用SoftICE调试Boot－Mode Driver

Filter drivers are loaded before boot file system drivers and SoftIce\'s nms symbol files are not loaded at the time the filter is loaded. The latest version of SoftICE has a feature for pre-loading symbol tables to handle situations of this sort.

To allow boot mode driver writers to debug DriverEntry, we have developed the SoftICE Symbol Driver (SIWSYM). This is a boot driver that is loaded BEFORE SoftICE during the boot process. This driver contains a discardable INIT segment which will contain an in-memory image of the files that SoftICE will need to load completely at boot time.

Setting up Siwsym
When SoftICE starts up, it locates the SIWSYM driver and requests the address of the file image table. Whenever SoftICE needs to open a file, it will first check the list of files contained in the SIWSYM file image area. If the file is found there, SoftICE will use the copy of the file in memory. If the file is not found in the SIWSYM file image area (or if SIWSYM fails to load for some reason), SoftICE will revert back to using the standard OS functions to request file access.

Installing SIWSYM
Copy the siwsym.sys file from the ntice directory into your %SystemRoot%\\System32\\Drivers directory. Then save the text below as a .reg file and enter it into the registry. You will need to make the appropriate changes for your version of NT or Windows 2000. Then you will need to modify the group order for both NTICE and SIWVID. These must match the group for Siwsym. Change the Tag for NTICE and SIWVID to be 0x2.

[REGEDIT4]

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Siwsym]

\"Type\"=dword:00000001

NT4:

\"Group\"=\"System Bus Extender\"

W2K:

\"Group\"=\"System\"
\"ErrorControl\"=dword:00000001
\"Start\"=dword:00000000
\"Tag\"=dword:00000001

Finally, run ICEPACK.EXE and reboot.

Using ICEPACK.EXE
The files are added to the SIWSYM driver by a command line utility called ICEPACK.EXE. This utility will automatically load several files that SoftICE, as well as WINICE.DAT and any files that are referenced by WINICE.DAT (in LOAD= and EXP= lines). Be careful in how much space your symbols files require as that much space (in RAM) is allocated to the INIT segment of the SIWSYM driver. If your symbol files take up too much space, the SIWSYM driver will not load and your symbols and sources will not be available.

Don\'t Forget To Run ICEPACK.EXE!
Remember that any time you change one of the files referenced by WINICE.DAT, you need to re-run ICEPACK.EXE to update the SIWSYM.SYS file. The same holds true if you modify WINICE.DAT itself (either manually, or via LOADER32). If you forget to rerun ICEPACK.EXE, you will be debugging with out-of-date settings, symbols and sources