid VM handles
.DS ---------- Dumps protected mode stack with labels
.VMM --------- Menu VMM state information
.<dev_name> -- Display device specific info
NOTE: All of the above debug functionality is built into the system code
itself and is not a part of Soft-ICE/W, and therefore all of the
functions cannot be guaranteed to work. Some of the code does
not do error checking and can crash if passed bad input.
VERBOSE keyword
---------------
When the VERBOSE keyword is placed on a line in the WINICE.DAT file
WINICE will display debugging messages when the following events occur.
16 bit segment loads and segment frees
32 bit segment loads and segment frees
Module deleted
DLL starting
ALL VxD messages
LOGERROR messages
WLDR
----
The program and symbol loader WLDR.EXE has been updated to allow loading
of .SYM files. Just specify the name of a 32 bit application or DLL and
click the load button. If you are loading DLL symbols check the symbols
only check box, otherwise WLDR will actually load your DLL into memory
which you probably don't want.
When your loading an application WLDR will automatically stop on the
starting CS:EIP. If source code is available it will be displayed and
stepping once will stop at WinMain.
NOTE: At the point the breakpoint goes off the start cs:eip is not
yet present in memory. So if you are viewing the code in
assembly mode you will see nothing but INVALID's. Single
stepping once will page the code into memory.
The .SYM file support is not limited to applications and DLL's. In
addition you can now load VxD symbol tables using WLDR. This will work
with either MAPSYM or MSYM .SYM files. If the VxD you specify is a
dynamic VxD, WLDR will attempt to load it into memory. If you do not
want it loaded by WLDR make sure you check the symbols only box.
TASK command
------------
The task command has been modified to show the 32 bit tasks that are
running. For 32 bit tasks the following fields are different:
The StackBottom field will contain the highest legal address of the
stack shown as a 32 bit flat offset.
The StackTop field will contain the lowest legal address of the
stack shown as a 32 bit flat offset.
The StackLow field is not used.
MOD command
-----------
The MOD command has been modified to display all 32 bit modules that are
loaded. All 32 bit modules will be grouped together and will always
follow the 16 bit modules. All fields are the same with the exception
that the 32 bit modules will also display the offset of the PE File
header for that module. To examine the PE header's you must use the
Ring3 flat data selector.
The MOD command has also been modified to accept prefixes on the command
line so that it will only display modules that begin with that prefix.
Displaying owner of an address for code and data window
-------------------------------------------------------
Soft-ICE/W always attempts to display the owner of memory shown in both
the code and the data window. If there is a symbol or export available
Soft-ICE/W will show the name plus an offset for the owner name.
If there is not a symbol or export available and you are displaying 32
bit code or data, Soft-ICE/W will show you the module name followed
by the section object name followed by an offset. For example the
string displayed under the code window might be something like the
following:
MSVCRT10!.text+1B7
Entering prefixes in command recall
-----------------------------------
Command recall has been modified in Soft-ICE/W to allow prefixes to be
entered. For example typing a U and then pressing the up or down arrow
keys will recall only commands that start with a U. This feature only
works if the cursor is in the command window.
VxD Service Changes
-------------------
The VCALL and VxD commands have been updated to show service names from
every VxD include file provided in the Windows 95 DDK. In addition when
disassembling VxD code, Soft-ICE/W will now show VxD service names as
code labels where appropriate.
Positioning to beginning or end of a source file
------------------------------------------------
If source code is displayed in the code Window, pressing CTRL-HOME will
jump to line 1 and pressing CTRL-END will jump to the last line in the
file.
New Video Support
-----------------
This release of Soft-ICE/W contains a new video VxD that can be used for
single monitor debugging. This driver should work with the following
video boards regardless of whether you are using proprietary video
drivers or the generic Windows video drivers. To select this driver
run the Soft-ICE/W setup.exe program and select the Generic SuperVGA
driver.
ATI 18800,28800 rev1-6,38800(Mach8),68800(Mach32)
ATI EGA Wonder+ 18800
ATI VGA Wonder
ATI VGA Edge
ATI VGA Edge-16
ATI VGA Wonder+ 28800
ATI 8514-Ultra 38800(Mach8)
ATI Ultra
ATI Vantage
ATI Graphics Ultra
ATI Graphics Vantage
ATI Graphics Ultra Pro 68800(Mach32)
ATI Graphics Ultra+
Cirrus Logic 610,620,6410,54xx
Diamond Stealth 24 S3 911
Diamond Stealth 32 ET4000/W32p
Diamond Stealth Pro S3 928
Diamond Stealth 64 S3 964
Diamond Viper VLB ( older boards )
Oak 037,067,077,087
Paradise PVGA 1A,1C,1D,1F,WD90Cxx
S3 911/924/928/801/805/864/964
STB Lightspeed ET4000/W32p
Trident 8800,8900,9000,9200/9400(CXr & CXi)
Tseng Labs ET3000,ET4000,ET4000/W32p
Video7 V7VGA,HT208,HT209,HT216,HT216-32
Video7 VRAM V7VGA
Video7 1024i HT208
Video7 VRAM II HT209
Weitek 5186/Power 9000
VXD command
-----------
The following changes have been made to the VxD command.
- All dynamically loaded VxDs are now displayed following the statically
loaded Vxds.
- The entire win32 service table is displayed for a specified VxD.
For each service the following is shown:
Service number
Service address
Number of dword parameters the service requires
- The total amount of memory occupied by the displayed VxDs is shown.
For example VXD VMM would show how much memory is occupied by VMM
while the VXD command with no parameters would show how much memory
is occupied by all VxDs.
- For a specified VxD the following info is now shown:
Init Order
Reference data
Version number
PM API procedure address
PM API ring3 address used by application.
V86 API procedure address
V86 API ring3 address used by application
Display transitions from Ring3 to Ring0 code
--------------------------------------------
To transition from ring3 code to ring 0 code(VxD) Windows uses two
different methods.
For V86 code, windows uses the ARPL instruction which causes an invalid
opcode fault. The invalid opcode handler then passes control to the
appropriate VxD. The ARPL instruction is usually located in ROM.
Only one ARPL is used and the V86 segment:offset is varied to indicate
different VxD addresses. For example if the ARPL was at FFFF:0
Windows would use the addresses FFFF:0, FFFE:10, FFFD:20, FFFC:30, etc.
For PM code, windows uses interrupt 30h. Segment 3bh contains nothing
but interrupt 30h's each of which is used to transfer control to a
VxD.
The Soft-ICE/W disassembler will now show the VxD address that will be
executed based on these instructions.
Sample ouput follows for disassembling 3B:31A
003B:031A INT 30 ; #0028:C008D4F4 VPICD(01)+0A98
003B:031C INT 30 ; #0028:C007F120 IOS(01)+0648
003B:031E INT 30 ; #0028:C02C37FC VMOUSE(03)+00F0
003B:0320 INT 30 ; #0028:C02C37FC VMOUSE(03)+00F0
003B:0322 INT 30 ; #0028:C023B022 BIOSXLAT(05)+0022
003B:0324 INT 30 ; #0028:C0230F98 BIOSXLAT(04)+0008
003B:0326 INT 30 ; #0028:C023127C BIOSXLAT(04)+02EC
003B:0328 INT 30 ; #0028:C009699B BIOSXLAT(01)+000B
003B:032A INT 30 ; #0028:C00AC5C7 VNETBIOS(01)+0DA3
003B:032C INT 30 ; #0028:C00AC60C VNETBIOS(01)+0DE8
003B:032E INT 30 ; #0028:C02531D4 DOSMGR(13)+0190
Sample ouput for disassembling an ARPL
FDD2:220D ARPL DI,BP ; #0028:C0078CC9 IFSMgr(01)+0511
Many times when tracing into code you will arrive at either an int 30
or an ARPL. At this point you can immediately G to the address shown
to save stepping through a large amount of VMM code.