eteran / edb-debugger Goto Github PK
View Code? Open in Web Editor NEWedb is a cross-platform AArch32/x86/x86-64 debugger.
License: GNU General Public License v2.0
edb is a cross-platform AArch32/x86/x86-64 debugger.
License: GNU General Public License v2.0
I am unable to get EDB to build on an Ubuntu 8.04 machine. Here is the output
I'm running into:
shell> qmake-qt4 QT_ARCH=i386
shell> make
... (taken out to save space) ...
cd src/ && make -f Makefile
make[1]: Entering directory `/home/hinmanm/debugger/src'
g++ -c -pipe -O2 -Wall -W -D_REENTRANT -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_CORE_LIB
-DQT_SHARED -I/usr/share/qt4/mkspecs/linux-g++ -I. -I/usr/include/qt4/QtCore
-I/usr/include/qt4/QtCore -I/usr/include/qt4/QtGui -I/usr/include/qt4/QtGui
-I/usr/include/qt4 -I../include -Iwidgets -Iedisassm -Ios/unix
-I../include/os/unix -Iarch/i386 -I../include/arch/i386 -I. -I. -o Debugger.o
Debugger.cpp
Debugger.cpp: In function
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:21
I would like there to be comments in the disassembly viewer. Some of them user
supplied, some of them provided by the analysis system.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
I would like to be able to import debugging information similarly to other
debuggers. This way plugins could do cool things like show source code when
available.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
I would like to make tabs able to be "labeled" and potentially remember them in
a debugging session file.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
Created attachment 1
Source file used to test gcc optimisation on x86_64
Dear Evan,
Thank you for EDB project. I tried to learn how gcc optimisation works, using
edb and simple source file. But unfortunately it looks like, EDB gets exception
every time it tries to process linux kernel system call.
EDB message is:
"The debugged application encountered a segmentation fault!
The address 0x18 could not be accessed.
If you would like to pass this exception to the application press
Shift+[F7/F8/F9]"
I tried to compile attached file with using "gcc -O2 -g 9.cpp".
EDB get an exception, when it executes kernel call posix_memalign()
Could you please tell me any solution or workaround?
With best regards,
Vladimir
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:21
I would like to have the function analysis plugin be able to create code flow
diagrams.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
I would like it if EDB had a mechanism for plugins to add to context menus.
Actually getting a menu item is simple, but giving the plugin information
necessary to do something useful when it is selected is the trouble.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
g++ -Wl,--no-undefined -shared -o libELFBinaryInfo.so ELFBinaryInfo.o ELF32.o
ELF64.o moc_ELFBinaryInfo.o -L/usr/lib -lQtGui -lQtCore -lpthread
ELFBinaryInfo.o: In function `ELFBinaryInfo':
/home/shift/downloads/debugger/plugins/ELFBinaryInfo/ELFBinaryInfo.cpp:39:
undefined reference to `BinaryInfo::RegisterBinaryInfo(BinaryInfo* (*)(QString
const&))'
/home/shift/downloads/debugger/plugins/ELFBinaryInfo/ELFBinaryInfo.cpp:40:
undefined reference to `BinaryInfo::RegisterBinaryInfo(BinaryInfo* (*)(QString
const&))'
/home/shift/downloads/debugger/plugins/ELFBinaryInfo/ELFBinaryInfo.cpp:39:
undefined reference to `BinaryInfo::RegisterBinaryInfo(BinaryInfo* (*)(QString
const&))'
/home/shift/downloads/debugger/plugins/ELFBinaryInfo/ELFBinaryInfo.cpp:40:
undefined reference to `BinaryInfo::RegisterBinaryInfo(BinaryInfo* (*)(QString
const&))'
ELF32.o: In function `ELF32':
/home/shift/downloads/debugger/plugins/ELFBinaryInfo/ELF32.cpp:28: undefined
reference to `BinaryInfo::BinaryInfo(QString const&)'
/home/shift/downloads/debugger/plugins/ELFBinaryInfo/ELF32.cpp:28: undefined
reference to `BinaryInfo::BinaryInfo(QString const&)'
ELF64.o: In function `ELF64':
/home/shift/downloads/debugger/plugins/ELFBinaryInfo/ELF64.cpp:28: undefined
reference to `BinaryInfo::BinaryInfo(QString const&)'
/home/shift/downloads/debugger/plugins/ELFBinaryInfo/ELF64.cpp:28: undefined
reference to `BinaryInfo::BinaryInfo(QString const&)'
collect2: ld returned 1 exit status
make[2]: *** [../../libELFBinaryInfo.so] Error 1
make[2]: Leaving directory
`/home/shift/downloads/debugger/plugins/ELFBinaryInfo'
make[1]: *** [sub-ELFBinaryInfo-make_default] Error 2
make[1]: Leaving directory `/home/shift/downloads/debugger/plugins'
make: *** [sub-plugins-make_default] Error 2
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:21
There is a slight difference in behavior if you select and move the mouse above
a QHexView, if you have a row width of 1, it will select downward to the end of
the view, otherwise, it will follow the mouse upwards. This is a minor issue, I
may or may not care.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
I would to be able to take a snapshot of the state of the target application and be able to rewind back to it.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
I would suggest something similar to ollydbg's session files:
The debugger provides access to session data that will be loaded and saved
from/to disk.
A plugin can read the whole content (for e.g. compatibility settings with other
plugins, or reading debugger session data like ignored exceptions) but only
write to its own section.
On shutdown the debugger saves the whole thing (maybe zipped).
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
EDB currently has no support for debugging multi-threaded applications. When
you attach to a process, it simple attaches to the primary thread.
I would like to have EDB work on x86-64.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
Linux does not appear to be able to tell the difference between a segmentation
fault and a privileged instruction, is there a way to do so?
I want EDB to have session files which would hold information that we should
save on detach and restore upon reattach. Plugins should also have a proper
interface to adding and retrieving information from the session file.
I want to replace Replace the code for register view with one which uses the
model/view system of QT4, it'll be cleaner, easier to follow and likely faster.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
I would like to have a colour coded disassembly option. Eventually allowing the
user to specify colours for different parts of the instructions.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
edisassm needs to support the undocumented nop mod/rm instructions. An example
of one is 0f 19 00 which encodes to nop [eax]. This CAN cause a page fault.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:21
I would like to see EDB be able to show and utilize the base and limit of the
segment descriptors. I am guessing that this would require either use of
/dev/kmem which unfortunately would not work on every machine, or an LKM that
comes packaged with EDB. This LKM would simply provide a new system call or
ioctl which would allow EDB to probe the kernel memory to get this data.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
limit font choices to fixed width, the variable width ones don't make sense.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
If you run EDB and attach/run a program, the tabs work perfect. But if you
detach or the program exits for any reason. While detacted, you can create new
tabs. These new tabs do not correctly copy the 0 - 0 (NULL to NULL) range that
the first tab has, but instead copy the range of the data before the detach.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:21
There should be some mechanism for plugins to depend on other plugins.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
I don't know if this is the intended behavior, but after finishing a succesfull
run (eg. just F9 then S-F9), and clicking 'OK' in the popup ("Debugged
application exited..."), EDB unloads the application. This also happens when
you had breakpoints set, so you have to re-open the app and re-set the
breakpoints. It would be nice if EDB just reset the app and kept things like
breakpoints intact.
PS This is on EDB v0.9.2, but Bugzilla version field only goes up to v0.9.0
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:21
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
The previous disassembler engine had AT&T support. The new one should have this
too.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
start using QT 4.2's QDialogButtonBox, it will simplify code and make things
more consistent with other desktops.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
I would be interested in seeing a "log console" plugin which would hook the
logger and display it in the GUI in real time.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:21
Whenever I try start edb I get the message "Failed to load debugger core
plugin. Please make sure it exists and that the plugin path is correctly
configured.
This is normal if EDB has not been previously run or the configuration file has
been removed.", after this I get a configuration dialog, and I'm able to change
any options.
As soon as I close this configuration dialog edb crashes with the message: "In
file DebuggerMain.cpp, line 1597: Out of memory
Segmentation fault (core dumped)".
I compiled edb 0.8.22 from scratch on Kubuntu 7.10 without problem
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:21
The "Run Until Return" option (under Debug menu) is always grayed out for me,
no matter what I do. When I've entered a subroutine/procedure/function that
clearly ends with a RET instruction, I still can't use "Run Until Return".
Here's an example:
0804:83b0 55 push ebp
0804:83b1 89 e5 mov ebp,esp
0804:83b3 83 ec 08 sub esp,0x8
0804:83b6 c7 04 24 cc 84 04 08 mov DWORD PTR [esp],0x80484cc
0804:83bd e8 3a ff ff ff call 0x80482fc <puts@plt>
0804:83c2 c9 leave
0804:83c3 c3 ret
I've set a BP on 0804:83b0 and when I hit it, I can't use "Run Until Return"
(grayed out), Also after one or more "step into"/"step over" commands, I'm
never able to use "Run Until Return".
In this example, it doesn't matter ofcourse, but when you enter long library
functions (perhaps because you wanted to step over instead of into) it would be
nice to have a quick escape handy :)
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:21
It is possible to deadlock EDB by attaching the it's parent console. I've only
observed this with konsole from KDE.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
I would like have a "lock stack" feature. This would make the stack view not
scroll when updating the display. This would make it easier to watch local
variables.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
I would like to have a regression test system which can verify that all
possible instruction combinations disassemble correctly against a known good.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
When the application is waiting in a scanf(), while I'm typing the input text
in the "edb output" window, if I simply click on "edb main" disassembler
window, edb crashes with the following line on the console ::
ASSERT: "buf_size != 0" in file widgets/QDisassemblyView.cpp, line 326
Could you also make breakpoints persistent in between application restarts and
set the color of the line, where breakpoint is set, to a different color. If
you can support "F2" as a shortcut to set breakpoints in the disassembler
window, that would be super-cool.
I'm constantly using EDB for reverse engineering. And very happy with EDB since
it's effort to imitate OllyDBG. If you would like any contribution, I would be
happy to do so.
Cheers,
-Babil.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:21
I would it if the Environment Viewer plugin could set the environment variables it finds.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
It would be a cool feature if EDB could allocate and free regions in the target
process.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
I would like to come up with a nice way to have a plugin export APIs that other
plugins can use, this would also go hand in hand with a notion of plugins that
depend on others (likely a specific version) being present.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
I use the tool scanmem in conjunction with watchpoints a lot in reverse
engineering. Unless I'm missing something obvious, it seems they aren't
available in edb. I suppose you'd need to write an additional plugin to support
them. Should be pretty simple -- just needs to behave like gdb's 'watch',
'rwatch', and 'awatch' commands (break on read, write, and both). A right-click
context menu entry on the memory window would be the easiest way to set them.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:21
I would like to see the heap plugin have a visualization feature where blocks
are graphed showing which have pointers to which.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
the debugging core will return the original byte when a read occurs where a
breakpoint is at. we should detect if the byte was overwritten/changed, and
somehow notify the user.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
QT version 4.2 offers some nice features which aren't used due to the desire to
compile with QT 4.1.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
I don't have any experience with qmake, but for a while I wasn't able to
compile the plugins using just "qmake;make" at the root of the source tree.
After a long search I found a proper fix. I'm running debian 4.0 (testing) and
apparently one of the LFLAGS set in qmake by default breaks the plugin linking.
I don't know if this applies to other people or just me, I only submit this as
a bug for your consideration.
Here's a diff of my fix. One simple line:
--- plugins/plugins.pri.old 2008-02-06 18:19:37.263584000 -0800
+++ plugins/plugins.pri 2008-02-06 18:19:39.828148000 -0800
@@ -12,6 +12,7 @@
unix {
QMAKE_CXXFLAGS +=
+ QMAKE_LFLAGS -= -Wl,--no-undefined
LIBS +=
INCLUDEPATH += ../../include/os/unix
}
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:21
It would be nice if EDB could save bookmarks in a session file
The heap plugin displays a lot of results, it would be very useful if it were somehow searchable.
Symbol viewer should be able to follow functions in the code view. I think that
this is best implemented in a context menu where you can select where to view
it.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:21
I would like if EDB were ported to FreeBSD
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
scrolling the various views while not paused gives all 0xff's, EDB should
temporarily pause and get the right data. I think perhaps we should do some
"read-ahead" to reduce the pause time when scrolling and cache whole pages of
data, and have this data expire after a certain amount of time.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
EDB needs an API to search for a sequence of commands in a generic fashion.
This would likely require an assembler of sorts to be implemented.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
It would be nice if EDB could scroll by whole instructions. This is
unfortunately difficult because instructions are variable length on x86.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 2:59
Under certain circumstances, the restart feature doesn't work correctly. It
appears to fail to attach to the process.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
*With qt4 and qt4-devel with the latest packages from yum*
It doesn't compile at all (even with QT_ARCH=i386) on Fedora 8. (maybe I'm
doing something wrong).
You know me and usually I'll be at least able to compile the program but I
couldn't even do that this time.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:21
I would like there to be a graphical indicator of jump directions. This could
be something as simple as an arrow.
Original issue reported on code.google.com by evan.teran
on 3 Oct 2012 at 3:20
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.