SoftICE brings back memories... although now that you're using Bochs, you can just use Bochs' internal debugger to do the same thing. Heck you can connect the Bochs debugger to IDA Pro: https://hex-rays.com/products/ida/support/idadoc/1329.shtml.
I've used the Bochs debugger many times to debug DOS apps and to even do things like create an unencrypted forensic image of a full-disk encrypted drive (obviously assuming you have the encryption key, no magic there).
Bochs is an unknown beast. The IPC clock might be not so precise to adjust, but it can emulate highend i7's. Slowly, yes, but you will fake every instruction to the guest. And, you know, you can RE hard stuff like malware in no time.
Using Bochs to step through aggressive obfuscating packers was one of the important ingredients to the malware analysis infrastructure I built 2005-2011 in my first company.
Bonus points for stepping the same malware in Bochs and Qemu simultaneously to identify trace divergence; detection then needs to detect both in one stroke.
Here is my approach to reverse-engineer a DOS game: Starflight [1]. Actually, all the tools failed to disassemble the code and I had to write all tools myself.
What I find most fascinating is that reverse engineering these kind of games is very satisfying and even more fun than playing them.
Same here! `:bpx MessageBoxA`, step out, nop nop nop, done.
Great memories. Being able to step through each instruction on my CPU and seeing the memory update was like a super power and really helped understand things at a deeper level.
Me too. I seem to remember we even had a NMI pushbutton with tiny contact pads the width of a ISA bus contact. You could force the kernel debugger to pop up when otherwise all hope was lost.
I did a horribly ugly thing and soldered wires to the NMI and ground pins at the CPU, and ran them out to a switch, and used that with Turbo Debugger running on the second (MDA) monitor. Worked a treat.
Oh SoftICE. That was a truly excellent tool that was incredibly useful when doing low level stuff. I used it a lot for device driver development on DOS.
Yes it was, I had it hooked up to my target machine with a serial cable -- developing display drivers for Windows and OS/2. The only thing SoftICE couldn't do was debug the video card itself!
https://hyperdbg.org and m1n1 (Apple Silicon) spring to mind as modern supervisor/hypervisor debuggers.
There's nothing modern I'm aware of that lets you press a key combination to get into a hypervisor debug UI like softICE was known for, though. It's all shifted to host-and-target debugging. You'd use a "normal" debugger on one machine (lldb/gdb, WinDbg, IDA, etc.) and either supervised host-to-target connection (network-to-kernel/hypervisor on x86, OCD like JTAG/SWD/CoreSight on embedded) or emulation (for pretty much everything but device driver development).
There are modern debuggers around, it depends on what you're trying to do.
For example, x64dbg is a Windows program that can debug x86 and x64 Windows programs without any source code or debug symbols.
WinDbg lets you debug the Windows kernel even on a remote machine. If you use an emulator like VirtualBox, the remote machine can even be on the same physical computer. Useful if you're developing drivers.
I've used the Bochs debugger many times to debug DOS apps and to even do things like create an unencrypted forensic image of a full-disk encrypted drive (obviously assuming you have the encryption key, no magic there).