-
-
[ZT]New Linux Debugger Released――EDB (Evan's Debugger) 0.8.11
-
发表于: 2007-2-13 10:47
-
Debugger - 0.8.11
I do a lot of work analyzing applications which I do not have the source code for. On Windows, OllyDbg is the tool of choice, but there is no Linux (or any other *nix equivalent) that I could find. Sure we have GDB, but GDB and all it's various frontends tend to lean towards debugging applications to which we have the source. What I really want is a debugger which is as functional and useable as OllyDbg but for Linux (and possibly more). So I started my own debugger based on the ptrace API in Linux, and it is coming along very nicely. The hex dump views are based on the QHexView I developed which gives things a very polished look.
I am happy to announce that version 0.8.11 of EDB is available under the GPL-2 license for download! Please give it a try and let me know what I can do to improve it. Documentation is pretty much non-existant, but that's one of the reasons why this is not a 1.0 release . Remember to read the README file, it has a lot of information, and please check the TODO list before asking about a missing feature, it may already be in the works. Enjoy!
EDB's source tree contains a copy of the libdisasm since that it what it uses to perform dissassembly. libdisasm.a is already compiled in this directory and the source is configured to link against it statically, until having libdisasm.so present in /usr/lib/ is common on most distributions (I don't have a gentoo ebuild yet :-P), I think this is the best way to address this.
Note: Version 0.8.2 addresses an issue with earlier releases where when using QT 4.2.x, tables were not being populated correctly or at all. If you experienced this issue, please try the latest version.
Attach to existing process
Launch and attach to new process
View/Dump memory regions
Toggle execution breakpoints
The usual debug ops (step-into/step-over/run/break)
Effective address inspection
String searching (like strings command in *nix)
Debugging core is implemented as a plugin (using the QPlugin API) so people can have drop in replacements. Of course if a given platform has several debugging APIs available, then you may have a plugin that implements any of them.
Opcode search engine plugin has basic functionality (similar to msfelfscan/msfpescan
Debugging events are trapped in a seperate thread so as to not lock up the GUI
The data dump view is tabbed, allowing you to have several views of memory open at the same time and quickly switch between them.
Basic Heap analysis (lists busy/free blocks)
Importing of symbol maps
Byte pattern searching
One of the main goals of this debugger is isolation of the debugger core from the display you see. The interface is written in QT4 and thus source portable to many platforms. The debugger core is actually a plugin and the platform specific code is isolated to just a few files, porting to a new OS would require porting these few files and implementing a plugin which implements the "DebuggerCoreInterface" interface. Also, because the plugins are based on the QPlugin API, and do their work through the DebuggerCoreInterface object, they are almost always portable with just a simple recompile. So far, the only plugin I have written which would not port with just a recompile is the heap analysis plugin, due to it's highly system specific nature.
Some screen shots...
The Current TODO list is available in the tarball
转至:UNPACKCN 感谢:cxlrb
下载地址:
http://www.codef00.com/projects/debugger-0.8.11.tgz
I do a lot of work analyzing applications which I do not have the source code for. On Windows, OllyDbg is the tool of choice, but there is no Linux (or any other *nix equivalent) that I could find. Sure we have GDB, but GDB and all it's various frontends tend to lean towards debugging applications to which we have the source. What I really want is a debugger which is as functional and useable as OllyDbg but for Linux (and possibly more). So I started my own debugger based on the ptrace API in Linux, and it is coming along very nicely. The hex dump views are based on the QHexView I developed which gives things a very polished look.
I am happy to announce that version 0.8.11 of EDB is available under the GPL-2 license for download! Please give it a try and let me know what I can do to improve it. Documentation is pretty much non-existant, but that's one of the reasons why this is not a 1.0 release . Remember to read the README file, it has a lot of information, and please check the TODO list before asking about a missing feature, it may already be in the works. Enjoy!
EDB's source tree contains a copy of the libdisasm since that it what it uses to perform dissassembly. libdisasm.a is already compiled in this directory and the source is configured to link against it statically, until having libdisasm.so present in /usr/lib/ is common on most distributions (I don't have a gentoo ebuild yet :-P), I think this is the best way to address this.
Note: Version 0.8.2 addresses an issue with earlier releases where when using QT 4.2.x, tables were not being populated correctly or at all. If you experienced this issue, please try the latest version.
Attach to existing process
Launch and attach to new process
View/Dump memory regions
Toggle execution breakpoints
The usual debug ops (step-into/step-over/run/break)
Effective address inspection
String searching (like strings command in *nix)
Debugging core is implemented as a plugin (using the QPlugin API) so people can have drop in replacements. Of course if a given platform has several debugging APIs available, then you may have a plugin that implements any of them.
Opcode search engine plugin has basic functionality (similar to msfelfscan/msfpescan
Debugging events are trapped in a seperate thread so as to not lock up the GUI
The data dump view is tabbed, allowing you to have several views of memory open at the same time and quickly switch between them.
Basic Heap analysis (lists busy/free blocks)
Importing of symbol maps
Byte pattern searching
One of the main goals of this debugger is isolation of the debugger core from the display you see. The interface is written in QT4 and thus source portable to many platforms. The debugger core is actually a plugin and the platform specific code is isolated to just a few files, porting to a new OS would require porting these few files and implementing a plugin which implements the "DebuggerCoreInterface" interface. Also, because the plugins are based on the QPlugin API, and do their work through the DebuggerCoreInterface object, they are almost always portable with just a simple recompile. So far, the only plugin I have written which would not port with just a recompile is the heap analysis plugin, due to it's highly system specific nature.
Some screen shots...
The Current TODO list is available in the tarball
转至:UNPACKCN 感谢:cxlrb
下载地址:
http://www.codef00.com/projects/debugger-0.8.11.tgz
[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)
