Page 3 of 4 FirstFirst 1234 LastLast
Results 31 to 45 of 58

Thread: EDB Linux Debugger 0.9.0 Release :)

  1. #31
    yea, that's the problem. I've recently done some adjustments to make it compile in some other compilers, but i still think gcc 3.x isn't quite up to snuff. I would recommend gcc 4.x, probably the newer the better.

  2. #32
    I met with some trouble when compile gcc 4.3.2, for some other packages needed missed. Have to delay the test, I'll give update next week then, thank you.


  3. #33
    Dear proxy,

    By the way, would you kindly share an older version EDB that can be compiled by gcc3.4.x to let me use the tool first? The regular download page of don't work these days.

    Thank you,

  4. #34
    All old releases are available at just not directly linked from any pages.

    I can't make any guarantees about any version compiling with gcc 3.x as it is a very a old version of the compiler compiler with relatively poor standars compliance.

    Also, please note that I only "officially" support the latest release since many issues have been resolved over time.

  5. #35
    HI Proxy,

    Understand, thanks a lot for your warm help!


  6. #36
    Hi Proxy,

    After taking long time, I have installed gcc4.1.2 under RHEL3 and compiled 0.9.6 version edb tool succesfully, now the remained thing is to study the usage. May still need your help later.

    Thanks you,

  7. #37
    Another version bump for EDB. I figured that I'd do a release to make sure people knew the project wasn't stalled :-P.


    * Moved the session handler code to be a plugin now. This will allow more
    creative session implementations. For example, the session files could
    be actually in a sqlite3 database, or even a mysql database for collaborative
    commenting. It should be much more flexible.


    * Fixed a bug in the memory region modification code. It would ask if you wanted
    to remove the execute permissions of the last executable region any time
    there was only one left with execute permissions. This was the case even if
    the region you wanted to modify wasn't executable to begin with.

    * Started using boost::bind a lot more to make the code much more concise. Doing
    this will allow me to make a lot of the "search memory" code be run by a
    std::for_each calling a function object. The nice thing about this is that
    it will nicely match the way that Qt's concurrent model. Making for a smooth


    * I've decided to start using boost (particularly smart pointers) wherever
    appropriate. It will help make the code less likely to have bugs. Once Qt 4.5
    is out for long enough, I'll likely switch over to them their smart pointers
    since there is no point in having multiple library dependencies. But I feel
    that boost is such a robust library, it would be silly not to take advantage
    of it.


    * Implemented the "Find ASCII string in stack" feature. Works like a charm.
    To be clear, it is searching for pointers to matching strings on the stack,
    no strings in the stack itself. I *think* this is what people would want.
    Also, it only cares if the the search string is the begining of the string
    on the stack (so if you look for "/bin/" it'll find "/bin/ls"). This is
    because there could be any amount of data (or characters) after the string
    on the stack.

    * Added the ability for plugins to add items to the various context menus. This
    should allow much more useful plugins in the future. Starting with the
    recently requested "Find ASCII string in stack" feature.


    * Reorganized much of the DebuggerCore code into seperate platform specific
    files to make things much easier to maintain.


    * Imported some code provided by Phillip Mayhew which is the begining of a
    OSX port. He provided almost all of the functionality necessary to get the
    DebuggerCore plugin to be functional. Now I'll just have to start testing
    on a Mac soon.


    * Fixed defunct process issue on kill/restart (missing waitpid)

    * simplified a lot of code involving starting and stopping things. I used to
    delete/create objects each time. But simply stopping/starting them is
    sufficient and means that I can do less NULL checks.

    * Simplified the event loop.

    * Replaced all dynamic_cast's with qobject_cast's which don't require rtti.


    * New plugin system is complete and things are working normally again. A few
    internal functions take more parameters but it decouples those parts from the
    rest of the system.

    * Windows port is now able to attach and (usually) step.

    * Improved portability of error handing system.


    * Started to make some large changes to how plugins interact with the core
    application. Not all platforms I'd like to target support having a plugin
    import symbols from the application that is loading it
    (*cough* windows *cough*). So now there is a "PluginAPI" structure which is
    passed to every plugin upon init which it will make a copy of (the interface
    code does this for you and makes it accessible through an m_API variable).

    This new system allows me to have much more strict control over what a plugin
    is allowed to do within EDB which is nice, but it also will require I have a
    "Core Library" that all plugins and EDB will have to link to in order for
    them to share classes which unfortunately means a little bit of binary code
    duplication. Oh well.


    * Added a messagebox warning when the arch EDB was built for doesn't match the
    target process's arch.


    * More changes to support Win32/Win64

    * Fixed a crash when no analyzer plugin is available.

    * Started framework for supporting UTF16 strings in analysis. Currently it's a
    lot of boxes and such, but I beleive it is working generally ok.


    * Made some minor changes to the file

    * Reworked some function definitions to work around a visual studio bug.

    * edisassm *finally* builds with visual studio 2008! Time to start porting edb
    to windows :-)



  8. #38

    did you write edissasm ?
    i love it!

  9. #39
    hi again,

    ive just played around a bit with edisassm and notepad.exe entrypoint. it seems that there are some problems with BYTE and WORD operands.

    1003e06 a23bae01 'mov byte ptr [0x3b], al' (5) != 'mov [0x0100AE3B], al' (2)
    100416d 66a390ae01 'mov word ptr [0xffffae90], ax' (6) != 'mov [0x0100AE90], ax' (4)

    the string after '!=' is from edisassm, instructionsize is in brackets

  10. #40
    Firslty, yes I did write edisassm Glad you like it.

    As far as the bugs you've found. Let's clarify what it is and what it should be..

    are you saying that EDB produces 'mov [0x0100AE3B], al' or 'mov byte ptr [0x3b], al'? Your comments make me think you are saying it produces 'mov [0x0100AE3B], al' however, when I test it with the byte sequence 'A2 3B AE 01'

    edisassm outputs this on the command line:

    10000000: mov byte ptr [0x3b], al
    10000002: scasb

    So I think you mixed up which is from edisassm and which correct. But you've found a bug non-the-less.

    Thank you for letting me know (feel free to email me directly about this stuff as well:

    I'll try to find out where the bug is ASAP and get a fix out for ya.


  11. #41
    You were correct, edisassm had a bug in it's decoding of operands of type Ob and Ow. (Unfortunately the wording in the docs is kinda difficult to interpret it just says this for "O" types.

    direct offset; no mod R/M byte; offset of operand is encoded in instruction; no base register, index register, or scaling factor can be applied.
    which I assumed when combined with the byte/word modifier meant that the expression's contents were a byte or word, but the reality it that the offset is *always* 32-bit and that the byte/word stuff only effects the size of what the expression points too.

    I will post a fix ASAP (likely tomorrow).

    Thanks again!


  12. #42
    thx for the fix

  13. #43
    no problem. Let me know if you find anything else (hopefully there isn't anything else to find...).

    Also if there are any features you would like to see, let me know.

    Recently I've added the ability to compare two "Instruction" objects. It is fairly efficient except for the ones with operands which are expressions. This is because there are many (sometimes like 16) encodings which are equivalent in functionality.

    I'm hoping to make it so you can do "vague" comparisons. like "mov eax, ebx" == "mov REG1, REG2" or "xor eax, eax" == "xor REG1, REG1".

    Finally, I hope to one day write an assembler which matches the exact syntax that edisassm uses.

    There are a few things which are higher priority at the moment, but let me know if there is anything that would really help.


  14. #44
    EDB 0.9.10 is out the door, may improvements and a few bug fixes.


    * Heap analyzer now uses a linear search for the heap structures. This seem to work nicely for both
    x86-64 and x86 arches.


    * Added code to the heap analyzer to have it work with newer versions of glibc.
    I should probably have some sort of search method instead of fixed offsets,
    or better yet, do something reliable :-P.

    * Provided a means for plugins to add tabs to the options dialog. The
    CheckVersion and Analyzer plugins now use this feature.

    * The analyzer now has the option of not using "fuzzy" logic to find functions.
    Without fuzzy logic, it is *much* faster and the results are very high
    quality (since it only searches for functions reachable from known code). But
    will find much less. The default is to use fuzzy logic.


    * Analyzer is *much* faster than it was, and more accurate in finding functions.


    * More work done to the core to help add thread support (not quite there yet).

    * Working on cleaning up the conditional BP stuff, making it more robust.

    * I beleive that I have fixed the restart occasionally failing issue. Turns out
    that you should do a waitpid() after a detach to avoid getting events from the
    previously debugged process.


    * Enabled UTF-16 support in base string searching routines. For now, it only
    will find strings which use the basic ASCII character set. Eventually I'll
    find a good technique for finding non-english language strings as well.

    * I Finally figured out how to safely catch SIGCHLD when using Qt4. This has
    enabled me to implement a version of waitpid which has a timeout! I am hoping
    that this proves to be nice and stable to I can finally phase out the
    "Event Thread." Which is neccessary since ptrace really doesn't play nicely
    when different threads are used.


    * Once again revised the plugin API. Now that the win32 build produces an
    edb.lib file, the original style is more appropriate. So once again, plugins
    can directly access the exported API. However, only the classes and functions
    which are part of the stable API will be exported since EDB is now compiled
    with -fvisibility=hidden.

    * Cleaned up a lot of code now that the plugin system is simpler.

    * Internal managment of breakpoints is now simpler. Now I use shared pointers
    to BP objects which use RAII techniques. This has made the code which manages
    breakpoints MUCH cleaner .

    * Fixed a crash when removing breakpoints via the breakpoint manager plugin.


    * Fixed the currently line being outside of the disassembly view in certain


    * Added display of symbols in the code view.

    * Added the basis for future colorization in the disassembly.

    * Improved the way uppercase disassembly is handled. Most visibly, hex strings
    are displayed like "0xDEADBEEF" instead of "0XDEADBEEF" making this much more
    readable in uppercase mode.


    * Fixed crash during initial config if it couldn't find the DebuggerCore plugin.


    * Added the undocumented SAL opcode to edisassm.


    * Fixed a bug in edisassm's disassembly of operands of type Ob and Ow.



  15. #45
    This just keeps getting better and better. Waiting for the next release.

Similar Threads

  1. EDB Linux Debugger 0.8.0 Release :)
    By proxy in forum Linux RCE
    Replies: 94
    Last Post: June 24th, 2008, 13:46
  2. Immunity Debugger v1.1 Release
    By OpenRCE_nicowow in forum Blogs Forum
    Replies: 0
    Last Post: November 24th, 2007, 18:50
  3. Syser Debugger 1.8 Release
    By wuyanfeng in forum Tools of Our Trade (TOT) Messageboard
    Replies: 11
    Last Post: July 6th, 2007, 17:06
  4. Syser Debugger 1.4 Release
    By wuyanfeng in forum Tools of Our Trade (TOT) Messageboard
    Replies: 9
    Last Post: May 24th, 2006, 20:19
  5. New Syser Debugger 1.3 Release
    By wuyanfeng in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: March 12th, 2006, 05:30


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts