Results 1 to 8 of 8

Thread: Debuggers, user experience

  1. #1

    Debuggers, user experience

    Hi everybody.

    I have one question, that one is not related to "Where i can..." or "How to use...", i want hear what are the experience of the reversers here with some tools.Some that i couldn't find much information about who are really using it.

    No, im not refering to well known tools like: IDA Pro, Ollydbg or immunity dbg.

    So here the question ...

    Template for the question ...
    Who have been using the <stuff>, what is your experience with it, what you have done, your opinion about it?

    The ERESI

    The EDB ...

    The radare ...

    The rock debugger ...

    The Rasta ring 0 debugger ...

    Other questions

    Why so many isolated projects?

    Nobody likes to work together in this world? ^^

    Thanks for make such community that i can find here in the woodmann forum :]
    Last edited by cli.iface; July 1st, 2009 at 16:33.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    I have used EDB, and while it's not nearly as full-featured/polished as OllyDbg, it's still very usable. I had little trouble compiling it, and after that I could use it straight away (interface is almost identical to Olly). I don't think there's a better GUI ring3 debugger to find for Linux.

    I successfully used it to do some exploit development/testing in a Linux application

  3. #3
    Good to hear about EDB, thanks for you reply.

    I would like to know your experience developing plugins, does it is easy like we do in ollydbg?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    I haven't written plugins for Olly nor EDB, sorry.

  5. #5
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Ring -1
    Blog Entries
    The main developer of EDB (proxy), is a member here, so I just asked him to come around to answer your questions. Hopefully he's not on vacation at the moment, otherwise I guess you'll just have to wait a little...
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  6. #6
    Yup, I'm around and more than happy to answer an questions you guys may have :-).

    @arc_: I'm glad that you found EDB useful, I hope to continue to improve it so that one day is is *better* than OllyDbg ;-).

    @cli.iface: developing plugins is a faily painless experience, the API has changed a little throughout the versions (since it is pre-1.0, I've toyed with a few different techniques).

    Here is an example of a stubbed out plugin, it is all done using c++ and is dependant on Qt (as the rest of EDB is). There is also a little magic you'll need in the build files, nothing crazy, you can likely just mimic one of the simpler example (DumpState is about as simple as it gets).

    class MyPlugin : public QObject, public DebuggerPluginInterface {
    	Q_CLASSINFO("author", "Evan Teran")
    	Q_CLASSINFO("url", "")
    	virtual ~MyPlugin();
            // returns a menu to get added to the plugins menu 
            // (may return NULL if non is desired)
    	virtual QMenu *menu(QWidget *parent = 0);
    	// optional, overload these to have there contents added to a 
            // view's context menu. The return is a list of QAction objects 
            // which represent menu items
    	virtual QList<QAction *> cpuViewContextMenu()		{ return QList<QAction *>(); }
    	virtual QList<QAction *> registerViewContextMenu()	{ return QList<QAction *>(); }
    	virtual QList<QAction *> stackViewContextMenu()		{ return QList<QAction *>(); }
    	virtual QList<QAction *> dataViewContextMenu()		{ return QList<QAction *>(); }
    	// optional init, overload this to have EDB run it after 
            // loading the plugin
    	virtual void privateInit() {}
    You will almost certainly want to add a "slot" to this example which is connected to one of the menu items (the only reason not to is if your plugin is "passive" and simply responds to debug events).

    Finally, in the .cpp file, you will almost certainly want to include "Debugger.h" (found in debugger/include). This is because that header exposes the primary plugin API in the edb namespace. Currently all functions and objects are in the edb::v1 namespace, one 1.0 is out, that will never change again and any new functionality will be found in edb::v2 (and so on).

    I've tried my best to provide a function for just about anything a plugin might need. Certainly if there is something that a new plugin will want to hook or do, I'll add a function to that (so we can avoid the binary patching that many OllyDbg plugins do).

    If anyone here does make a plugin, please if possible send me the code and if I like it, it'll get added to the official tree.

    Eventually all of this will be extensively documented. But for now my primary focus is the code :-D.

    PS: Eventually, I'll also have tracing and "Run Until <condition>" functionality setup. Once this is done, I'll probably start to expose a Python scripting API as well since this has proven to be a very powerful tool in other debuggers. This is likely a post-1.0 feature, but just wanted to let you guys know it is in the plans...

    Hope this helps,

  7. #7
    Thanks so much for the reply: @dELTA and @proxy

    I'm talking with the masters, omg !

    @proxy: From what you have said and from the experience of some edb users, i think im gonna be a edb user :]

    You wrote a good thing to remember " we can avoid the binary patching that many ollydbg plugins do", i heard and i saw a lot of things such that when we came with the word "ollydbg".

    BTW, im not a KDE user(qt library), for a long time im gnome(gtk) hehe, but for me its not a problem, seems that i'll enjoy testing a new environment while i become using the edb.

    Thanks again, and sure proxy, "so that one day its better than ollydbg", if you keep going i think you will sure be in the scene.

    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    @cli.iface: keep in mind that there is no need to install KDE at all. Just Qt >= 4.2 and boost >= 1.35. As long as those are installed, it should work just fine with any desktop environment.

Similar Threads

  1. newbie with 6502-experience
    By Re-bounder in forum The Newbie Forum
    Replies: 3
    Last Post: April 4th, 2006, 09:00
  2. Replies: 3
    Last Post: November 27th, 2004, 19:48
  3. Replies: 2
    Last Post: January 28th, 2003, 14:54
  4. Realbasic programs any experience here ???
    By YuGung in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: January 6th, 2001, 05:04
  5. Anyone have any experience with this, know of a tutorial on it?
    By Mcooly in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: December 13th, 2000, 22:07


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts