Page 1 of 4 1234 LastLast
Results 1 to 15 of 58

Thread: EDB Linux Debugger 0.9.0 Release :)

  1. #1

    EDB Linux Debugger 0.9.0 Release :)

    0.9.0 released, change log is very long, and this is the first version to support x86-64! Now that the big move to supporting both x86 and x86-64 (compile time decision) is done. I hope to get back into a faster release cycle.

    Hope you all enjoy!:


    * Fixed a bug in the hardware breakpoint manager plugin which didn't allow
    disabling of the last breakpoint.

    * Extended the maximum size that OpcodeSearcher will consider from 4 bytes to
    8 bytes, which yields some more options.

    * Finished changing OpcodeSearcher plugin to use edisassm, it should be a lot more
    robust now. Forutnately, edisassm is pretty fast, so the performance impact isn't too

    * Most dialogs use QT 4.2.x's QDialogButtonBox's now which should give a better
    look on non-KDE platforms.


    * Fixed a bug in DebuggerCore involving hardware debug registers in 64-bit mode.
    this fix allows hardware breakpoints to work in 64-bit builds.

    * Changed OpcodeSearcher plugin to use edisassm when searching instead of hard
    coded values. This allows the code to be more easily ported to new archs such
    as x86-64.


    * Fixed minor bug with selections in QHexWidgets when selecting outside of the
    viewable range. There was an underflow, which was cast to an unsigned type
    causing some upward selections to select from start to the end of the range.

    * More improvements in 64-bit support. The ArchProcessor for x86-64 is now
    aware of the amd64 C calling convention and will now properly predict function
    arguments for when symbols are available.


    * Hardware breakpoints are much more complete, supporting Write, Read/Write,
    and Execute types of 1, 2, and 4 bytes sizes.


    * edisassm 1.5.2 released, mostely making the code more standards compliant to
    ensure that the code will compile on newer versions of g++.
    tested with 4.2.3 on Ubuntu.


    * edisassm 1.5.1 released with some minor bug fixes

    * Corrected some bugs in edb under x86-64 involving the analysis engine.


    * edisassm 1.5.0 released with EMT64 support! A lot of time was put into
    verifying the instruction tables to ensure that disassembly woudl be accurate.

    * A couple of minor bug fixes were done in EDB.

    * Added patches to clean up build on ubuntu systems.


    * Added LOTs of SSE4 ops to edissasm, updated a bunch of the tables.


    * edisassm now can handle RIP relative addressing mode. I also fixed some decode
    ordering issues that were introduced when 64-bit mode was being added. The
    only piece left is the tweaking of the instruction tables to match what was
    added/removed/changed for 64-bit mode!


    * edisassm now can disassemble 64-bit code partially correct. It does not yet
    support RIP relative modes and does not take into account changes in the
    opcode map (new and removed opcodes). Soon edb will have full 64-bit support!


    * Made a large effort to port edisassm to 64-bit The most visible change
    is that is makes much larger use of templates. Instruction and Operand now
    take a template param (32 and 64 are valid). which can be used like this:
    Instruction<32> insn(buf, size); or you can use edb::Instruction which will be
    be typedefed to the appropriate type based on your build environment. Because
    of the massive ammount of templating needed to implement this, it is possible
    that older compilers will have trouble with it. I will test which compilers
    are expected to work.


    * Renamed REG_NONE to REG_NULL to avoid a conflict with windows headers.

    * Got edisassm compile on win32 for the first time


    * Improved some of the function finder code, I am planning on moving this to a
    more central analysis system.


    * Fixed some incorrect bit setting in HW breakpoint code.


    * Improved the HW breakpoint code. It will now show the enabled state based on
    what the application is actually in. So if you do something like reset the
    application, then the HW breakpoints will show as disabled (because they are).

    * Some general code optimizations.


    * First code for hardware breakpoints is in, edb can now set a hardware bp
    and resume from it, next is setting the proper type of bp (read/write/execute)
    as needed and also making the dialog show correctly even when application
    has been terminated or restarted.


    * Simplified some signal code in QHexView and Bookmarks plugin.

    * Started some very preliminary work on the hardware breakpoint plugin. So far
    I have the GUI planned out for it. It will likely require that the plugin
    hook the debug event system in order to enable resuming after hitting the BP.
    This is ok though since there is an infrastructure in place for that .


    * Improved handling of breakpoints which aren't caused by int3 bytes placed by
    edb. for example: "int 3" (which encodes as 0xcd 0x03) is now handeled more

    * Preliminary code for hardware breakpoints is in place, the DebuggerCore is now
    able to get/set the debug registers on intel. The only real hurdle left is
    continuing after it is hit. This will need a similar system to software


    * Made some changes to help with portability.

    * Made edisassm use std::ifstream instead of mmap.


    * Simplified the expression code a bit by factoring down common code a bit. This
    results in a slightly larger binary, but smaller source (due to small function
    inlining). I think this is fine since the code is more managable.

    * Fixed expressions handling of the XOR operator "^". It was not properly

    * Moved the known function table to a plugin. It isn't super efficient quite yet
    but works well.


    * Made the columns in the disassembly view movable when mouse is 2 or less
    pixels away from from the line, not just exact match. This should make it an
    easier target.


    * Made DebuggerCore::readPages account for breakpoints in its results.

    * Fixed a bug where reads/writes could return success when they couldn't read
    this resulted. Fortunately this really didn't effect the result of any


    * applied patch from to plugins.pri to help avoid build errors
    on certain configuration.


    * updates QT dependancy to be for version 4.2 or greater. There are a few
    features of QT that I have held off from using or have worked around in the
    past. The next version (0.9.0) will no longer compile on versions lower than


    * Fixed more bugs in edisassm, it was some SSE opcodes where Intel docs claimed
    both operands have be Mod/RM, in which case I have no idea what the proper
    thing to do is. So, it is now in sync with what says, which
    matches other disassemblers output. I have also added a regression test for

    * You can now see symbols in the disassembler view if you move the left most
    line right. By default it will look as usual. But in a very similar way to
    ollydbg, you can now see known symbols next to addresses.

    * Improved function finder plugin. It will now give "bonus points" to functions
    which have known symbols.


    * Fixed a harmless crash when EDB failed to load the debugger core plugin. This
    was introduced in the last release .


    * For builds on QT >= 4.3, you can now give a tab a label but right clicking
    on it.

    * Made the QHexView and QDisassembly widgets use the system palette colors.
    This will make it so EDB will match the prefered colour scheme of the user.



  2. #2
    Master Of Nebulah Frost Polaris's Avatar
    Join Date
    Jun 2002
    Invincible Cyclones Of FrostWinds
    Stand In The Fog With So Cold A Heart... Watching The Death Of The Sun...

  3. #3
    Thanks to whomever updated the CRCETL entry also.


  4. #4

  5. #5
    I 'll try to debug some elf.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    0.9.1 released, code analysis was the focus of this release (along with fixing a crashable bug )

    Hope you all enjoy!:


    * Made analysis slightly faster by factoring out some no longer needed code.

    * Simplified some code in the QDisassembler widget. Instead of passing an
    instruction, its buffer and its size, you can now just pass the instruction
    since it has references to the buffer and its size anyway.

    * Made the analyzer aware of using zeros as padding between functions. This will
    make the display more correct if displaying analyzed code.


    * Added "Follow Immediate in Dump" and "Follow Immediate in Stack" CPU context
    menus. They act similarly to the generic "Follow" CPU context menu.

    * Improved analysis speed.

    * Improved analysis quality, a few more types of common optimizations are


    * Added a "Follow" item to the CPU context menu. Basically, if you right click
    on either a JMP or CALL which has an operand which can be evaluated, then
    there will be a "Follow" menu item that will scroll the CPU view to that


    * Removed some code which was implemented to work around QT 4.0.x bugs since
    4.2 is now a base requirement.

    * Added some atomic-ness for pointer manipulations.

    * Renamed some settings in configuration file to make them more consistent with
    new convention.

    * Fixed a integer underflow crash involving trying to select an address beyond
    the end of a region. Which was causing a negative size to be passed to the
    "edb::v1::getInstructionBytes" function. Q_ASSERTS were added to catch this
    in the future if a similar bug is present elsewhere.

    * Fixed a minor bug where tooltips would show data outside of the current
    region if there is an adjacent region sometimes.

    * Now attaching to a new process or opening a new program to debug will
    invalidate any analysis that has been done. Eventually, the analysis will be
    stored in session files so that it can be reused. But not yet .


    * more minor improvements to the analysis engine.

    * Fixed a corner case in the disassembler where it would misformat things like
    "and eax, 0xffff" as "and eax, -1" due to a mis-optimization.


    * Improved the analysis engine to be slightly more accurate.

    * Added graphical indication of function bounds based on analysis results.

    * You can now scroll the QHexView widgets by individual bytes by pressing up
    or down while holding the control key.


    * Centralized analysis engine and provided it with a plugin. The FunctionFinder
    plugin is now just an interface towards it. Ctrl+A will analyze the current
    region (though nothing is done with the results yet). I am hoping to have
    function framing and scrolling by instructions.

    * Added a "set EIP to selected instruction" to CPU context menu.

    * Improved hueristic for analyzer. It will now more accurately identify certain
    types of functions.



  7. #7
    nice tool, btw i saw ur website and i thought...

    proxy + pancake ( ) = no good?

    and... wow, making an OS, RPG Engine, a Debugger, libraries...

    L.Spiro 2

    rly nice, keep going
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    yea, me and pancake have had some discussions. We both agree that there is probably some really cool stuff that we could do together. But it has yet to materialize. (We do have somewhat different development preferences, which may slow things down).

    But I do think that I'd like to have some of his input on certain things since he has done such wonderful work with radare.

    And yea, I tend to keep myself busy with projects .

    Finally, just a heads up, but there will be a bug fix release very soon. One of my latest optimizations revealed an error in some code which can possibly lead to a read based segfault . Even worse, I noticed that the last two releases don't save all settings to the config file (some, but not all), fortunately the defaults are quite useable. I believe I have it all ironed out.

    Of course there will be some new features as well .


  9. #9
    Thanks proxy for keeping our readers updated and for working on these projects where there is an insufficient supply of available solutions and RCE tools. We appreciate the effort and the contributions.


  10. #10
    0.9.2 released, this is primarily a bug fix release:


    * Since the config file was partially broken, I am taking this opportunity to
    finish reworking the naming convention for settings. Some settings will
    unfortunately be lost. But odds are they were being dropped anyway .

    * WOW, I just noticed that for a long time (2-3 versions) options were not being
    actually saved. Fixed.

    * Seems that my QDisassemblyView optimization revealed an off by one error in
    the DebuggerCore which unfortunately was also crashable . But I believe
    that the logic is correct now. I've added a few more asserts to help avoid
    this type of bug in the future.



  11. #11
    One more bug fix release and I think all is well


    * Ouch, another bug fix. At least this time it was a failed assert. Basically
    During my last fix, I forgot that reads can and will fail if done while the
    debugee is running. I have added code to special case this and handle it more
    correctly. (Which is of course how it used to act in the first place).


    * made plugins.pri smarter with library location. For 64-bit builds it will
    default to $prefix/lib64/edb/



  12. #12
    This time it's a two version bump to 0.9.4 since I was notified of some x86-64 compilation issues in the last version. Plus I've added a few things.


    * Sped up analysis by avoiding redundant function analysis. It still isn't
    blazing fast, but is significantly better.

    * Fixed a few previously missed 64-bit portability issues.
    (toULong -> toULongLong). They were minor, but all of this type should be

    * Added a symbol viewer plugin. Double click to see a symbol's value in the
    the current data view. Eventually, I'll add a context menu to make it
    so you can view it in the code view too depending on the type.


    * Continued to make improvements to analyzer. It is more accurate, but also
    slower at the moment. I will look into good ways to speed it up.


    * Fixed some compilation issues on x86-64. Thanks to Stephan Hegel for working
    with me to make sure that x86-64 users have a functioning EDB.

    * Reworked analysis to have a higher initial favoritism towards findings
    functions by recursivly tracing known functions
    (symbols/main/entry point, etc). This will make the analysis more accurate
    though it does have the side effect of making "percentage complete" at lot
    less meaningful since while it will always stop, the number of iterations
    during analysis is indefinite.


    * Seems that <QtGlobal> needed to be included in QDisassemblyView.cpp for x86-64
    targets. Simple fix, but it broke compilation for some platforms so I'm going
    to make a release for it.



  13. #13
    I install QT4.4.1,but when I install EDB,it show QString is not exist,as to Qglobal,Qmap,QList in SymbolManager.h,why?
    I install them in RedHat AS3.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  14. #14
    Sounds like you have qt4 but not qt4-devel installed. This basically means that you have all the .so file necessary to run qt4 applications, but not the headers needed to compile them.

    This should fix the problem.


  15. #15
    Thanks for your answer.
    I want to ask which linux platform such as redhat or other suit for this good tool with QT4 opensource X11.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. EDB Linux Debugger 0.8.0 Release :)
    By proxy in forum Linux RCE
    Replies: 94
    Last Post: June 24th, 2008, 13:46
  2. Immunity Debugger v1.1 Release
    By OpenRCE_nicowow in forum Blogs Forum
    Replies: 0
    Last Post: November 24th, 2007, 18:50
  3. Syser Debugger 1.8 Release
    By wuyanfeng in forum Tools of Our Trade (TOT) Messageboard
    Replies: 11
    Last Post: July 6th, 2007, 17:06
  4. Syser Debugger 1.4 Release
    By wuyanfeng in forum Tools of Our Trade (TOT) Messageboard
    Replies: 9
    Last Post: May 24th, 2006, 20:19
  5. New Syser Debugger 1.3 Release
    By wuyanfeng in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: March 12th, 2006, 05:30


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts