

                            WELCOME TO ICEPATCH v2


   intro.

      with the ever increasing number of programs that employ some form of
      winice detection it is our hope to provide you with at least a basic
      protection against these methods. do not expect too much from this
      little tool as there are really countless ways of both detecting and
      crashing winice...


   usage.

      well, the GUI should be intuitive (you did use v1, didn't you? ;-),
      so let's concentrate on the finer details instead. ICEPATCH lets you
      change the following magic values and names:

         1. INT3/FGJM (backdoor interface from the good old DOS age)

            this interface is used by dldr and wldr to communicate various
            commands to winice.


         2. INT3/BCHK (backdoor interface for BoundsChecker)

            this interface is used by BoundsChecker to communicate various
            comamnds winice.

            if you have BoundsChecker then you will have to patch it
            manually...


         3. INT68/4300/F386 (system debugger installation check)

            the INT68 interface is used by the VMM to communicate with a
            system debugger which winice pretends to be (in real mode).

            note that this method is not winice specific, it detects any
            system debugger.

            programs that wish to communicate with a system debugger will
            fail when you change this magic number.


         4. INT41/004F/F386 (system debugger installation check)

            the INT41 interface is used by the VMM to communicate with a
            system debugger which winice pretends to be (in protected mode).

            note that this method is not winice specific, it detects any
            system debugger.

            programs that wish to communicate with a system debugger will
            fail when you change this magic number.


         5. 0202,7A5F (VxD device IDs for winice and siwvid)

            both winice and siwvid appear as VxDs to the VMM. and since
            both of them export VxD services they have unique IDs.

            valid device IDs are in the range 0x0200-0x7FFF, to avoid
            collisions consult Ralf Brown's INTLIST.


         6. SICE,SIWVID,SIWDEBUG,WINICE (VxD and module names)

            VxDs are supposed to have device names, so are our friends as
            well. winice also adds a new VxD to the system which exports
            Win32 services (SIWDEBUG).

            due to the way these names are stored/used in the files you have
            to preserve their lengths. well, one day we may do a better job
            and fix this little problem, but right now none of us has the time
            for it... if you do then feel free to contribute to the project.


      ICEPATCH creates backups of all files that it will modify right on the
      first use (where you are supposed specify your winice directory - we
      do not get it from the registry for various reasons). files patched are
      as follows:

            winice.exe
            siwvid.386
            nmtrans.dll
            dldr.exe
            wldr.exe
            dlog.exe
            krnl386.exe
            vmm32.vxd

      please make sure that the files have not been modified yet (icedump is
      ok though ;-).

      note that the INT41/004F/F386 patch involves patching krnl386.exe and
      since it is locked while windows is running you will have to reboot so
      that the patched file could be copied over the original one (you would
      reboot anyway to make the other changes effective). should something go
      wrong with this procedure you will most likely end up with winice.exe
      (the other party involved in the INT41 patch) not synchronized with
      krnl386.exe - in such a case simpy restore ALL files from the backups
      (you did keep them, didn't you ;-), then start windows and try again
      or send us a bugreport to: magic_mike_@gmx.net.


   greets.

      #cracking, #cracking4newbies, #ukc, #win32asm, and all friends we forgot

      special thanks to Lordbyte for the previous version


   magic mike greets.

      all evc members (xtra thx to risc & incredible fighter), lazarus,
      defiler, uschall, aristoteles, sn00pee (we won't forget you)


   regards.

      Magic Mike and The Owl

      1999.12.24 - Merry Christmas