Ancient? Ughh. I remember using SoftICE to cheat in games back in the 1990’s. Wonderful software, I wish I would’ve been knowledgeable to do something more useful than making myself invincible in Mortal Kombat or giving my characters super powers in UFO: Enemy Unknown (aka: X-Com outside North America).
This was a great learning tool to understand how programs actually allocate and use memory. Long before I had taken an architecture class and understood big endian and little endian, I had learned all about it by searching for values in memory. From there you could basically deconstruct the C structs used to handle the memory and then write a pretty simple TSR to cheat the heck out of DOS games. If I recall correctly, at least some of the time I was even able to use it to cheat at APCIDoom - which was a specialized launcher for Doom that let you play four player deathmatches through your local multi-line BBS.
SoftICE oozed of hax0rz. I did the same thing, training old games like Alley Cat, Digdug, Eagle's Nest, Captain Comic etc. All about getting infinite life, energy, ammo.
Then it was cracking copy protection. A couple of NOP's and a JMP to the correct place (for the easy ones).
#cracking4newbies on EFnet. +ORC (Old Red Cracker), +Fravia and everyone in +HCU (High Cracking University). Wow.. I remember I used to have dreams.
Then win32 came along, and made everything much more complicated.
I really enjoyed Fravia's page back in the day and one of my all time favorite sites by +Malattia (had to search a bit to find it): http://3564020356.org/
Which reminds me...I never figured out that hash-maze but back in the day I thought it was the coolest thing ever. Maybe current-day me will fare better.
I’ve been trying to find this site for years! All of this time, I’ve been convinced it was +mammon I was looking for, but it’s all coming back to me now.
I don’t remember a hash maze, all I remember is that I got stuck for weeks on some puzzle related to wiring schematics, and eventually gave up.
Yup! Discovering SoftICE was a game changer. Various advanced SoftICE diablo 1 and diablo 2 multiplayer “enhancements” circulated back in the day... ones like bypassing the maximum level cap, making your user not render in multiplayer so you couldn’t be clicked on during pvp, among others.
+orc and fravia +hcu stuff ate up loads of my free time in the late 90s and definitely helped later on once I got a formal computer science and engineering degree.
SoftICE and Diablo are the reasons I have a passion for software security and do software development for a living! Ripping Diablo and battle.net to pieces to understand how to make it do what I wanted it to do instead of what Blizzard wanted it to do was how I spent a good chunk of my childhood.
So yes, thank you very much for literally changing my life, SoftICE!
> +orc and fravia +hcu stuff ate up loads of my free time in the late 90s
Ha ha, yeah me too. It was interesting to see how cracking affected software development too. Paintshop Pro 2(?) was the easiest "Hello, world" crack, but the next version was really difficult. I never got to the bottom of it. Their registration verification code seemed to be littered throughout a load of their initialisation functions instead being the simple `if isValid(userCode) unlock()` it once was.
That said, it would no doubt have been easier to reverse engineer if I could have forward engineered at the time... QBasic wasn't really a good gateway to assembler :-D
Yea. I take the ancient part as a personal attack!
I used SoftIce to crack some blowfish licensing scheme of a company that went under.
It was eye opening to be able to pause Windows 95 completely. That sometimes I’d be stepping through code and all of a sudden the code style, memory locations and format all changed because the OS had interrupted and was doing something like painting the mouse.
I really learned to code writing all kinds of hacks for half-life and its numerous mods (mostly counterstrike) and helping teach others to (but not releasing binaries as ruining other peoples' fun wasn't the real goal). I'm grateful for those years and how they formed my views about programming. My neglected personal homepage is still just a little crappy homage to it: http://wrmsr.com/ :)
Used it to hack transparent walls into QW and Quake2 - and it worked online flawlessly. Servers mostly checked for proxies, but not for changed binaries.
> I remember using SoftICE to cheat in games back in the 1990’s.
Pretty much the intro to cracking software and hacking games for 90s kids.
> I wish I would’ve been knowledgeable to do something more useful than making myself invincible in Mortal Kombat or giving my characters super powers in UFO: Enemy Unknown (aka: X-Com outside North America).
Or maybe you were too busy owning noobs to do anything else.
I used SoftICE to debug a multitasking IVR application I'd written in C/C++ with a stack-switching kernel on top of MS-DOS :) Great project, but it would crash once or twice a day on both the test machines we had. Couldn't figure out why. Went through the code with a fine-tooth comb, still at a total loss.
Enter Soft-ICE. Within a week I found that Soft ICE wouldn't interrupt in the hung state. That started making us suspicious that it might not be just our code.
What do you know -- both test machines (though otherwise completely different) had the same cheap $5 ripoff network card. These were causing the crashes.
Replaced those and the software worked perfectly -- ran 24/7 for 3 years without a hitch. The one time it did stop, was the NetWare stack crashing underneath.
For those that like the history of the Cracking scene - there was a set of binary-patching SoftICE extensions called "nticedump" and "icedump". They were pretty nuts, too - one reverse engineer got annoyed by his music playback stopping when he was in SoftICE, so he hacked an MP3 player into the SoftICE driver.
"I used SoftICE extensively from 96-00'-ish ... to the extent that as a teenager I had single-step dreams and dreams where I tried to hit CTRL-D.".
That.
wrt everything stopping while using SICE, I remember looking at the windows clock and seeing 02:00AM , and thinking "I'm still on schedule", turning my head and seeing the sunrise from my window. Look at my watch: 06:20AM. Woops!
While I am also walking down memory lane -- writing recursive SoftICE macros so that one could make SoftICE single-step 50k times and write the log to a file.
There is a similar approach for a modern age - use the hypervisor for the debugger agent. The application called HDBG[1]. It was never production-ready though, so not so famous. Another similar application is PulseDBG[2]. It's not exactly like SoftICE, but allows you to observe the execution process locally[3], which is sometimes enough.
OllyDbg is dead too though, I recommend to use x32dbg/x64dbg[1]. It's open source and actively developed by a team of maintenances. And it's extendable with plugins and scripting.
OllyDbg is technically dead but it still works as well as ever (for 32-bit software). I still break it out sometimes. I find it much smoother to use than x64dbg (maybe just due to using it more, but I do think OllyDbg nailed the debugger experience really well).
IDA Pro was also something I remember playing around with at some point during this time period when SoftICE was also well known and used.
Can't say I've done any low level debugging or attempts at reverse engineering since long ago though. Most work these days is abstracted so far above these layers you don't have to go down nearly as deep to muck around. Plus as an adult, many tasks these tools are useful for aren't in business interests (outside of security and driver development). It goes to show how much development has sort of shifted in the past 20 years.
This part of the explanation of what happened to it is extremely unsatisfying:
>As of April 3, 2006 the DriverStudio product family has been discontinued because of "a variety of technical and business issues as well as general market conditions". Maintenance support was offered until March 31, 2007.
From reading about SoftICE, it seems to have been doing what other debuggers could not. So how could they not find enough customers to keep it going? Does anyone know what actually happened?
SoftIce was one of those "magical software" that made things possible. Before, you would need two computers connected via a serial port to do actual kernel debugging.
When VMWare arrived, SoftIce was becoming less useful, because a virtual machine offers better isolation and you can quickly revert to a previous state. When doing, for example, file system development, trashing a computer would not be rare.
By then, I know my setup was VMWare machines + MSFT WinDbg. Also, I could stop my VM and inspect the VM with a hex editor. Potent combo.
In parallel, during that time, I suspect the cost of developing SoftIce exploded: more updates from MSFT, a lot of security features that would prevent SoftIce from working, new features from the CPU like hardware protection of the RAM, etc.
Last, the most significant user base of SoftIce was broke hackers who would use it to crack protections. Unsurprisingly, those guys didn't have a license.
I am willing to guess the general security practices of operating systems improved post-XP, making something like SoftICE prohibitively difficult to develop. There's another word for software that runs undetectable to the OS: rootkit.
It was widely pirated. The same applies to IDA Pro. When a major part of the target market is people trying to remove copy protection, it's very hard to stop them from doing this.
As amazing as it was, it was a specialist tool that few people needed, with very few of those being able to actually afford it. It was licensed per-machine at a starting cost of $1500.
Ha! I used to be one of those 90's skiddies. Nights of struggle with SoftICE eventually allowed me to crack some stuff "real time", although i failed to write functioning cracks using it.
It was along this journey however that i arrived at the point where I started to understand how a PC & OS really functions. Unknowingly, SoftICE came to co-direct my life for the better.
Ah efnet. That place was the wild west since they never adopted services. I remember channel takeovers and recoveries with extreme tactics like forcing netsplits with DOS attacks on the servers. Having to run an eggdrop bot to re-op people when they join a channel. Running your own bot to keep your nick from being stolen. Good times.
Your argument is invalid. Not the absence of services but rather the fact that back then you could crash a box by means of simply sending a single well crafted TCP packet to your adversary. It was adventure among the kids, and the "elders" did not really care plus no one in their right mind dared assaulting their source of knowledge. ( And shell accounts :P )
Wow more memories. Yes it was too easy to exploit the system for personal gain which was exactly the point of services. If someone managed to take over a channel, chanserv would immediately and automatically restore ownership. It's impossible to use someone else's handle when nickserv requires auth.
My favourite was using SoftICE to crack itself, but I learned a lot about debugging and low-level coding via +fravia's writeups, amongst others.
It helped that when I was a teen one of the reasons I got interested in programming, and assembly language, wasn't so much to create new "things", as it was to cheat at games.
The first step was always removing the copy-protection stuff, so you could access the game code. Then you could explore and patch the binaries for infinite lives, health, & etc.
I've still got some printed magazines from the 90s where my POKEs were printed for ZX Spectrum games.
I don’t remember any scripting or even great tutorials or anything in the softice days. If you were using softice, you were definitely a step above a script kiddie.
It was the Hercules monitor support that had those amber fossils still sitting on the desks of every video card driver authors desks (and games programmers too) into the late nineties. VxD dot commands allowed you to extend and use a plethora of debug commands beyond the built in. Once Windows had working multimonitor support, that crucial aspect of Softice's utility was no longer unique.
I used this, and you had that kind of power over the machine only in the low-end architectures, Z80, 6502 and on the enterprise, on IBM mainframes, to breakpoint and stop and look at what the processors was doing. Of course, you still can do the same thing on mainframes, but we are forgetting that in the end, on our X64 machines, that we are all running machine code.
I did it on my first debugging project where I had to teach myself assembly. Had no idea it was a special task! Just knew it had to get done, got “some program called soft ice” to do it, got to work.
Yes, me! I also had a hardware switch wired to the ISA bus so I could generate a non-masking interrupt to break into the debugger no matter what the application was doing.
We also used the mono monitor when developing games in the 90s. We were able to display log messages and stats on a separate screen. It was a super useful trick.
I had always wondered about that feature. I reckon Turbo Debugger supported it too but MDA adapters were hard to find when I started my debugging adventures.
Yes, Turbo Debugger, it supported MDA - another department on our faculty had a separate machine for AutoCAD with 2 monitors, and I spent quite a lot of time on that machine debugging graphical programs in TD...
I used it for only one task but it was worth the price anyway--I needed support for both VGA and monochrome on the same machine. As the years went by there were fewer and fewer monochrome cards and the cards became worse and worse at playing nice together. It eventually reached the point where we couldn't find any that would behave--I ended up stepping through the initialization code for the monochrome (which was in ROM, no breakpoints otherwise) and noting exactly what it told the card and reproducing that in my code. (By then 100% of my screen writing was in my code, the lack of that capability didn't matter.)
btw, there was also a Syser debugger, developed as a replacement for SoftICE, I never used it, except playing with it a little, few years ago, it was nice experience.
Although I heard they stopped the development, a little google -ing found a page with fresh release and win10 support claim, but I have no idea, how the legitimate is it
https://qpdownload.com/syser-debugger/
Would appreciate to hear any info about current status of Syser
UPDATE:
Just FYI, after lurking a bit over the github repo and associated links, found that gihub repo maintainer seems to be a pretty qualified reverse engineer, for example, he made his own independent skype protocol reconstruction
(https://marakew.github.io) and the README.md in gihub repo say, that Syser sources were lost due to the corrupt flash drive, so I guess he was one of the (author?) developers of Syser.
Still would be happy to hear more, if somebody know the full story.
It had a kernel-mode mp3 player so that you could shred software protections while listening to your favorite music (among other cool features of course)
You use WinDbg and do kernel debugging. The newer WinDbgX UI is quite nice lately. However, there's no replacement for live debugging on the same machine the way that SoftICE did it.
SoftICE being called ancient really amuses me. I recall my childhood in the 90s/00s learning how software and game activation codes work, and how to bypass them using SoftICE, it was really quite sad that it didn't go beyond XP.
As a debugger you could automate everything and catch any error in existence. It made myself hundreds of times more productive.
I maintained a Windows partition just for using it. I used Linux and mac but I usually debuged my programs on SoftIce under Windows. I had to port all my programs to use it. It was that good.
I learned how to use it from a cracking group. It took a long time to be proficient at it, but even to this day lldb or gdb or anything in Windows can't come close of what SoftIce could do.
Mucking around with SoftICE was essential to my understanding of reverse engineering and low-level programming. It was an amazing piece of software, as was all the other NuMega products!
That feeling when you are pressing SoftIce popup hotkey and guessing will application survive or not. then your computer just freeze :D just old good times
Seriously the coolest tool to tinker with in my youth. Gave you so much control. It felt like magic to halt execution of a DOS program to inspect exactly what it's doing instruction by instruction, patching code or injecting chunks of self-modifying code.
This is a piece of computer history. They should release it as open source. Get some free publicity for whatever their actual revenue-generating products are.
I've always felt like I have neglected debuggers to my own detriment. Print debugging is just very convenient and once you get in that habit it's hard to stop. On rare occasions where I didn't know where in the code or in the system to start they've always shined.
This was a great learning tool to understand how programs actually allocate and use memory. Long before I had taken an architecture class and understood big endian and little endian, I had learned all about it by searching for values in memory. From there you could basically deconstruct the C structs used to handle the memory and then write a pretty simple TSR to cheat the heck out of DOS games. If I recall correctly, at least some of the time I was even able to use it to cheat at APCIDoom - which was a specialized launcher for Doom that let you play four player deathmatches through your local multi-line BBS.