Page 3 of 7 FirstFirst 1234567 LastLast
Results 31 to 45 of 95

Thread: EDB Linux Debugger 0.8.0 Release :)

  1. #31
    also, you may want to look into possibly updating you libraries because I get very different output from valgrind with full memory leak checking.

    ==26507== IN SUMMARY: 36 errors from 3 contexts (suppressed: 7 from 1)
    ==26507== malloc/free: in use at exit: 308,231 bytes in 3,824 blocks.
    ==26507== malloc/free: 164,138 allocs, 160,314 frees, 10,879,333 bytes allocated.
    ==26507== searching for pointers to 3,824 not-freed blocks.
    ==26507== checked 907,240 bytes.
    ==26507== 20 bytes in 1 blocks are definitely lost in loss record 30 of 116
    ==26507==    at 0x40245D8: malloc (in /usr/lib/valgrind/x86-linux/
    ==26507==    by 0x4ACDF8A: strdup (in /lib/
    ==26507== 156 (36 direct, 120 indirect) bytes in 1 blocks are definitely lost in loss record 71 of 116
    ==26507==    at 0x40245D8: malloc (in /usr/lib/valgrind/x86-linux/
    ==26507==    by 0x4B43F54: (within /lib/
    ==26507== 216 bytes in 1 blocks are definitely lost in loss record 77 of 116
    ==26507==    at 0x40245D8: malloc (in /usr/lib/valgrind/x86-linux/
    ==26507==    by 0x46D5379: _XimOpenIM (in /usr/lib/
    ==26507== 2,038 bytes in 2 blocks are definitely lost in loss record 101 of 116
    ==26507==    at 0x40245D8: malloc (in /usr/lib/valgrind/x86-linux/
    ==26507==    by 0x45C7BBA: (within /usr/lib/
    ==26507== LEAK SUMMARY:
    ==26507==    definitely lost: 2,310 bytes in 5 blocks.
    ==26507==    indirectly lost: 120 bytes in 10 blocks.
    ==26507==      possibly lost: 0 bytes in 0 blocks.
    ==26507==    still reachable: 305,801 bytes in 3,809 blocks.
    ==26507==         suppressed: 0 bytes in 0 blocks.
    it doesn't seem from this output with my version of things, there are no leaks which can be traced back to a QT/Debugger object.

    QT version 4.1.4, glibc version 2.4, gcc version 4.1.1


  2. #32
    0.8.12 released, adding a few fixes, a few speedups, and a few new features



    * Added ability to change the working directory opened applications run in.


    * Improved about dialog box :-P


    * Added ability to dump the contents of a data view tab to a file.


    * Added recent file list to File menu.


    * Cleared internal state tracking on detach, nothing major.


    * Added new stylized register view window, still working out the programmers API
    for it, but at least it looks nice



  3. #33
    0.8.13 released, adding a few fixes and a few new features



    * Fixed compile issue for some versions of QT4.

    * Added getting of working directory and arguments from attached processes
    this makes restarting work much better (which is now enabled).


    * Internally,a lot of i386 specific code was moved to a new class
    "i386ArchProcessor", which will eventually be a plugin (one for each arch).
    It is still a work in progress, but is a start.

    * Removed quit role property from exit menu as this prevented
    compiles on QT < 4.2.0


    * started work on restart code, seems to work ok


  4. #34
    Teach,Flame,Enl*ten me :) lcx2005's Avatar
    Join Date
    Jun 2006
    Linux RCE -tools heh good work guys and thanks for this, because of you ,I'm happy to be here , and thank you for woodmann, jmi etc for bring back this forum again, you know after along Error Page, I really happy to see a gain. there's a new monster (Vista) out there in our hunting ground , lets refine our weapon(knowlege) also. good hunt
    ~ Destination is there,but a little step to reach ~

  5. #35
    this is a very nice project!

    i did not try it yet, just looked at the code etc, VERY NICE! decent code, really! when i will move to QT4 i probably would want to use your qhexview ...
    i am wondering if we could probably somehow leverage from eachother, we both use libdisasm, and qt
    For the gui we have some similar requirements. I could offer you syntax highlighted insn formatting a la

    hm i really think it could be cool to share the same qui routines at least. i am finishing my code for a release and set up a page for access, if you are interested i would like to discuss with u if we would like to combine our creativity

    cheers, 0xf001

  6. #36
    I agree, it would simply be awesome if we could collaborate and make use of each others code. I would love it if I could improve my disassembly viewer and have some of the features review has display wise.

    Anyway, let me know what you have in mind and we'll figure something out.


  7. #37
    0.8.14 released, adding a few fixes and a few new features

    * Added heuristic for resolving "main" symbol byte on bytecode matching
    if the symbol is not provided in the symbol map. This feature is currently
    very likely glibc specific.

    * Added some more steps towards 64-bit build support.


    * Added more consitancy to context menus (operations you can do in the dump
    view, you can also do in the stack view most of the time now.


    * Registers are now highlighted in red if they have changed.


    * Fixed a crashable bug BinaryString search plugin if an empty string was


    * CheckVersion plugin will now respect the HTTP_PROXY environment variable.


    * corrected minor bug in which preventing it from running
    on certain distributions which actually have /bin/sh act like the original sh
    not bash

    * Added basic conditional breakpoints. The can be set in the breakpoint
    manager plugin and are based on the expressions that were recently added.
    At the moment, the expressions are tested for validity at the moment of
    the breakpoint, eventually this will be checked when you enter it.


    * Added expression support to "Goto Address" in both the CPU and data views.
    Please see the README for more detailed information on this.


    * Added MD5 code, which will notify the user of outdated symbol files.

    * Added code to remove duplicates from the instruction analysis list.


    * Renamed to to make it more
    distribution friendly.

    * now puts errors to stderr, not stdout, so you dont get
    false symbol files if you process a whole dir at a time.


    * Shellcode address used to change region premissions is now chosen dynamically.


    * Added preliminiary framework for resolving parameters to standard library

    * Added ability to show/hide the toolbar.


    * Added ability to specify compile time some default directory strings,
    makes package managment easier.

    * Added preliminary meathod for code to find a plugin based on the plugins name
    this will allow code to be written which depends on functionality exported
    by plugins, which could be cool.

    * Added some basic measures to help prevent duplicate plugin loading caused
    by symlink trickery

    * EDB will now look in the current working directory as well as the path
    specified in the options for plugins

    Last edited by proxy; April 20th, 2007 at 01:10.

  8. #38
    GREAT job Proxy, I'd been needing something like this. I was just looking at a target that had both a Linux, and a windows version, and the code for the Linux version was MUCH more straight forward, and I ended up with a nice keygen as a result!

    Now, a comment. Sometimes when scrolling up or down using the mouse wheel, the code changes (like a problem with the backwards disassembler), and sometimes when scrolling down, it takes effort to get to an address just a few bytes away.

    // My system details
    Fedora Core 6, 6 proc P3 Xeon server, 4 GB of RAM.

  9. #39
    yea, currently it scrolls by bytes, not instructions, so the code will appear to change as the length of the first instruction shown determines how the rest are disassembled.

    This is a feature I am really working on, but it is a tough nut to crack because Intel instructions are variable length. I believe that Ollydbg "snaps" the origin to the nearest known function, but is a pretty good approach, but does depend on the existence of the analyzer. So eventually it'll get in there .

    I'm glad that you were able to make use of EDB and found it to be useful, are there any "killer features" that you would recommend that I focus on (check my TODO list to see what i'm already looking at, since it may already be in the works)

    PS: to get to a specific address, even just a few bytes away, it is sometimes easier to right click on the disassembly and choose "goto address", just remember that hex values start with "0x" just like in C.
    PPS: also, the goto addresses accept expressions, so you may right: "eip + 10" or something to just scroll relative to eip

    Last edited by proxy; April 22nd, 2007 at 22:04.

  10. #40

    i setup my qt4 dev environment, and had a chance to quickly test ... looks VERY good!

    i wanted to add the UID into the process list, which displays when you attemt to attach to a process. that would help looking at just user processes etc ...

    how open do you see your development? do you think of going sourceforge or similar, or shall we send you patches, in case we would want to modify something?

    regards, 0xf001

  11. #41
    First of all, I can add the UID thing no problem, it'll be in the next release

    As far as how open I feel the development is, I want to make it very open but I would still like patches sent to me so I apply them. This way I'll at least be able to know what things are being added!

    Also, I hope that most of the time, new functionality can be added via plugins, so keep that in mind.

    Anyway, I'm glad that you like it, I hope to continue to make it better and better over time, so please let me know of any features you think it needs.

    BTW: any news on review? I've been looking forward to checking it out and seeing if there is anyway we can work together to improve both of our projects. Let me know.


  12. #42
    hi proxy,

    As far as how open I feel the development is, I want to make it very open but I would still like patches sent to me so I apply them. This way I'll at least be able to know what things are being added!
    very nice! i can recommend sourceforge, i am sure you know it, ... u are there project owner, and can control everything. they give you a svn repos, where u can make it public, or just to a list of developers etc. when u have some time, maybe u can look at it. i think its very nice for maintaining projects. i personally am perfectly fine with sending "stuff" to you, too

    i had another idea: wat i _really_ like about gdb in text mode is - i can so easily
    have a texteditor open, and copy/paste the outoput - ie the state of a process at a certain point of execution.

    i would like to add a feature - where it can just dump to STDOUT a similar output like

         eax:0000000E ebx:BFFFF47C  ecx:0000009D  edx:BFFFF13C     eflags:00200302
         esi:BFFFF14C edi:0000000E  esp:BFFFF0F8  ebp:BFFFF160     eip:0804A528
         cs:0073  ds:007B  es:007B  fs:0000  gs:0033  ss:007B    o d I T s z a p c
    BFFFF128 : 00 00 00 00  00 00 00 00 - 00 00 00 00  8C 7D 1D 01 .............}..
    BFFFF118 : C8 FF FF BF  0E 00 00 00 - 40 01 C8 FF  00 40 0E 40 ........@....@.@
    BFFFF108 : 8C F1 FF BF  28 F1 FF BF - E6 11 43 40  4C F1 FF BF ....(.....C@L...
    BFFFF0F8 : 8C 7D 1D 40  FC A3 04 08 - FC A3 04 08  0C 00 00 00 .}.@............
    [007B:BFFFF14C]---------------------------------------------------------[ data]
    BFFFF14C : 31 32 33 34  35 36 37 38 - 39 30 61 62  63 64 9D 00 1234567890abcd..
    BFFFF15C : 94 F1 FF BF  94 F1 FF BF - C8 33 0C 40  7C F4 FF BF .........3.@|...
    [0073:0804A528]---------------------------------------------------------[ code]
    0x804a528 <decodifica__9Controllo+300>: mov    $0xe,%esi
    0x804a52d <decodifica__9Controllo+305>: mov    %esi,%ecx
    0x804a52f <decodifica__9Controllo+307>: sub    0xffffffd8(%ebp),%ecx
    0x804a532 <decodifica__9Controllo+310>: lea    0xffffffec(%ebp),%esi
    0x804a535 <decodifica__9Controllo+313>: mov    (%eax,%edx,1),%al
    0x804a538 <decodifica__9Controllo+316>: cmp    (%ecx,%esi,1),%al
    to familiarize with your code base, i would want to try to add it. what do you think?

    regarding review, i get more and more requests. i have still some (little, but still) parts to finish, but want to do that not in a rush. please let me test your patience a bit also i am thinking of moving to qt4, which i just yesterday got straight in parallel to qt3 (was easy, but i was afraid to break my dev system) - in order we can better share.

    i want to look if i could provide you with my disasm output, that should be fairly easy - since we both use libdisasm ...

    something other popped up in the meantime, which got all my attention,
    something you will hear from soon its unplanned and eating my time for review
    (no, not knoppix|RE, that just popped up, too, thanks to 0x0804 who is great help).

    i think of being able to release the code to the end of the month - around that time.

    proxy, you are a damn good coder, and i like your quality of code and well thought concepts how you work! i am impressed, its damn cool you came here to this board, very appreciated

    i for example need to beautify a lot of proof of concept code in review, it looks far not as clean as your debugger. it motivates me to see your code

    best regards, 0xf001

  13. #43
    0.8.15 released, some big fixes and new features:


    * Added UID to attach dialog.

    * Added ability to filter out entries that dont match your UID in the attach


    * Added "Goto ESP/EBP" to stack context menu.

    * Fixed crashable bug in QDisassembly view, involving libdisasm, libdisasm will
    do a double free if "x86_oplist_free" is called on invalid opcodes, this is
    now avoided.

    * You can now always disassemble code nearing the edge of a region.


    * Isolated how recent files are managed away from primary GUI code.

    * Made register view and disassembly view fonts configurable from options

    * Made data view's font default to what is set in the options.

    * Font changes in the options now show immidiately after accepting (clicking ok)
    the options dialog.


    * Break point manger now takes an expression for it's address

    * General code cleanups

    * Added stack analysis, will now show returns and ascii strings in stack viewer!


    * Made minimum length for ascii string detection tunable in options.

    * Improved the String Searcher plugin to reuse code in the Debugger API instead
    of using its own.


    * Began work on a new "Open Files" plugin, it can currently list open files
    and will eventually be able to show socket/pipe information as well.

    * Fixed minor display bug in tooltips for long instructions

    * Improved the internal disassembly API to make it more adaptable to other
    disassembly libraries


    * Vastley improved the speed of the Heap Analizer's result view (order of
    minutes to seconds)



  14. #44
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Ring -1
    Blog Entries
    Nice work as usual.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  15. #45
    it's amazing wow. We have now a powerful gui debugger under linux. Thank you very much proxy. Keep working.

    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. EDB Linux Debugger 0.9.0 Release :)
    By proxy in forum Linux RCE
    Replies: 57
    Last Post: April 14th, 2011, 15:48
  2. Immunity Debugger v1.1 Release
    By OpenRCE_nicowow in forum Blogs Forum
    Replies: 0
    Last Post: November 24th, 2007, 18:50
  3. Syser Debugger 1.8 Release
    By wuyanfeng in forum Tools of Our Trade (TOT) Messageboard
    Replies: 11
    Last Post: July 6th, 2007, 17:06
  4. Syser Debugger 1.4 Release
    By wuyanfeng in forum Tools of Our Trade (TOT) Messageboard
    Replies: 9
    Last Post: May 24th, 2006, 20:19
  5. New Syser Debugger 1.3 Release
    By wuyanfeng in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: March 12th, 2006, 05:30


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts