It'll take time, but in the end I hope for EDB to become the best binary mode debugger out there.
New release is coming soon with some more of the usual improvments.
proxy
Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
Please be patient while the rest of the site is restored.
To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.
The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.
All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.
EDB Linux Debugger 0.8.0 Release :)
-
highenergy
@proxy: I have a few questions to ask:
1-) Does EDB currently support any scripting language similar to ollyscript?
2-) Does EDB currently support loading dynamic libraries?
3-) What is the best IDE or editor for assembly coding for linux?
4-) What is best hex editor for linux?
5-) Is there any decent tutorials for gnome asm programming for linux similar to iczelion's?
6-) Is there any assembler for linux which supports high level constructions like masm? I am used to nasm but it lacks of high level constructions.
regards
1-) Does EDB currently support any scripting language similar to ollyscript?
2-) Does EDB currently support loading dynamic libraries?
3-) What is the best IDE or editor for assembly coding for linux?
4-) What is best hex editor for linux?
5-) Is there any decent tutorials for gnome asm programming for linux similar to iczelion's?
6-) Is there any assembler for linux which supports high level constructions like masm? I am used to nasm but it lacks of high level constructions.
regards
1-) Does EDB currently support any scripting language similar to ollyscript?
No, but this is a generally good idea, and there is no reason why it couldn't be implemented as a plugin. So i'll take a closer look at ollyscript and see what I can do.
2-) Does EDB currently support loading dynamic libraries?
Sort of, .so files are standard ELF files which have an entry point. But they don't have a windows style DllMain. Really all OllyDbg does special for dlls is it has a stub application which loads the chosen dll and it debugs that. I'm not sure if that would translate to something useful on linux, but I'll look into it.
3-) What is the best IDE or editor for assembly coding for linux?
too be honest, the editor of your choice, my favorite editor is nedit, but it's really just a glorified notepad.
4-) What is best hex editor for linux?
KHexEdit is pretty decent, but if you want commandline, there is also just hexedit. Both do their job and work well.
5-) Is there any decent tutorials for gnome asm programming for linux similar to iczelion's?
Well Gnome really has nothing to do with ASM generally, you can call it's API just as easily as you can from C. So just look into the general API documentation for the window manager of your choice, be it Gnome, KDE or anything else and dive right in.
6-) Is there any assembler for linux which supports high level constructions like masm? I am used to nasm but it lacks of high level constructions.
No idea, sorry
proxy
No, but this is a generally good idea, and there is no reason why it couldn't be implemented as a plugin. So i'll take a closer look at ollyscript and see what I can do.
2-) Does EDB currently support loading dynamic libraries?
Sort of, .so files are standard ELF files which have an entry point. But they don't have a windows style DllMain. Really all OllyDbg does special for dlls is it has a stub application which loads the chosen dll and it debugs that. I'm not sure if that would translate to something useful on linux, but I'll look into it.
3-) What is the best IDE or editor for assembly coding for linux?
too be honest, the editor of your choice, my favorite editor is nedit, but it's really just a glorified notepad.
4-) What is best hex editor for linux?
KHexEdit is pretty decent, but if you want commandline, there is also just hexedit. Both do their job and work well.
5-) Is there any decent tutorials for gnome asm programming for linux similar to iczelion's?
Well Gnome really has nothing to do with ASM generally, you can call it's API just as easily as you can from C. So just look into the general API documentation for the window manager of your choice, be it Gnome, KDE or anything else and dive right in.
6-) Is there any assembler for linux which supports high level constructions like masm? I am used to nasm but it lacks of high level constructions.
No idea, sorry
proxy
I attached the main include file for NASM32 ( http://www.asmcommunity.net/projects/nasm32/ ), which gives you a lot of MASM-style macros. Just %include it.highenergy wrote:6-) Is there any assembler for linux which supports high level constructions like masm? I am used to nasm but it lacks of high level constructions.
- Attachments
-
[The extension txt has been deactivated and can no longer be displayed.]
<[TN]FBMachine> i got kicked out of barnes and noble once for moving all the bibles into the fiction section
-
highenergy
Heh, i'll work on more packages (though I have a gentoo one now). Once i set up some VMs for the various distros, I'll eventually get to packaging things up. Though to be honest, It's likely something I'll leave for when I start making 0.9.x releases.
Speaking of which, I know I've been silent for a bit and it's been quite a while since the last release. I've been very busy with work and life, but don't fret, a new EDB is on the way with some cool new features and improvements .
I have been hard at work with a replacement disassembler engine which will be more robust, faster and portable than libdisasm. It's almost done, the major missing feature is AT&T syntax output at the moment, not sure if it's even a big deal (please people, tell me if it is).
Anyway, I hope to have another release real soon.
proxy
Speaking of which, I know I've been silent for a bit and it's been quite a while since the last release. I've been very busy with work and life, but don't fret, a new EDB is on the way with some cool new features and improvements
.I have been hard at work with a replacement disassembler engine which will be more robust, faster and portable than libdisasm. It's almost done, the major missing feature is AT&T syntax output at the moment, not sure if it's even a big deal (please people, tell me if it is).
Anyway, I hope to have another release real soon.
proxy
64-bit support is planned, but won't be supported quite yet. Support for other arches is something i have been slowly working towards, it is not that easy though.
The big show-stoppers are the disassembly engine, which clearly needs to be aware of alternate arches, and the analysis/data display engines which I have made large efforts to separate from the GUI code itself.
So it'll happen eventually, just not quite yet (especially since I don't have a 64-bit processor in my dev box).
proxy
The big show-stoppers are the disassembly engine, which clearly needs to be aware of alternate arches, and the analysis/data display engines which I have made large efforts to separate from the GUI code itself.
So it'll happen eventually, just not quite yet (especially since I don't have a 64-bit processor in my dev box).
proxy
-
highenergy
@proxy:
You are great proxy. I wish you many more successes in your life&work. One more thing, just curiosity, what is your favorite assembler? Gas or nasm? Gas' AT&T syntax is horrible and nasm has lack of high level consructions. I can hear that you say why don't you use nasm32 with macros but I don't like doing that in that way. What I really want is an exact replacement of masm under linux. Maybe I am asking to much things but there is no one in linux community except from you who can make an assembler which has masm's syntax.
regards
H.E.
Nope, it's not a big deal. I don't even use AT&T syntax. Take your timeI have been hard at work with a replacement disassembler engine which will be more robust, faster and portable than libdisasm. It's almost done, the major missing feature is AT&T syntax output at the moment, not sure if it's even a big deal (please people, tell me if it is).
You are great proxy. I wish you many more successes in your life&work. One more thing, just curiosity, what is your favorite assembler? Gas or nasm? Gas' AT&T syntax is horrible and nasm has lack of high level consructions. I can hear that you say why don't you use nasm32 with macros but I don't like doing that in that way. What I really want is an exact replacement of masm under linux. Maybe I am asking to much things but there is no one in linux community except from you who can make an assembler which has masm's syntax.regards
H.E.
Thank you for the kind words, I really appreciate them
Well it depends, if i'm doing inline ASM on linux, i don't mind AT&T. But I would never want to write a standalone large function in AT&T because i can't stand _reading_ it (writing is ok).
As for NASM, to be honest, I never used MASM that much, so I don't miss the lack of high level constructs. Maybe I'm a little but not the norm since I see people asking for these things very often, but it's something that never bothered me.
proxy
Well it depends, if i'm doing inline ASM on linux, i don't mind AT&T. But I would never want to write a standalone large function in AT&T because i can't stand _reading_ it (writing is ok).
As for NASM, to be honest, I never used MASM that much, so I don't miss the lack of high level constructs. Maybe I'm a little but not the norm since I see people asking for these things very often, but it's something that never bothered me.
proxy
0.8.17 released, some big fixes and new features, this one has a lot of changes 
Hope you all enjoy!:
2007-08-06
----------
* Improved the build system a little for plugins. They now all share common
portions.
* Added ascii string display in heap viewer plugin. Now if, the heap block
contains an ascii string, it'll be displayed in the data column. I plan to
add more types of known "data" to this column over time.
* Added a filter to the environment viewer plugin so you can quickly find the
variable you are looking for.
2007-08-02
----------
* Conditional MOVs are now part of the instruction analysis, it will display
whether or not the MOV will be performed based on the current flags.
* I am making the config file entries use a more organized naming convention in
the past they were very ad-hoc, but now i am going with namespaces. For
example: debugger.terminal.enabled=true. For now this will only apply to new
settings so no one loses settings, but the old names will eventually be phased
out in 0.9.0 which is when I will start to stabilize the varying APIs in EDB.
* The view options for the stack and data views (word width/row width/which
columns to display) are now stored in the config file and restored on reload.
Data view is stored as well but is based on the options dialog because saving
the options set in the context menu makes no sense (many tabs, which to use).
2007-08-01
----------
* Added different binary fill options to the CPU context menu. Good for REMing
out individual ops quickly.
* Command window program is now configurable in the debugging options dialog.
You can enable/disable it, and you can use the terminal program of your
choice. The default is /usr/bin/xterm, as this should be fairly ubiquitous.
"konsole --nomenubar --notabbar" works well for us KDE users out there as
well. The only real rule is that whitespace is assumed to be an argument
separator and bad things may happen if you try to be clever and use a program
name or argument with a space in it. I was able to get launching konsole to
simply lock up EDB (no idea why) simply by using it from a path with a space
in it.
2007-07-31
----------
* Experimental code for opening an I/O window for command line apps is almost
done. It actually works well, just need it to be more tunable. This is a
big feature as it will allow more complete debugging of applications with a
CLI.
2007-07-30
----------
* Made the 3 byte UD opcode no decode as "invalid" but as "ud", since this op
isn't really invalid, just is hardwired to generate an exception.
* FPU registers are now highlighted on changes.
* Made changes towards abstracting State such that it can be an opaque type.
* Renamed types.h to EDBTypes.h to avoid conflict with system types.h. Sorry
if this makes people change code, but API isn't stable yet .
* Moved *nix specific headers to ROOT/include/os/unix from src, since plugins
may and likely need to see those types, now the include dir is all that is
NEEDED to have a plugin development setup.
* Changed getValueFromUser to get a reg_t value, this should be more
portable. (Thanks Thomas Faber!)
* Improved DebuggerCore's reading/writing routines to be more portable and
more flexible with regards to endian size and word size.
(Thanks Thomas Faber!)
* Thomas Faber's changes make EDB a few steps closer to compiling and
functioning correctly in an x86-64 setup.
2007-07-26
----------
* Implemented PID enumeration on FreeBSD. Still a lot to go for things to
compile and work...
* Made edb_make_symbolmap work if you have md5 instead of md5sum in your system.
* Added breakpoint management to CPU view context menu.
2007-07-25
----------
* Fixed error in which a shallow copy of a transient variable was being used
which is bad because the data could be trashed.
2007-07-21
----------
* You can now see the FPU registers, they are currently read only, but it
appears to work correctly.
2007-07-19
----------
* Fixed a silly bug introduced recently where registers aren't properly
un-highlighted when no longer attached.
* Internally layed some ground work for reading FPU register support.
* Fixed a bug in the debugging core plugin which could cause a caller of a
read or write to think it succeeded when it didn't. It was very unlikely to
get triggered and even so would likely have little to no side effects.
2007-07-17
----------
* Made it so when you try to modify bytes which overlap a breakpoint,
you are given the option to continue (which removes the breakpoints), or
abort the modification.
* Finally made the breakpoint dialog show the breakpoint type.
* Introduced initial code for supporting more than one binary type. It still
only accepts ELF32, but the framework is in place.
* Fixed a bug where misaligned jumps were fooling the disassembly view widget
this was pretty bad since a lot of the point of active debugging versus static
analysis is to avoid getting fooled by tricks like this!
2007-07-16
----------
* Fixed a bug where certain strings may not be reported corrected
(some characters chopped out).
* Fixed bug where offsets of 16-bit relative jumps were not being truncated like
the CPU actually does. In the real thing, the target address has the upper
16-bits cleared. Not very useful in 32-bit code, but important to be correct.
* Fixed bug in new register reading code.
* Removed segfault due to settings invalid segments from TODO list, this is a
kernel bug and entirely out of EDB's control.
2007-07-13
----------
* Numerous improvements to the disassembler, I believe it is fairly complete
the only thing that's missing that I'm aware of is enforcement of certain
rules (like mod/rm that must only be mem, and which ops certain prefixes are
valid for).
2007-07-12
----------
* Worked around a bug where QT would deliver events to disabled actions if the
shortcut key-combination is pressed. For now I have a check in each action
where it simply returns if that action is not enabled. The QT people seem
to be aware of the issue, hopefully it'll be addressed in a future version
of QT.
* Fixed ability to debug a process which receives unknown stop signals. Now it
will simply break if you were trying to step. It is still annoying since
frequent signals will make you have to step twice all the time, but at least
it is now possible.
* Fixed long standing (apparently no one noticed) bug where if you detached
from a process while a breakpoint was set, the process had a chance of
crashing.
* Made operand analysis smarter, it now knows about different expression types
(byte ptr, word ptr, dword ptr).
* Identified a few bugs I would like ironed out before next release.
* Many minor improvements in the disassembly output. It is difficult to decide
when to use hex and when to use decimal, but I think I have something
reasonable.
* Good speedup in instruction analysis.
2007-07-11
----------
* Finally compiled EDB with edisassm ! This disassembly engine is faster and
more robust than the previous one because I am more easily able to add
specific features that EDB can use into it. Unfortunately, this does mean
that AT&T syntax is temporarily disabled.
* Fixed a major crashable bug in QDisassemblyView widget, it was very subtle.
2007-07-06
----------
* Finished environment viewer plugin
* edisassm is almost complete and ready for integration
* Condition flags can now be seen in the register view as a sub item to eflags
* Split out the i386 stuff away from the GUI yet more, almost at a good point
of portability.
* More robust error checking
* A few minor UI updates.
2007-05-31
----------
* Multibyte invalid ops are now displayed properly.
2007-05-23
----------
* Very preliminary TTY support.
2007-05-20
----------
* Fixed a bug in getBinaryStringFromUser where it was setting the value
before the maximum allowed length. This made it so values were truncated
incorrectly.
* Added Edit bytes to the QDisassembly viewer!
* Fixed DebuggerCore incorrectly reporting success on reads/writes of where
no bytes are read.
enjoy
http://www.codef00.com/projects.php#Debugger
proxy
Hope you all enjoy!:2007-08-06
----------
* Improved the build system a little for plugins. They now all share common
portions.
* Added ascii string display in heap viewer plugin. Now if, the heap block
contains an ascii string, it'll be displayed in the data column. I plan to
add more types of known "data" to this column over time.
* Added a filter to the environment viewer plugin so you can quickly find the
variable you are looking for.
2007-08-02
----------
* Conditional MOVs are now part of the instruction analysis, it will display
whether or not the MOV will be performed based on the current flags.
* I am making the config file entries use a more organized naming convention in
the past they were very ad-hoc, but now i am going with namespaces. For
example: debugger.terminal.enabled=true. For now this will only apply to new
settings so no one loses settings, but the old names will eventually be phased
out in 0.9.0 which is when I will start to stabilize the varying APIs in EDB.
* The view options for the stack and data views (word width/row width/which
columns to display) are now stored in the config file and restored on reload.
Data view is stored as well but is based on the options dialog because saving
the options set in the context menu makes no sense (many tabs, which to use).
2007-08-01
----------
* Added different binary fill options to the CPU context menu. Good for REMing
out individual ops quickly.
* Command window program is now configurable in the debugging options dialog.
You can enable/disable it, and you can use the terminal program of your
choice. The default is /usr/bin/xterm, as this should be fairly ubiquitous.
"konsole --nomenubar --notabbar" works well for us KDE users out there as
well. The only real rule is that whitespace is assumed to be an argument
separator and bad things may happen if you try to be clever and use a program
name or argument with a space in it. I was able to get launching konsole to
simply lock up EDB (no idea why) simply by using it from a path with a space
in it.
2007-07-31
----------
* Experimental code for opening an I/O window for command line apps is almost
done. It actually works well, just need it to be more tunable. This is a
big feature as it will allow more complete debugging of applications with a
CLI.
2007-07-30
----------
* Made the 3 byte UD opcode no decode as "invalid" but as "ud", since this op
isn't really invalid, just is hardwired to generate an exception.
* FPU registers are now highlighted on changes.
* Made changes towards abstracting State such that it can be an opaque type.
* Renamed types.h to EDBTypes.h to avoid conflict with system types.h. Sorry
if this makes people change code, but API isn't stable yet
.* Moved *nix specific headers to ROOT/include/os/unix from src, since plugins
may and likely need to see those types, now the include dir is all that is
NEEDED to have a plugin development setup.
* Changed getValueFromUser to get a reg_t value, this should be more
portable. (Thanks Thomas Faber!)
* Improved DebuggerCore's reading/writing routines to be more portable and
more flexible with regards to endian size and word size.
(Thanks Thomas Faber!)
* Thomas Faber's changes make EDB a few steps closer to compiling and
functioning correctly in an x86-64 setup.
2007-07-26
----------
* Implemented PID enumeration on FreeBSD. Still a lot to go for things to
compile and work...
* Made edb_make_symbolmap work if you have md5 instead of md5sum in your system.
* Added breakpoint management to CPU view context menu.
2007-07-25
----------
* Fixed error in which a shallow copy of a transient variable was being used
which is bad because the data could be trashed.
2007-07-21
----------
* You can now see the FPU registers, they are currently read only, but it
appears to work correctly.
2007-07-19
----------
* Fixed a silly bug introduced recently where registers aren't properly
un-highlighted when no longer attached.
* Internally layed some ground work for reading FPU register support.
* Fixed a bug in the debugging core plugin which could cause a caller of a
read or write to think it succeeded when it didn't. It was very unlikely to
get triggered and even so would likely have little to no side effects.
2007-07-17
----------
* Made it so when you try to modify bytes which overlap a breakpoint,
you are given the option to continue (which removes the breakpoints), or
abort the modification.
* Finally made the breakpoint dialog show the breakpoint type.
* Introduced initial code for supporting more than one binary type. It still
only accepts ELF32, but the framework is in place.
* Fixed a bug where misaligned jumps were fooling the disassembly view widget
this was pretty bad since a lot of the point of active debugging versus static
analysis is to avoid getting fooled by tricks like this!
2007-07-16
----------
* Fixed a bug where certain strings may not be reported corrected
(some characters chopped out).
* Fixed bug where offsets of 16-bit relative jumps were not being truncated like
the CPU actually does. In the real thing, the target address has the upper
16-bits cleared. Not very useful in 32-bit code, but important to be correct.
* Fixed bug in new register reading code.
* Removed segfault due to settings invalid segments from TODO list, this is a
kernel bug and entirely out of EDB's control.
2007-07-13
----------
* Numerous improvements to the disassembler, I believe it is fairly complete
the only thing that's missing that I'm aware of is enforcement of certain
rules (like mod/rm that must only be mem, and which ops certain prefixes are
valid for).
2007-07-12
----------
* Worked around a bug where QT would deliver events to disabled actions if the
shortcut key-combination is pressed. For now I have a check in each action
where it simply returns if that action is not enabled. The QT people seem
to be aware of the issue, hopefully it'll be addressed in a future version
of QT.
* Fixed ability to debug a process which receives unknown stop signals. Now it
will simply break if you were trying to step. It is still annoying since
frequent signals will make you have to step twice all the time, but at least
it is now possible.
* Fixed long standing (apparently no one noticed) bug where if you detached
from a process while a breakpoint was set, the process had a chance of
crashing.
* Made operand analysis smarter, it now knows about different expression types
(byte ptr, word ptr, dword ptr).
* Identified a few bugs I would like ironed out before next release.
* Many minor improvements in the disassembly output. It is difficult to decide
when to use hex and when to use decimal, but I think I have something
reasonable.
* Good speedup in instruction analysis.
2007-07-11
----------
* Finally compiled EDB with edisassm ! This disassembly engine is faster and
more robust than the previous one because I am more easily able to add
specific features that EDB can use into it. Unfortunately, this does mean
that AT&T syntax is temporarily disabled.
* Fixed a major crashable bug in QDisassemblyView widget, it was very subtle.
2007-07-06
----------
* Finished environment viewer plugin
* edisassm is almost complete and ready for integration
* Condition flags can now be seen in the register view as a sub item to eflags
* Split out the i386 stuff away from the GUI yet more, almost at a good point
of portability.
* More robust error checking
* A few minor UI updates.
2007-05-31
----------
* Multibyte invalid ops are now displayed properly.
2007-05-23
----------
* Very preliminary TTY support.
2007-05-20
----------
* Fixed a bug in getBinaryStringFromUser where it was setting the value
before the maximum allowed length. This made it so values were truncated
incorrectly.
* Added Edit bytes to the QDisassembly viewer!
* Fixed DebuggerCore incorrectly reporting success on reads/writes of where
no bytes are read.
enjoy
http://www.codef00.com/projects.php#Debugger
proxy
Quick release, last version introduced a crashable bug, so 0.8.18 comes early
Hope you all enjoy!:
2007-08-08
----------
* Fixed a crashable bug introduced in last version, this was related to clearing
the process state variable. Now that the state has virtual functions, it is
no longer correct to use memset.
* Added search filter to the opcode search plugin so you can find the region you
want to search more easily.
* Added search filter to the strings plugin so you can find the region you
want to search more easily.
* Made the MemoryRegions object also a QAbstraceItemModel, suitable for a
QTableView. This should make it simpler/cleaner to display a table of
available regions (there were already 3 copies of the code to fill the table
in edb which will now no longer be needed, in addition to making the filtering
code MUCH simpler since QT can do it for us.
enjoy
http://www.codef00.com/projects.php#Debugger
proxy
Hope you all enjoy!:
2007-08-08
----------
* Fixed a crashable bug introduced in last version, this was related to clearing
the process state variable. Now that the state has virtual functions, it is
no longer correct to use memset.
* Added search filter to the opcode search plugin so you can find the region you
want to search more easily.
* Added search filter to the strings plugin so you can find the region you
want to search more easily.
* Made the MemoryRegions object also a QAbstraceItemModel, suitable for a
QTableView. This should make it simpler/cleaner to display a table of
available regions (there were already 3 copies of the code to fill the table
in edb which will now no longer be needed, in addition to making the filtering
code MUCH simpler since QT can do it for us.
enjoy
http://www.codef00.com/projects.php#Debugger
proxy