As SoftIce is officially dead, you might want to find its substitution. There is one product which aims to fully substitute SoftIce – Syser debugger, which proposes pretty close user interface, and “live” debugging of kernel on a host machine:
According to documentation, all command line commands are fully softice compatible (you can check all commands in help file which is included in trial version of the product). The whole user interface is pretty close to SoftIce, but with the following differences:
1. Al frames are “more windows like”
2. You have more advanced context menu when clicking on item (which results in more advanced possibilities, for example, changing comments just after the instruction)
3. More user friendly colors highlights. For example, if you hit the line “jz address” and the control is going to be passed to that address, the branch line is colored with yellow color
4. OllyDbg like “CPU” window, which shows are registers of CPUs
5. OllyDbg like “Stack window” with hints and some analysis
6. Possibility to insert bookmarks
7. Calculator 🙂
8. Virtual keyboard (it allows you to type cmds using only mouse)
9. Embedded PE Explorer
10. Separate windows for IDT, GDT, LDT, Processes, Modules and Pages
11. And much more …
After some time of work, I have a feeling, that this debugger was trying to achieve the power of SoftIce by its possibility to debug the kernel code on host machine, and the flexibility of OllyDbg by allowing to put comments, view things in different windows, highlighting the code branches, etc.
Even taking into account, that the whole debugger is more assembly oriented (unlike WinDbg), the Syser also has the possibility to debug drivers with sources (for this, it has “Source Explorer” window, which I personally did not use.
I personally think that Syser makes competition to all popular debuggers existing nowadays. I will try to compare it with each of them.
1. OllyDbg vs Syser
OllyDbg looses in debugging kernel mode code (it does not debug it at all). However it wins in more advanced assembly output, due to custom analyzer which shows params for all api functions, which makes more advanced static and dynamic analysis. I think that next version of Syser will cover this gap, and will take the advantage of OllyDbg by applying it to both kernel and user mode debugging.
2. SoftIce vs Syser
SoftIce looses in stability. SoftIce looses in many useful features like putting comments, having windows for things like gdt, idt, ldt, processes, and the rest. While the second issue is not that big, the first is a really tragedy (I mean the instability of SoftIce). The biggest plus of Syser is that it has support …
3. WinDbg vs Syser
Assembly debugging in WinDbg is something awful. It makes no analysis of assembly. It does not give any hints while analyzing the code. The assembly window is also not useful. You cannot scroll assembly, because it somehow screws up the whole view. WinDbg does not allow to do a kernel debug on host machine; it requires two computers for this. So, Syser simply wins in all this fields. However, WinDbg supports analysis for crash dumps, and it allows to analyze the Windows structures (dt command) if pdb symbols are properly set.
And now the sad facts. Once I heard about Syser, I visited the official web site, and downloaded the trial version here: http://www.sysersoft.com/download.html. Then I tried it in my virtual machines. All 5 (five) virtual machines had a BSODs. I also give a try, and installed it on my real home machine. And it also resulted in BSOD.
A few months later, I downloaded next version, which is working fine on my virtual machines, but it is totally usless on my real machine. When I try to launch debugger, the Syser console simply disappeares. Although I believe this will be fixed, it makes bad impression as a first expirience with debugger.
So, the top line of my post. Syser is a powerful debugger, and is “a must have tool” for engineers which are working with machine code at kernel level, but for the moment, the debugger is not yet stable, and it will take some time (I believe) to make it a hand tool for me.