Ha! I used to be one of those 90's skiddies. Nights of struggle with SoftICE eventually allowed me to crack some stuff "real time", although i failed to write functioning cracks using it.
It was along this journey however that i arrived at the point where I started to understand how a PC & OS really functions. Unknowingly, SoftICE came to co-direct my life for the better.
Ah efnet. That place was the wild west since they never adopted services. I remember channel takeovers and recoveries with extreme tactics like forcing netsplits with DOS attacks on the servers. Having to run an eggdrop bot to re-op people when they join a channel. Running your own bot to keep your nick from being stolen. Good times.
Your argument is invalid. Not the absence of services but rather the fact that back then you could crash a box by means of simply sending a single well crafted TCP packet to your adversary. It was adventure among the kids, and the "elders" did not really care plus no one in their right mind dared assaulting their source of knowledge. ( And shell accounts :P )
Wow more memories. Yes it was too easy to exploit the system for personal gain which was exactly the point of services. If someone managed to take over a channel, chanserv would immediately and automatically restore ownership. It's impossible to use someone else's handle when nickserv requires auth.
I don’t remember any scripting or even great tutorials or anything in the softice days. If you were using softice, you were definitely a step above a script kiddie.
My favourite was using SoftICE to crack itself, but I learned a lot about debugging and low-level coding via +fravia's writeups, amongst others.
It helped that when I was a teen one of the reasons I got interested in programming, and assembly language, wasn't so much to create new "things", as it was to cheat at games.
The first step was always removing the copy-protection stuff, so you could access the game code. Then you could explore and patch the binaries for infinite lives, health, & etc.
I've still got some printed magazines from the 90s where my POKEs were printed for ZX Spectrum games.
I did it on my first debugging project where I had to teach myself assembly. Had no idea it was a special task! Just knew it had to get done, got “some program called soft ice” to do it, got to work.
I've always felt like I have neglected debuggers to my own detriment. Print debugging is just very convenient and once you get in that habit it's hard to stop. On rare occasions where I didn't know where in the code or in the system to start they've always shined.
Ancient? Ughh. I remember using SoftICE to cheat in games back in the 1990’s. Wonderful software, I wish I would’ve been knowledgeable to do something more useful than making myself invincible in Mortal Kombat or giving my characters super powers in UFO: Enemy Unknown (aka: X-Com outside North America).
This was a great learning tool to understand how programs actually allocate and use memory. Long before I had taken an architecture class and understood big endian and little endian, I had learned all about it by searching for values in memory. From there you could basically deconstruct the C structs used to handle the memory and then write a pretty simple TSR to cheat the heck out of DOS games. If I recall correctly, at least some of the time I was even able to use it to cheat at APCIDoom - which was a specialized launcher for Doom that let you play four player deathmatches through your local multi-line BBS.
Yup! Discovering SoftICE was a game changer. Various advanced SoftICE diablo 1 and diablo 2 multiplayer “enhancements” circulated back in the day... ones like bypassing the maximum level cap, making your user not render in multiplayer so you couldn’t be clicked on during pvp, among others.
+orc and fravia +hcu stuff ate up loads of my free time in the late 90s and definitely helped later on once I got a formal computer science and engineering degree.
SoftICE and Diablo are the reasons I have a passion for software security and do software development for a living! Ripping Diablo and battle.net to pieces to understand how to make it do what I wanted it to do instead of what Blizzard wanted it to do was how I spent a good chunk of my childhood.
So yes, thank you very much for literally changing my life, SoftICE!
> +orc and fravia +hcu stuff ate up loads of my free time in the late 90s
Ha ha, yeah me too. It was interesting to see how cracking affected software development too. Paintshop Pro 2(?) was the easiest "Hello, world" crack, but the next version was really difficult. I never got to the bottom of it. Their registration verification code seemed to be littered throughout a load of their initialisation functions instead being the simple `if isValid(userCode) unlock()` it once was.
That said, it would no doubt have been easier to reverse engineer if I could have forward engineered at the time... QBasic wasn't really a good gateway to assembler :-D
Yea. I take the ancient part as a personal attack!
I used SoftIce to crack some blowfish licensing scheme of a company that went under.
It was eye opening to be able to pause Windows 95 completely. That sometimes I’d be stepping through code and all of a sudden the code style, memory locations and format all changed because the OS had interrupted and was doing something like painting the mouse.
Used it to hack transparent walls into QW and Quake2 - and it worked online flawlessly. Servers mostly checked for proxies, but not for changed binaries.
SoftICE oozed of hax0rz. I did the same thing, training old games like Alley Cat, Digdug, Eagle's Nest, Captain Comic etc. All about getting infinite life, energy, ammo.
Then it was cracking copy protection. A couple of NOP's and a JMP to the correct place (for the easy ones).
#cracking4newbies on EFnet. +ORC (Old Red Cracker), +Fravia and everyone in +HCU (High Cracking University). Wow.. I remember I used to have dreams.
Then win32 came along, and made everything much more complicated.
I really enjoyed Fravia's page back in the day and one of my all time favorite sites by +Malattia (had to search a bit to find it): http://3564020356.org/
Which reminds me...I never figured out that hash-maze but back in the day I thought it was the coolest thing ever. Maybe current-day me will fare better.
I’ve been trying to find this site for years! All of this time, I’ve been convinced it was +mammon I was looking for, but it’s all coming back to me now.
I don’t remember a hash maze, all I remember is that I got stuck for weeks on some puzzle related to wiring schematics, and eventually gave up.
> I remember using SoftICE to cheat in games back in the 1990’s.
Pretty much the intro to cracking software and hacking games for 90s kids.
> I wish I would’ve been knowledgeable to do something more useful than making myself invincible in Mortal Kombat or giving my characters super powers in UFO: Enemy Unknown (aka: X-Com outside North America).
Or maybe you were too busy owning noobs to do anything else.
I really learned to code writing all kinds of hacks for half-life and its numerous mods (mostly counterstrike) and helping teach others to (but not releasing binaries as ruining other peoples' fun wasn't the real goal). I'm grateful for those years and how they formed my views about programming. My neglected personal homepage is still just a little crappy homage to it: http://wrmsr.com/ :)
OllyDbg is dead too though, I recommend to use x32dbg/x64dbg[1]. It's open source and actively developed by a team of maintenances. And it's extendable with plugins and scripting.
OllyDbg is technically dead but it still works as well as ever (for 32-bit software). I still break it out sometimes. I find it much smoother to use than x64dbg (maybe just due to using it more, but I do think OllyDbg nailed the debugger experience really well).
IDA Pro was also something I remember playing around with at some point during this time period when SoftICE was also well known and used.
Can't say I've done any low level debugging or attempts at reverse engineering since long ago though. Most work these days is abstracted so far above these layers you don't have to go down nearly as deep to muck around. Plus as an adult, many tasks these tools are useful for aren't in business interests (outside of security and driver development). It goes to show how much development has sort of shifted in the past 20 years.
There is a similar approach for a modern age - use the hypervisor for the debugger agent. The application called HDBG[1]. It was never production-ready though, so not so famous. Another similar application is PulseDBG[2]. It's not exactly like SoftICE, but allows you to observe the execution process locally[3], which is sometimes enough.
This part of the explanation of what happened to it is extremely unsatisfying:
>As of April 3, 2006 the DriverStudio product family has been discontinued because of "a variety of technical and business issues as well as general market conditions". Maintenance support was offered until March 31, 2007.
From reading about SoftICE, it seems to have been doing what other debuggers could not. So how could they not find enough customers to keep it going? Does anyone know what actually happened?
I am willing to guess the general security practices of operating systems improved post-XP, making something like SoftICE prohibitively difficult to develop. There's another word for software that runs undetectable to the OS: rootkit.
As amazing as it was, it was a specialist tool that few people needed, with very few of those being able to actually afford it. It was licensed per-machine at a starting cost of $1500.
It was widely pirated. The same applies to IDA Pro. When a major part of the target market is people trying to remove copy protection, it's very hard to stop them from doing this.
SoftIce was one of those "magical software" that made things possible. Before, you would need two computers connected via a serial port to do actual kernel debugging.
When VMWare arrived, SoftIce was becoming less useful, because a virtual machine offers better isolation and you can quickly revert to a previous state. When doing, for example, file system development, trashing a computer would not be rare.
By then, I know my setup was VMWare machines + MSFT WinDbg. Also, I could stop my VM and inspect the VM with a hex editor. Potent combo.
In parallel, during that time, I suspect the cost of developing SoftIce exploded: more updates from MSFT, a lot of security features that would prevent SoftIce from working, new features from the CPU like hardware protection of the RAM, etc.
Last, the most significant user base of SoftIce was broke hackers who would use it to crack protections. Unsurprisingly, those guys didn't have a license.
I used this, and you had that kind of power over the machine only in the low-end architectures, Z80, 6502 and on the enterprise, on IBM mainframes, to breakpoint and stop and look at what the processors was doing. Of course, you still can do the same thing on mainframes, but we are forgetting that in the end, on our X64 machines, that we are all running machine code.
I used SoftICE to debug a multitasking IVR application I'd written in C/C++ with a stack-switching kernel on top of MS-DOS :) Great project, but it would crash once or twice a day on both the test machines we had. Couldn't figure out why. Went through the code with a fine-tooth comb, still at a total loss.
Enter Soft-ICE. Within a week I found that Soft ICE wouldn't interrupt in the hung state. That started making us suspicious that it might not be just our code.
What do you know -- both test machines (though otherwise completely different) had the same cheap $5 ripoff network card. These were causing the crashes.
Replaced those and the software worked perfectly -- ran 24/7 for 3 years without a hitch. The one time it did stop, was the NetWare stack crashing underneath.
You use WinDbg and do kernel debugging. The newer WinDbgX UI is quite nice lately. However, there's no replacement for live debugging on the same machine the way that SoftICE did it.
It was the Hercules monitor support that had those amber fossils still sitting on the desks of every video card driver authors desks (and games programmers too) into the late nineties. VxD dot commands allowed you to extend and use a plethora of debug commands beyond the built in. Once Windows had working multimonitor support, that crucial aspect of Softice's utility was no longer unique.
I had always wondered about that feature. I reckon Turbo Debugger supported it too but MDA adapters were hard to find when I started my debugging adventures.
Yes, Turbo Debugger, it supported MDA - another department on our faculty had a separate machine for AutoCAD with 2 monitors, and I spent quite a lot of time on that machine debugging graphical programs in TD...
Yes, me! I also had a hardware switch wired to the ISA bus so I could generate a non-masking interrupt to break into the debugger no matter what the application was doing.
We also used the mono monitor when developing games in the 90s. We were able to display log messages and stats on a separate screen. It was a super useful trick.
Mucking around with SoftICE was essential to my understanding of reverse engineering and low-level programming. It was an amazing piece of software, as was all the other NuMega products!
SoftICE being called ancient really amuses me. I recall my childhood in the 90s/00s learning how software and game activation codes work, and how to bypass them using SoftICE, it was really quite sad that it didn't go beyond XP.
Seriously the coolest tool to tinker with in my youth. Gave you so much control. It felt like magic to halt execution of a DOS program to inspect exactly what it's doing instruction by instruction, patching code or injecting chunks of self-modifying code.
84 comments
[ 6.5 ms ] story [ 163 ms ] threadEither way RIP to both of them, I was genuinely shocked when I learned of Fravia's death:
https://en.wikipedia.org/wiki/Fravia
It helped that when I was a teen one of the reasons I got interested in programming, and assembly language, wasn't so much to create new "things", as it was to cheat at games.
The first step was always removing the copy-protection stuff, so you could access the game code. Then you could explore and patch the binaries for infinite lives, health, & etc.
I've still got some printed magazines from the 90s where my POKEs were printed for ZX Spectrum games.
I've always felt like I have neglected debuggers to my own detriment. Print debugging is just very convenient and once you get in that habit it's hard to stop. On rare occasions where I didn't know where in the code or in the system to start they've always shined.
This was a great learning tool to understand how programs actually allocate and use memory. Long before I had taken an architecture class and understood big endian and little endian, I had learned all about it by searching for values in memory. From there you could basically deconstruct the C structs used to handle the memory and then write a pretty simple TSR to cheat the heck out of DOS games. If I recall correctly, at least some of the time I was even able to use it to cheat at APCIDoom - which was a specialized launcher for Doom that let you play four player deathmatches through your local multi-line BBS.
+orc and fravia +hcu stuff ate up loads of my free time in the late 90s and definitely helped later on once I got a formal computer science and engineering degree.
Thanks for the memories SoftICE!
So yes, thank you very much for literally changing my life, SoftICE!
lol
Ha ha, yeah me too. It was interesting to see how cracking affected software development too. Paintshop Pro 2(?) was the easiest "Hello, world" crack, but the next version was really difficult. I never got to the bottom of it. Their registration verification code seemed to be littered throughout a load of their initialisation functions instead being the simple `if isValid(userCode) unlock()` it once was.
That said, it would no doubt have been easier to reverse engineer if I could have forward engineered at the time... QBasic wasn't really a good gateway to assembler :-D
I used SoftIce to crack some blowfish licensing scheme of a company that went under.
It was eye opening to be able to pause Windows 95 completely. That sometimes I’d be stepping through code and all of a sudden the code style, memory locations and format all changed because the OS had interrupted and was doing something like painting the mouse.
SoftICE was awesome.
Then it was cracking copy protection. A couple of NOP's and a JMP to the correct place (for the easy ones).
#cracking4newbies on EFnet. +ORC (Old Red Cracker), +Fravia and everyone in +HCU (High Cracking University). Wow.. I remember I used to have dreams.
Then win32 came along, and made everything much more complicated.
Which reminds me...I never figured out that hash-maze but back in the day I thought it was the coolest thing ever. Maybe current-day me will fare better.
I don’t remember a hash maze, all I remember is that I got stuck for weeks on some puzzle related to wiring schematics, and eventually gave up.
You got it backwards. The PC version was known as X-COM: UFO Defense in North America and UFO: Enemy Unknown outside North America.
Pretty much the intro to cracking software and hacking games for 90s kids.
> I wish I would’ve been knowledgeable to do something more useful than making myself invincible in Mortal Kombat or giving my characters super powers in UFO: Enemy Unknown (aka: X-Com outside North America).
Or maybe you were too busy owning noobs to do anything else.
I was equally impressed with OllyDBG later on, it was more convenient (if less powerful but always seemed like amazing software for just one author.
[1] https://x64dbg.com/
Can't say I've done any low level debugging or attempts at reverse engineering since long ago though. Most work these days is abstracted so far above these layers you don't have to go down nearly as deep to muck around. Plus as an adult, many tasks these tools are useful for aren't in business interests (outside of security and driver development). It goes to show how much development has sort of shifted in the past 20 years.
[1] http://fdbg.x86asm.net/hdbg/hdbg.html
[2] https://github.com/honorarybot/PulseDbg
[3] https://github.com/honorarybot/PulseDbg/wiki/8.-Local-debugg...
>As of April 3, 2006 the DriverStudio product family has been discontinued because of "a variety of technical and business issues as well as general market conditions". Maintenance support was offered until March 31, 2007.
From reading about SoftICE, it seems to have been doing what other debuggers could not. So how could they not find enough customers to keep it going? Does anyone know what actually happened?
SoftIce was one of those "magical software" that made things possible. Before, you would need two computers connected via a serial port to do actual kernel debugging.
When VMWare arrived, SoftIce was becoming less useful, because a virtual machine offers better isolation and you can quickly revert to a previous state. When doing, for example, file system development, trashing a computer would not be rare.
By then, I know my setup was VMWare machines + MSFT WinDbg. Also, I could stop my VM and inspect the VM with a hex editor. Potent combo.
In parallel, during that time, I suspect the cost of developing SoftIce exploded: more updates from MSFT, a lot of security features that would prevent SoftIce from working, new features from the CPU like hardware protection of the RAM, etc.
Last, the most significant user base of SoftIce was broke hackers who would use it to crack protections. Unsurprisingly, those guys didn't have a license.
Awesome product, but makes sense it faded out.
https://corexor.wordpress.com/2016/03/01/periscope-manuals/
Enter Soft-ICE. Within a week I found that Soft ICE wouldn't interrupt in the hung state. That started making us suspicious that it might not be just our code.
What do you know -- both test machines (though otherwise completely different) had the same cheap $5 ripoff network card. These were causing the crashes.
Replaced those and the software worked perfectly -- ran 24/7 for 3 years without a hitch. The one time it did stop, was the NetWare stack crashing underneath.
So that's my SoftICE story :)
I had a problem because a company snuck their encryption scheme into their device driver. No problem with softice, today/now, it might be harder.
https://qpdownload.com/syser-debugger/ (I am not sure how much is this link legitimate, so please be careful)
https://github.com/marakew/syser
edit: The herc being the MDA compatible card that I had to debug on.
We also used the mono monitor when developing games in the 90s. We were able to display log messages and stats on a separate screen. It was a super useful trick.
Was cool seeing it go into DOS interrupt handlers