Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

EDB Linux Debugger 0.9.0 Release :)

RCE of Linux tools and programs.
proxy
Member
Posts: 85
Joined: Tue Jun 13, 2006 3:59 pm
Contact:

EDB Linux Debugger 0.9.0 Release :)

Post by proxy »

0.9.0 released, change log is very long, and this is the first version to support x86-64! Now that the big move to supporting both x86 and x86-64 (compile time decision) is done. I hope to get back into a faster release cycle.

Hope you all enjoy!:


2008-06-18
----------

* Fixed a bug in the hardware breakpoint manager plugin which didn't allow
disabling of the last breakpoint.

* Extended the maximum size that OpcodeSearcher will consider from 4 bytes to
8 bytes, which yields some more options.

* Finished changing OpcodeSearcher plugin to use edisassm, it should be a lot more
robust now. Forutnately, edisassm is pretty fast, so the performance impact isn't too
bad.

* Most dialogs use QT 4.2.x's QDialogButtonBox's now which should give a better
look on non-KDE platforms.

2008-06-12
----------

* Fixed a bug in DebuggerCore involving hardware debug registers in 64-bit mode.
this fix allows hardware breakpoints to work in 64-bit builds.

* Changed OpcodeSearcher plugin to use edisassm when searching instead of hard
coded values. This allows the code to be more easily ported to new archs such
as x86-64.

2008-06-06
----------

* Fixed minor bug with selections in QHexWidgets when selecting outside of the
viewable range. There was an underflow, which was cast to an unsigned type
causing some upward selections to select from start to the end of the range.

* More improvements in 64-bit support. The ArchProcessor for x86-64 is now
aware of the amd64 C calling convention and will now properly predict function
arguments for when symbols are available.

2008-06-01
----------

* Hardware breakpoints are much more complete, supporting Write, Read/Write,
and Execute types of 1, 2, and 4 bytes sizes.

2008-05-31
----------

* edisassm 1.5.2 released, mostely making the code more standards compliant to
ensure that the code will compile on newer versions of g++.
tested with 4.2.3 on Ubuntu.

2008-05-28
----------

* edisassm 1.5.1 released with some minor bug fixes

* Corrected some bugs in edb under x86-64 involving the analysis engine.

2008-05-28
----------

* edisassm 1.5.0 released with EMT64 support! A lot of time was put into
verifying the instruction tables to ensure that disassembly woudl be accurate.

* A couple of minor bug fixes were done in EDB.

* Added patches to clean up build on ubuntu systems.

2008-05-18
----------

* Added LOTs of SSE4 ops to edissasm, updated a bunch of the tables.

2008-05-07
----------

* edisassm now can handle RIP relative addressing mode. I also fixed some decode
ordering issues that were introduced when 64-bit mode was being added. The
only piece left is the tweaking of the instruction tables to match what was
added/removed/changed for 64-bit mode!

2008-05-06
----------

* edisassm now can disassemble 64-bit code partially correct. It does not yet
support RIP relative modes and does not take into account changes in the
opcode map (new and removed opcodes). Soon edb will have full 64-bit support!

2008-04-30
----------

* Made a large effort to port edisassm to 64-bit :) The most visible change
is that is makes much larger use of templates. Instruction and Operand now
take a template param (32 and 64 are valid). which can be used like this:
Instruction<32> insn(buf, size); or you can use edb::Instruction which will be
be typedefed to the appropriate type based on your build environment. Because
of the massive ammount of templating needed to implement this, it is possible
that older compilers will have trouble with it. I will test which compilers
are expected to work.

2008-04-11
----------

* Renamed REG_NONE to REG_NULL to avoid a conflict with windows headers.

* Got edisassm compile on win32 for the first time :)

2008-03-24
----------

* Improved some of the function finder code, I am planning on moving this to a
more central analysis system.

2008-03-15
----------

* Fixed some incorrect bit setting in HW breakpoint code.

2008-03-14
----------

* Improved the HW breakpoint code. It will now show the enabled state based on
what the application is actually in. So if you do something like reset the
application, then the HW breakpoints will show as disabled (because they are).

* Some general code optimizations.

2008-02-29
----------

* First code for hardware breakpoints is in, edb can now set a hardware bp
and resume from it, next is setting the proper type of bp (read/write/execute)
as needed and also making the dialog show correctly even when application
has been terminated or restarted.

2008-02-27
----------

* Simplified some signal code in QHexView and Bookmarks plugin.

* Started some very preliminary work on the hardware breakpoint plugin. So far
I have the GUI planned out for it. It will likely require that the plugin
hook the debug event system in order to enable resuming after hitting the BP.
This is ok though since there is an infrastructure in place for that :) .

2008-02-25
----------

* Improved handling of breakpoints which aren't caused by int3 bytes placed by
edb. for example: "int 3" (which encodes as 0xcd 0x03) is now handeled more
correctly.

* Preliminary code for hardware breakpoints is in place, the DebuggerCore is now
able to get/set the debug registers on intel. The only real hurdle left is
continuing after it is hit. This will need a similar system to software
breakpoints.

2008-02-15
----------

* Made some changes to help with portability.

* Made edisassm use std::ifstream instead of mmap.

2008-02-12
----------

* Simplified the expression code a bit by factoring down common code a bit. This
results in a slightly larger binary, but smaller source (due to small function
inlining). I think this is fine since the code is more managable.

* Fixed expressions handling of the XOR operator "^". It was not properly
implemented.

* Moved the known function table to a plugin. It isn't super efficient quite yet
but works well.

2008-02-10
----------

* Made the columns in the disassembly view movable when mouse is 2 or less
pixels away from from the line, not just exact match. This should make it an
easier target.

2008-02-08
----------

* Made DebuggerCore::readPages account for breakpoints in its results.

* Fixed a bug where reads/writes could return success when they couldn't read
this resulted. Fortunately this really didn't effect the result of any
operations.

2008-02-06
----------

* applied patch from [email protected] to plugins.pri to help avoid build errors
on certain configuration.

2008-01-28
----------

* updates QT dependancy to be for version 4.2 or greater. There are a few
features of QT that I have held off from using or have worked around in the
past. The next version (0.9.0) will no longer compile on versions lower than
4.2

2008-01-24
----------

* Fixed more bugs in edisassm, it was some SSE opcodes where Intel docs claimed
both operands have be Mod/RM, in which case I have no idea what the proper
thing to do is. So, it is now in sync with what sandpile.org says, which
matches other disassemblers output. I have also added a regression test for
this.

* You can now see symbols in the disassembler view if you move the left most
line right. By default it will look as usual. But in a very similar way to
ollydbg, you can now see known symbols next to addresses.

* Improved function finder plugin. It will now give "bonus points" to functions
which have known symbols.


2008-01-19
----------

* Fixed a harmless crash when EDB failed to load the debugger core plugin. This
was introduced in the last release :( .

2008-01-17
----------

* For builds on QT >= 4.3, you can now give a tab a label but right clicking
on it.

* Made the QHexView and QDisassembly widgets use the system palette colors.
This will make it so EDB will match the prefered colour scheme of the user.


enjoy

http://www.codef00.com/projects.php#Debugger

proxy
User avatar
Polaris
Posts: 223
Joined: Sun Jun 02, 2002 2:00 pm
Location: Invincible Cyclones Of FrostWinds
Contact:

Post by Polaris »

Lovely :)
Stand In The Fog With So Cold A Heart... Watching The Death Of The Sun...
JMI
Senior Member
Posts: 5329
Joined: Wed Apr 25, 2001 2:00 pm

Post by JMI »

Thanks to whomever updated the CRCETL entry also. :yay:

Regards,
JMI
Externalist
Member
Posts: 57
Joined: Wed Dec 26, 2007 8:00 am

Post by Externalist »

Awesomeness!! :yay:
Externalist
tgadaw

Post by tgadaw »

I 'll try to debug some elf.
proxy
Member
Posts: 85
Joined: Tue Jun 13, 2006 3:59 pm
Contact:

Post by proxy »

0.9.1 released, code analysis was the focus of this release (along with fixing a crashable bug :whoops: )

Hope you all enjoy!:

2008-07-25
----------

* Made analysis slightly faster by factoring out some no longer needed code.

* Simplified some code in the QDisassembler widget. Instead of passing an
instruction, its buffer and its size, you can now just pass the instruction
since it has references to the buffer and its size anyway.

* Made the analyzer aware of using zeros as padding between functions. This will
make the display more correct if displaying analyzed code.

2008-07-15
----------

* Added "Follow Immediate in Dump" and "Follow Immediate in Stack" CPU context
menus. They act similarly to the generic "Follow" CPU context menu.

* Improved analysis speed.

* Improved analysis quality, a few more types of common optimizations are
detected.

2008-07-13
----------

* Added a "Follow" item to the CPU context menu. Basically, if you right click
on either a JMP or CALL which has an operand which can be evaluated, then
there will be a "Follow" menu item that will scroll the CPU view to that
location.

2008-07-12
----------

* Removed some code which was implemented to work around QT 4.0.x bugs since
4.2 is now a base requirement.

* Added some atomic-ness for pointer manipulations.

* Renamed some settings in configuration file to make them more consistent with
new convention.

* Fixed a integer underflow crash involving trying to select an address beyond
the end of a region. Which was causing a negative size to be passed to the
"edb::v1::getInstructionBytes" function. Q_ASSERTS were added to catch this
in the future if a similar bug is present elsewhere.

* Fixed a minor bug where tooltips would show data outside of the current
region if there is an adjacent region sometimes.

* Now attaching to a new process or opening a new program to debug will
invalidate any analysis that has been done. Eventually, the analysis will be
stored in session files so that it can be reused. But not yet ;) .

2008-07-05
----------

* more minor improvements to the analysis engine.

* Fixed a corner case in the disassembler where it would misformat things like
"and eax, 0xffff" as "and eax, -1" due to a mis-optimization.

2008-07-03
----------

* Improved the analysis engine to be slightly more accurate.

* Added graphical indication of function bounds based on analysis results.

* You can now scroll the QHexView widgets by individual bytes by pressing up
or down while holding the control key.

2008-07-01
----------

* Centralized analysis engine and provided it with a plugin. The FunctionFinder
plugin is now just an interface towards it. Ctrl+A will analyze the current
region (though nothing is done with the results yet). I am hoping to have
function framing and scrolling by instructions.

* Added a "set EIP to selected instruction" to CPU context menu.

* Improved hueristic for analyzer. It will now more accurately identify certain
types of functions.

enjoy

http://www.codef00.com/projects.php#Debugger

proxy
rakish

Post by rakish »

nice tool, btw i saw ur website and i thought...

proxy + pancake ( http://radare.nopcode.org ) = no good?

and... wow, making an OS, RPG Engine, a Debugger, libraries...

L.Spiro 2

rly nice, keep going :)
proxy
Member
Posts: 85
Joined: Tue Jun 13, 2006 3:59 pm
Contact:

Post by proxy »

yea, me and pancake have had some discussions. We both agree that there is probably some really cool stuff that we could do together. But it has yet to materialize. (We do have somewhat different development preferences, which may slow things down).

But I do think that I'd like to have some of his input on certain things since he has done such wonderful work with radare.

And yea, I tend to keep myself busy with projects ;) .

Finally, just a heads up, but there will be a bug fix release very soon. One of my latest optimizations revealed an error in some code which can possibly lead to a read based segfault :( . Even worse, I noticed that the last two releases don't save all settings to the config file (some, but not all), fortunately the defaults are quite useable. I believe I have it all ironed out.

Of course there will be some new features as well ;) .

proxy
JMI
Senior Member
Posts: 5329
Joined: Wed Apr 25, 2001 2:00 pm

Post by JMI »

Thanks proxy for keeping our readers updated and for working on these projects where there is an insufficient supply of available solutions and RCE tools. We appreciate the effort and the contributions.

Regards,
JMI
proxy
Member
Posts: 85
Joined: Tue Jun 13, 2006 3:59 pm
Contact:

Post by proxy »

0.9.2 released, this is primarily a bug fix release:


2008-07-29
----------

* Since the config file was partially broken, I am taking this opportunity to
finish reworking the naming convention for settings. Some settings will
unfortunately be lost. But odds are they were being dropped anyway :-/ .

* WOW, I just noticed that for a long time (2-3 versions) options were not being
actually saved. Fixed.

* Seems that my QDisassemblyView optimization revealed an off by one error in
the DebuggerCore which unfortunately was also crashable :( . But I believe
that the logic is correct now. I've added a few more asserts to help avoid
this type of bug in the future.

enjoy

http://www.codef00.com/projects.php#Debugger

proxy
proxy
Member
Posts: 85
Joined: Tue Jun 13, 2006 3:59 pm
Contact:

Post by proxy »

One more bug fix release and I think all is well ;)

2008-08-08
----------

* Ouch, another bug fix. At least this time it was a failed assert. Basically
During my last fix, I forgot that reads can and will fail if done while the
debugee is running. I have added code to special case this and handle it more
correctly. (Which is of course how it used to act in the first place).

2008-08-04
----------

* made plugins.pri smarter with library location. For 64-bit builds it will
default to $prefix/lib64/edb/

enjoy

http://www.codef00.com/projects.php#Debugger

proxy
proxy
Member
Posts: 85
Joined: Tue Jun 13, 2006 3:59 pm
Contact:

Post by proxy »

This time it's a two version bump to 0.9.4 since I was notified of some x86-64 compilation issues in the last version. Plus I've added a few things.

2008-08-12
----------

* Sped up analysis by avoiding redundant function analysis. It still isn't
blazing fast, but is significantly better.

* Fixed a few previously missed 64-bit portability issues.
(toULong -> toULongLong). They were minor, but all of this type should be
resolved.

* Added a symbol viewer plugin. Double click to see a symbol's value in the
the current data view. Eventually, I'll add a context menu to make it
so you can view it in the code view too depending on the type.

2008-08-11
----------

* Continued to make improvements to analyzer. It is more accurate, but also
slower at the moment. I will look into good ways to speed it up.

2008-08-10
----------

* Fixed some compilation issues on x86-64. Thanks to Stephan Hegel for working
with me to make sure that x86-64 users have a functioning EDB.

* Reworked analysis to have a higher initial favoritism towards findings
functions by recursivly tracing known functions
(symbols/main/entry point, etc). This will make the analysis more accurate
though it does have the side effect of making "percentage complete" at lot
less meaningful since while it will always stop, the number of iterations
during analysis is indefinite.

2008-08-09
----------

* Seems that <QtGlobal> needed to be included in QDisassemblyView.cpp for x86-64
targets. Simple fix, but it broke compilation for some platforms so I'm going
to make a release for it.

enjoy

http://www.codef00.com/projects.php#Debugger

proxy
gxlly

Post by gxlly »

I install QT4.4.1,but when I install EDB,it show QString is not exist,as to Qglobal,Qmap,QList in SymbolManager.h,why?
I install them in RedHat AS3.
proxy
Member
Posts: 85
Joined: Tue Jun 13, 2006 3:59 pm
Contact:

Post by proxy »

Sounds like you have qt4 but not qt4-devel installed. This basically means that you have all the .so file necessary to run qt4 applications, but not the headers needed to compile them.

This should fix the problem.

proxy
gxlly

Post by gxlly »

Thanks for your answer.
I want to ask which linux platform such as redhat or other suit for this good tool with QT4 opensource X11.
Locked