Using NuMega SoftICE for 32-bit Windows

To use NuMega SoftICE effectively, you should be able to interpret output of SoftICE commands. In many cases, this requires understanding of Intel x86 architecture as well as Microsoft Windows architecture.

The following pages will show you outputs of commonly used SoftICE commands with visual aids. Each page contains a description and singe page GIF sheet (unfortunately, the file format converter of the tool I used was broken and it shifted some elements slightly off to left - Visio 4.0 source is available for download as well).

If you want it printed out, It is recommended to save the graphics pane as a separate GIF file, and print out from a GIF viewer/editor instead of using your Web browser. Each picture should fit in a letter size paper with 0.25 inch margin on all four sides.

How Windows NT uses GDT to implement "kernel mode" and "user mode"

Where is the memory block you just allocated with Win32 API HeapAlloc()?

Create your own heap in your process and see it with SoftICE

Interrupt Descriptor Table and SoftICE "IDT" command

Program modules (EXE, DLL) and SoftICE "QUERY" command

Walking "page directory" with SoftICE - understanding "address context"

Two ways to cause "page fault" situations, and how SoftICE reports it

How to access objects in various sections of a PE file with SoftICE

"Symbol Table" - the most important thing for source level debugging with SoftICE

SoftICE uses symbolic names to label memory object if symbol table is loaded

Note: these pages are not offical documents of Compuware NuMega Lab, but created as a personal reference. For official documentations, go to the http:// www.numega.com/.