SoftIce 3.0 Quick Reference..... By ZeroDay [Feb 07 1997]
==============================================================================
SOFTICE COMMANDS
==============================================================================
SETTING BREAKPOINTS:
BPM Breakpoint on memory access
BPMB Breakpoint on memory access
BPMW Breakpoint on memory access
BPMD Breakpoint on memory access
BPR Breakpoint on memory range
BPIO Breakpoint on I/O port access
BPINT Breakpoint on interrupt
BPX Breakpoint on execution
BMSG Breakpoint on windows message
BSTAT Breakpoint statistics
CSIP Set CS:EIP range qualifier
MANIPULATING BREAKPOINTS:
BPE Edit breakpoint
BPT Use breakpoint as a template
BL List current breakpoints
BC Clear Breakpoint
BD Disable breakpoint
BE Enable breakpoint
BH Breakpoint history
DISPLAY/CHANGE MEMORY:
R Display/change register contents
U Un-Assemblers instructions
D Display memory
DB Display memory
DW Display memory
DD Display memory
DS Display memory
DL Display memory
DT Display memory
E Edit memory
EB Edit memory
EW Edit memory
ED Edit memory
ES Edit memory
EL Edit memory
ET Edit memory
PEEK Read from physical address
POKE Write to physical address
H Help on specified function
? Evaluate expression
VER SoftIce version
WATCH Add watch
FORMAT Change format of data window
DATA Change data window
DISPLAY SYSTEM INFORMATION:
GDT Display global descriptor table
LDT Display local descriptor table
IDT Display interrupt descriptor table
TSS Display task state segment
CPU Display CPU register information
PCI Display PCI device information
MOD Display windows module list
HEAP Display windows global heap
LHEAP Display windows local heap
VXD Display windows VxD map
TASK Display windows task list
VCALL Display VxD calls
WMSG Display windows messages
PAGE Display page table information
PHYS Display all virtual addresses for physical address
STACK Display call stack
XFRAME Display active exception frames
MAPV86 Display v86 memory map
HWND Display window handle information
CLASS Display window class information
VM Display virtual machine information
THREAD Display thread information
ADDR Display/change address contents
MAP32 Display 32bit section map
PROC Display process information
QUERY Display processes virtual address space map
WHAT Identify the type of expression
I/O PORT COMMANDS:
I Input data from i/o port
IB Input data from i/o port
IW Input data from i/o port
ID Input data from i/o port
O Output data to i/o port
OB Output data to i/o port
OW Output data to i/o port
OD Output data to i/o port
FLOW CONTROL COMMANDS:
X Return to host debugger or program
G Go to address
T Single step one instruction
P Step skipping calls, Int, etc
HERE Go to current cursor line
EXIT Force an exit to current dos/windows program
GENINT Generate an interrupt
HBOOT System boot (total reset)
MODE CONTROL:
I1HERE Direct INT1 to SoftIce
I3HERE Direct INT3 to SoftIce
ZAP Zap embedded INT1 or INT3
FAULTS Enable/disable SoftIce fault trapping
SET Change an internal variable
CUSTOMIZATION COMMANDS:
PAUSE Control display scroll mode
ALTKEY Set key sequence to invoke window
FKEY Display/Set function keys
DEX Display/assign window data expression
CODE Display instruction bytes in code window
COLOR Display/set screen colors
ANSWER Auto-answer and redirect console to modem
DIAL Redirect console to modem
SERIAL Redirect console
TABS Set/Display tab settings
LINES Set/display number of lines on screen
PRN Set printer output port
MACRO Define a named macro command
UTILITY COMMANDS:
A Assemble code
S Search for data
F Fill memory with data
M Move data
C Compare two data blocks
WINDOW COMMANDS:
WC Toggle code window
WD Toggle data window
WF Toggle floating point stack window
WL Toggle locals window
WR Toggle register window
WW Toggle watch window
EC Enable/disable code window
. Locate current instruction
WINDOW CONTROL:
CLS Clear window
RS Restore program screen
ALTSCR Change to alternate display
FLASH Restore screen during P and T
SYMBOL/SOURCE COMMANDS:
SYMLOC Relocate symbol base
EXP Display export symbols
SRC Toggle between source,mixed & code
TABLE Select/remove symbol table
FILE Change/display current source file
SS Search source module for string
TYPES List all types, or display type definition
LOCALS Display locals currently in scope
BACK TRACE COMMANDS:
SHOW Display from backtrace buffer
TRACE Enter backtrace simulation mode
XT Step in trace simulation mode
XP Program step in trace simulation mode
XG Go to address in trace simulation mode
XRSET Reset backtrace history buffer
SPECIAL OPERATORS:
. Preceding a decimal number specifies a line number
$ Preceding an address specifies SEGMENT addressing
# Preceding an address specifies SELECTOR addressing
@ Preceding an address specifies indirection
LINE EDITOR KEY USAGE:
[PRINT-SCREEN] Dump Screen to printer
[UP ARROW] Recall previous command line
[DOWN ARROW] Recall next command line
[RIGHT ARROW] Move cursor right
[LEFT ARROW] Move cursor left
[BACKSPACE] Back over last character
[HOME] Start of line
[END] End of line
[INS] Toggle insert mode
[DEL] Delete character
[ESC] Cancel current command
SCROLLING KEY USAGE:
[PAGEUP] Display previous page of display history
[PAGEDOWN] Display next page of display history
[ALT-DN ARROW] Scroll data window down one line
[ALT-UP ARROW] Scroll data window up one line
[ALT-PAGEUP] Scroll data window down one page
[ALT-PAGEDOWN] Scroll data window up one page
[CTRL-UP ARROW] Scroll code window down one line
[CTRL-DN ARROW] Scroll code window up one line
[CTRL-PAGEUP] Scroll code window down one page
[CTRL-PAGEDOWN] Scroll code window up one page
==============================================================================
==============================================================================
SOFTICE TABLE OF OPERATORS (USED FOR EXPRESSIONS)
==============================================================================
Indirection Operators Example
----------------------- ------------------------------------------------------
-> ebp->8 (Gets DWord Pointed To By ebp+8)
. eax.1C (Gets DWord Pointed To By eax+1C)
* *eax (Gets DWord Value Pointed To By eax)
@ @eax (Gets DWord Value Pointed To By eax)
&symbol &symbol (Gets the address of the symbol)
------------------------------------------------------------------------------
Math Operators Example
----------------------- ------------------------------------------------------
Unary + +42 (Decimal)
Unary - -42 (Decimal)
+ eax + 1
- ebp - 4
* ebx * 4
/ Symbol / 2
% (Modulo) eax % 3
<< (Logical Shift Left) bl << 1 (Result is bl shifted left by 1)
>> (Logical Shift Right)eax >> 2 (Result is eax shifted right by 2)
------------------------------------------------------------------------------
BitWise Operators Example
----------------------- ------------------------------------------------------
& (Bitwise AND) eax & F7
| (Bitwise OR) Symbol | 4
^ (Bitwise XOR) ebx ^ 0xFF
~ (Bitwise NOT) ~dx
------------------------------------------------------------------------------
Logical Operators Example
----------------------- ------------------------------------------------------
! (Logical NOT) !eax
&& (Logical AND) eax && ebx
|| (Logical OR) eax || ebx
== (Compare Equality) Symbol == 4
!= (Compare InEquality) Symbol != al
< eax < 7
> bx > cx
<= ebx <= Symbol
>= Symbol >= Symbol
------------------------------------------------------------------------------
Special Operators Example
----------------------- ------------------------------------------------------
. (Line Number) .123 (Value is Address of line 123 in source file)
() (Grouping Symbols) (eax+3)*4
, (Arguements List) Function(eax,ebx)
: (Segment Operator) es:ebx
Function word(Symbol)
# (Prot-Mode Selector) #es:ebx (Address is protected mode Selector:Offset)
$ (Real-Mode Segment) $es:di (Address is real mode segment:offset)
==============================================================================
==============================================================================
SOFTICE BUILT IN FUNCTIONS:(USED FOR EXPRESSIONS)
==============================================================================
Name Description Example
--------------- ------------------------------- ------------------------------
BYTE Get Low Order Byte ? Byte(0x1234=0x34
WORD Get Low Order Word ? Word(0x12345678)=0x5678
DWORD Get Low Order DWord ? DWord(0xFF)=0x000000FF
HIBYTE Get High Order Byte ? HiByte(0x1234)=0x12
HIWORD Get High Order Word ? HiWord(0x12345678)=0x1234
SWORD Convert Byte To Signed Word ? SWord(0x80)=0xFF80
LONG Convert Byte Or Word To signed ? Long(0xFF)=0xFFFFFFFF
Long ? Long(0xFFFF)=0xFFFFFFFF
WSTR Display as UniCode String ? WSTR(cax)
FLAT Convert to a selector relative ? Flat(fs:0)=0xFFDFF000
address to a linear (flat) addr
CFL Carry Flag ? CFL=Bool-Type
PFL Parity Flag ? PFL=Bool-Type
AFL Auxiliary Flag ? AFL=Bool-Type
ZFL Zero Flag ? ZFL=Bool-Type
SFL Sign Flag ? SFL=Bool-Type
OFL OverFlow Flag ? OFL=Bool-Type
RFL Resume Flag ? RFL=Bool-Type
TFL Trap Flag ? TFL=Bool-Type
DFL Direction Flag ? DFL=Bool-Type
IFL Interrupt Flag ? IFL=Bool-Type
NTFL Nested Task Flag ? NTFL=Bool-Type
IOPL IOPL Level ? IOPL=Current IO Privilege
Level
VMFL Virtual Machine Flag ? VMFL=Bool-Type
IRQL Windows NT OS IRQ Level ? IRQL=Unsigned-Char
DATAADDR Returns The Address Of The dd @DATAADDR
First Item Displayed In Data
Window
CODEADDR Returns The Address Of The ? CODEADDR
First Instruction Displayed In
The Code Window
EADDR Effective Address (If Any) Of EADDR
The Current Instructions
EVALUE Current Value Of The Effective EVALUE
Address
PROCESS KPEB(Kernal Process Environment ? PROCESS
Block) Of The Active OS Process
THREAD KTEB(Kernal Thread Environment ? THREAD
Block) Of The Active OS Thread
PID Active Process ID ? PID == Test32PID
TID Active Thread ID ? TID == Test32MainTID
BPCOUNT BreakPoint Instance Count BPIF bpcount==0x10
BPTOTAL BreakPoint Total Count BPIF bptotal==0x10
BPMISS BreakPoint Instance Miss Count BPIF bpmiss==0x20
BPLOG BreakPoint Silent Log BPIF bplog
BPINDEX Current BreakPoint Index # BPDO "bd bpindex"
==============================================================================
==============================================================================
SOFTICE TABLE OF OPERATOR PRECEDENCE (USED FOR EXPRESSIONS)
==============================================================================
Operator Associates Comment
--------------- --------------- ----------------------------------------------
(,),FUNCTION Scopes(Precedence OverRide),Function
->,. Left To Right Indirection
: Left To Right Segment:Offset
#,$ Right To Left Protected Mode Selector,Real Mode Segment
*,@ Right To Left Indirection
Unary + Default Radix == Decimal
Unary - Default Radix == Decimal
!,~ Logical Not,Bitwise Not
. Line Number
*,/,% Left To Right Multiply,Divide,Modulo
+,- Left To Right Plus,Minus
<<,>> Left To Right Logical Shift Left, Logical Shift Right
<,<=,>,>= Left To Right Less Than,Less Than Equal,Greater Than.....
==,!= Left To Right Equal To,Not Equal To
& Left To Right Bitwise AND
^ Left To Right BitWise XOR
| Left To Right BitWise OR
&& Left To Right Logical AND
|| Left To Right Logical OR
COMMA Left To Right Argument List
------------------------------------------------------------------------------
Use of Parenthisis () overrides precedence (means its done first)
==============================================================================