Page 5 of 7 FirstFirst 1234567 LastLast
Results 61 to 75 of 95

Thread: EDB Linux Debugger 0.8.0 Release :)

  1. #61
    0.8.21 released, this one has some new plugins, features and some minor bug fixes. Hope you all enjoy!:

    2007-08-26
    ----------

    * Added cool "data dump" plugin as per 0xf001s request . Just hit ctrl+D and
    it'll shoot out a dump similar to GDB to stdout.

    * Added the ability to skip in-accessible regions (permissions currently "---")
    to both the reference search and the binary string plugins. Some applications
    such as wine like to create dummy regions like this. It should make the
    searching a little more bareable.

    2007-08-20
    ----------

    * "Filling" instructions, as in functions which either have no real effect,
    and/or are usually used to fill the space between functions are now displayed
    in grey. This makes seeing where function boundaries are easier.

    2007-08-20
    ----------

    * Added pointer detection to heap analysis.

    2007-08-18
    ----------

    * Tables with numeric content columns are now sorted numerically.

    * I am working on stabalizing the programming API, BaseTypes:: and Debugger::
    namespaces will be merged and renamed to edb::. The contents of Debugger::
    will be located in in edb::v1:: to indicate version 1 of the plugin API. This
    way plugins will have a nice clean way of knowing which version of the API
    they are using. Functions in edb::v1:: will never be removed, after 1.0 is
    released.

    * Corrected a bug where step over didn't work if you were on a breakpoint.

    2007-08-16
    ----------

    * Corrected copy and past bug in FunctionFinder plugin menu item name.

    2007-08-15
    ----------

    * updated some of the documentation.

    2007-08-14
    ----------

    * Added a "bookmarks" plugin, which allows you to put code addresses of your
    choice into a list, which you can later jump to. This plugin also serves
    as an example of how to add dock widgets to the main gui in a safe manor.

    * Fixed a subtle crash caused by debugging an app, opening a plugin dialog, then
    detaching, and eventually debugging a new process (which not closing the
    dialog.

    * Added a new "function finder" plugin. Suprisingly accurate. It includes a
    "reference count" column which is how many potential calls to this function
    the plugin saw. The higher the number, the greater the confidence that it is
    really a function entry point.

    * Speed increases.

    2007-08-13
    ----------

    * Changed some of the global objects from pointers to references, this will
    reduce the need for null checks in many situations as well as simplify code.

    * added wait for console process to die before closing for a better cleanup.

    2007-08-10
    ----------

    * Fixed accidentaly reference of breakpoint data after it was free when using
    one time breakpoints. Dangling pointers are no bueno!

    2007-08-09
    ----------

    * Removed references to QT 4.3 features from UI files.

    enjoy

    http://www.codef00.com/projects.php#Debugger

    proxy

  2. #62
    Good WORK.

  3. #63

    Error when compiling debugging core plugin on x64 machine

    Hi there Proxy,

    I'm getting the following error when compiling edb on a x64 machine. The State.h defines the struct State for x86 32bit registers. I can just modify the file to have the x64 registers (rax, rbx etc) but I didn't go through the code to see a simple fix would work or break something else.

    Comments?

    Thanks

    Sailor_eda

    DebuggerCore.cpp: In member function ‘virtual void DebuggerCore::getState(State&)’:
    DebuggerCore.cpp:527: error: ‘struct user_regs_struct’ has no member named ‘eax’
    DebuggerCore.cpp:528: error: ‘struct user_regs_struct’ has no member named ‘ebx’
    DebuggerCore.cpp:529: error: ‘struct user_regs_struct’ has no member named ‘ecx’
    DebuggerCore.cpp:530: error: ‘struct user_regs_struct’ has no member named ‘edx’
    DebuggerCore.cpp:531: error: ‘struct user_regs_struct’ has no member named ‘esp’
    DebuggerCore.cpp:532: error: ‘struct user_regs_struct’ has no member named ‘ebp’
    DebuggerCore.cpp:533: error: ‘struct user_regs_struct’ has no member named ‘edi’
    DebuggerCore.cpp:534: error: ‘struct user_regs_struct’ has no member named ‘esi’
    DebuggerCore.cpp:535: error: ‘struct user_regs_struct’ has no member named ‘eip’
    DebuggerCore.cpp:537: error: ‘struct user_regs_struct’ has no member named ‘xcs’
    DebuggerCore.cpp:538: error: ‘struct user_regs_struct’ has no member named ‘xds’
    DebuggerCore.cpp:539: error: ‘struct user_regs_struct’ has no member named ‘xes’
    DebuggerCore.cpp:540: error: ‘struct user_regs_struct’ has no member named ‘xfs’
    DebuggerCore.cpp:541: error: ‘struct user_regs_struct’ has no member named ‘xgs’
    DebuggerCore.cpp:542: error: ‘struct user_regs_struct’ has no member named ‘xss’
    DebuggerCore.cpp:543: error: ‘struct user_regs_struct’ has no member named ‘orig_eax’
    DebuggerCore.cpp: In member function ‘virtual void DebuggerCore::setState(const State&)’:
    DebuggerCore.cpp:568: error: ‘struct user_regs_struct’ has no member named ‘eax’
    DebuggerCore.cpp:569: error: ‘struct user_regs_struct’ has no member named ‘ebx’
    DebuggerCore.cpp:570: error: ‘struct user_regs_struct’ has no member named ‘ecx’
    DebuggerCore.cpp:571: error: ‘struct user_regs_struct’ has no member named ‘edx’
    DebuggerCore.cpp:572: error: ‘struct user_regs_struct’ has no member named ‘esp’
    DebuggerCore.cpp:573: error: ‘struct user_regs_struct’ has no member named ‘ebp’
    DebuggerCore.cpp:574: error: ‘struct user_regs_struct’ has no member named ‘edi’
    DebuggerCore.cpp:575: error: ‘struct user_regs_struct’ has no member named ‘esi’
    DebuggerCore.cpp:576: error: ‘struct user_regs_struct’ has no member named ‘eip’
    DebuggerCore.cpp:578: error: ‘struct user_regs_struct’ has no member named ‘xcs’
    DebuggerCore.cpp:579: error: ‘struct user_regs_struct’ has no member named ‘xds’
    DebuggerCore.cpp:580: error: ‘struct user_regs_struct’ has no member named ‘xes’
    DebuggerCore.cpp:581: error: ‘struct user_regs_struct’ has no member named ‘xfs’
    DebuggerCore.cpp:582: error: ‘struct user_regs_struct’ has no member named ‘xgs’
    DebuggerCore.cpp:583: error: ‘struct user_regs_struct’ has no member named ‘xss’
    DebuggerCore.cpp:584: error: ‘struct user_regs_struct’ has no member named ‘orig_eax’

  4. #64
    First of all, what happened to the boards for so long?

    x86_64 support is not quite there yet. Sorry, but edb is x86 only for now

    I'm hoping to have x86 support in the future though, no time table for it yet.

    proxy

  5. #65
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Quote Originally Posted by proxy View Post
    what happened to the boards for so long?
    I'm not sure what you mean by this Proxy, could you please clarify?
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  6. #66
    heh, I could not pull up the website for about a month. All other sites worked, just not woodmann.com. I figured that the site was dead!

    Dunno what the problem was if it was just me, but I tried from multiple locations still no dice until today.

    proxy

  7. #67
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Very strange, the board has been up and running continuously indeed (except for some routing problems for less than a day), as far as any admins have been able to see.

    Do note that some "surf-out filters" that companies use block this site though, but I assume you have tried it from unfiltered locations too, so I have no idea then. Please send us an email with a traceroute the next time this happens, so we know and can investigate it.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  8. #68
    Just wanted to give everyone an update. A new version is coming soon with lots of updates and a handful of new features

    I'm also in the midsts of setting up a virtual machine which will run x86-64 Linux. This will give me an opportunity to port EDB to 64-bit Linux hopefully ready for the version after next.

    I've also setup a bugzilla for EDB at: http://bugs.codef00.com/. Please feel free to submit bugs and requests there .

    So anyway, the game plan is as follows. Next release is a few new features and bug fixes, hopefully within a week or so. And I hope the release after that will build and run on x86-64. Preliminary tests look good for the porting since I tried to plan ahead as much as possible. The biggest thing to port is adding x86-64 support to the disassembler engine.

    Have a good thanksgiving everyone!

    proxy

  9. #69
    Thanks for the update.

    Regards,
    JMI

  10. #70
    0.8.22 released, change log is pretty long, hopefully won't be quite so long until next release (0.9.0 which is planned to be the first version to support x86-64!).
    Hope you all enjoy!:


    2008-01-16
    ----------

    * Fixed a potential crash on shutdown in the cleanup code

    * Fixed a silly crash where if you ran the function finder with no selected
    region (or if you are not attached to a program) it would crash.

    2008-01-15
    ----------

    * Fixed a bug in ModRM/SIB decoding where in some cases the index and base were
    inversed. This only really showed up in the less used redundant encodings, so
    it didn't show up until I started my regression tests.

    2008-01-14
    ----------

    * Fixed a bug in edisassm where it would think it didn't have enough space in
    the instruction buffer when prefixes are used.

    2008-01-13
    ----------

    * Added a graphical indicator of the direction for relative jumps.

    2008-01-12
    ----------

    * Improved load time.

    * Fixed some very minor bugs in the disassembler.

    * made disassembler differentiate between the different versions of ins/outs.

    2008-01-10
    ----------

    * Fixed a bug in edisassm where 32-bit signed offsets which have the 16-bit
    set were being printed as 16-bit sign extended values.

    * Added some regression tests to edisassm. Unfortunately nasm and edisassm
    disagree on some syntax points and likes to re-order expressions sometimes,
    so I'll have to come up with some normalization strategy before it can be
    fully automated. But it's a start .


    2008-01-03
    ----------

    * Fixed a bug where if you used the fill feature ontop of a breakpoint it
    would not properly clear the breakpoint first.

    2007-12-12
    ----------

    * Moved the ELFxxBinaryInfo classes to plugins. This is more modular and makes
    it far simpler to add new BinaryFile handlers in the future.

    2007-12-10
    ----------

    * Added command line running of a program. You may write things like this:
    $ ./edb --run /bin/ls /etc /bin
    and it will start edb attached to a new instance of /bin/ls with the correct
    arguments passed.

    2007-12-06
    ----------

    * Fixed a display bug (Bug #37) where it was possible to make the data tabs show data to
    a region which does not exist after detaching (showing all 0xff's).

    2007-12-03
    ----------

    * Changed some code to convert numbers to toULongLong instead of toUInt to
    ensure that when 64-bit is supported, addresses will be interpreted correctly.

    2007-11-31
    ----------

    * Ported the dump state plugin to be able to compile correctly on x86-64.

    2007-11-29
    ----------

    * Added code to load/save session files (which are currently mostely empty)
    This will read the file header, check it for the session signature, md5 the
    file in the sessiona and compare that to the md5 of the currently debugged
    application. This way, it should never load a session file for the wrong
    application. Next, I'll be adding useful data to the session files, for
    starters I plan on having sessions remember breakpoints and bookmarks.

    2007-11-28
    ----------

    * EDBTypes.h is now Types.h this will include the OSTypes.h and ArchTypes.h
    files, this makes adding new arch and os combinations much easier.

    * Made various input dialogs accept 64-bit values when building on an x86-64
    platform.

    * Made many changes to help in portability to other platforms. EDB will likely
    be ready for x86-64 within a version or two. The big stumbling block left is
    edisassm support for proper disassembly.

    2007-11-27
    ----------

    * Now that I discovered that QT has a qmake variable (undocumented) which
    represents the arch it is being compiled on. I have started work on dividing
    the code which is arch specific into special arch dirs, one for each build
    target (i386 is only which compiles, but it's a start). This should really
    help with porting to new targets.

    * Started very begining work towards a session file concept. I have mostely
    fleshed out what I want the file to look like.

    2007-11-24
    ----------

    * EDBTypes.h will now define some macros based on the arch it beleives it is
    being built on such as EDB_X86_64 or EDB_X86. Also, it will define EDB_FMT_PTR
    which is a format specifier suitable for printing an edb::address_t type.

    * DebuggerCore now compiles on x86-64, however there is still much work left to
    be done. I need to add x86-64 support the the disassembler, and to a few other
    arch sensitive areas.

    2007-11-20
    ----------

    * Added preliminary code for "--run" option which will allow the user
    to execute a program and attach to it from the command line, for example:
    $ ./edb --run /bin/ls /etc
    which would run /bin/ls with "/etc" as it's argument and attach to it.
    This code is not functional yet.

    * Added new findPluginByName to plugin API. This should allow some basic
    for of dependancies to plugins. This should not be used until plugins are
    fully loaded because there is no gaurantee as to the order of loading yet.
    So, as a good rule of thumb, don't use it in the plugin constructor.
    Hopefully, this will lead to more code reuse and maintainability.

    2007-11-15
    ----------

    * Added identification of jump sources to instruction analysis. Now whenever
    stopped on an instruction, it will attempt to find out if a nearby relative
    jump has a target equaling the the instruction you are stopped on.

    2007-11-14
    ----------

    * Setup new bugzilla for EDB at: http://bugs.codef00.com/

    * Implemented locked stack feature. It will stay locked at the position of the
    stack pointer (unless the stack pointer jumps to a whole other memory region)
    when enabled.

    2007-11-08
    ----------

    * Added preliminary support for resizing the columns in the disassembly view.

    2007-11-07
    ----------

    * Fixed a bug in the disassembler where it would ignore the displacement of
    an opcode encoded in a particular way.


    2007-11-06
    ----------

    * Added option for CheckVersion plugin to automatically check for newest version
    on startup. It will not report anything if you are running an up to date
    version of edb. This feature is enabled by default. You can disable this
    feature by unchecking the menu item for it, found at:
    "Plugins" -> "CheckVersion" -> "Check On Start". When enabled, the plugin
    will perform a single HTTP get request to retrieve the latest available
    version number each time edb is started.

    2007-10-23
    ----------

    * Worked on developing function and code analysis. I now have developed an
    algorithm which can do reasonable accurate degree which bytes are actually
    code bytes. Basically the concept is first to enumerate potential functions
    by disassembling at each possible address in a region. For each call I see I
    add it to a list and increase its reference count. Then for each function with
    2 or more references, I do further analysis. While reviewing these functions
    with 2 or more references, I follow the code looking for the function end. If
    I see any calls to functions with a single reference, then they get a bonus
    reference and are re-added onto the list of calls to analyze. For now, the
    primary goal is to figure out the actual code bytes and bounds of the
    functions. Next I will try to identify the conditional logic in the functions.

    * Fixed duplicate error reporting on some invalid expressions.

    2007-10-20
    ----------

    * Added a heuristic for locating the heap start when using a newer ld. It isn't
    100% reliable, but seems to work "ok", I am hoping to solidify more checks
    in the future to make it more reliable.

    2007-10-11
    ----------

    * Made some changes to the plugin API in order to help move towards
    a stable 1.0 API.

    2007-10-09
    ----------

    * General code cleanups and optimizations

    * Added support for arguments with spaces in them. Arguments with spaces are
    specified with quotes, and if you need to have a quote character in the
    argument then you can escape it with \.

    2007-09-17
    ----------

    * Added shortcuts to bookmarks (Ctrl + N will trigger the first 10 bookmarks).

    2007-09-14
    ----------

    * Fixed a bug where I accidentally was copying from a QByteArray directly
    memcpy. It worked because the data array was the first class variable, but
    was not correct in principle.

    2007-09-10
    ----------

    * Corrected a minor bug where the GUI didn't update correctly when using the
    stack widgets push/pop menu items.

    * Made Debugger::log a variadic function, this allows for passing formatted
    output directly without a temp, allowing for cleaner code.

    2007-09-08
    ----------

    * Focused on optimising the code in certain locations.

    * FunctionFinder now uses the new readPages interface.
    This costs more memory, but seems to be more than twice as fast .

    2007-09-05
    ----------

    * BinaryStringSearch and ReferenceSearch now use the new readPages interface.
    This costs more memory, but seems to be more than twice as fast .

    * Added a readPages routine to the DebuggerCoreInterface, since reading large
    blocks of data can be done more efficiently that individual bytes.

    2007-08-28
    ----------

    * Fixed a bug where EDB would hang if the TTY console specified in the options
    does not exist. It defaults to "/usr/bin/xterm". Thanks Dmitry Bulashev for
    reporting!

    2007-08-27
    ----------

    * Corrected a minor bug where the core plugin would report success when trying
    to read when not attached.

    * Bookmarks plugin can now take expressions.

    enjoy

    http://www.codef00.com/projects.php#Debugger

    proxy

  11. #71
    Thanks for the update.

    Regards,
    JMI

  12. #72
    Although you can always do so yourself, I have updated the entry for your EDB Linux Debugger in the Collaborative RCE Tool Library to show it is now at version 0.8.22.

    I also updated your Tool's link in the CRECTL to show the current version:

    http://www.codef00.com/projects/debugger-0.8.22.tgz

    You will find your particular tool described here, if you want to add the updates yourself in the future:

    http://www.woodmann.com/collaborative/tools/index.php/EDB_Linux_Debugger

    Regards,
    JMI

  13. #73
    Just wanted to give everyone an update. I've been hard at work making edisassm support x86-64 since this has been the biggest hurdle towards making edb support x86-64.

    Things are moving along VERY nicely, I almost have it working 100% correctly (for all known/tested cases).

    Beyond that, EDB 0.9.0 will hopefully be coming a long relatively shortly (I hope to get back into my fast release cycle I had during the early 0.8.x days soon ).

    Catch you guys later!

    proxy

  14. #74
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Glad to hear you're still working on this nice project proxy, thanks for the update.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  15. #75
    Thanks Proxy, I could really use a good debugger for x64. Can't wait to have this.

Similar Threads

  1. EDB Linux Debugger 0.9.0 Release :)
    By proxy in forum Linux RCE
    Replies: 57
    Last Post: April 14th, 2011, 15:48
  2. Immunity Debugger v1.1 Release
    By OpenRCE_nicowow in forum Blogs Forum
    Replies: 0
    Last Post: November 24th, 2007, 18:50
  3. Syser Debugger 1.8 Release
    By wuyanfeng in forum Tools of Our Trade (TOT) Messageboard
    Replies: 11
    Last Post: July 6th, 2007, 17:06
  4. Syser Debugger 1.4 Release
    By wuyanfeng in forum Tools of Our Trade (TOT) Messageboard
    Replies: 9
    Last Post: May 24th, 2006, 20:19
  5. New Syser Debugger 1.3 Release
    By wuyanfeng in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: March 12th, 2006, 05:30

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •