home *** CD-ROM | disk | FTP | other *** search
- SoftIce Useful Commands
- ^^^^^^^^^^^^^^^^^^^^^^^
-
- [Ctrl]-D - breaks into or out of Softice
- help <command> - get help on any Softice commands
- exit - exit Softice
-
- bpx <api function name/code address>
- - set break point on any Win32 API calls, or
- the specified instruction address.
- example1: bpx GetWindowTextA
- example2: bpx cs:00401234
- (example2 is setting a breakpoint on one of the program's
- instruction. Useful when you know which part of the program
- you want to debug/break into. You can set/unset breakpoint using
- the mouse and double clicking on the instruction in the code window.
- "cs" represents the code segment of the program)
-
- bpm <memory address>
- - set break point on memory accesses. Softice will popup when
- the specify memory address is being used, read/write to.
- BPM/BPMB - BYTE size memory
- BPMW - WORD size memory (2 bytes)
- BPMD - Double Word size (4 bytes)
-
- bpr <start memory address> <end memory address>
- - set break point on a range of memory accesses. Same function
- as "bpm" but for a wider range of memory. Use full when the
- exact memory location is unknown. Or can be used for tracking
- the registration routine when it is hidden from regular breakponts.
-
- bl - simply list all of your current break points.
-
- bc <breakpoint(s), *>
- - clear certain or all break points.
-
- bd <breakpoint(s), *>
- - disable certain or all break points.
-
- be <breakpoint(s), *>
- - enable certain or all break points.
-
- s <start address> l <finish address> 'string'
- - search a memory range for the specified string.
- example: s 040777C l 08ffffff 'passcode'
-
- d <memory address>
- - display the memory contents on the Date window
-
- code [on/off]
- - display/hides the instructions bytes in code window
-
- wc, wd, wr, wf - toggles the code, data, register, & floating stack window
-
- [F8] - single step (trace into functions)
- (takes you step by step, and will go into function Calls)
-
- [F10] - step over (skip over function Calls)
- (same as [F8], but will not go into function Calls)
-
- [F12] - return from procedure call, step out of a function
- (if you're in a procedure, and you want to get out of it)
-
- HWND - get a list of windows with their handles, for use with "bmsg".
-
- bmsg - Window Message Breakpoints (often quite useful)
- Use a window message breakpoint to trap a certain message or range of
- messages delivered to a window procedure.
-
- Example: bmsg <window-handle> <message>
-
- <window-handle> - Value returned when the window was created; you can use
- the "HWND" command to get a list of windows with their handles.
-
- <message> - Single Windows message in a range of Windows messages. The
- message numbers can be specified either in hexadecimal or by using the
- actual ASCII names of the messages, for example: WM_CHAR, WM_COMMAND.
-
- Example: bmsg 0123 WM_GETTEXT
-
- (be sure to clear the BMSG break point whenever you're done with it,
- otherwise it'll cause the program to crash. In that case, Softice should
- warn you, and you will need to type in "exit" in Softice's command prompt
- to force the current program to close and clear the error)
-
- ---------------------------------------------------------------------------
-
- Common Win32 API Calls
- ^^^^^^^^^^^^^^^^^^^^^^
-
- GetDlgItemText
- GetDlgItemTextA
- GetWindowText
- GetWindotTextA
-
- GetDlgItemInt
- GetWindowWord
- GetWindowLong
-
- MessageBox
- MessageBoxA
- MessageBoxExA
- MessageBeep
-
- SendMessage
- ShowWindow
- wsprintf
- lstrcat
- lstrcatn
- lstrcpy
- lstrcpyn
- lstrlen
-
- ReadFile
- WriteFile
- GetPrivateProfileStringA
- GetPrivateProfileIntA
- WritePrivateProfileStringA
- WritePrivateProfileIntA
- RegCreateKey
- RegDeleteKey
- RegQueryValue
- RegCloseKey
- RegOpenKey
-
