Editing SoftICE (section)

==History==
The original '''SoftICE for DOS''' was written in 1987 by NuMega founders Frank Grossman and Jim Moskun. The program, written in [[80386]] [[assembly language]], played the role of an operating system and ran software in [[virtual 8086 mode]]. It sold for $386.

'''SoftICE/W (for Windows)''' was developed in the 1990s, and was instrumental in the Writing of "Undocumented Windows", by Andrew Schulman, David Maxey and [[Matt Pietrek]]. SoftICE/W was derived from an earlier, lesser known product, '''SoftICE for [[NetWare]]''' (32-bit [[protected mode]]). One of the key advantages it had over Microsoft's debuggers is that it enabled single machine debugging, rather than requiring a second machine to be connected over a serial port.

The principal developers of SoftICE were Dom Basile ('Mr. SoftICE'), Tom Guinther (Kitchen Sink, Symbol Engine), Gerald Ryckman (Video drivers and ''Kitchen Sink''), Ray Hsu (Video drivers for [[Windows 95]]), and Dan Babcock ('''SoftICE/NT''' 3.1/3.5: Universal video driver, symbol engine), with contributions by a variety of NuMega developers including Frank Grossman, Jim Moskun and Matt Pietrek.

In 1998, the [[codebase]] for '''SoftICE/95''' was ported to run on the [[Windows NT]] platform.

Newer versions of SoftICE patch deep into Microsoft Windows. As such, old versions of SoftICE are rarely compatible with new versions of Windows. Compuware therefore offered SoftICE as a subscription so that it could be kept up to date and in sync with the latest Microsoft Windows version.

SoftICE was previously offered as part of Compuware's DriverStudio package, but was discontinued in April 2006.

===Termination===
As of April 3, 2006, the DriverStudio product family has been discontinued because of "a variety of technical and business issues as well as general market conditions". Maintenance support was offered until March 31, 2007.

===Anti-SoftICE measures===
Software vendors have put in place a wide range of countermeasures to protect themselves from people employing SoftICE as a tool to analyse software.

For example, here is code some vendors used to detect the presence of SoftICE running in the same machine as an early countermeasure:

<syntaxhighlight lang="asm">
 mov eax, dword ptr [pIDT+2]; eax -> IDT
 add eax, 8                 ; eax -> int 1 vector
 mov ebx, [eax]             ; ebx == int 1 vector
 add eax, 16                ; eax -> int 3 vector
 mov eax, [eax]             ; eax == int 3 vector
 and eax, 0FFFFh            ; strip the selector
 and ebx, 0FFFFh            ; part of it
 sub eax, ebx               ; find displacement
 cmp eax, 10h
jne  HackedVector           ; not equal, then chances are
                            ; SoftICE had tampered with these vectors
</syntaxhighlight>

More and better such measures have evolved since. While most of them can only deter the less experienced and determined hackers, SoftICE is no longer a tool of choice for someone new to analysing software.

Modern software anti-analysis methods are based on more sophisticated packers/protectors, e.g. Themida, Armadillo or ASProtect which pack the program code and tamper with entry point addresses so it is hard to find the program's original entry point ([[Entry point|OEP]]). That is also true for the program's [[Import Address Table|import address table]] (IAT). However, tools for hiding SoftICE are also available, such as IceStealth and IceExt for Windows NT, or Icedump and IcePatch for [[Windows 9x]].<ref>{{cite web|url=http://www.woodmann.com/collaborative/tools/index.php/Category:SoftICE_Extensions|title=Category:SoftICE Extensions - Collaborative RCE Tool Library|publisher=Woodmann.com|access-date=2014-04-24|archive-date=2014-07-31|archive-url=https://web.archive.org/web/20140731033213/http://www.woodmann.com/collaborative/tools/index.php/Category:SoftICE_Extensions|url-status=live}}</ref>