Hacker News new | past | comments | ask | show | jobs | submit login
SoftICE (wikipedia.org)
168 points by peter_d_sherman 38 days ago | hide | past | web | favorite | 82 comments

Ancient? Ughh. I remember using SoftICE to cheat in games back in the 1990’s. Wonderful software, I wish I would’ve been knowledgeable to do something more useful than making myself invincible in Mortal Kombat or giving my characters super powers in UFO: Enemy Unknown (aka: X-Com outside North America).

This was a great learning tool to understand how programs actually allocate and use memory. Long before I had taken an architecture class and understood big endian and little endian, I had learned all about it by searching for values in memory. From there you could basically deconstruct the C structs used to handle the memory and then write a pretty simple TSR to cheat the heck out of DOS games. If I recall correctly, at least some of the time I was even able to use it to cheat at APCIDoom - which was a specialized launcher for Doom that let you play four player deathmatches through your local multi-line BBS.

SoftICE oozed of hax0rz. I did the same thing, training old games like Alley Cat, Digdug, Eagle's Nest, Captain Comic etc. All about getting infinite life, energy, ammo.

Then it was cracking copy protection. A couple of NOP's and a JMP to the correct place (for the easy ones).

#cracking4newbies on EFnet. +ORC (Old Red Cracker), +Fravia and everyone in +HCU (High Cracking University). Wow.. I remember I used to have dreams.

Then win32 came along, and made everything much more complicated.

I really enjoyed Fravia's page back in the day and one of my all time favorite sites by +Malattia (had to search a bit to find it): http://3564020356.org/

Which reminds me...I never figured out that hash-maze but back in the day I thought it was the coolest thing ever. Maybe current-day me will fare better.

I’ve been trying to find this site for years! All of this time, I’ve been convinced it was +mammon I was looking for, but it’s all coming back to me now.

I don’t remember a hash maze, all I remember is that I got stuck for weeks on some puzzle related to wiring schematics, and eventually gave up.

Fun times. Which are the fun areas of tech these days?

Yup! Discovering SoftICE was a game changer. Various advanced SoftICE diablo 1 and diablo 2 multiplayer “enhancements” circulated back in the day... ones like bypassing the maximum level cap, making your user not render in multiplayer so you couldn’t be clicked on during pvp, among others.

+orc and fravia +hcu stuff ate up loads of my free time in the late 90s and definitely helped later on once I got a formal computer science and engineering degree.

Thanks for the memories SoftICE!

SoftICE and Diablo are the reasons I have a passion for software security and do software development for a living! Ripping Diablo and battle.net to pieces to understand how to make it do what I wanted it to do instead of what Blizzard wanted it to do was how I spent a good chunk of my childhood.

So yes, thank you very much for literally changing my life, SoftICE!

> +orc and fravia +hcu stuff ate up loads of my free time in the late 90s

Ha ha, yeah me too. It was interesting to see how cracking affected software development too. Paintshop Pro 2(?) was the easiest "Hello, world" crack, but the next version was really difficult. I never got to the bottom of it. Their registration verification code seemed to be littered throughout a load of their initialisation functions instead being the simple `if isValid(userCode) unlock()` it once was.

That said, it would no doubt have been easier to reverse engineer if I could have forward engineered at the time... QBasic wasn't really a good gateway to assembler :-D

Did anyone find out who +ORC really was? I rememember there were puzzles to solve to find his real identity.

I think it was just +Fravia's alternate ego for doing more legally questionable stuff

> game changer


Well spotted!

Yea. I take the ancient part as a personal attack!

I used SoftIce to crack some blowfish licensing scheme of a company that went under.

It was eye opening to be able to pause Windows 95 completely. That sometimes I’d be stepping through code and all of a sudden the code style, memory locations and format all changed because the OS had interrupted and was doing something like painting the mouse.

>UFO: Enemy Unknown (aka: X-Com outside North America).

You got it backwards. The PC version was known as X-COM: UFO Defense in North America and UFO: Enemy Unknown outside North America.

I really learned to code writing all kinds of hacks for half-life and its numerous mods (mostly counterstrike) and helping teach others to (but not releasing binaries as ruining other peoples' fun wasn't the real goal). I'm grateful for those years and how they formed my views about programming. My neglected personal homepage is still just a little crappy homage to it: http://wrmsr.com/ :)

Used it to hack transparent walls into QW and Quake2 - and it worked online flawlessly. Servers mostly checked for proxies, but not for changed binaries.

SoftICE was awesome.

> I remember using SoftICE to cheat in games back in the 1990’s.

Pretty much the intro to cracking software and hacking games for 90s kids.

> I wish I would’ve been knowledgeable to do something more useful than making myself invincible in Mortal Kombat or giving my characters super powers in UFO: Enemy Unknown (aka: X-Com outside North America).

Or maybe you were too busy owning noobs to do anything else.

I used SoftICE to debug a multitasking IVR application I'd written in C/C++ with a stack-switching kernel on top of MS-DOS :) Great project, but it would crash once or twice a day on both the test machines we had. Couldn't figure out why. Went through the code with a fine-tooth comb, still at a total loss.

Enter Soft-ICE. Within a week I found that Soft ICE wouldn't interrupt in the hung state. That started making us suspicious that it might not be just our code.

What do you know -- both test machines (though otherwise completely different) had the same cheap $5 ripoff network card. These were causing the crashes.

Replaced those and the software worked perfectly -- ran 24/7 for 3 years without a hitch. The one time it did stop, was the NetWare stack crashing underneath.

So that's my SoftICE story :)

For those that like the history of the Cracking scene - there was a set of binary-patching SoftICE extensions called "nticedump" and "icedump". They were pretty nuts, too - one reverse engineer got annoyed by his music playback stopping when he was in SoftICE, so he hacked an MP3 player into the SoftICE driver.


There was also in-SoftICE tetris.

I used SoftICE extensively from 96-00'-ish ... to the extent that as a teenager I had single-step dreams and dreams where I tried to hit CTRL-D.

"I used SoftICE extensively from 96-00'-ish ... to the extent that as a teenager I had single-step dreams and dreams where I tried to hit CTRL-D.".


wrt everything stopping while using SICE, I remember looking at the windows clock and seeing 02:00AM , and thinking "I'm still on schedule", turning my head and seeing the sunrise from my window. Look at my watch: 06:20AM. Woops!

While I am also walking down memory lane -- writing recursive SoftICE macros so that one could make SoftICE single-step 50k times and write the log to a file.

There is a similar approach for a modern age - use the hypervisor for the debugger agent. The application called HDBG[1]. It was never production-ready though, so not so famous. Another similar application is PulseDBG[2]. It's not exactly like SoftICE, but allows you to observe the execution process locally[3], which is sometimes enough.

[1] http://fdbg.x86asm.net/hdbg/hdbg.html

[2] https://github.com/honorarybot/PulseDbg

[3] https://github.com/honorarybot/PulseDbg/wiki/8.-Local-debugg...

If you're running your guest using qemu, you can also attach the gdb to that VM. It's essentially the same idea.

Oh man, SoftICE was the shit. It was a bit inconvenient to have to reboot with it enabled, but it allowed you to debug things no other debugger did.

I was equally impressed with OllyDBG later on, it was more convenient (if less powerful but always seemed like amazing software for just one author.

OllyDbg is dead too though, I recommend to use x32dbg/x64dbg[1]. It's open source and actively developed by a team of maintenances. And it's extendable with plugins and scripting.

[1] https://x64dbg.com/

OllyDbg is technically dead but it still works as well as ever (for 32-bit software). I still break it out sometimes. I find it much smoother to use than x64dbg (maybe just due to using it more, but I do think OllyDbg nailed the debugger experience really well).

WinDbg Preview is also quite good and free on Microsoft Store: https://www.microsoft.com/en-us/p/windbg-preview/9pgjgd53tn8...

IDA Pro was also something I remember playing around with at some point during this time period when SoftICE was also well known and used.

Can't say I've done any low level debugging or attempts at reverse engineering since long ago though. Most work these days is abstracted so far above these layers you don't have to go down nearly as deep to muck around. Plus as an adult, many tasks these tools are useful for aren't in business interests (outside of security and driver development). It goes to show how much development has sort of shifted in the past 20 years.

This part of the explanation of what happened to it is extremely unsatisfying:

>As of April 3, 2006 the DriverStudio product family has been discontinued because of "a variety of technical and business issues as well as general market conditions". Maintenance support was offered until March 31, 2007.

From reading about SoftICE, it seems to have been doing what other debuggers could not. So how could they not find enough customers to keep it going? Does anyone know what actually happened?

Former kernel developer here.

SoftIce was one of those "magical software" that made things possible. Before, you would need two computers connected via a serial port to do actual kernel debugging.

When VMWare arrived, SoftIce was becoming less useful, because a virtual machine offers better isolation and you can quickly revert to a previous state. When doing, for example, file system development, trashing a computer would not be rare.

By then, I know my setup was VMWare machines + MSFT WinDbg. Also, I could stop my VM and inspect the VM with a hex editor. Potent combo.

In parallel, during that time, I suspect the cost of developing SoftIce exploded: more updates from MSFT, a lot of security features that would prevent SoftIce from working, new features from the CPU like hardware protection of the RAM, etc.

Last, the most significant user base of SoftIce was broke hackers who would use it to crack protections. Unsurprisingly, those guys didn't have a license.

Awesome product, but makes sense it faded out.

I am willing to guess the general security practices of operating systems improved post-XP, making something like SoftICE prohibitively difficult to develop. There's another word for software that runs undetectable to the OS: rootkit.

It was widely pirated. The same applies to IDA Pro. When a major part of the target market is people trying to remove copy protection, it's very hard to stop them from doing this.

As amazing as it was, it was a specialist tool that few people needed, with very few of those being able to actually afford it. It was licensed per-machine at a starting cost of $1500.

Perhaps it has less of a market when you can affordably run Windows in a VM these days?

I recall those lessons for script-kiddies “Crack [software name here] with SoftICE” in early 2000s.

Ha! I used to be one of those 90's skiddies. Nights of struggle with SoftICE eventually allowed me to crack some stuff "real time", although i failed to write functioning cracks using it. It was along this journey however that i arrived at the point where I started to understand how a PC & OS really functions. Unknowingly, SoftICE came to co-direct my life for the better.

I remember hanging out in #cracking4newbies on EFnet a lot. It was pretty toxic if you weren't part of the in-group, but I learnt a lot.

Ah efnet. That place was the wild west since they never adopted services. I remember channel takeovers and recoveries with extreme tactics like forcing netsplits with DOS attacks on the servers. Having to run an eggdrop bot to re-op people when they join a channel. Running your own bot to keep your nick from being stolen. Good times.

Your argument is invalid. Not the absence of services but rather the fact that back then you could crash a box by means of simply sending a single well crafted TCP packet to your adversary. It was adventure among the kids, and the "elders" did not really care plus no one in their right mind dared assaulting their source of knowledge. ( And shell accounts :P )

Wow more memories. Yes it was too easy to exploit the system for personal gain which was exactly the point of services. If someone managed to take over a channel, chanserv would immediately and automatically restore ownership. It's impossible to use someone else's handle when nickserv requires auth.

My favourite was using SoftICE to crack itself, but I learned a lot about debugging and low-level coding via +fravia's writeups, amongst others.

It helped that when I was a teen one of the reasons I got interested in programming, and assembly language, wasn't so much to create new "things", as it was to cheat at games.

The first step was always removing the copy-protection stuff, so you could access the game code. Then you could explore and patch the binaries for infinite lives, health, & etc.

I've still got some printed magazines from the 90s where my POKEs were printed for ZX Spectrum games.

I don’t remember any scripting or even great tutorials or anything in the softice days. If you were using softice, you were definitely a step above a script kiddie.

I tried and failed to fully follow those, but it set me on a path to where I am today. Thank you, late 90's crack tutorial authors!

Orc+, I still have a copy of those tutorials somewhere

He passed away in Egypt on one of his travels suddenly, apparently: https://reverseengineering.stackexchange.com/a/2430/30837

When I first read +fravia I took it literally; these days I'm firmly of the opinion that +fravia == +orc.

Either way RIP to both of them, I was genuinely shocked when I learned of Fravia's death:


It was the Hercules monitor support that had those amber fossils still sitting on the desks of every video card driver authors desks (and games programmers too) into the late nineties. VxD dot commands allowed you to extend and use a plethora of debug commands beyond the built in. Once Windows had working multimonitor support, that crucial aspect of Softice's utility was no longer unique.

Right, I remember getting a cheap green Hercules monitor and graphics card just for SoftICE.

I used this, and you had that kind of power over the machine only in the low-end architectures, Z80, 6502 and on the enterprise, on IBM mainframes, to breakpoint and stop and look at what the processors was doing. Of course, you still can do the same thing on mainframes, but we are forgetting that in the end, on our X64 machines, that we are all running machine code.

Oh my I remember friends debugging Windows device drivers with SoftICE, that was hardcore.

I did it on my first debugging project where I had to teach myself assembly. Had no idea it was a special task! Just knew it had to get done, got “some program called soft ice” to do it, got to work.

Who else had a monochrome monitor to display Soft-ICE info while debugging video-intensive programs? Text at B000:0000 instead of B800:0000.

Yes, me! I also had a hardware switch wired to the ISA bus so I could generate a non-masking interrupt to break into the debugger no matter what the application was doing.

We also used the mono monitor when developing games in the 90s. We were able to display log messages and stats on a separate screen. It was a super useful trick.

I had always wondered about that feature. I reckon Turbo Debugger supported it too but MDA adapters were hard to find when I started my debugging adventures.

I didn't realize until now that a Herc was an upgrade over a plain MDA card. I'd forgotten how many discrete chips there were and the size of the board! https://en.wikipedia.org/wiki/Hercules_Graphics_Card

edit: The herc being the MDA compatible card that I had to debug on.

Yes, Turbo Debugger, it supported MDA - another department on our faculty had a separate machine for AutoCAD with 2 monitors, and I spent quite a lot of time on that machine debugging graphical programs in TD...

I used it for only one task but it was worth the price anyway--I needed support for both VGA and monochrome on the same machine. As the years went by there were fewer and fewer monochrome cards and the cards became worse and worse at playing nice together. It eventually reached the point where we couldn't find any that would behave--I ended up stepping through the initialization code for the monochrome (which was in ROM, no breakpoints otherwise) and noting exactly what it told the card and reproducing that in my code. (By then 100% of my screen writing was in my code, the lack of that capability didn't matter.)

btw, there was also a Syser debugger, developed as a replacement for SoftICE, I never used it, except playing with it a little, few years ago, it was nice experience.

Although I heard they stopped the development, a little google -ing found a page with fresh release and win10 support claim, but I have no idea, how the legitimate is it https://qpdownload.com/syser-debugger/

also there is rewriting project on github, with last commit from 5th June, 2019 https://github.com/marakew/syser

Would appreciate to hear any info about current status of Syser

UPDATE: Just FYI, after lurking a bit over the github repo and associated links, found that gihub repo maintainer seems to be a pretty qualified reverse engineer, for example, he made his own independent skype protocol reconstruction (https://marakew.github.io) and the README.md in gihub repo say, that Syser sources were lost due to the corrupt flash drive, so I guess he was one of the (author?) developers of Syser.

Still would be happy to hear more, if somebody know the full story.

Nothing like a kernel mode mp3 player to listen to music while you step through assembly and see some very colorful symbol names of windows internals.

If SoftICE, then not without its awesome addon IceExt - https://sourceforge.net/projects/iceext/

It had a kernel-mode mp3 player so that you could shred software protections while listening to your favorite music (among other cool features of course)

What modern debuggers/tool can do what SoftICE did? How do you debug services and device drivers modern Windows?

You use WinDbg and do kernel debugging. The newer WinDbgX UI is quite nice lately. However, there's no replacement for live debugging on the same machine the way that SoftICE did it.

As I already mentioned in other comment, there was Syser debugger, but seems to be lost now.

https://qpdownload.com/syser-debugger/ (I am not sure how much is this link legitimate, so please be careful)



I had a problem because a company snuck their encryption scheme into their device driver. No problem with softice, today/now, it might be harder.

SoftICE being called ancient really amuses me. I recall my childhood in the 90s/00s learning how software and game activation codes work, and how to bypass them using SoftICE, it was really quite sad that it didn't go beyond XP.

Probably the best software I had ever used.

As a debugger you could automate everything and catch any error in existence. It made myself hundreds of times more productive.

I maintained a Windows partition just for using it. I used Linux and mac but I usually debuged my programs on SoftIce under Windows. I had to port all my programs to use it. It was that good.

I learned how to use it from a cracking group. It took a long time to be proficient at it, but even to this day lldb or gdb or anything in Windows can't come close of what SoftIce could do.

Mucking around with SoftICE was essential to my understanding of reverse engineering and low-level programming. It was an amazing piece of software, as was all the other NuMega products!

That feeling when you are pressing SoftIce popup hotkey and guessing will application survive or not. then your computer just freeze :D just old good times

Learned SoftICE at my first job out of university, writing Windows device drivers. I also object to the “ancient” designation!

Seriously the coolest tool to tinker with in my youth. Gave you so much control. It felt like magic to halt execution of a DOS program to inspect exactly what it's doing instruction by instruction, patching code or injecting chunks of self-modifying code.

That was long time ago when NuMEGA was make really great software!

This is a piece of computer history. They should release it as open source. Get some free publicity for whatever their actual revenue-generating products are.

Not strictly related to SoftICE but those days make me reminisce about another useful tool, “Sourcer” from V Communications, anyone remember that?

I still remember those times when I forgot to switch SoftICE off and whenever Windows fucked up I ended up in SoftICE's debugger.

The good old days. SoftICE for me was essentially the OS, and Windows was just a GUI around it. Windows without SoftICE felt... empty

A really nice tool for debugging Windows drivers. God knows you needed all the help you could get :-)

I remember using it on the 90's to crack Space Empires III

On the Amiga, hrtmon.

Hmm...I remember a time before "realICE".

Ancient? I'm feeling a little old now.

I've always felt like I have neglected debuggers to my own detriment. Print debugging is just very convenient and once you get in that habit it's hard to stop. On rare occasions where I didn't know where in the code or in the system to start they've always shined.

Ancient!? shiiiit, im old ;-D how about AFD/SFD then? https://vulms.vu.edu.pk/Courses/CS401/Downloads/AFD_Tutorial...

Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact