Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

EDB Linux Debugger 0.9.0 Release :)

RCE of Linux tools and programs.
roxaz
Member
Posts: 49
Joined: Mon Jul 07, 2008 5:22 am

Post by roxaz »

hell it reminds me ollydbg so much
proxy
Member
Posts: 85
Joined: Tue Jun 13, 2006 3:59 pm
Contact:

Post by proxy »

It's been a while, but edb 0.9.11 is out :-). There are generally too many small tweaks to list individually, but here's what I tracked in the change log over the past few months. I hope to get the next releases out in a more timely fashion.

2009-12-28
----------

* Too many small changes to list here :-P

* Increased minimum Qt version from 4.2 to 4.5. Now that 4.5 is widely deployed
I think this is a reasonable requirment.

2009-10-19
----------

* Fixed builds on some systems.

* Made it so you can load plugins in any order and they should work just fine.

* Disabled graphing capabilities for this release. Unfortunately, graphviz
has made a habit of breaking source compatibility in there C API which means
that the build will break on some systems. I may need to add some sort of
configure script in order to make this work correctly on all supported systems
:-(.

2009-10-17
----------

* Fixed a crash if EDB was set to use a terminal for I/O, but the program
field was empty.

* Many small optimizations.

* A little bit of reorganization in the source tree.

* More steps towards good thread support.

* More functional in Win32 builds (still not good enough yet, but getting
closer)

* Heap Graphs! Sometimes they take a really long time to render, but they work
and can show relationships between nodes!

2009-09-10
----------

* A few portability tweaks, working on creating a proper visual studio project
file eventually.

* QHexView and QDisassemblyView now format the address based on the size of
address_t instead of the native pointer size of the machine. This will allow
the possibility of future builds being able to do remote debugging and/or
debugging of 32-bit apps on a 64-bit platform.

2009-08-17
----------

* Fixed a crashable dead reference usage in Analyzer/FunctionFinder plugins.

* Improved the way that stop codes are handled internally, should make for
cleaner code.

* Some of the bigger operator new usages have exception guards. They shouldn't
be needed in 99% of cases, but it's better to not crash :-P.

2009-08-11
----------

* Lots of minor code improvments.

* Fixed conditional Breakpoints.

* Fixed HW Breakpoints (I think).

2009-07-16
----------

* Improved the way plugin options pages are shown.

2009-07-13
----------

* Instruction<> objects are now "copyable", this is a somewhat expensive
operation, but is the first step towards making edisassm support being an
assembler as well (since it will return an Instruction object).

2009-07-11
----------

* Made DebugEvent object a bit smarter as far as the info they carry with them.
This should simplify things a bit.

* Now passing DebugEvent by reference to handlers. I couldn't before because
the events were coming from the "Event Thread" but now that that is phased out
it is more efficient to pass them this way.

* Changed the binary info plugins to be based on looking at a region, not a file
this is more flexible as it will allow it to analyze data which is only seen
at runtime.

2009-07-09
----------

* Seems that older versions of gcc have slightly different behaviour with
regard to exported embeded classes. Minor update

enjoy

http://www.codef00.com/projects.php#debugger

proxy
proxy
Member
Posts: 85
Joined: Tue Jun 13, 2006 3:59 pm
Contact:

Post by proxy »

Lots of goodies in this version. Long awated syntax highlighting,
some minor bugs were fixed. And enhanced bookmarking.

2010-02-26
----------

* Added support for highlighting of flow control commands

* Next version will allow "schemes" in the same sense that ollydbg does
you will be able to edit the configuration file to adjust the colors to your
liking.

2010-02-25
----------

* Added support for comments for bookmarks

* Fixed a bug where the UI didn't update immidiately after closing the config
dialog

* syntax highlighting in the CPU view!

2010-01-15
----------

* Added "Add Bookmark" to CPU view context menu.

enjoy

http://www.codef00.com/projects.php#debugger

proxy
JohnFive

Post by JohnFive »

Great news, how about MacOs version?
proxy
Member
Posts: 85
Joined: Tue Jun 13, 2006 3:59 pm
Contact:

Post by proxy »

The OSX version has been making some progress, mostly because I've been attempting some *BSD ports lately. Unfortunately the main thing holding up the OSX port is that I don't have a mac :-P. So testing any code is somewhat problematic. Eventually I'll get my hands on one and when I do you can rest assured that I will put a large effort into getting an OSX port functional.
proxy
Member
Posts: 85
Joined: Tue Jun 13, 2006 3:59 pm
Contact:

Post by proxy »

Some bugs were fixed in this version. But there are lots of small improvements throughout the code. This version also sports a completely re-worked internal event system which will make things like "trace mode" and "run until <some condition>" much easier to implement in the up coming versions. We also have themes!


2010-05-27
----------

* Added display of fs and gs base addresses. There is not an aweful lot of
things you can do with this information since you cannot set this value
directly. But it does provide a nice way to see what the address of the
what is commonly the TEB/TCB.

* [E/R]FLAGS is now editable again in the GUI. I accidentally disabled this
in the last release while refactoring some code.

* Much cleaner event model implemented. It is much more robust and simpler too!
Now handlers simply return codes describing the resume state. The only thing
to keep in mind is that if you play with the state in a handler. You almost
always have to call edb::v1::syncronizeState() so the resume functions have
an up to date view to work with.

* Thanks to the new event model, breakpoint conditions work much more reliably.

* Minor optimization in resuming, no longer steps before a resume when it isn't
neccessary.

* NOTE: I believe that I found a kernel bug where stepping in a signal handler
can cause the target process to have the TF flag set incorrectly. Resulting
in a purpetual stepping state. I may be able to work around this by
explicitly masking the flag in certain circumstances. But I feel this might
result in other subtle bugs. Hopefully, if this isn't the expected behavior
the linux guys will have this fixed soon.
See: https://bugzilla.kernel.org/show_bug.cgi?id=16061 for details.

2010-05-26
----------

* Fixed decoding of cmpxchg8b in 64-bit mode. It was incorrectly being
decoded as cmpxchg16b.

* Started working on improving the event model of edb. It will be a lot of
work, but in the end it will be much more robust

* Fixed a fairly major bug, I'm suprised that noone noticed ;) Opcodes which
are completely different in 64-bit mode (like 0x06 is "push es" in 32-bit
but invalid in 64-bit) were not being decoded properly at all. The alternated
tables were not being linked into the disassembly library correctly.

2010-04-27
----------

* Lots of minor tweaks and code refactoring

* Themes! there is no UI for modifying them, but you can set them up in the
config file (~/.config/codef00.com/EDB.conf) manually. Basically there is a
"[Theme]" section which gets read on startup (a change will need a restart
to take effect). In this section there are a bunch of settings that effect
the look of the disassembly which looks like this:

theme.<category>.<property>=<value>

Valid categories are:

register
constant
ptr
prefix
flow_ctrl
function
stack
comparison
data_xfer
arithmetic
logic
shift

Valid properties are:

foreground
background
weight
italic
underline

NOTES:

you may omit any property, which will yield the default value look for that
property.

foreground and background are colors, this is a string which can be anything
you can pass to a QColor(const char *) constructor. So, it can take named
constants such as "green" or hex color codes like "#00ff00", the special value,
transparent is also allowed. See the Qt documentation for the full details.

weight is on a scale of 0 to 99. 50 being normal and 75 being bold.

italic and underline are typical boolean values.

EXAMPLE (this will give the default look):

[Theme]
theme.register.foreground=red
theme.register.background=transparent
theme.register.weight=75
theme.register.italic=false
theme.register.underline=false
theme.constant.foreground=black
theme.constant.background=transparent
theme.constant.weight=50
theme.constant.italic=false
theme.constant.underline=false
theme.ptr.foreground=darkGreen
theme.ptr.background=transparent
theme.ptr.weight=50
theme.ptr.italic=false
theme.ptr.underline=false
theme.prefix.foreground=black
theme.prefix.background=transparent
theme.prefix.weight=75
theme.prefix.italic=false
theme.prefix.underline=false
theme.flow_ctrl.foreground=blue
theme.flow_ctrl.background=yellow
theme.flow_ctrl.weight=50
theme.flow_ctrl.italic=false
theme.flow_ctrl.underline=false
theme.function.foreground=blue
theme.function.background=yellow
theme.function.weight=50
theme.function.italic=false
theme.function.underline=false
theme.stack.foreground=blue
theme.stack.background=transparent
theme.stack.weight=50
theme.stack.italic=false
theme.stack.underline=false
theme.comparison.foreground=blue
theme.comparison.background=transparent
theme.comparison.weight=50
theme.comparison.italic=false
theme.comparison.underline=false
theme.data_xfer.foreground=blue
theme.data_xfer.background=transparent
theme.data_xfer.weight=50
theme.data_xfer.italic=false
theme.data_xfer.underline=false
theme.arithmetic.foreground=blue
theme.arithmetic.background=transparent
theme.arithmetic.weight=50
theme.arithmetic.italic=false
theme.arithmetic.underline=false
theme.logic.foreground=blue
theme.logic.background=transparent
theme.logic.weight=50
theme.logic.italic=false
theme.logic.underline=false
theme.shift.foreground=blue
theme.shift.background=transparent
theme.shift.weight=50
theme.shift.italic=false
theme.shift.underline=false
theme.system.foreground=blue
theme.system.background=transparent
theme.system.weight=75
theme.system.italic=false
theme.system.underline=false


2010-04-01
----------

* Made the copy operation of QHexView widgets do an ascii rendering of what the
user has selected, this is infinitely more useful.

* Re-added the jump/call target symbol display in the disassembly view. This
was accidentally chopped when I added syntax highlighting.

2010-03-31
----------

* Code cleanup

* Fixed potential memory corruption in symbol management code (could not
demonstrate it, but technically it was possible).

* Added some options to the DumpState plugin

* The DumpState plugin now uses the current data view tab as the basis for
its "data" portion of the output

* Got rid of the insanity of having "ctrl+c" mean "check version". :-P

* The BreakpointManager is no longer a modal dialog.

* Improved const correctness of some things

* Fixed corner case where the UI wouldn't update immediately

enjoy

http://www.codef00.com/projects.php#Debugger

proxy
Externalist
Member
Posts: 57
Joined: Wed Dec 26, 2007 8:00 am

Post by Externalist »

niceeee :yay:
Externalist
sick
Junior Member
Posts: 7
Joined: Sat Sep 10, 2005 11:00 am

Post by sick »

Very nice really :)
proxy
Member
Posts: 85
Joined: Tue Jun 13, 2006 3:59 pm
Contact:

Post by proxy »

I just did a maintenance release 0.9.15 which fixes the build on certain platforms.
proxy
Member
Posts: 85
Joined: Tue Jun 13, 2006 3:59 pm
Contact:

Post by proxy »

Finally got the next version "release" worthy :-). Too many tweaks and changes to enumerate, but as usual, here's the changelog.


2010-10-16
----------

* Since the tools that ./edb_make_symbolmap is dependant on are not uniform
across all the platforms that I intend to support. I have built symbol
file generation into edb directly. Running './edb --symbols <filename>' will
create a symbol file in the same format as the old script. For now, ELF is the
only supported format but more will be added as needed. This also means
that future versions of edb will be able to generate symbols as needed
if no symbol file is provided, making things "just work" more often.

2010-10-14
----------

* Improved the way that different OS's are handled in the source tree a bit

* Added more detection of suspicious breakpoints (ones that are likely
a user error).

* OpenBSD support is now at a functional level. There are some features
missing, but it is a good start. You can do all of the basic debugging
tasks now.

2010-10-10
----------

* Reference finder now will find calls/jumps and consider them code refernces
double clicking those results will jump to the address in the CPU view.

* Code in general has now adopted a more clean and consistant style. It is
a work in progress, but almost all plugin accessible code is conformant.

* Compiles and attaches on OpenBSD, but unfortunately cannot step yet. Almost
functional.

* OpenBSD use KVM to get process maps, much cleaner than relying on other
meathods.

* The breakpoint API is simpler and has less redundancy between the core and
the edb namespace.

* Minor fixes for arches that don't support unaligned access. No such arch is
currently supported, but may as well plan ahead ;-).

* New ROP gadget finder plugin. It is in the early stages, but will evolve over
time. I hope to support some form of automatic shellcode generation in the
future.

* Experimental "run until return" support. This is slow and not always correct
but a start. It seems that linux delivers a different event when stepping
over a syscall instruction, so I'm not sure of the best way to address that.

2010-09-20
----------

* Lots of small fixes here and there.

* Lots of work towards a working OSX port. It isn't quite there yet, but the
ground work is being layed.

* Fixed a bug in the expression parser.

* Working towards a new improved edisassm API which will make introducing new
arches much simpler in the long run.

* Fixed a hang when trying to use gnome-terminal as the I/O TTY. It's not what
I consider an ideal fix (string compare to determine what terminal you are
using), but it appears to be reasonable.

* LOTS of small speed tweaks all over the place.

* Did some work trying to get a functional trace mode, in my tests it is almost
working correctly, but not quite there.

2010-07-02
----------

* Added Ctrl+G shortcut. This is a global shortcut which will activate the
"goto" functionality of the widget with the focus.

* Made the instruction analysis window update the register values are
changed by the user.

2010-06-07
----------

* Added the ability to analyze the currently *viewed* region, not just the one
that the IP is in currently. Also added an "Analyze Here" context menu to the
cpu view.

Enjoy :-)
http://codef00.com/projects.php#debugger
proxy
Silkut
Senior Member
Posts: 579
Joined: Fri Mar 31, 2006 11:29 am

Post by Silkut »

* Since the tools that ./edb_make_symbolmap is dependant on are not uniform
across all the platforms that I intend to support. I have built symbol
file generation into edb directly. Running './edb --symbols <filename>' will
create a symbol file in the same format as the old script.
Well the quick and dirty way you provided works fine so, just put that in a script that takes the platform as argument for example..

Question: does the update option in the menu works well ?

Thanks for sharing with us Proxy. :yay:
Please consider donating to help Woodmann.com staying online (here is why).
Any amount greatly appreciated. Thank you.
proxy
Member
Posts: 85
Joined: Tue Jun 13, 2006 3:59 pm
Contact:

Post by proxy »

Silkut wrote:Question: does the update option in the menu works well ?

I am not sure what you mean by "update option" since there is no menu item called update. Are you referring to the "Check Version" plugin? If so, that plugin works fine, but it is up to the user to actually download and install the update.
proxy
Member
Posts: 85
Joined: Tue Jun 13, 2006 3:59 pm
Contact:

Post by proxy »

Another edb release is out the door! I know it too a while, but there are tons of little tweaks and fixes in the code.

I didn't do the best at tracking things with the CHANGELOG this time, but here's a list off the top of my head:

* State structures are now defined in the DebuggerCore instead of in the main source, this will allow better portability in the future.

* Improved edisassm decoding and organization.

* Fixed some corner cases in search routines.

* Fixed false positive in "main" detection for non C binaries.

* Preliminary thread debugging support (it's still very experimental, expect it to not work 100% correctly).

* Improved analyzer code and speed.

* Cleaned up plugin interface stuff. If it doesn't need to be in the public headers, it won't be.

* Many small bug fixes!

Enjoy :-)
http://codef00.com/projects#debugger
proxy
Locked