HPAVC

home *** CD-ROM | disk | FTP | other *** search

/ HPAVC / HPAVC CD-ROM.iso / pc / ICE95.ZIP / README.1ST < prev next >

Wrap

Text File | 1995-10-10 | 39.3 KB | 978 lines

---------------------------------------------------------------------------- TABLE OF CONTENTS FOR Soft-ICE/W Version 1.95 Windows 95 Beta Nu-Mega Technologies, Inc. ---------------------------------------------------------------------------- 1. Overview and Installation 2. New in version 1.95 3. Starting Soft-ICE/W 4. Troubleshooting/Known problems 5. Source Level Debugging of 32 bit applications and DLL's 6. Source level debugging of static and dynamic VxDs 7. Address contexts 8. 32 bit symbols 9. 32 bit exports 10. Setting Break Points on 32 bit source and symbols 11. DBG2MAP utility 12. THREAD command 13. ADDR command 14. 32 bit heap support 15. MAP32 command 16. 32 bit call stack 17. Step until Return function 18. INT 41h DOT Commands 19. VERBOSE keyword 20. WLDR 21. TASK command 22. MOD command 23. Displaying owner of an address for code and data window 24. Entering prefixes in command recall 25. VxD Service Changes 26. Positioning to beginning or end of a source file 27. New Video Support 28. VXD command 29. Display transitions from Ring3 to Ring0 code. Overview and Installation ------------------------- Soft-ICE/W beta version 1.95 is intended for use with the final beta version of Windows 95 (M8). This readme file is a supplement to the Soft-ICE/W documentation and contains information on all the Windows 95 specific changes and other changes that might not have made it into the written documentation. To install Soft-ICE/W run the setup.exe program from Windows 95. This will prompt you for the necessary information and then unpack and copy the files. New in version 1.95 ------------------- Soft-ICE/W version 1.95 is first major release since version 1.92. Some of the differences are listed below: - Full support for win95 address contexts. This includes tying breakpoints, exported symbols and symbol tables to specific address contexts. This also includes the ability to debug dll's that exist in multiple contexts. - I/O breakpoints are now fully functional. - Fault trapping has been added for all page faults, gp faults, stack faults and invalid opcode faults occurring in win32, win16 or v86 mode code. - Range breakpoints are functional for win32, win16 and v86 mode code. - Source level debugging support for vxd's built with the MSVC linker. - Support has been added for VMM and DEBUGCMD .M and .P debug commands. This provides a wide variety of new informational displays concerning paging, memory management, threads, mutexes and semaphores. - Many commands have been enhanced including VXD, HEAP32, TSS, ADDR, CR, LDT and VCALL. - Disassembler now comments any transitions from application level code to vxd code. This includes both from V86 code and protected mode code. - Numerous bug fixes. Several of these bugs would result in seemingly random hangs and crashes. If win95 seemed less stable when running under winice, theres a good chance this release will fix it. - All 32 bit exports are now displayed including exported entry points that don't have symbol names. Starting Soft-ICE/W ------------------- Soft-ICE/W is a kernel debugger and must be loaded before win.com. To run Soft-ICE/W, type winice at the command prompt. Once loaded, Soft-ICE/W executes win.com to start windows 95. By default, windows 95 boots directly into the GUI shell without stopping at DOS. There are several ways to change this behavior: 1) While booting up, press F8, and when the win95 boot menu appears select the option for "Command Prompt Only". This would have to be done each time the machine is booted. 2) Place a PAUSE command at the end of autoexec.bat and press CTRL-C when it pauses to escape to DOS. 3) Create a dummy batch file called win.bat. When windows 95 starts it will exec in win.bat instead of win.com and you will end up at the DOS prompt. 4) Run winice from autoexec.bat. 5) In Windows 95 the hidden file MSDOS.SYS is just an INI text file. After removing the hidden, read-only and system attributes, edit the file and change the line BootGUI=1 to BootGUI=0. Troubleshooting/Known problems ------------------------------ This is a beta release of Soft-ICE/W and does contain some known problems. This section lists those problems and potential work arounds where one exists and also has some common trouble shooting items. - The class command lists only classes belonging to USER. - All forms of the BPR command will trap only level3 code. VxD code (level 0) will never be trapped. - Both the WLDR and WLOG programs are combined DOS/Windows programs. In WIN95 the default behavior is to run windows programs from the DOS command prompt. This would result in the Windows portion of the program being run. For this reason, the files DLDR and DLOG are included on this release which contain the DOS only portions of the utilities. Source Level Debugging of 32 bit applications and DLL's ------------------------------------------------------- Version 1.95 32 bit source/symbol support works only with .SYM files. It will not read debug information directly out of .EXE files. This means this release will not support local variables in 32 bit applications. The procedure for debugging a 32 bit app/dll would be as follows: - Build your applications and DLL's with full debug information - Run the provided DBG2MAP utility to produce a detailed map file. - Run the provided MSYM utility to produce a .SYM file. - Use WLDR to load source/symbols for your application and to start your application. Source level debugging of static and dynamic VxDs ------------------------------------------------- Version 1.95 VxD source/symbol support works only with .SYM files. It will not read debug information directly out of .VXD files. The procedure for debugging a static or dynamic VxD would be as follows: - Compile and assemble your source files with full debug info. The following flags will work for MASM 6.11c and the MSVC C compiler. MASM: -coff -DBLD_COFF -DIS_32 -W2 -Zd -c -Cx -DMASM6 -DDEBLEVEL=1 -DDEBUG C: -Zdp -Gs -c -DIS_32 -Zl -DDEBLEVEL=1 -DDEBUG - Link with the MSVC linker producing a map with line number info. The switches that must be added to the link are as follows: -DEBUG -DEBUGTYPE:MAP,COFF - Run the provided MSYM utility to produce a .SYM file. - Use a LOAD= statement in WINICE.DAT, or the WLDR utility to load source/symbols for your VxD. Note: Included in the M8 DDK are updated copies of MASM 6.11 and the MSVC linker intended for VxD development. The updated MASM is in directory MASM611C and the updated linker is in MSVC20. Soft-ICE/W also still supports the Windows 3.X development tools for building VxDs, so if you are still using MASM 5.10B and LINK386 these will still work. Address contexts ---------------- In Windows 95 every 32 bit application runs in a separate virtual address space. The linear address range 400000h to 7fffffffh is reserved for 32 bits apps and private DLL's. When Windows 95 switches between 32 bit tasks a new set of page tables are used for this address space. When Soft-ICE/W pops up, it is in whatever context Windows 95 is currently executing. This can be determined by using the ADDR command. Address contexts can be changed explicitly by using the ADDR command. This can be confusing if you are viewing code or data that is located in the 400000h to 7fffffffh range. When you switch address contexts the data or code being displayed will change even though the selector:offset address does not change. Soft-ICE/W will also automatically switch address contexts in the following situations: If the TABLE command is used to switch to a 32 bit symbol table the current address context will be set to that modules address context. If the FILE command is used to display a source file from a 32 bit table the current address context will be set to that modules address context. If a symbol-name is used in an expression, the address context will be changed to the appropriate context. This is true for both symbols and export symbols loaded through the EXP directive. If you are using bare addresses in an expression you must make sure you are in the desired address context. ie. D 137:401000 will display memory at 401000 in the current address context. WARNING: Before setting breakpoints using bare addresses make sure you are in the desired address context since Soft-ICE/W will use the current context. Once a break point is set Soft-ICE/W will remember the address context it was set in and will ensure that it only goes off in the correct address context. 32 bit symbols -------------- Support has been added for 32 bit .SYM files. Soft-ICE/W can handle .SYM files produced by the Microsoft MAPSYM utilities or ones produced by our own MSYM utility. For source level debugging you must use our DBG2MAP utility followed by our MSYM utility. .SYM files can be loaded in two different ways: Preloaded from WINICE.DAT. Use the LOAD32 keyword specifying either the executable file name or the .SYM file name. For example: LOAD32=c:\windows\system\kernel32.dll OR LOAD32=c:\windows\system\kernel32.sym Loaded from the WLDR utility. Run WLDR from Windows and specify the executable file name. Symbols are displayed in Soft-ICE/W using the SYM command. If the module is not yet loaded, the segment displayed will be the section number from the 32 bit executable file. (i.e. 1,2,3 etc.). The offset will be the offset from the section base. Once the module is loaded into memory a selector:offset will be displayed where the offset now contains the section base address added in. When a 32 bit module is unloaded, all addresses will return to the section number:offset address. 32 bit exports -------------- Support has been added for 32 bit exported symbols. Use the EXP directive in WINICE.DAT to load 32 bit export symbols for any 32 bit DLL. The EXP command lists all exported symbols that WINICE knows about. These symbols can be used in any WINICE expression and are automatically displayed when disassembling code. The winice.dat file contains sample exp lines for Windows 95 that are commented out. Just change the directory names to wherever your Windows 95 is installed and remove the ; preceding the exp statement. When displaying exports in Soft-ICE/W, if the module is not yet loaded, the segment will be displayed as FE: and the offset will be the offset from the 32 bit image base. Once the module is loaded into memory a selector:offset will be displayed where the offset now contains the image base address added in. When a 32 bit module is unloaded, all addresses will return to the FE:offset address. Soft-ICE/W will show all exported entry points even if they do not have names associated with them. For exported entry points without names, Soft-ICE/W will form a name in the following format: ORD_XXXX where XXXX is the ordinal number. Since multiple DLL's can have unnamed ordinals, there can be an overlap of names of this form. To be sure you are using the correct symbol you can precede the symbol with the module name followed by exclamation point. For example to refer to KERNEL32's export ordinal number 1, the following expression could be used: kernel32!ord_0001 The number following the ord_ string does not have to have the correct number of leading zeroes. ord_0001 and ord_1 will both work correctly. For Windows 95, Soft-ICE/W will search all 32 bit export tables before any 16 bit export tables. If the same name exists in each type of table Soft-ICE/W will use the 32 bit one. If you need to override this behavior, precede the export symbol with the module name followed by an exclamation point. For example, if specifying the symbol GlobalAlloc, Soft-ICE/W would use kernel32!GlobalAlloc rather than kernel!GlobalAlloc. Setting Break Points on 32 bit Source and Symbols ------------------------------------------------- Break points can be set on any symbol or source line regardless of whether the module is loaded or the underlying code or data is actually present in memory. If the code or data is not currently available the break point will remain in an unarmed state. When Soft-ICE/W detects the module being loaded or the page becoming present the break point is automatically armed. All BPX and BPM style break points are "permanent" break points. That is no matter how many times the code/data is paged in and out or how many times the module is loaded and unloaded the break points will remain active. Soft-ICE/W will automatically update the state and address of these break points. DBG2MAP utility --------------- DBG2MAP is a command line utility that accepts a Win32 (PE) executable file with debug information as input, and emits a .MAP file. This .MAP file can then be run through Nu-Mega's MSYM program to create a .SYM file for use by Soft-Ice/W. At the present time, .SYM files are the only way for Soft-Ice/W to load 32 bit symbol tables. DBG2MAP works on executables produced with Microsoft Visual C++ 32 bit Edition, Borland C++ 4.0, and the Microsoft Win32 SDK compiler. The .SYM files generated by DBG2MAP/MSYM can be loaded into Soft-Ice/W via a LOAD32= statement in the WINICE.DAT file, or by the WLDR program. When using WLDR to load the symbols, specify the name of the EXE or DLL, not the .SYM file name. Using DBG2MAP ------------- The syntax for DBG2MAP can be seen by running DBG2MAP.EXE from a command prompt without any arguments: ******** DBG2MAP - Win32 debug info to .MAP file program (C) Copyright Nu-Mega Technologies 1994, All rights reserved. Syntax: DBG2MAP [switches] filename /A Include arguments in C++ functions names (default: no) /M Run MSYM to create a .SYM file from the .MAP file /P<filename> Use PELE .SMF file ******** To create a .MAP file, type "DBG2MAP filename", where "filename" is the name of your Win32 EXE or DLL that contains debugging information. After DBG2MAP finishes, there will be a .MAP file in the current directory with the same base filename as your EXE or DLL. The "/A" option tells DBG2MAP to leave in the arguments from the function names of Microsoft C++ programs. By default, DBG2MAP truncates Microsoft C++ function names starting with the '(' character. If you instruct DBG2MAP to leave in the arguments in the symbol names, the symbols may be long and difficult to type in correctly. The "/M" option tells DBG2MAP to automatically invoke MSYM after the map file is created. The "/P" option is used to support Vireo's VtoolsD package. VtoolsD has a utility to convert PE header files to LE header files. Using DBG2MAP In Your Build Process ----------------------------------- DBG2MAP is a console mode Win32 program. If run under a version of Win32 that supports console mode applications, it will run natively. Otherwise, it uses a bound in version of Phar-Lap's TNT DOS Extender. When building with the command line tools, you may experience problems in both the Microsoft and Borland environments. For Borland users, Phar-Lap says that Borland's MAKE.EXE is incompatible with other DPMI tools such as the TNT DOS extender. Phar Lap recommends using the real mode MAKER.EXE program instead of the protected mode MAKE.EXE. Microsoft users may have problems when running DBG2MAP from within an NMAKE makefile. This is due to memory conflicts between the DBG2MAP version of the TNT DOS Extender, and the older Phar Lap DOS extender used in the Microsoft tools (CL.EXE and LINK.EXE). To work around this, we suggest running DBG2MAP from a batch file. For instance: File: M.BAT ---- NMAKE YOURAPP.MAK DBG2MAP YOURAPP.EXE MSYM YOURAPP.MAP ---- DBG2MAP Limits -------------- Due to constraints in the .SYM file format, type information and local variables are not supported. Only PUBLIC symbols will be put into the .SYM file. The included information will only contain symbol names and the symbol's associated address. THREAD command -------------- The THREAD command has been added to display all threads currently running. The top line of the display is the current thread. The syntax is as follows: THREAD [task-name | TCB | ID] If the optional task-name is specified, only threads belonging to the task will be displayed. If the TCB or ID is specified only information about the one specific thread will be displayed. For each thread the following information is dislayed: RING0TCB - This is the address of the ring 0 thread control block. This is the address that is passed to VxDs for thread creation and thread termination. ID - This is the word ID number of the thread. CONTEXT - This is the context handle for the thread that determines what address space is used for the thread. RING3TCB - This is the address of the ring 3 thread control block. This is the one that would be used by applications. PROCESS - This is the address of the process block that owns the thread. TASKDB - This is the selector of the task database that owns the thread. PDB - This the selector of the program database (protected mode PSP). SZ - This is the size of the thread either 16 or 32 bit. OWNER - This is the task name of the owner. For 32 bit tasks, the module name with the extension stripped off is displayed. An asterisk '*' displayed in front of the owner name indicates that the thread is the current thread for the task. If a TCB or ID is specified the following information is displayed for that one specific thread: The current register contents for the thread All thread local storage offsets within the thread. This shows the offset in the thread control block of the local storage entry, the contents of the TLS entry and the owner of the TLS entry. ADDR command ------------ The ADDR command has been added to both display and switch to specific address contexts. Each 32 bit task is currently given the address space from 400000h to 7fffffffh. This is called an address context. The syntax of the ADDR command is as follows: ADDR [context-handle | task-name] If no parameters are specified information will be displayed for each address context. The top line of the display is the context that was active when Soft-ICE/W popped up. The line that is highlit is the current address context in Soft-ICE/W. For each address context, the following information is displayed. HANDLE - This is the address of the context control block. This is the handle that would be passed in VxD calls that require a context handle. PGTPTR - This is the address of an array of page table addresses. Each entry in the array represents a 4 meg page table. When address contexts are switched this array is copied to the appropriate spot in the page directory. TABLES - This is the number of entries in the PGTPTR array. Not all entries contain valid page directory entries. This is only the number of entries reserved. MINADDR - This is the minimum virtual address of the address context. MAXADDR - This is the maximum virtual address of the address context. MUTEX - This is the mutex handle used when VMM manipulates the page tables for the context. OWNER - This is the task name of the first task that uses this address context. If a context-handle or task-name are entered, WINICE will switch to that address context. The proper address context will be restored before WINICE continues. Sample output is provided below for ADDR with no parameters. Handle PGTPTR Tables Min Addr Max Addr Mutex Owner C103FC84 C1058D3C 0003 00400000 7FFFF000 C104E15C KERNEL32 C10594AC C105A6E4 01FD 00400000 7FFFF000 C10597F8 MSGSRV32 C105BF80 C10624B8 01FE 00400000 7FFFF000 C105CAC0 Explorer C105F5D0 C1062CB4 01FB 00400000 7FFFF000 C0FE57A4 WINOLDAP C105E588 C10608C8 01FB 00400000 7FFFF000 C105F15C Systray C105DABC C105FC68 01FD 00400000 7FFFF000 C105DB8C MMTASK C105A3DC C105B3A8 01FD 00400000 7FFFF000 C105A410 Mprexe C10D9030 C10D9048 0002 00400000 7FFFF000 C10D9074 32 bit heap support ------------------- Support has been added in the HEAP command for 32 bit heaps. This includes both ring3 heaps and ring0 heaps. The syntax for 32 bit heaps is as follows: HEAP 32 [task-name | heap-base] If no parameters are specified, all 32 bit heaps that can be found will be displayed. The following heaps will be displayed: Kernel32's system heap. Each process's private heaps. These are the heaps created by the HeapCreate call. The two ring 0 heaps created by VMM. The first heap shown is the locked heap. The second heap shown is the pageable heap. One ring0 heap for every existing virtual machine. For each 32 bit heap the following information will be displayed: The heap base address. The maximum size that the heap can grow too. The current committed memory in the heap. This reflects the number of pages that are actually present in memory. The number of segments in the heap. Each time the heap grows past its initial max length a new heap segment is created. The heap type. The owner of the heap. If a task-name is provided, WINICE will display the entire process heap for that task. The address context will automatically be changed to the correct one. If an actual heap base address is given that entire heap will be displayed. If the heap is in private address space, you must make sure you are in the right address context for that heap. When displaying an individual 32 bit heap the following information is displayed: The address of each heap element. The size in bytes of each element. The thread-id of the allocating thread The EIP address of the code that allocated the element. The nearest symbol to the EIP address. The last three pieces of information are only available in the debug versions of Windows 95. For ring3 heaps this means the SDK debug versions, for ring0 heaps this means the DDK debug version of VMM. Sample output is provided below for HEAP32 with no parameters. HeapBase Max Size Committed Segments Type Owner 00410000 1028K 8K 1 Private Systray 00440000 1028K 40K 1 Private Explorer 00510000 1028K 8K 1 Private Mprexe 00400000 1024K 8K 1 Private MMTASK 00400000 1024K 8K 1 Private MSGSRV32 00410000 1024K 8K 1 Private WINOLDAP 81579000 1024K 64K 1 System KERNEL32 00880000 1024K 8K 1 Private KERNEL32 C0FDA000 1024K 560K 1 Ring 0 VMM C10DA000 5120K 940K 2 Ring 0 VMM C3520000 512K 20K 1 VM 01 VMM C5920000 512K 20K 1 VM 02 VMM MAP32 command ------------- MAP32 provides a memory map of all 32 bit modules currently loaded in memory. Its syntax is as follows: MAP32 [module-name | module-handle] MAP32 with no parameters displays a map of all 32 bit modules. If either a module-name or module-handle is specified only sections from that one module will be displayed. For each module one line is displayed for every section/object owned by that module. Each line contains the following information: Owner This is the module name Name This is the section/object name from the executable file. Obj# This is the section/object number from the executable file. Address This is the selector:offset address of the object/section. Size This is the memory size in bytes. Type This is the type and attributes of the object/section CODE code IDATA Initialized data UDATA uninitialized data RO read only RW read/write SHARED Object is shared Sample output is provided below for MAP32 on a single module: MAP32 MSVCRT10 Owner Obj Name Obj# Address Size Type MSVCRT10 .text 0001 2197:86C81000 00024A00 CODE RO MSVCRT10 .bss 0002 219F:86CA6000 00001A00 UDATA RW MSVCRT10 .rdata 0003 219F:86CA8000 00000200 IDATA RO MSVCRT10 .edata 0004 219F:86CA9000 00005C00 IDATA RO MSVCRT10 .data 0005 219F:86CAF000 00006A00 IDATA RW MSVCRT10 .idata 0006 219F:86CB6000 00000A00 IDATA RW MSVCRT10 .reloc 0007 219F:86CB7000 00001800 IDATA RO 32 bit call stack ----------------- The STACK command has been changed to work in 32 bit code. Since 32 bit support is limited to .SYM files, local variables will not be displayed in the call stack. The stack display is arranged like a real stack where the topmost entry is the oldest one and the bottom most entry is the newest one. The bottom line will always be the current eip. For each line in the call stack both the nearest symbol to the address and the actual address are displayed. If there is no symbol available the module name and object/section name are displayed instead. A sample call stack follows: KERNEL32!GetProcessFlags+179D at 0137:BFF887A6 KERNEL32!GetProcessFlags+128A at 0137:BFF88293 NOTE32!.text+48A3 at 0137:004058A3 NOTE32!.text+511B at 0137:0040611B => KERNEL32!GetStdHandle+000C at 0137:BFF92604 The 32 bit call stack support is not limited to applications. It will also work for VxD code at ring 0. However, since most VxDs are written in assembly language, many times there is not a valid call stack to walk. The call stack code will not trace through thunks or level changes. Step until Return function -------------------------- The P command has been modified to provide a step until return function. This function will automatically step over code until the next return or return from interrupt is encountered. This function will work in either 16 or 32 bit code and will also work in VxD code. The syntax of the command is P RET. To make the function easier to use the default WINICE.DAT file assigns this command to the F12 function key. Thus pressing F12 at any time will automatically step out of the current procedure. If you are in an unusually large procedure there can be a noticeable delay since Soft-ICE/W is single stepping every instruction. INT 41h DOT Commands -------------------- Support has been added for the following int 41h dot commands. function 70h register 32 bit dot command 72h deregister dot command 73h printf32 75h get registers 76h set registers 77h get character from command line 78h evaluate expression 79h verify memory address 7ah display registers 7bh stack dump These functions are used by the dot command handlers embedded in various pieces of windows 95. There are three types of dot commands present in windows 95 supported by Soft-ICE/W: - registered dot command handlers. These are new to windows 95. To get a list of registered dot commands type .? Sample output of .? follows: .P - Dump scheduler data. Type '.P?' for more information. .C - Dos Call trace information. .M - dump memory manager structures. Type '.M?' for more information. .P and .C are present only if DEBUGCMD.VXD is specified in system.ini. DEBUGCMD.VXD is included in the win95 DDK. .M is provided by VMM and is present in both the retail and debug builds. - VxD Debug_Query handlers. These dot handlers are invoked by typing a VxD name following the dot. Most of these commands if implemented will display a menu. For example in win95(M8) the following VxDs have dot handlers in both the retail and debug versions: .VMM .VPICD .VXDLDR .CONFIGMG The only way to know if a VxD has a dot handler is to try it. The dot handlers in the debug version of the ddk sometimes provide more functionality than the ones in the retail version. - dot commands embedded in VMM. To get a list of dot functions supported by VMM type ..? In the M8 retail build ..? yielded the following: .R [#] ------- Displays the registers of the current thread .VM [#] ------ Displays complete VM status .VC [#] ------ Displays the current VMs control block .VH [#] ------ Displays a VMM linked list, given list handle .VR [#] ------ Displays the registers of the current VM .VS [#] ------ Displays the current VM's virtual mode stack .VL ---------- Displays a list of all valid VM handles .DS ---------- Dumps protected mode stack with labels .VMM --------- Menu VMM state information .<dev_name> -- Display device specific info NOTE: All of the above debug functionality is built into the system code itself and is not a part of Soft-ICE/W, and therefore all of the functions cannot be guaranteed to work. Some of the code does not do error checking and can crash if passed bad input. VERBOSE keyword --------------- When the VERBOSE keyword is placed on a line in the WINICE.DAT file WINICE will display debugging messages when the following events occur. 16 bit segment loads and segment frees 32 bit segment loads and segment frees Module deleted DLL starting ALL VxD messages LOGERROR messages WLDR ---- The program and symbol loader WLDR.EXE has been updated to allow loading of .SYM files. Just specify the name of a 32 bit application or DLL and click the load button. If you are loading DLL symbols check the symbols only check box, otherwise WLDR will actually load your DLL into memory which you probably don't want. When your loading an application WLDR will automatically stop on the starting CS:EIP. If source code is available it will be displayed and stepping once will stop at WinMain. NOTE: At the point the breakpoint goes off the start cs:eip is not yet present in memory. So if you are viewing the code in assembly mode you will see nothing but INVALID's. Single stepping once will page the code into memory. The .SYM file support is not limited to applications and DLL's. In addition you can now load VxD symbol tables using WLDR. This will work with either MAPSYM or MSYM .SYM files. If the VxD you specify is a dynamic VxD, WLDR will attempt to load it into memory. If you do not want it loaded by WLDR make sure you check the symbols only box. TASK command ------------ The task command has been modified to show the 32 bit tasks that are running. For 32 bit tasks the following fields are different: The StackBottom field will contain the highest legal address of the stack shown as a 32 bit flat offset. The StackTop field will contain the lowest legal address of the stack shown as a 32 bit flat offset. The StackLow field is not used. MOD command ----------- The MOD command has been modified to display all 32 bit modules that are loaded. All 32 bit modules will be grouped together and will always follow the 16 bit modules. All fields are the same with the exception that the 32 bit modules will also display the offset of the PE File header for that module. To examine the PE header's you must use the Ring3 flat data selector. The MOD command has also been modified to accept prefixes on the command line so that it will only display modules that begin with that prefix. Displaying owner of an address for code and data window ------------------------------------------------------- Soft-ICE/W always attempts to display the owner of memory shown in both the code and the data window. If there is a symbol or export available Soft-ICE/W will show the name plus an offset for the owner name. If there is not a symbol or export available and you are displaying 32 bit code or data, Soft-ICE/W will show you the module name followed by the section object name followed by an offset. For example the string displayed under the code window might be something like the following: MSVCRT10!.text+1B7 Entering prefixes in command recall ----------------------------------- Command recall has been modified in Soft-ICE/W to allow prefixes to be entered. For example typing a U and then pressing the up or down arrow keys will recall only commands that start with a U. This feature only works if the cursor is in the command window. VxD Service Changes ------------------- The VCALL and VxD commands have been updated to show service names from every VxD include file provided in the Windows 95 DDK. In addition when disassembling VxD code, Soft-ICE/W will now show VxD service names as code labels where appropriate. Positioning to beginning or end of a source file ------------------------------------------------ If source code is displayed in the code Window, pressing CTRL-HOME will jump to line 1 and pressing CTRL-END will jump to the last line in the file. New Video Support ----------------- This release of Soft-ICE/W contains a new video VxD that can be used for single monitor debugging. This driver should work with the following video boards regardless of whether you are using proprietary video drivers or the generic Windows video drivers. To select this driver run the Soft-ICE/W setup.exe program and select the Generic SuperVGA driver. ATI 18800,28800 rev1-6,38800(Mach8),68800(Mach32) ATI EGA Wonder+ 18800 ATI VGA Wonder ATI VGA Edge ATI VGA Edge-16 ATI VGA Wonder+ 28800 ATI 8514-Ultra 38800(Mach8) ATI Ultra ATI Vantage ATI Graphics Ultra ATI Graphics Vantage ATI Graphics Ultra Pro 68800(Mach32) ATI Graphics Ultra+ Cirrus Logic 610,620,6410,54xx Diamond Stealth 24 S3 911 Diamond Stealth 32 ET4000/W32p Diamond Stealth Pro S3 928 Diamond Stealth 64 S3 964 Diamond Viper VLB ( older boards ) Oak 037,067,077,087 Paradise PVGA 1A,1C,1D,1F,WD90Cxx S3 911/924/928/801/805/864/964 STB Lightspeed ET4000/W32p Trident 8800,8900,9000,9200/9400(CXr & CXi) Tseng Labs ET3000,ET4000,ET4000/W32p Video7 V7VGA,HT208,HT209,HT216,HT216-32 Video7 VRAM V7VGA Video7 1024i HT208 Video7 VRAM II HT209 Weitek 5186/Power 9000 VXD command ----------- The following changes have been made to the VxD command. - All dynamically loaded VxDs are now displayed following the statically loaded Vxds. - The entire win32 service table is displayed for a specified VxD. For each service the following is shown: Service number Service address Number of dword parameters the service requires - The total amount of memory occupied by the displayed VxDs is shown. For example VXD VMM would show how much memory is occupied by VMM while the VXD command with no parameters would show how much memory is occupied by all VxDs. - For a specified VxD the following info is now shown: Init Order Reference data Version number PM API procedure address PM API ring3 address used by application. V86 API procedure address V86 API ring3 address used by application Display transitions from Ring3 to Ring0 code -------------------------------------------- To transition from ring3 code to ring 0 code(VxD) Windows uses two different methods. For V86 code, windows uses the ARPL instruction which causes an invalid opcode fault. The invalid opcode handler then passes control to the appropriate VxD. The ARPL instruction is usually located in ROM. Only one ARPL is used and the V86 segment:offset is varied to indicate different VxD addresses. For example if the ARPL was at FFFF:0 Windows would use the addresses FFFF:0, FFFE:10, FFFD:20, FFFC:30, etc. For PM code, windows uses interrupt 30h. Segment 3bh contains nothing but interrupt 30h's each of which is used to transfer control to a VxD. The Soft-ICE/W disassembler will now show the VxD address that will be executed based on these instructions. Sample ouput follows for disassembling 3B:31A 003B:031A INT 30 ; #0028:C008D4F4 VPICD(01)+0A98 003B:031C INT 30 ; #0028:C007F120 IOS(01)+0648 003B:031E INT 30 ; #0028:C02C37FC VMOUSE(03)+00F0 003B:0320 INT 30 ; #0028:C02C37FC VMOUSE(03)+00F0 003B:0322 INT 30 ; #0028:C023B022 BIOSXLAT(05)+0022 003B:0324 INT 30 ; #0028:C0230F98 BIOSXLAT(04)+0008 003B:0326 INT 30 ; #0028:C023127C BIOSXLAT(04)+02EC 003B:0328 INT 30 ; #0028:C009699B BIOSXLAT(01)+000B 003B:032A INT 30 ; #0028:C00AC5C7 VNETBIOS(01)+0DA3 003B:032C INT 30 ; #0028:C00AC60C VNETBIOS(01)+0DE8 003B:032E INT 30 ; #0028:C02531D4 DOSMGR(13)+0190 Sample ouput for disassembling an ARPL FDD2:220D ARPL DI,BP ; #0028:C0078CC9 IFSMgr(01)+0511 Many times when tracing into code you will arrive at either an int 30 or an ARPL. At this point you can immediately G to the address shown to save stepping through a large amount of VMM code.