Ok, released slightly later than I had hoped, but here is a pre-1.0 version I thought was release worthy, I hope you all enjoy!

http://www.codef00.com/projects.php#Debugger

Hi,

I was waiting for it since I had seen some screenshot on your site.

Thanks for sharing.

akimp3

Thanks for sharing it with our members.

Regards,

hey

Yays, it's finally here! ^_^

Thanks proxy, I'm really looking forward to getting back into cracking ^_^. Now it's time to download and check it out.

cyas

hey

I wanted to make a new post to inform you of this, so I hope yas don't mind.

Well, I'm not sure if this is a bug or what... but when I close/exit debugger, it also closes xorg or whatever? which I think is quite a pain :\.

Otherwise, it seems pretty cool .

cyas

it closes down ALL of X? that is very odd, can you provide any details of your setup or any crash data (check your /var/log/ directory for a log of X).

Also, does it happen if you just open and then close (without doing any debugging work)?

Finally, are you using 0.8.2? it's the latest on my site, it shouldn't make a difference, but just trying to think of anything that would be a factor.

You may want to "make distclean" and rebuild as well, perhaps mismatched libs during linking?

It definitely should not be "closing" X at all.

proxy

I just posted a bugfix release to address a deadlock on detach. Now it will only wait on the event thread to die for no more than 1 second.

proxy

hey

I use http://www.archlinux.org, I started with just the base package ^_^. Hmm, I think alot of my non base packages would be out of date, as it takes a while for me to download latest packages on my slow dialup internet connection.

I am using xorg 11R7.0, and qt 4.2.1, which seem to be the latest for archlinux.


It's slightly different than the usual...




I'm not sure if this was added before or after debugger is launched. If you like, I could paste a section of my xorg log somewhere?
---

Ohh, I also have a few requests of what I think are quite handy/essential features for me, and maybe others? I hope you don't mind?
*instruction/line highlighting in cpu instruction/disassembly view
*ability to goto a specified address, and change memory region in cpu instruction/disassembly view
*ability to modify/edit anything in the data dump view
*ability to modify/edit an instruction in the cpu instruction/disassembly view <- but not essential

cyas

hrmm, well just out of curiosity, does it happen with AIGLX disabled? I have toyed with beryl and all that on my laptop without crashes, but it would be interesting to find out if this was somehow the culprit.



Of course I don't mind, i put this on this forums so I can get ideas for new features

* for first thing, i am planning on adding a green arrow to the disassembly view to indicate the current instruction (at the moment it just scrolls to EIP)

* I have the ability to jump just about anywhere in the disassembly just about done, BTW i hope you know you can change any register simply by double clicking it (including eip unlike ollydbg)

* Yea, modifying data is in my "wishlist" of things to do big time. I am hopeing to figure out some clever way to leverage AS or NASM to create an assembler module which will covert a single instruction into an array of assembled bytes (so i don't have to write one).

hey

I just tried disabling AIGLX, but it still occurs :\. I actually learnt that ya meant to disable AIGLX, if you have an ATI Radeon, and using Kernel 2.6, well for ArchLinux anyhows. So I no longer get them AIGLX errors .

Hmm, maybe I should paste the end of my xorg.log? Well, nothing else at the end of it looks suspicious to me though :\. Ohh, I also just found that nothing is added to my xorg log after I launch debugger. Another thing, I think that them lines added to the xorg log, after closing debugger are the same as when you close the xorg server down properly.

Anyhows, I'm gonna start going through all the packages QT depends on, and update them for now.

cya

hey

Well, the problem still occurs after updating all the packages QT depends on :\.

cyas

I have just uploaded 0.8.4 which addressing some issues people have found, please give it a try (BTW download size cut by 75% for anyone on a slow connection ).

yosh64: what exactly are you doing when it kills X? closing the debugger? does it happen if you don't attach or debug any processes? Any more details would be great.

thanks
proxy

hey

Ohh, it still occurs when doing nothing but opening and closing right away. BTW, I was using 0.8.2. Anyhows I will compile and try 0.8.4, and if it works I'll edit this post .

Edit, the problem still occurs :\.

Another Edit, I just noticed when launching debugger from a terminal, the message "QMetaObject::connectSlotsByName: No matching signal for on_action_Kill_triggered()" appears. Hmm, is this any indication of the problem? I think I might google this.

cyas

No, unfortunately, that isn't related to the problem, that just means that I named a function in a way that the QT system will attempt to auto-connect it to a signal on start.

Since I haven't added a kill process menu item yet, it says it couldn't do it.

This problem is really bizarre, is there any chance that it is simply a QT4 problem on your system? I mean people have reported various minor quirks, but noone has mentioned anything about "X crashing" at all to me.

proxy

hey

I just done a little googling, and found a few things.

It may be due to icewm, the window manager I use, see here (http://www.mail-archive.com/debian-qt-kde@lists.debian.org/msg16730.html) (http://www.mail-archive.com/debian-qt-kde@lists.debian.org/msg16730.html). Although I did find something else (http://lists.trolltech.com/qt4-preview-feedback/2005-04/msg00837.html) (http://lists.trolltech.com/qt4-preview-feedback/2005-04/msg00837.html), so maybe I just need wait for a newer version or something.

Finally, the Opera web browser works fine, but I don't think it would use any QT4 specific functions.

cyas

It's a bit of a relief that the problem you are having seems to not be directly caused by my code But it also kinda sucks that icewm has some issues with QT4.

Anyway, thanks for the follow up on the issue, I hope the QT4/IceWM problems get worked out for very soon.

proxy

yet another release, 0.8.5 is here Anyway, I am going to ask those who are interested to try to check regularly so I don't feel like I am spamming this forums with ads for myself :-P

I may just add a plugin to check if it is the latest version

So enjoy and keep me posted of any requests/bugs.

proxy

You can announce new versions in this thread whenever you release them, no problem, I'm sure many people appreciate this information, and the project looks really promising.

Well since the site admin gives it the thumbs up, I'll continue to post release notes here.

BTW, version 0.8.7 is up

Enjoy!

proxy

0.8.8 released, CHANGLOG:

* Corrected bug in libdisasm which caused the instruction 8e e8 to disassemble
incorrectly as "mov ds, ax" instead of the correct "mov gs, ax".

2006-11-28
----------

* Added ability to choose both how many bytes per "word" in the displays
and how many "words" per row via the context menu, this setting is not
remembered yet, but that will follow shortly.

* Fixed very annoying bug where it was possible to make the QHexView widget
not correctly highlight things if the origin was not aligned to the word
width * row width.

* Added ability for QHexView widget to display 64-bit formatted hex, once
a bug related to selection of misaligned text is resolved this will be
enabled.

2006-11-27
----------

* Added getBinaryStringFromUser to debugger API.

* Added filename to title bar when opening an application.

* Removed updating of all views when selecting a memory region to view,
now it only updates the data view tab.

* Fixed green arrow showing outside of viewable area sometimes.

2006-11-25
----------

* Changed string searcher to allow newlines in a string.

* Corrected DebuggerCore's behaviour when writing less than 4 bytes from the
edge of a memory region, previously the result was undefined, now it acts
as expected.


enjoy

http://www.codef00.com/projects.php#Debugger

proxy

What's the difficulty of lowering the qt system requirement or build a static binary release? I am using fc5 and qt version is 3.3.36. I simply cannot build this debugger and I am afraid a lot of people have similar issues as well.

Thanks,

well unfortunately QT4 has a very much changed API from 3.x, so making it compile on both would be...at the very least a challenge (but that doesn't mean i wont attempt to do it).

However, doesn't FC5 have "yum install qt4" ? i know FC6 does and I could have sworn that the rpm was available for FC5 too.

static may also be doable, i'll look into it.

proxy

Works great on Ubuntu 6.06 , using gnome , qt 4.2 and g++ 4.1
tested with metacity and beryl as window manager
Thanks, Lownoise

Ok, i got a vmware session with fc5 and upgraded qt and qt-devel to v4. Compilation etc is smooth. edb looks very promising. It's on par with 'kdbg'.

Congratulations. There are a lot of room for improvement, for example, following dump, symbols, system/library call automatic recognition, etc.

Glad you got it working, as far as the areas of improvement.

Currently there is a follow in dump (right click on registers, right click on highlighted dword in either data or stack view).

It also does have support for symbols to a certain degree, in that it will attempt to tell you the function which EIP is closest to, this only happens if you generate symbols as mentioned in the README.

automatic system/library call identification, well ya got me there, no support for that yet, but I'm working on it. The main issue is that unlike windows linux calls system functions via an absolute address in the binaries PLT section, which does an indirect jump to the desired function (windows just does a straight up indirect call, much simpler to resolve). So bottom line is I need to figure out how to get the PLT entires and the respective names from a binary.

BTW, doesn't FC5 let qt4 and qt co-exist, I am almost certain of this. they just have do like: qmake-qt4 instead of qmake IIRC.

proxy

0.8.9 released, adding a few fixes, a few speedups, and a few new features

CHANGELOG:


2006-12-12
----------

* Finally added the ability to edit the bytes in the data and stack dump
widgets! Simply right click and choose "Edit Bytes" and modify away .
If the new string of bytes is smaller, the debugger will zero fill the
difference, in the future this will be tunable.

2006-12-08
----------

* Improved efficiency and clarity of rendering code for some custom widgets.

2006-12-06
----------

* Started working on some html based help files in doc directory, don't
expect anything useful in there quite yet, but it'll get there.

* Isolated libdisasm calls to a single part of the code, this allowed
consolodation of common functions as well as creating a central point to
replace the code as I feel that libdisasm will likely be dropped in a later
version.

* Added more information in the instruction information panel.

* Made DebuggerCore plugin readBytes fill the trailing end of the buffer with
0xff if it could not read as many bytes as requested, this is to give more
predictable results if only a partial read is possible.

2006-12-01
----------

* Reduced redundant drawing in QDisassembly widget, which should make things
slightly faster due to less redraw.

2006-11-30
----------

* Added some more sanity checks to the internal reads and writes in the
debugger core plugin, this should prevent reporting incorrect data if a
add breakpoint failed to read/write correctly.

* Made step over, also step over REP prefixed ops.

* Fixed bug in indirect call/jmp analysis which resulted in the target symbol
not being resolved even though it was in the symbol map.

* Made it so the expression evaluator shows a ? instead of junk when it can't
read from the effective address.


enjoy

http://www.codef00.com/projects.php#Debugger

proxy

0.8.10 released, mostely new features

CHANGLOG:


2006-12-16
----------

* Added a tooltip to the disassembly view when there are too many instruction
bytes to display which shows all bytes in the instruction.

* Added display of ASCII strings next to registers if analysis decides that
what the register points to is an ASCII string.

* Added push/pop operations to the stack context menu.

2006-12-13
----------

* Added preliminary PLT support to make_symbolmap.sh, this will allow EDB
to properly display library calls, eventually, this will lead to a database
of known functions with parameters so the analyzier can display the paramters
correctly.

enjoy

http://www.codef00.com/projects.php#Debugger

proxy

I've tried this new version, lots of improvement and very good job. Have you looked into using a version control system. I've recently played with this tool called 'trac' hxxp://trac.edgewall.org/wiki/TracInstall, it's small and but pretty powerful interacting with subversion.

There appears to be some memory leak issue with edb, as shown by using 'valgrind -v --leak-check=ful edb' (just a start/exit session without actually debugging something).
==8578== IN SUMMARY: 795 errors from 100 contexts (suppressed: 72 from 1)
==8578==
==8578== malloc/free: in use at exit: 426,187 bytes in 23,428 blocks.
==8578== malloc/free: 116,777 allocs, 93,349 frees, 26,282,078 bytes allocated.
==8578==
==8578== searching for pointers to 23,428 not-freed blocks.
==8578== checked 1,121,080 bytes.
==8578==
==8578==
==8578== 20 bytes in 1 blocks are definitely lost in loss record 27 of 141
==8578== at 0x40053D0: malloc (vg_replace_malloc.c:149)
==8578== by 0x16A8A0: strdup (in /lib/libc-2.4.so)
==8578== by 0x6474DA5: qt_init(QApplicationPrivate*, int, _XDisplay*, unsigned long, unsigned long) (in /usr/lib/libQtGui.so.4.2.1)
==8578== by 0x6421ECF: QApplicationPrivate::construct(_XDisplay*, unsigned long, unsigned long) (in /usr/lib/libQtGui.so.4.2.1)
==8578== by 0x6422A22: QApplication::QApplication(int&, char**, int) (in /usr/lib/libQtGui.so.4.2.1)
==8578== by 0x806CA96: main (main.cpp:82)
==8578==
==8578==
==8578== 112 bytes in 2 blocks are definitely lost in loss record 79 of 141
==8578== at 0x40053D0: malloc (vg_replace_malloc.c:149)
==8578== by 0x506BDF: (within /usr/lib/libXcursor.so.1.0.2)
==8578== by 0x5073F5: (within /usr/lib/libXcursor.so.1.0.2)
==8578== by 0x507E3F: XcursorXcFileLoadImages (in /usr/lib/libXcursor.so.1.0.2)
==8578== by 0x507F3A: XcursorFileLoadImages (in /usr/lib/libXcursor.so.1.0.2)
==8578== by 0x508820: XcursorLibraryLoadImages (in /usr/lib/libXcursor.so.1.0.2)
==8578== by 0x508A14: XcursorLibraryLoadCursor (in /usr/lib/libXcursor.so.1.0.2)
==8578== by 0x647A8D6: QCursorData::update() (in /usr/lib/libQtGui.so.4.2.1)
==8578== by 0x647AE85: QCursor::handle() const (in /usr/lib/libQtGui.so.4.2.1)
==8578== by 0x64892C2: qt_x11_enforce_cursor(QWidget*) (in /usr/lib/libQtGui.so.4.2.1)
==8578== by 0x648ADB0: QWidgetPrivate::create_sys(unsigned long, bool, bool) (in /usr/lib/libQtGui.so.4.2.1)
==8578== by 0x645E6E1: QWidget::create(unsigned long, bool, bool) (in /usr/lib/libQtGui.so.4.2.1)
==8578==
==8578==
==8578== 214 bytes in 9 blocks are definitely lost in loss record 86 of 141
==8578== at 0x40053D0: malloc (vg_replace_malloc.c:149)
==8578== by 0x4DDEA4: FcStrCopy (in /usr/lib/libfontconfig.so.1.0.4)
==8578== by 0x4E106C: (within /usr/lib/libfontconfig.so.1.0.4)
==8578== by 0x4732A5: (within /lib/libexpat.so.0.5.0)
==8578== by 0x473F1C: (within /lib/libexpat.so.0.5.0)
==8578== by 0x474F1D: (within /lib/libexpat.so.0.5.0)
==8578== by 0x475E64: (within /lib/libexpat.so.0.5.0)
==8578== by 0x46D65A: XML_ParseBuffer (in /lib/libexpat.so.0.5.0)
==8578== by 0x4E02E5: FcConfigParseAndLoad (in /usr/lib/libfontconfig.so.1.0.4)
==8578== by 0x4E05E4: FcConfigParseAndLoad (in /usr/lib/libfontconfig.so.1.0.4)
==8578== by 0x4E06E7: (within /usr/lib/libfontconfig.so.1.0.4)
==8578== by 0x4E0A23: (within /usr/lib/libfontconfig.so.1.0.4)
==8578==
==8578==
==8578== 216 bytes in 9 blocks are definitely lost in loss record 90 of 141
==8578== at 0x40053D0: malloc (vg_replace_malloc.c:149)
==8578== by 0x4D6854: FcPatternCreate (in /usr/lib/libfontconfig.so.1.0.4)
==8578== by 0x4DB55F: FcPatternFreeze (in /usr/lib/libfontconfig.so.1.0.4)
==8578== by 0x4E1047: (within /usr/lib/libfontconfig.so.1.0.4)
==8578== by 0x4732A5: (within /lib/libexpat.so.0.5.0)
==8578== by 0x473F1C: (within /lib/libexpat.so.0.5.0)
==8578== by 0x474F1D: (within /lib/libexpat.so.0.5.0)
==8578== by 0x475E64: (within /lib/libexpat.so.0.5.0)
==8578== by 0x46D65A: XML_ParseBuffer (in /lib/libexpat.so.0.5.0)
==8578== by 0x4E02E5: FcConfigParseAndLoad (in /usr/lib/libfontconfig.so.1.0.4)
==8578== by 0x4E05E4: FcConfigParseAndLoad (in /usr/lib/libfontconfig.so.1.0.4)
==8578== by 0x4E06E7: (within /usr/lib/libfontconfig.so.1.0.4)
==8578==
==8578==
==8578== 216 bytes in 1 blocks are definitely lost in loss record 92 of 141
==8578== at 0x40053D0: malloc (vg_replace_malloc.c:149)
==8578== by 0x292325: _XimOpenIM (in /usr/lib/libX11.so.6.2.0)
==8578== by 0x2A276F: _XimRegisterIMInstantiateCallback (in /usr/lib/libX11.so.6.2.0)
==8578== by 0x282AF7: XRegisterIMInstantiateCallback (in /usr/lib/libX11.so.6.2.0)
==8578== by 0x67F024D: QXIMInputContext::QXIMInputContext() (in /usr/lib/libQtGui.so.4.2.1)
==8578== by 0x67EF105: QInputContextFactory::create(QString const&, QObject*) (in /usr/lib/libQtGui.so.4.2.1)
==8578== by 0x641F2E1: QApplication::inputContext() const (in /usr/lib/libQtGui.so.4.2.1)
==8578== by 0x64598B6: QWidget::inputContext() (in /usr/lib/libQtGui.so.4.2.1)
==8578== by 0x648916E: QWidget::destroy(bool, bool) (in /usr/lib/libQtGui.so.4.2.1)
==8578== by 0x645BF4F: QWidget::~QWidget() (in /usr/lib/libQtGui.so.4.2.1)
==8578== by 0x66BA610: QFrame::~QFrame() (in /usr/lib/libQtGui.so.4.2.1)
==8578== by 0x67220E9: QAbstractScrollArea::~QAbstractScrollArea() (in /usr/lib/libQtGui.so.4.2.1)
==8578==
==8578==
==8578== 744 bytes in 3 blocks are possibly lost in loss record 111 of 141
==8578== at 0x40045D0: memalign (vg_replace_malloc.c:332)
==8578== by 0x400462A: posix_memalign (vg_replace_malloc.c:421)
==8578== by 0x55B5C8: (within /usr/lib/libglib-2.0.so.0.1000.3)
==8578== by 0x55C027: g_slice_alloc (in /usr/lib/libglib-2.0.so.0.1000.3)
==8578== by 0x52D688: g_array_sized_new (in /usr/lib/libglib-2.0.so.0.1000.3)
==8578== by 0x52D796: g_array_new (in /usr/lib/libglib-2.0.so.0.1000.3)
==8578== by 0x5633D2: g_static_private_set (in /usr/lib/libglib-2.0.so.0.1000.3)
==8578== by 0x544AF9: (within /usr/lib/libglib-2.0.so.0.1000.3)
==8578== by 0x5450B2: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1000.3)
==8578== by 0x5483EE: (within /usr/lib/libglib-2.0.so.0.1000.3)
==8578== by 0x548954: g_main_context_iteration (in /usr/lib/libglib-2.0.so.0.1000.3)
==8578== by 0x7E621D: QEventDispatcherGlib:rocessEvents(QFlags<QEventLoop::ProcessEventsFlag> (in /usr/lib/libQtCore.so.4.2.1)
==8578==
==8578== LEAK SUMMARY:
==8578== definitely lost: 778 bytes in 22 blocks.
==8578== possibly lost: 744 bytes in 3 blocks.
==8578== still reachable: 424,665 bytes in 23,403 blocks.
==8578== suppressed: 0 bytes in 0 blocks.
==8578== Reachable blocks (those to which a pointer was found) are not shown.
==8578== To see them, rerun with: --show-reachable=yes
--8578-- memcheck: sanity checks: 575 cheap, 24 expensive
--8578-- memcheck: auxmaps: 0 auxmap entries (0k, 0M) in use
--8578-- memcheck: auxmaps: 0 searches, 0 comparisons
--8578-- memcheck: SMs: n_issued = 222 (3552k, 3M)
--8578-- memcheck: SMs: n_deissued = 0 (0k, 0M)
--8578-- memcheck: SMs: max_noaccess = 65535 (1048560k, 1023M)
--8578-- memcheck: SMs: max_undefined = 7 (112k, 0M)
--8578-- memcheck: SMs: max_defined = 276 (4416k, 4M)
--8578-- memcheck: SMs: max_non_DSM = 222 (3552k, 3M)
--8578-- memcheck: max sec V bit nodes: 11591 (588k, 0M)
--8578-- memcheck: set_sec_vbits8 calls: 48744 (new: 12740, updates: 36004)
--8578-- memcheck: max shadow mem size: 4444k, 4M
--8578-- translate: fast SP updates identified: 75,207 ( 89.5%)
--8578-- translate: generic_known SP updates identified: 5,505 ( 6.5%)
--8578-- translate: generic_unknown SP updates identified: 3,315 ( 3.9%)
--8578-- tt/tc: 423,951 tt lookups requiring 3,016,067 probes
--8578-- tt/tc: 423,951 fast-cache updates, 4 flushes
--8578-- transtab: new 62,281 (1,358,325 -> 22,049,244; ratio 162:10) [0 scs]
--8578-- transtab: dumped 0 (0 -> ??)
--8578-- transtab: discarded 82 (1,608 -> ??)
--8578-- scheduler: 57,564,144 jumps (bb entries).
--8578-- scheduler: 575/581,946 major/minor sched events.
--8578-- sanity: 576 cheap, 24 expensive checks.
--8578-- exectx: 30,011 lists, 25,881 contexts (avg 0 per list)
--8578-- exectx: 210,566 searches, 200,768 full compares (953 per 1000)
--8578-- exectx: 2,395,934 cmp2, 11,020 cmp4, 0 cmpAll

Looking forward to future releases. I really should find some free time to start looking at your source code. Great work and keep it up!

I am testing version 0.8.11 and 'still-reachable' memory reported by valgrind is usually also lost and potentially leaking.

well if you look carefull at the report, as far as I can tell, all of the leaks are rooted in library functions (first is allocated by the QApplication object, second looks like a QWidget, 3rd/4th are part of libfontconfig, 5th is from a QAbstractScrollArea, finally the last seems to be part of the QProcessEvents system.

QT generally does it's own memory managment, but I'll look into these to see if any of them are under my control, my gut tells me they aren't though

One thing to test, see if there is a significant (or any) difference between opening then closing immediately and opening, then doing some work, then closing. If there is little to no difference, then it isn't a growing leak, which are the ones which are the real problems.

thanks for the feedback and positive words

proxy

also, you may want to look into possibly updating you libraries because I get very different output from valgrind with full memory leak checking.



it doesn't seem from this output with my version of things, there are no leaks which can be traced back to a QT/Debugger object.

QT version 4.1.4, glibc version 2.4, gcc version 4.1.1

proxy

0.8.12 released, adding a few fixes, a few speedups, and a few new features

CHANGELOG:

2007-02-26
----------

* Added ability to change the working directory opened applications run in.

2007-02-23
----------

* Improved about dialog box :-P

2007-02-15
----------

* Added ability to dump the contents of a data view tab to a file.

2007-01-17
----------

* Added recent file list to File menu.

2007-01-16
----------

* Cleared internal state tracking on detach, nothing major.

2006-12-23
----------

* Added new stylized register view window, still working out the programmers API
for it, but at least it looks nice

enjoy

http://www.codef00.com/projects.php#Debugger

proxy

0.8.13 released, adding a few fixes and a few new features

CHANGELOG:

2007-03-14
----------

* Fixed compile issue for some versions of QT4.

* Added getting of working directory and arguments from attached processes
this makes restarting work much better (which is now enabled).

2007-03-12
----------

* Internally,a lot of i386 specific code was moved to a new class
"i386ArchProcessor", which will eventually be a plugin (one for each arch).
It is still a work in progress, but is a start.

* Removed quit role property from exit menu as this prevented
compiles on QT < 4.2.0

2007-03-03
----------

* started work on restart code, seems to work ok

enjoy

http://www.codef00.com/projects.php#Debugger

Linux RCE -tools heh good work guys and thanks for this, because of you ,I'm happy to be here , and thank you for woodmann, jmi etc for bring back this forum again, you know after along Error Page, I really happy to see a gain. there's a new monster (Vista) out there in our hunting ground , lets refine our weapon(knowlege) also. good hunt

this is a very nice project!

i did not try it yet, just looked at the code etc, VERY NICE! decent code, really! when i will move to QT4 i probably would want to use your qhexview ...
i am wondering if we could probably somehow leverage from eachother, we both use libdisasm, and qt
For the gui we have some similar requirements. I could offer you syntax highlighted insn formatting a la http://home.pages.at/f001/review/imgs/review_dis2.jpg

hm i really think it could be cool to share the same qui routines at least. i am finishing my code for a release and set up a page for access, if you are interested i would like to discuss with u if we would like to combine our creativity

cheers, 0xf001

I agree, it would simply be awesome if we could collaborate and make use of each others code. I would love it if I could improve my disassembly viewer and have some of the features review has display wise.

Anyway, let me know what you have in mind and we'll figure something out.

Evan

0.8.14 released, adding a few fixes and a few new features

2007-04-15
----------
* Added heuristic for resolving "main" symbol byte on bytecode matching
if the symbol is not provided in the symbol map. This feature is currently
very likely glibc specific.

* Added some more steps towards 64-bit build support.

2007-04-13
----------

* Added more consitancy to context menus (operations you can do in the dump
view, you can also do in the stack view most of the time now.

2007-04-11
----------

* Registers are now highlighted in red if they have changed.

2007-04-08
----------

* Fixed a crashable bug BinaryString search plugin if an empty string was
supplied.

2007-04-07
----------

* CheckVersion plugin will now respect the HTTP_PROXY environment variable.

2007-04-06
----------

* corrected minor bug in edb_make_symbolmap.sh which preventing it from running
on certain distributions which actually have /bin/sh act like the original sh
not bash

* Added basic conditional breakpoints. The can be set in the breakpoint
manager plugin and are based on the expressions that were recently added.
At the moment, the expressions are tested for validity at the moment of
the breakpoint, eventually this will be checked when you enter it.

2007-04-02
----------

* Added expression support to "Goto Address" in both the CPU and data views.
Please see the README for more detailed information on this.

2007-03-29
----------

* Added MD5 code, which will notify the user of outdated symbol files.

* Added code to remove duplicates from the instruction analysis list.

2007-03-28
----------

* Renamed make_symbolmap.sh to edb_make_symbolmap.sh to make it more
distribution friendly.

* edb_make_symbolmap.sh now puts errors to stderr, not stdout, so you dont get
false symbol files if you process a whole dir at a time.

2007-03-24
----------

* Shellcode address used to change region premissions is now chosen dynamically.

2007-03-20
----------

* Added preliminiary framework for resolving parameters to standard library
functions.

* Added ability to show/hide the toolbar.

2007-03-15
----------

* Added ability to specify compile time some default directory strings,
makes package managment easier.

* Added preliminary meathod for code to find a plugin based on the plugins name
this will allow code to be written which depends on functionality exported
by plugins, which could be cool.

* Added some basic measures to help prevent duplicate plugin loading caused
by symlink trickery

* EDB will now look in the current working directory as well as the path
specified in the options for plugins

enjoy

http://www.codef00.com/projects.php#Debugger

GREAT job Proxy, I'd been needing something like this. I was just looking at a target that had both a Linux, and a windows version, and the code for the Linux version was MUCH more straight forward, and I ended up with a nice keygen as a result!

Now, a comment. Sometimes when scrolling up or down using the mouse wheel, the code changes (like a problem with the backwards disassembler), and sometimes when scrolling down, it takes effort to get to an address just a few bytes away.

// My system details
Fedora Core 6, 6 proc P3 Xeon server, 4 GB of RAM.

yea, currently it scrolls by bytes, not instructions, so the code will appear to change as the length of the first instruction shown determines how the rest are disassembled.

This is a feature I am really working on, but it is a tough nut to crack because Intel instructions are variable length. I believe that Ollydbg "snaps" the origin to the nearest known function, but is a pretty good approach, but does depend on the existence of the analyzer. So eventually it'll get in there .

I'm glad that you were able to make use of EDB and found it to be useful, are there any "killer features" that you would recommend that I focus on (check my TODO list to see what i'm already looking at, since it may already be in the works)

PS: to get to a specific address, even just a few bytes away, it is sometimes easier to right click on the disassembly and choose "goto address", just remember that hex values start with "0x" just like in C.
PPS: also, the goto addresses accept expressions, so you may right: "eip + 10" or something to just scroll relative to eip

proxy

hi,

i setup my qt4 dev environment, and had a chance to quickly test ... looks VERY good!

i wanted to add the UID into the process list, which displays when you attemt to attach to a process. that would help looking at just user processes etc ...

how open do you see your development? do you think of going sourceforge or similar, or shall we send you patches, in case we would want to modify something?

regards, 0xf001

First of all, I can add the UID thing no problem, it'll be in the next release

As far as how open I feel the development is, I want to make it very open but I would still like patches sent to me so I apply them. This way I'll at least be able to know what things are being added!

Also, I hope that most of the time, new functionality can be added via plugins, so keep that in mind.

Anyway, I'm glad that you like it, I hope to continue to make it better and better over time, so please let me know of any features you think it needs.

BTW: any news on review? I've been looking forward to checking it out and seeing if there is anyway we can work together to improve both of our projects. Let me know.

proxy

hi proxy,



very nice! i can recommend sourceforge, i am sure you know it, ... u are there project owner, and can control everything. they give you a svn repos, where u can make it public, or just to a list of developers etc. when u have some time, maybe u can look at it. i think its very nice for maintaining projects. i personally am perfectly fine with sending "stuff" to you, too

i had another idea: wat i _really_ like about gdb in text mode is - i can so easily
have a texteditor open, and copy/paste the outoput - ie the state of a process at a certain point of execution.

i would like to add a feature - where it can just dump to STDOUT a similar output like



to familiarize with your code base, i would want to try to add it. what do you think?

regarding review, i get more and more requests. i have still some (little, but still) parts to finish, but want to do that not in a rush. please let me test your patience a bit also i am thinking of moving to qt4, which i just yesterday got straight in parallel to qt3 (was easy, but i was afraid to break my dev system) - in order we can better share.

i want to look if i could provide you with my disasm output, that should be fairly easy - since we both use libdisasm ...

something other popped up in the meantime, which got all my attention,
something you will hear from soon its unplanned and eating my time for review
(no, not knoppix|RE, that just popped up, too, thanks to 0x0804 who is great help).

i think of being able to release the code to the end of the month - around that time.

proxy, you are a damn good coder, and i like your quality of code and well thought concepts how you work! i am impressed, its damn cool you came here to this board, very appreciated

i for example need to beautify a lot of proof of concept code in review, it looks far not as clean as your debugger. it motivates me to see your code

best regards, 0xf001

0.8.15 released, some big fixes and new features:


2007-05-16
----------

* Added UID to attach dialog.

* Added ability to filter out entries that dont match your UID in the attach
dialog.

2007-05-15
----------

* Added "Goto ESP/EBP" to stack context menu.

* Fixed crashable bug in QDisassembly view, involving libdisasm, libdisasm will
do a double free if "x86_oplist_free" is called on invalid opcodes, this is
now avoided.

* You can now always disassemble code nearing the edge of a region.

2007-04-30
----------

* Isolated how recent files are managed away from primary GUI code.

* Made register view and disassembly view fonts configurable from options
dialog.

* Made data view's font default to what is set in the options.

* Font changes in the options now show immidiately after accepting (clicking ok)
the options dialog.

2007-04-27
----------

* Break point manger now takes an expression for it's address

* General code cleanups

* Added stack analysis, will now show returns and ascii strings in stack viewer!

2007-04-24
----------

* Made minimum length for ascii string detection tunable in options.

* Improved the String Searcher plugin to reuse code in the Debugger API instead
of using its own.

2007-04-23
----------

* Began work on a new "Open Files" plugin, it can currently list open files
and will eventually be able to show socket/pipe information as well.

* Fixed minor display bug in tooltips for long instructions

* Improved the internal disassembly API to make it more adaptable to other
disassembly libraries

2007-04-19
----------

* Vastley improved the speed of the Heap Analizer's result view (order of
minutes to seconds)

enjoy

http://www.codef00.com/projects.php#Debugger

proxy

Nice work as usual.

it's amazing wow. We have now a powerful gui debugger under linux. Thank you very much proxy. Keep working.


cheers

I'm glad so many people are enjoying it. I have _many_ features planned for future releases

It'll take time, but in the end I hope for EDB to become the best binary mode debugger out there.

New release is coming soon with some more of the usual improvments.

proxy

@proxy: I have a few questions to ask:

1-) Does EDB currently support any scripting language similar to ollyscript?
2-) Does EDB currently support loading dynamic libraries?
3-) What is the best IDE or editor for assembly coding for linux?
4-) What is best hex editor for linux?
5-) Is there any decent tutorials for gnome asm programming for linux similar to iczelion's?
6-) Is there any assembler for linux which supports high level constructions like masm? I am used to nasm but it lacks of high level constructions.


regards

1-) Does EDB currently support any scripting language similar to ollyscript?

No, but this is a generally good idea, and there is no reason why it couldn't be implemented as a plugin. So i'll take a closer look at ollyscript and see what I can do.

2-) Does EDB currently support loading dynamic libraries?

Sort of, .so files are standard ELF files which have an entry point. But they don't have a windows style DllMain. Really all OllyDbg does special for dlls is it has a stub application which loads the chosen dll and it debugs that. I'm not sure if that would translate to something useful on linux, but I'll look into it.

3-) What is the best IDE or editor for assembly coding for linux?

too be honest, the editor of your choice, my favorite editor is nedit, but it's really just a glorified notepad.

4-) What is best hex editor for linux?

KHexEdit is pretty decent, but if you want commandline, there is also just hexedit. Both do their job and work well.

5-) Is there any decent tutorials for gnome asm programming for linux similar to iczelion's?

Well Gnome really has nothing to do with ASM generally, you can call it's API just as easily as you can from C. So just look into the general API documentation for the window manager of your choice, be it Gnome, KDE or anything else and dive right in.

6-) Is there any assembler for linux which supports high level constructions like masm? I am used to nasm but it lacks of high level constructions.

No idea, sorry

proxy

I attached the main include file for NASM32 ( http://www.asmcommunity.net/projects/nasm32/ ), which gives you a lot of MASM-style macros. Just %include it.

highenergy,

tools -> woodmann.com/0xf001

assembler with macros: nasm (and many others)

asm tuts: see links on my page

see pretty everything you need on my page

cheers, 0xf001

@proxy:

It would be great if you can make&upload precompiled ubuntu deb packages. It's not for every avarage joe to use terminal.

regards
H.E.

It should be. =/

Heh, i'll work on more packages (though I have a gentoo one now). Once i set up some VMs for the various distros, I'll eventually get to packaging things up. Though to be honest, It's likely something I'll leave for when I start making 0.9.x releases.

Speaking of which, I know I've been silent for a bit and it's been quite a while since the last release. I've been very busy with work and life, but don't fret, a new EDB is on the way with some cool new features and improvements .

I have been hard at work with a replacement disassembler engine which will be more robust, faster and portable than libdisasm. It's almost done, the major missing feature is AT&T syntax output at the moment, not sure if it's even a big deal (please people, tell me if it is).

Anyway, I hope to have another release real soon.

proxy

Will there will be 64 bit support?

64-bit support is planned, but won't be supported quite yet. Support for other arches is something i have been slowly working towards, it is not that easy though.

The big show-stoppers are the disassembly engine, which clearly needs to be aware of alternate arches, and the analysis/data display engines which I have made large efforts to separate from the GUI code itself.

So it'll happen eventually, just not quite yet (especially since I don't have a 64-bit processor in my dev box).

proxy

@proxy:


Nope, it's not a big deal. I don't even use AT&T syntax. Take your time You are great proxy. I wish you many more successes in your life&work. One more thing, just curiosity, what is your favorite assembler? Gas or nasm? Gas' AT&T syntax is horrible and nasm has lack of high level consructions. I can hear that you say why don't you use nasm32 with macros but I don't like doing that in that way. What I really want is an exact replacement of masm under linux. Maybe I am asking to much things but there is no one in linux community except from you who can make an assembler which has masm's syntax.

regards
H.E.

Thank you for the kind words, I really appreciate them

Well it depends, if i'm doing inline ASM on linux, i don't mind AT&T. But I would never want to write a standalone large function in AT&T because i can't stand _reading_ it (writing is ok).

As for NASM, to be honest, I never used MASM that much, so I don't miss the lack of high level constructs. Maybe I'm a little but not the norm since I see people asking for these things very often, but it's something that never bothered me.

proxy

0.8.17 released, some big fixes and new features, this one has a lot of changes Hope you all enjoy!:

2007-08-06
----------

* Improved the build system a little for plugins. They now all share common
portions.

* Added ascii string display in heap viewer plugin. Now if, the heap block
contains an ascii string, it'll be displayed in the data column. I plan to
add more types of known "data" to this column over time.

* Added a filter to the environment viewer plugin so you can quickly find the
variable you are looking for.

2007-08-02
----------

* Conditional MOVs are now part of the instruction analysis, it will display
whether or not the MOV will be performed based on the current flags.

* I am making the config file entries use a more organized naming convention in
the past they were very ad-hoc, but now i am going with namespaces. For
example: debugger.terminal.enabled=true. For now this will only apply to new
settings so no one loses settings, but the old names will eventually be phased
out in 0.9.0 which is when I will start to stabilize the varying APIs in EDB.

* The view options for the stack and data views (word width/row width/which
columns to display) are now stored in the config file and restored on reload.
Data view is stored as well but is based on the options dialog because saving
the options set in the context menu makes no sense (many tabs, which to use).

2007-08-01
----------

* Added different binary fill options to the CPU context menu. Good for REMing
out individual ops quickly.

* Command window program is now configurable in the debugging options dialog.
You can enable/disable it, and you can use the terminal program of your
choice. The default is /usr/bin/xterm, as this should be fairly ubiquitous.
"konsole --nomenubar --notabbar" works well for us KDE users out there as
well. The only real rule is that whitespace is assumed to be an argument
separator and bad things may happen if you try to be clever and use a program
name or argument with a space in it. I was able to get launching konsole to
simply lock up EDB (no idea why) simply by using it from a path with a space
in it.

2007-07-31
----------

* Experimental code for opening an I/O window for command line apps is almost
done. It actually works well, just need it to be more tunable. This is a
big feature as it will allow more complete debugging of applications with a
CLI.

2007-07-30
----------

* Made the 3 byte UD opcode no decode as "invalid" but as "ud", since this op
isn't really invalid, just is hardwired to generate an exception.

* FPU registers are now highlighted on changes.

* Made changes towards abstracting State such that it can be an opaque type.

* Renamed types.h to EDBTypes.h to avoid conflict with system types.h. Sorry
if this makes people change code, but API isn't stable yet .

* Moved *nix specific headers to ROOT/include/os/unix from src, since plugins
may and likely need to see those types, now the include dir is all that is
NEEDED to have a plugin development setup.

* Changed getValueFromUser to get a reg_t value, this should be more
portable. (Thanks Thomas Faber!)

* Improved DebuggerCore's reading/writing routines to be more portable and
more flexible with regards to endian size and word size.
(Thanks Thomas Faber!)

* Thomas Faber's changes make EDB a few steps closer to compiling and
functioning correctly in an x86-64 setup.


2007-07-26
----------

* Implemented PID enumeration on FreeBSD. Still a lot to go for things to
compile and work...

* Made edb_make_symbolmap work if you have md5 instead of md5sum in your system.

* Added breakpoint management to CPU view context menu.

2007-07-25
----------
* Fixed error in which a shallow copy of a transient variable was being used
which is bad because the data could be trashed.

2007-07-21
----------

* You can now see the FPU registers, they are currently read only, but it
appears to work correctly.

2007-07-19
----------

* Fixed a silly bug introduced recently where registers aren't properly
un-highlighted when no longer attached.

* Internally layed some ground work for reading FPU register support.

* Fixed a bug in the debugging core plugin which could cause a caller of a
read or write to think it succeeded when it didn't. It was very unlikely to
get triggered and even so would likely have little to no side effects.

2007-07-17
----------

* Made it so when you try to modify bytes which overlap a breakpoint,
you are given the option to continue (which removes the breakpoints), or
abort the modification.

* Finally made the breakpoint dialog show the breakpoint type.

* Introduced initial code for supporting more than one binary type. It still
only accepts ELF32, but the framework is in place.

* Fixed a bug where misaligned jumps were fooling the disassembly view widget
this was pretty bad since a lot of the point of active debugging versus static
analysis is to avoid getting fooled by tricks like this!

2007-07-16
----------

* Fixed a bug where certain strings may not be reported corrected
(some characters chopped out).

* Fixed bug where offsets of 16-bit relative jumps were not being truncated like
the CPU actually does. In the real thing, the target address has the upper
16-bits cleared. Not very useful in 32-bit code, but important to be correct.

* Fixed bug in new register reading code.

* Removed segfault due to settings invalid segments from TODO list, this is a
kernel bug and entirely out of EDB's control.

2007-07-13
----------

* Numerous improvements to the disassembler, I believe it is fairly complete
the only thing that's missing that I'm aware of is enforcement of certain
rules (like mod/rm that must only be mem, and which ops certain prefixes are
valid for).

2007-07-12
----------

* Worked around a bug where QT would deliver events to disabled actions if the
shortcut key-combination is pressed. For now I have a check in each action
where it simply returns if that action is not enabled. The QT people seem
to be aware of the issue, hopefully it'll be addressed in a future version
of QT.

* Fixed ability to debug a process which receives unknown stop signals. Now it
will simply break if you were trying to step. It is still annoying since
frequent signals will make you have to step twice all the time, but at least
it is now possible.

* Fixed long standing (apparently no one noticed) bug where if you detached
from a process while a breakpoint was set, the process had a chance of
crashing.

* Made operand analysis smarter, it now knows about different expression types
(byte ptr, word ptr, dword ptr).

* Identified a few bugs I would like ironed out before next release.

* Many minor improvements in the disassembly output. It is difficult to decide
when to use hex and when to use decimal, but I think I have something
reasonable.

* Good speedup in instruction analysis.

2007-07-11
----------

* Finally compiled EDB with edisassm ! This disassembly engine is faster and
more robust than the previous one because I am more easily able to add
specific features that EDB can use into it. Unfortunately, this does mean
that AT&T syntax is temporarily disabled.

* Fixed a major crashable bug in QDisassemblyView widget, it was very subtle.

2007-07-06
----------

* Finished environment viewer plugin

* edisassm is almost complete and ready for integration

* Condition flags can now be seen in the register view as a sub item to eflags

* Split out the i386 stuff away from the GUI yet more, almost at a good point
of portability.

* More robust error checking

* A few minor UI updates.


2007-05-31
----------

* Multibyte invalid ops are now displayed properly.

2007-05-23
----------

* Very preliminary TTY support.

2007-05-20
----------

* Fixed a bug in getBinaryStringFromUser where it was setting the value
before the maximum allowed length. This made it so values were truncated
incorrectly.

* Added Edit bytes to the QDisassembly viewer!

* Fixed DebuggerCore incorrectly reporting success on reads/writes of where
no bytes are read.

enjoy

http://www.codef00.com/projects.php#Debugger

proxy

Quick release, last version introduced a crashable bug, so 0.8.18 comes early

Hope you all enjoy!:


2007-08-08
----------

* Fixed a crashable bug introduced in last version, this was related to clearing
the process state variable. Now that the state has virtual functions, it is
no longer correct to use memset.

* Added search filter to the opcode search plugin so you can find the region you
want to search more easily.

* Added search filter to the strings plugin so you can find the region you
want to search more easily.

* Made the MemoryRegions object also a QAbstraceItemModel, suitable for a
QTableView. This should make it simpler/cleaner to display a table of
available regions (there were already 3 copies of the code to fill the table
in edb which will now no longer be needed, in addition to making the filtering
code MUCH simpler since QT can do it for us.

enjoy

http://www.codef00.com/projects.php#Debugger

proxy

Looks like I accidentally created a QT 4.3 dependancy with 0.8.18, so I just release 0.8.19. Please try this tarball if you had issues building 0.8.18. If you had no issues, not real reason to upgrade quite yet :-P

Evan

0.8.21 released, this one has some new plugins, features and some minor bug fixes. Hope you all enjoy!:

2007-08-26
----------

* Added cool "data dump" plugin as per 0xf001s request . Just hit ctrl+D and
it'll shoot out a dump similar to GDB to stdout.

* Added the ability to skip in-accessible regions (permissions currently "---"
to both the reference search and the binary string plugins. Some applications
such as wine like to create dummy regions like this. It should make the
searching a little more bareable.

2007-08-20
----------

* "Filling" instructions, as in functions which either have no real effect,
and/or are usually used to fill the space between functions are now displayed
in grey. This makes seeing where function boundaries are easier.

2007-08-20
----------

* Added pointer detection to heap analysis.

2007-08-18
----------

* Tables with numeric content columns are now sorted numerically.

* I am working on stabalizing the programming API, BaseTypes:: and Debugger::
namespaces will be merged and renamed to edb::. The contents of Debugger::
will be located in in edb::v1:: to indicate version 1 of the plugin API. This
way plugins will have a nice clean way of knowing which version of the API
they are using. Functions in edb::v1:: will never be removed, after 1.0 is
released.

* Corrected a bug where step over didn't work if you were on a breakpoint.

2007-08-16
----------

* Corrected copy and past bug in FunctionFinder plugin menu item name.

2007-08-15
----------

* updated some of the documentation.

2007-08-14
----------

* Added a "bookmarks" plugin, which allows you to put code addresses of your
choice into a list, which you can later jump to. This plugin also serves
as an example of how to add dock widgets to the main gui in a safe manor.

* Fixed a subtle crash caused by debugging an app, opening a plugin dialog, then
detaching, and eventually debugging a new process (which not closing the
dialog.

* Added a new "function finder" plugin. Suprisingly accurate. It includes a
"reference count" column which is how many potential calls to this function
the plugin saw. The higher the number, the greater the confidence that it is
really a function entry point.

* Speed increases.

2007-08-13
----------

* Changed some of the global objects from pointers to references, this will
reduce the need for null checks in many situations as well as simplify code.

* added wait for console process to die before closing for a better cleanup.

2007-08-10
----------

* Fixed accidentaly reference of breakpoint data after it was free when using
one time breakpoints. Dangling pointers are no bueno!

2007-08-09
----------

* Removed references to QT 4.3 features from UI files.

enjoy

http://www.codef00.com/projects.php#Debugger

proxy

Good WORK.

Hi there Proxy,

I'm getting the following error when compiling edb on a x64 machine. The State.h defines the struct State for x86 32bit registers. I can just modify the file to have the x64 registers (rax, rbx etc) but I didn't go through the code to see a simple fix would work or break something else.

Comments?

Thanks

Sailor_eda

DebuggerCore.cpp: In member function ‘virtual void DebuggerCore::getState(State&’:
DebuggerCore.cpp:527: error: ‘struct user_regs_struct’ has no member named ‘eax’
DebuggerCore.cpp:528: error: ‘struct user_regs_struct’ has no member named ‘ebx’
DebuggerCore.cpp:529: error: ‘struct user_regs_struct’ has no member named ‘ecx’
DebuggerCore.cpp:530: error: ‘struct user_regs_struct’ has no member named ‘edx’
DebuggerCore.cpp:531: error: ‘struct user_regs_struct’ has no member named ‘esp’
DebuggerCore.cpp:532: error: ‘struct user_regs_struct’ has no member named ‘ebp’
DebuggerCore.cpp:533: error: ‘struct user_regs_struct’ has no member named ‘edi’
DebuggerCore.cpp:534: error: ‘struct user_regs_struct’ has no member named ‘esi’
DebuggerCore.cpp:535: error: ‘struct user_regs_struct’ has no member named ‘eip’
DebuggerCore.cpp:537: error: ‘struct user_regs_struct’ has no member named ‘xcs’
DebuggerCore.cpp:538: error: ‘struct user_regs_struct’ has no member named ‘xds’
DebuggerCore.cpp:539: error: ‘struct user_regs_struct’ has no member named ‘xes’
DebuggerCore.cpp:540: error: ‘struct user_regs_struct’ has no member named ‘xfs’
DebuggerCore.cpp:541: error: ‘struct user_regs_struct’ has no member named ‘xgs’
DebuggerCore.cpp:542: error: ‘struct user_regs_struct’ has no member named ‘xss’
DebuggerCore.cpp:543: error: ‘struct user_regs_struct’ has no member named ‘orig_eax’
DebuggerCore.cpp: In member function ‘virtual void DebuggerCore::setState(const State&’:
DebuggerCore.cpp:568: error: ‘struct user_regs_struct’ has no member named ‘eax’
DebuggerCore.cpp:569: error: ‘struct user_regs_struct’ has no member named ‘ebx’
DebuggerCore.cpp:570: error: ‘struct user_regs_struct’ has no member named ‘ecx’
DebuggerCore.cpp:571: error: ‘struct user_regs_struct’ has no member named ‘edx’
DebuggerCore.cpp:572: error: ‘struct user_regs_struct’ has no member named ‘esp’
DebuggerCore.cpp:573: error: ‘struct user_regs_struct’ has no member named ‘ebp’
DebuggerCore.cpp:574: error: ‘struct user_regs_struct’ has no member named ‘edi’
DebuggerCore.cpp:575: error: ‘struct user_regs_struct’ has no member named ‘esi’
DebuggerCore.cpp:576: error: ‘struct user_regs_struct’ has no member named ‘eip’
DebuggerCore.cpp:578: error: ‘struct user_regs_struct’ has no member named ‘xcs’
DebuggerCore.cpp:579: error: ‘struct user_regs_struct’ has no member named ‘xds’
DebuggerCore.cpp:580: error: ‘struct user_regs_struct’ has no member named ‘xes’
DebuggerCore.cpp:581: error: ‘struct user_regs_struct’ has no member named ‘xfs’
DebuggerCore.cpp:582: error: ‘struct user_regs_struct’ has no member named ‘xgs’
DebuggerCore.cpp:583: error: ‘struct user_regs_struct’ has no member named ‘xss’
DebuggerCore.cpp:584: error: ‘struct user_regs_struct’ has no member named ‘orig_eax’

First of all, what happened to the boards for so long?

x86_64 support is not quite there yet. Sorry, but edb is x86 only for now

I'm hoping to have x86 support in the future though, no time table for it yet.

proxy

I'm not sure what you mean by this Proxy, could you please clarify?

heh, I could not pull up the website for about a month. All other sites worked, just not woodmann.com. I figured that the site was dead!

Dunno what the problem was if it was just me, but I tried from multiple locations still no dice until today.

proxy

Very strange, the board has been up and running continuously indeed (except for some routing problems for less than a day), as far as any admins have been able to see.

Do note that some "surf-out filters" that companies use block this site though, but I assume you have tried it from unfiltered locations too, so I have no idea then. Please send us an email with a traceroute the next time this happens, so we know and can investigate it.

Just wanted to give everyone an update. A new version is coming soon with lots of updates and a handful of new features

I'm also in the midsts of setting up a virtual machine which will run x86-64 Linux. This will give me an opportunity to port EDB to 64-bit Linux hopefully ready for the version after next.

I've also setup a bugzilla for EDB at: http://bugs.codef00.com/. Please feel free to submit bugs and requests there .

So anyway, the game plan is as follows. Next release is a few new features and bug fixes, hopefully within a week or so. And I hope the release after that will build and run on x86-64. Preliminary tests look good for the porting since I tried to plan ahead as much as possible. The biggest thing to port is adding x86-64 support to the disassembler engine.

Have a good thanksgiving everyone!

proxy

Thanks for the update.

Regards,

0.8.22 released, change log is pretty long, hopefully won't be quite so long until next release (0.9.0 which is planned to be the first version to support x86-64!).
Hope you all enjoy!:


2008-01-16
----------

* Fixed a potential crash on shutdown in the cleanup code

* Fixed a silly crash where if you ran the function finder with no selected
region (or if you are not attached to a program) it would crash.

2008-01-15
----------

* Fixed a bug in ModRM/SIB decoding where in some cases the index and base were
inversed. This only really showed up in the less used redundant encodings, so
it didn't show up until I started my regression tests.

2008-01-14
----------

* Fixed a bug in edisassm where it would think it didn't have enough space in
the instruction buffer when prefixes are used.

2008-01-13
----------

* Added a graphical indicator of the direction for relative jumps.

2008-01-12
----------

* Improved load time.

* Fixed some very minor bugs in the disassembler.

* made disassembler differentiate between the different versions of ins/outs.

2008-01-10
----------

* Fixed a bug in edisassm where 32-bit signed offsets which have the 16-bit
set were being printed as 16-bit sign extended values.

* Added some regression tests to edisassm. Unfortunately nasm and edisassm
disagree on some syntax points and likes to re-order expressions sometimes,
so I'll have to come up with some normalization strategy before it can be
fully automated. But it's a start .


2008-01-03
----------

* Fixed a bug where if you used the fill feature ontop of a breakpoint it
would not properly clear the breakpoint first.

2007-12-12
----------

* Moved the ELFxxBinaryInfo classes to plugins. This is more modular and makes
it far simpler to add new BinaryFile handlers in the future.

2007-12-10
----------

* Added command line running of a program. You may write things like this:
$ ./edb --run /bin/ls /etc /bin
and it will start edb attached to a new instance of /bin/ls with the correct
arguments passed.

2007-12-06
----------

* Fixed a display bug (Bug #37) where it was possible to make the data tabs show data to
a region which does not exist after detaching (showing all 0xff's).

2007-12-03
----------

* Changed some code to convert numbers to toULongLong instead of toUInt to
ensure that when 64-bit is supported, addresses will be interpreted correctly.

2007-11-31
----------

* Ported the dump state plugin to be able to compile correctly on x86-64.

2007-11-29
----------

* Added code to load/save session files (which are currently mostely empty)
This will read the file header, check it for the session signature, md5 the
file in the sessiona and compare that to the md5 of the currently debugged
application. This way, it should never load a session file for the wrong
application. Next, I'll be adding useful data to the session files, for
starters I plan on having sessions remember breakpoints and bookmarks.

2007-11-28
----------

* EDBTypes.h is now Types.h this will include the OSTypes.h and ArchTypes.h
files, this makes adding new arch and os combinations much easier.

* Made various input dialogs accept 64-bit values when building on an x86-64
platform.

* Made many changes to help in portability to other platforms. EDB will likely
be ready for x86-64 within a version or two. The big stumbling block left is
edisassm support for proper disassembly.

2007-11-27
----------

* Now that I discovered that QT has a qmake variable (undocumented) which
represents the arch it is being compiled on. I have started work on dividing
the code which is arch specific into special arch dirs, one for each build
target (i386 is only which compiles, but it's a start). This should really
help with porting to new targets.

* Started very begining work towards a session file concept. I have mostely
fleshed out what I want the file to look like.

2007-11-24
----------

* EDBTypes.h will now define some macros based on the arch it beleives it is
being built on such as EDB_X86_64 or EDB_X86. Also, it will define EDB_FMT_PTR
which is a format specifier suitable for printing an edb::address_t type.

* DebuggerCore now compiles on x86-64, however there is still much work left to
be done. I need to add x86-64 support the the disassembler, and to a few other
arch sensitive areas.

2007-11-20
----------

* Added preliminary code for "--run" option which will allow the user
to execute a program and attach to it from the command line, for example:
$ ./edb --run /bin/ls /etc
which would run /bin/ls with "/etc" as it's argument and attach to it.
This code is not functional yet.

* Added new findPluginByName to plugin API. This should allow some basic
for of dependancies to plugins. This should not be used until plugins are
fully loaded because there is no gaurantee as to the order of loading yet.
So, as a good rule of thumb, don't use it in the plugin constructor.
Hopefully, this will lead to more code reuse and maintainability.

2007-11-15
----------

* Added identification of jump sources to instruction analysis. Now whenever
stopped on an instruction, it will attempt to find out if a nearby relative
jump has a target equaling the the instruction you are stopped on.

2007-11-14
----------

* Setup new bugzilla for EDB at: http://bugs.codef00.com/

* Implemented locked stack feature. It will stay locked at the position of the
stack pointer (unless the stack pointer jumps to a whole other memory region)
when enabled.

2007-11-08
----------

* Added preliminary support for resizing the columns in the disassembly view.

2007-11-07
----------

* Fixed a bug in the disassembler where it would ignore the displacement of
an opcode encoded in a particular way.


2007-11-06
----------

* Added option for CheckVersion plugin to automatically check for newest version
on startup. It will not report anything if you are running an up to date
version of edb. This feature is enabled by default. You can disable this
feature by unchecking the menu item for it, found at:
"Plugins" -> "CheckVersion" -> "Check On Start". When enabled, the plugin
will perform a single HTTP get request to retrieve the latest available
version number each time edb is started.

2007-10-23
----------

* Worked on developing function and code analysis. I now have developed an
algorithm which can do reasonable accurate degree which bytes are actually
code bytes. Basically the concept is first to enumerate potential functions
by disassembling at each possible address in a region. For each call I see I
add it to a list and increase its reference count. Then for each function with
2 or more references, I do further analysis. While reviewing these functions
with 2 or more references, I follow the code looking for the function end. If
I see any calls to functions with a single reference, then they get a bonus
reference and are re-added onto the list of calls to analyze. For now, the
primary goal is to figure out the actual code bytes and bounds of the
functions. Next I will try to identify the conditional logic in the functions.

* Fixed duplicate error reporting on some invalid expressions.

2007-10-20
----------

* Added a heuristic for locating the heap start when using a newer ld. It isn't
100% reliable, but seems to work "ok", I am hoping to solidify more checks
in the future to make it more reliable.

2007-10-11
----------

* Made some changes to the plugin API in order to help move towards
a stable 1.0 API.

2007-10-09
----------

* General code cleanups and optimizations

* Added support for arguments with spaces in them. Arguments with spaces are
specified with quotes, and if you need to have a quote character in the
argument then you can escape it with \.

2007-09-17
----------

* Added shortcuts to bookmarks (Ctrl + N will trigger the first 10 bookmarks).

2007-09-14
----------

* Fixed a bug where I accidentally was copying from a QByteArray directly
memcpy. It worked because the data array was the first class variable, but
was not correct in principle.

2007-09-10
----------

* Corrected a minor bug where the GUI didn't update correctly when using the
stack widgets push/pop menu items.

* Made Debugger::log a variadic function, this allows for passing formatted
output directly without a temp, allowing for cleaner code.

2007-09-08
----------

* Focused on optimising the code in certain locations.

* FunctionFinder now uses the new readPages interface.
This costs more memory, but seems to be more than twice as fast .

2007-09-05
----------

* BinaryStringSearch and ReferenceSearch now use the new readPages interface.
This costs more memory, but seems to be more than twice as fast .

* Added a readPages routine to the DebuggerCoreInterface, since reading large
blocks of data can be done more efficiently that individual bytes.

2007-08-28
----------

* Fixed a bug where EDB would hang if the TTY console specified in the options
does not exist. It defaults to "/usr/bin/xterm". Thanks Dmitry Bulashev for
reporting!

2007-08-27
----------

* Corrected a minor bug where the core plugin would report success when trying
to read when not attached.

* Bookmarks plugin can now take expressions.

enjoy

http://www.codef00.com/projects.php#Debugger

proxy

Thanks for the update.

Regards,

Although you can always do so yourself, I have updated the entry for your EDB Linux Debugger in the Collaborative RCE Tool Library to show it is now at version 0.8.22.

I also updated your Tool's link in the CRECTL to show the current version:

http://www.codef00.com/projects/debugger-0.8.22.tgz

You will find your particular tool described here, if you want to add the updates yourself in the future:

http://www.woodmann.com/collaborative/tools/EDB_Linux_Debugger

Regards,

Just wanted to give everyone an update. I've been hard at work making edisassm support x86-64 since this has been the biggest hurdle towards making edb support x86-64.

Things are moving along VERY nicely, I almost have it working 100% correctly (for all known/tested cases).

Beyond that, EDB 0.9.0 will hopefully be coming a long relatively shortly (I hope to get back into my fast release cycle I had during the early 0.8.x days soon ).

Catch you guys later!

proxy

Glad to hear you're still working on this nice project proxy, thanks for the update.

Thanks Proxy, I could really use a good debugger for x64. Can't wait to have this.

Has anyone built this on FC9? I've jumped through herculean hoops, and still no go.

Could you elaborate on the build issues and your environment? Are you using qmake-qt4 or qmake? Also, on some configurations, you need to run: qmake-qt4 QT_ARCH=i386.

In addition to this, Ubuntu seems to have included "--no-undefined" in its default LDFLAGS for QT. This is causing a problem for the plugin build. To resolve this, please add the following line to the unix section of plugins/plugins.pri: QMAKE_LFLAGS -= -Wl,--no-undefined.

Sorry for the build issues, I hope to have them resolved in 0.9.0 .

proxy

If I just untar it, and follow your directions(qmake, make), I get this:

/usr/lib/qt-3.3/bin/uic debuggerui.ui -o debuggerui.h
Session management error: Authentication Rejected, reason : None of the authentication protocols specified are supported and host-based authentication failed
uic: File generated with too recent version of Qt Designer (4.0 vs. 3.3.8b)
make[1]: *** [debuggerui.h] Error 1

Obviously this means that the DEFAULT Qt is 3.3.8b, and not at least 4.0 which it seems to require. I've downloaded "qt-x11-opensource-src-4.3.4" and tried my best to install it in a way that made it happy, but to no avail.

Is there a standard (read EASY) way to install Qt 4?

well the README (and my comment above) says this RIGHT AFTER the qmake; make instructions:

"On certain systems your qmake make be named slightly differently, I've noticed that the Fedora Core rpms name it qmake-qt4."

So basically, install qt4 and development packages, then run qmake-qt4 as the instructions indicate and you shouldn't have an issue. You may need to run "qmake-qt4 QT_ARCH=i386" depending on if FC9 has the buggy installation or not.

I did cover this in my initial response

Thanks and good luck,
proxy

qmake-qt4 not found!

[root@localhost debugger]# updatedb
[root@localhost debugger]# locate qmake-qt4
[root@localhost debugger]#

So I tried to install it.

[root@localhost debugger]# yum install qmake-qt4
Loaded plugins: refresh-packagekit
Setting up Install Process
Parsing package install arguments
No package qmake-qt4 available.
Nothing to do
[root@localhost debugger]#

"yum install qt4-devel"

Getting closer!

[root@localhost debugger]# qmake-qt4 QT_ARCH=i386
[root@localhost debugger]# make
cd src/ && /usr/bin/qmake-qt4 src.pro -unix QT_ARCH=i386 -o Makefile
cd src/ && make -f Makefile
make[1]: Entering directory `/home/chris/Downloads/debugger/src'
/usr/lib/qt4/bin/uic widgets/binarystring.ui -o ui_binarystring.h
/usr/lib/qt4/bin/uic debuggerui.ui -o ui_debuggerui.h
/usr/lib/qt4/bin/uic dialogattach.ui -o ui_dialogattach.h
/usr/lib/qt4/bin/uic dialogmemoryregions.ui -o ui_dialogmemoryregions.h
/usr/lib/qt4/bin/uic dialogoptions.ui -o ui_dialogoptions.h
/usr/lib/qt4/bin/uic dialoginputvalue.ui -o ui_dialoginputvalue.h
/usr/lib/qt4/bin/uic dialoginputbinarystring.ui -o ui_dialoginputbinarystring.h
g++ -c -pipe -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -Wall -W -D_REENTRANT -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_CORE_LIB -I/usr/lib/qt4/mkspecs/linux-g++ -I. -I/usr/include/QtCore -I/usr/include/QtCore -I/usr/include/QtGui -I/usr/include/QtGui -I/usr/include -I../include -Iwidgets -Iedisassm -Ios/unix -I../include/os/unix -Iarch/i386 -I../include/arch/i386 -I. -I. -o SymbolManager.o SymbolManager.cpp
g++ -c -pipe -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -Wall -W -D_REENTRANT -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_CORE_LIB -I/usr/lib/qt4/mkspecs/linux-g++ -I. -I/usr/include/QtCore -I/usr/include/QtCore -I/usr/include/QtGui -I/usr/include/QtGui -I/usr/include -I../include -Iwidgets -Iedisassm -Ios/unix -I../include/os/unix -Iarch/i386 -I../include/arch/i386 -I. -I. -o ByteShiftArray.o ByteShiftArray.cpp
g++ -c -pipe -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -Wall -W -D_REENTRANT -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_CORE_LIB -I/usr/lib/qt4/mkspecs/linux-g++ -I. -I/usr/include/QtCore -I/usr/include/QtCore -I/usr/include/QtGui -I/usr/include/QtGui -I/usr/include -I../include -Iwidgets -Iedisassm -Ios/unix -I../include/os/unix -Iarch/i386 -I../include/arch/i386 -I. -I. -o DialogInputBinaryString.o DialogInputBinaryString.cpp
g++ -c -pipe -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -Wall -W -D_REENTRANT -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_CORE_LIB -I/usr/lib/qt4/mkspecs/linux-g++ -I. -I/usr/include/QtCore -I/usr/include/QtCore -I/usr/include/QtGui -I/usr/include/QtGui -I/usr/include -I../include -Iwidgets -Iedisassm -Ios/unix -I../include/os/unix -Iarch/i386 -I../include/arch/i386 -I. -I. -o DialogOptions.o DialogOptions.cpp
g++ -c -pipe -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -Wall -W -D_REENTRANT -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_CORE_LIB -I/usr/lib/qt4/mkspecs/linux-g++ -I. -I/usr/include/QtCore -I/usr/include/QtCore -I/usr/include/QtGui -I/usr/include/QtGui -I/usr/include -I../include -Iwidgets -Iedisassm -Ios/unix -I../include/os/unix -Iarch/i386 -I../include/arch/i386 -I. -I. -o DialogInputValue.o DialogInputValue.cpp
g++ -c -pipe -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -Wall -W -D_REENTRANT -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_CORE_LIB -I/usr/lib/qt4/mkspecs/linux-g++ -I. -I/usr/include/QtCore -I/usr/include/QtCore -I/usr/include/QtGui -I/usr/include/QtGui -I/usr/include -I../include -Iwidgets -Iedisassm -Ios/unix -I../include/os/unix -Iarch/i386 -I../include/arch/i386 -I. -I. -o MD5.o MD5.cpp
MD5.h: In static member function \u2018static T MD5::rol(T, int) [with T = unsigned int]\u2019:
MD5.h:56: instantiated from \u2018static void MD5::doTransform(quint32&, quint32, quint32, quint32, quint32, quint32, quint32) [with quint32 (* Fun)(quint32, quint32, quint32) = MD5::F]\u2019
MD5.cpp:173: instantiated from here
MD5.h:50: warning: suggest parentheses around + or - inside shift
g++ -c -pipe -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -Wall -W -D_REENTRANT -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_CORE_LIB -I/usr/lib/qt4/mkspecs/linux-g++ -I. -I/usr/include/QtCore -I/usr/include/QtCore -I/usr/include/QtGui -I/usr/include/QtGui -I/usr/include -I../include -Iwidgets -Iedisassm -Ios/unix -I../include/os/unix -Iarch/i386 -I../include/arch/i386 -I. -I. -o Debugger.o Debugger.cpp
In file included from ByteStreamRegion.h:23,
from DebuggerMain.h:23,
from Debugger.cpp:30:
ByteStream.h:50: warning: type qualifiers ignored on function return type
Debugger.cpp: In function \u2018DebugEventHandlerInterface* edb::v1::setDebugEventHandler(DebugEventHandlerInterface*)\u2019:
Debugger.cpp:111: error: \u2018q_atomic_set_ptr\u2019 was not declared in this scope
make[1]: *** [Debugger.o] Error 1

Ah, see that is a genuine bug. It has been fixed already in the development tree. The problem is that the atomic qt functions I used were not part of the public API (and in this case, they went away).

You can fix this by opening src/Debugger.cpp and changing the contents of two functions to be like this:



I think this should resolve the issue for you.

proxy

g++ -c -pipe -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -Wall -W -D_REENTRANT -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_CORE_LIB -I/usr/lib/qt4/mkspecs/linux-g++ -I. -I/usr/include/QtCore -I/usr/include/QtCore -I/usr/include/QtGui -I/usr/include/QtGui -I/usr/include -I../include -Iwidgets -Iedisassm -Ios/unix -I../include/os/unix -Iarch/i386 -I../include/arch/i386 -I. -I. -o QDisassemblyView.o widgets/QDisassemblyView.cpp
widgets/QDisassemblyView.cpp: In member function \u2018int QDisassemblyView::addressLen() const\u2019:
widgets/QDisassemblyView.cpp:408: error: \u2018CHAR_BIT\u2019 was not declared in this scope
make[1]: *** [QDisassemblyView.o] Error 1

heh, ok, yet another one that is fixed in the dev tree.

whenever it complains about CHAR_BIT, that means that the <climit> header is missing.

Just put "#include <climits>" at top of any files which complain about this. (I Think QDisassemblyView.cpp has the same issue).

hopefully, that's the last of the build issues. Unfortunately, FC isn't my default build environment, so I didn't catch these during the last release

proxy

One more time!

g++ -c -pipe -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -Wall -W -D_REENTRANT -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_CORE_LIB -I/usr/lib/qt4/mkspecs/linux-g++ -I. -I/usr/include/QtCore -I/usr/include/QtCore -I/usr/include/QtGui -I/usr/include/QtGui -I/usr/include -I../include -Iwidgets -Iedisassm -Ios/unix -I../include/os/unix -Iarch/i386 -I../include/arch/i386 -I. -I. -o MemoryRegions.o os/unix/MemoryRegions.cpp
os/unix/MemoryRegions.cpp: In member function \u2018void MemoryRegions::Region::setPermissions(bool, bool, bool, edb::address_t)\u2019:
os/unix/MemoryRegions.cpp:355: error: \u2018memcpy\u2019 is not a member of \u2018std\u2019
os/unix/MemoryRegions.cpp:356: error: \u2018memcpy\u2019 is not a member of \u2018std\u2019
os/unix/MemoryRegions.cpp:357: error: \u2018memcpy\u2019 is not a member of \u2018std\u2019
os/unix/MemoryRegions.cpp:358: error: \u2018memcpy\u2019 is not a member of \u2018std\u2019
make[1]: *** [MemoryRegions.o] Error 1

same story as last time, just "#include <cstring>" instead.

I hope this is the last one

Almost. I fixed a couple more instances of the missing cstring.

And I get this one:

[root@localhost debugger]# make
cd src/ && make -f Makefile
make[1]: Entering directory `/home/chris/Downloads/debugger/src'
g++ -c -pipe -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -Wall -W -D_REENTRANT -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_CORE_LIB -I/usr/lib/qt4/mkspecs/linux-g++ -I. -I/usr/include/QtCore -I/usr/include/QtCore -I/usr/include/QtGui -I/usr/include/QtGui -I/usr/include -I../include -Iwidgets -Iedisassm -Ios/unix -I../include/os/unix -Iarch/i386 -I../include/arch/i386 -I. -I. -o Instruction.o edisassm/Instruction.cpp
edisassm/Instruction.cpp: In function \u2018std::string& toupper(std::string&\u2019:
edisassm/Instruction.cpp:1066: error: \u2018transform\u2019 is not a member of \u2018std\u2019
make[1]: *** [Instruction.o] Error 1

try these:

#include <algorithm>
#include <functional>

rest assured that in 0.9.0 (will be released soon) all of these issues will be fixed (and tested on FC and Ubuntu for compatibility).

proxy

I was going to offer to tar up the version that finally compiles, and send it to you.

g++ -c -pipe -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -Wall -W -D_REENTRANT -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_CORE_LIB -I/usr/lib/qt4/mkspecs/linux-g++ -I. -I/usr/include/QtCore -I/usr/include/QtCore -I/usr/include/QtGui -I/usr/include/QtGui -I/usr/include -I../include -Iwidgets -Iedisassm -Ios/unix -I../include/os/unix -Iarch/i386 -I../include/arch/i386 -I. -I. -o ArchProcessor.o arch/i386/ArchProcessor.cpp
arch/i386/ArchProcessor.cpp: In member function \u2018void ArchProcessor::doFunctionParamterResolution(const QString&, int, QStringList& const\u2019:
arch/i386/ArchProcessor.cpp:359: error: \u2018INT_MAX\u2019 was not declared in this scope
arch/i386/ArchProcessor.cpp: In member function \u2018void ArchProcessor::analyzeJumpTargets(const Instruction&, QStringList& const\u2019:
arch/i386/ArchProcessor.cpp:728: warning: suggest parentheses around && within ||
make[1]: *** [ArchProcessor.o] Error 1

thanks for the offer of the tarball, but like i said, all of these are fixed in the current source tree. (feel free to attach it to this thread though for others).

As for that issue, I beleive #include <climits> should fix it, if not, #include <stdint.h>

proxy

g++ -c -pipe -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -Wall -W -D_REENTRANT -fPIC -DQT_NO_DEBUG -DQT_PLUGIN -DQT_GUI_LIB -DQT_CORE_LIB -I/usr/lib/qt4/mkspecs/linux-g++ -I. -I/usr/include/QtCore -I/usr/include/QtCore -I/usr/include/QtGui -I/usr/include/QtGui -I/usr/include -I../../include -I../../include/arch/i386 -I../../include/os/unix -I. -I. -o DebuggerCore.o DebuggerCore.cpp
DebuggerCore.cpp: In member function \u2018void DebuggerCore::doExecProcess(const QString&, const QString&, const QStringList&\u2019:
DebuggerCore.cpp:778: warning: ignoring return value of \u2018int chdir(const char*)\u2019, declared with attribute warn_unused_result
DebuggerCore.cpp: In member function \u2018virtual bool DebuggerCore:pen(const QString&, const QString&, const QStringList&, const QString&\u2019:
DebuggerCore.cpp:836: error: \u2018abort\u2019 was not declared in this scope
DebuggerCore.cpp:827: warning: ignoring return value of \u2018FILE* freopen(const char*, const char*, FILE*)\u2019, declared with attribute warn_unused_result
DebuggerCore.cpp:828: warning: ignoring return value of \u2018FILE* freopen(const char*, const char*, FILE*)\u2019, declared with attribute warn_unused_result
DebuggerCore.cpp:829: warning: ignoring return value of \u2018FILE* freopen(const char*, const char*, FILE*)\u2019, declared with attribute warn_unused_result
make[2]: *** [DebuggerCore.o] Error 1

getting close, now you are onto plugins

#include <cstdlib> for that one

COMPLETE! Thanks for your help!

I would have been happy with you sending me a working copy! :-P

To all who are interested, 0.9.0 has been released. I started a new thread for the 0.9.x series here: http://www.woodmann.com/forum/showthread.php?p=75384

proxy