Quote:
Originally posted by volodya
Satyric0n
Let me clarify the situation for you.
Suppose you are researching ntdll.dll. Let it be LdrLoadDll function. Previously you need only do Ctrl+D, bpx LdrLoadDll and that's it and that's all.
Now you have to go to page LdrLoadDll write down PHYSICAL address and put CC over there MANUALLY! Isn't it a pain in the ass?
|
Not really.. Just write an app that you know will call LdrLoadDll (either some framework function will call it or you can call it yourself), run that app, ATTACH to that app, and set the bpx.
So, unless you need to set a break on that function when
any process in the system calls it (in which case, just hook the API call and set a breakpoint in the hook function), I don't see what's so bad about just using ATTACH...
Or maybe I'm still missing the point?
EDIT: Are you saying that you can set the bpx but it doesn't break correctly (this is what I assumed you meant previously), or that you can't even set the bpx at all? If you can't even set the bpx (by name), you just need to go to the SoftICE Initialization->Exports tab and put ntdll.dll (for your LdrLoadDll example) in the list and reboot. (I put ntdll, kernel32, user32, gdi32, etc, in this list, for a total of about 15 files).