** SKIP TO THE BOTTOM FOR INSTALLATION INSTRUCTIONS **


Herein lyes the Crude Ice debugger for w2k/xp version 1.09.  It is a
user/kernel mode debugger with support of:

BPM/BPR/BPX/BPINT/G/P/T/E/R/D/S, etc commands, conditional breakpoints, 
c expression lang, module export symbol support, resizeable windows. 

**General notes**:  

For the most part Crude Ice is stable and you can trace any thread with it
in any mode except for v86 mode... 

**Changed in 1.09a**
A bug which caused Tbird XP's on new motherboards to not display crudeice upon 
ctrl-d has been fixed.  Thanks go out to decoded for finding and helping me debug this.

**Changes in 1.09**:

Added system module listing (MOD command)
Added flash supression during tracing it can be disabled with the FLASH command.
Added detection of references of UNICODE_STRING
Fixed minor bug with register change highlighting

**Changes in 1.08**:

Crude Ice will now evaluate the memory operand of the next instruction prior to executing it.  
The result of this is displayed on the last line of the register dump window.  Crude 
Ice also will try to detect if the evaluated operand points to a string a string and if so the 
string will be dumped in the last line of the register dump window.  Both ansi and unicode 
strings are supported which contain only characters from the ascii character set.  

**Changes in 1.07**:

Major bug fixed!
As of version 1.07 Crude Ice works on systems with APIC interrupt handling mode
enabled.  This major bug caused Crude Ice to fail on many new systems.  If 
you tested before and nothing happened when you hit ctrl-d this very well
might have been the problem.

Now the disassembler window keeps its top address the same between traces.  Also, the 
R and E commands now support visual editing of the registers and virtual memory.  Register 
changes between traces are now highlighted.

**Video driver notes**:

The Crude Ice video driver is known to work on most video cards in at
least one video mode.   If you have display trouble try another
resolution/color depth.  Some video cards such as voodoo3 and most ATIs
will not work with it in any mode.  Sorry.  It has been discovered 
upgrading your ATI drivers may fix the incompatability problem.

**Keyboard Driver Notes**:

Crude Ice only works with keyboards pluged into AT compatible keyboard
port.  There is a minor bug with the current driver.  If you press CTRL-D
to open Crude Ice then exit with the X command the windows keyboard driver
will think that the CTRL key is held down.  Solution:  If the 
CTRL key appears to be stuck down hit CTRL and release it.  This will
re-sync the windows driver.  If your computer uses APIC mode and you hold down a hotkey 
you might encounter a deadlock.  I am working on fixing this issue.  In the meantime dont 
hold down keys when tracing or turn off APIC mode in your bios and reinstall windows ;)


**Window sizing notes**:

As of version 1.06 window sizes are dynamic.  Instead of being 27 lines
as was the default the debugger window will now take up the whole screen.
You can set which windows you want showing and the sizes of those windows 
with the WINSIZE command.

Syntax to the WINSIZE command is as follows:

  --List all windows
WINSIZE

  --Change the size of window 1 to 10 lines
WINSIZE 1 10


**Quic syntax instructions**:

Some commands such as S,EB,EW,ED, HOTKEY, MEMDUMP,ASMDUMP, ETC require
a string as an argument.  This string is surrounded by single quotes.
Examples:

MEMDUMP <target address> <dump length> 'c:\memdump.txt'
S <target address> <length to search> 'target string',A,D,0
S <target address> <length to search> 90,90,90
EB <target address> 90,90,90

Non-string arguments can be subsituted with a register name, an
expression, or an export symbol.
Examples:

ASMDUMP eip 1000 'c:\disassembly.txt'
S eax+1000 1000 'target string'
EB *esp 'new value'
BPM SendMessageW X global
BPX MessageBoxA X
BPR MessageBoxA+100 10000

Breakpoints can be followed by an optional conditional expression.
Examples:

BPMD eax RW IF EDI==0
BPR 400000 1000 RW IF *(ESP+8)==DEADBEEF


**Softice compatability**:

Crude Ice for the most part does not have problems running concurrently
with softice except in a few situtations:

1) If you enable I3HERE while softice is loaded too the system will 
quickly crash.  There isnt much i can do to fix this...

2> If you load CrudeIce after softice it will override ctrl-d and 
be activated upon pressing it.  However, you can still spawn SoftIce
via a hotkey.  To do so press CTRL-D to bring up crudeice then press
CTRL-D to close it and without releaseing CTRL press D again.  Softice
will appear.


**Coming soon**:

Debug symbols, more commands, more bug fixes, cosmetic
improvements and maybe new video driver...


INSTALLATION INSTRUCTIONS:  

1. Unzip yourdrivername.sys to <windows_dir>\system32\drivers
2. Unzip osrloaderv22.zip and sync.zip to a directory
3. run sync.exe, then run osrloader, then click "Register Service" in osrloader, then click "Start Service", then run sync.exe again, then hit ctrl-d and it should popup like softice. 


Note on installation:
Sync.exe flushes hard disk writebehind cache.
osrloader loads the Crude Ice (yourdrivername.sys) module into memory.



You can contact me with comments/bug reports on efnet in
#win32asm I will be using the nickname wkr4k4r or a derivative of it.  Or
you can e-mail me at wkr4k4r@mail.com


