Features * Intuitive GUI interface * The usual debugging operations (step-into/step-over/run/break) * Conditional breakpoints * Debugging core is implemented as a plugin so people can have drop in replacements. Of course if a given platform has several debugging APIs available, then you may have a plugin that implements any of them. * Basic instruction analysis * View/Dump memory regions * Effective address inspection * The data dump view is tabbed, allowing you to have several views of memory open at the same time and quickly switch between them. * Importing of symbol maps * Plugins o Search for binary strings o Code Bookmarks o Breakpoint management o Check for updates o Environment variable viewer o Heap block enumeration o Opcode search engine plugin has basic functionality (similar to msfelfscan/msfpescan) o Open file enumeration o Reference finder o String searching (like strings command in *nix)
One of the main goals of this debugger is isolation of the debugger core from the display you see. The interface is written in QT4 and thus source portable to many platforms. The debugger core is actually a plugin and the platform specific code is isolated to just a few files, porting to a new OS would require porting these few files and implementing a plugin which implements the "DebuggerCoreInterface" interface. Also, because the plugins are based on the QPlugin API, and do their work through the DebuggerCoreInterface object, they are almost always portable with just a simple recompile. So far, the only plugin I have written which would not port with just a recompile is the heap analysis plugin, due to it's highly system specific nature.
0.9.2 released, this is primarily a bug fix release:
2008-07-29
----------
* Since the config file was partially broken, I am taking this opportunity to
finish reworking the naming convention for settings. Some settings will
unfortunately be lost. But odds are they were being dropped anyway .
* WOW, I just noticed that for a long time (2-3 versions) options were not being
actually saved. Fixed.
* Seems that my QDisassemblyView optimization revealed an off by one error in
the DebuggerCore which unfortunately was also crashable . But I believe
that the logic is correct now. I've added a few more asserts to help avoid
this type of bug in the future.
I am happy to announce that version 0.9.9 of EDB is available under the GPL-2 license for download! This version supports x86 and x86-64 architectures. Please give it a try and let me know what I can do to improve it. Documentation is pretty much non-existant, but that's one of the reasons why this is not a 1.0 release :). Remember to read the README file, it has a lot of information, and please check the bugzilla before asking about a missing feature, it may already be in the works. Enjoy!
History
I do a lot of work analyzing applications which I do not have the source code for. On Windows, OllyDbg is my tool of choice, but there is no Linux (or any other *nix) equivalent that I could find. Sure we have GDB, but GDB and all it's various frontends tend to lean towards debugging applications to which we have the source. What I really want is a debugger which is as functional and useable as OllyDbg but for Linux (and possibly more). So I started my own debugger which is currently based on the ptrace API. The hex dump views are based on the QHexView I developed which gives things a very polished look.
Features •Intuitive GUI interface •The usual debugging operations (step-into/step-over/run/break) •Conditional breakpoints •Debugging core is implemented as a plugin so people can have drop in replacements. Of course if a given platform has several debugging APIs available, then you may have a plugin that implements any of them. •Basic instruction analysis •View/Dump memory regions •Effective address inspection •The data dump view is tabbed, allowing you to have several views of memory open at the same time and quickly switch between them. •Importing of symbol maps •Plugins ◦Search for binary strings ◦Code Bookmarks ◦Breakpoint management ◦Check for updates ◦Environment variable viewer ◦Heap block enumeration ◦Opcode search engine plugin has basic functionality (similar to msfelfscan/msfpescan) ◦Open file enumeration ◦Reference finder ◦String searching (like strings command in *nix) ◦Hardware Breakpoints
