2010-10-16 ---------- * Since the tools that ./edb_make_symbolmap is dependant on are not uniform across all the platforms that I intend to support. I have built symbol file generation into edb directly. Running './edb --symbols <filename>' will create a symbol file in the same format as the old script. For now, ELF is the only supported format but more will be added as needed. This also means that future versions of edb will be able to generate symbols as needed if no symbol file is provided, making things "just work" more often. 2010-10-14 ---------- * Improved the way that different OS's are handled in the source tree a bit * Added more detection of suspicious breakpoints (ones that are likely a user error). * OpenBSD support is now at a functional level. There are some features missing, but it is a good start. You can do all of the basic debugging tasks now. 2010-10-10 ---------- * Reference finder now will find calls/jumps and consider them code refernces double clicking those results will jump to the address in the CPU view. * Code in general has now adopted a more clean and consistant style. It is a work in progress, but almost all plugin accessible code is conformant. * Compiles and attaches on OpenBSD, but unfortunately cannot step yet. Almost functional. * OpenBSD use KVM to get process maps, much cleaner than relying on other meathods. * The breakpoint API is simpler and has less redundancy between the core and the edb namespace. * Minor fixes for arches that don't support unaligned access. No such arch is currently supported, but may as well plan ahead ;-). * New ROP gadget finder plugin. It is in the early stages, but will evolve over time. I hope to support some form of automatic shellcode generation in the future. * Experimental "run until return" support. This is slow and not always correct but a start. It seems that linux delivers a different event when stepping over a syscall instruction, so I'm not sure of the best way to address that. 2010-09-20 ---------- * Lots of small fixes here and there. * Lots of work towards a working OSX port. It isn't quite there yet, but the ground work is being layed. * Fixed a bug in the expression parser. * Working towards a new improved edisassm API which will make introducing new arches much simpler in the long run. * Fixed a hang when trying to use gnome-terminal as the I/O TTY. It's not what I consider an ideal fix (string compare to determine what terminal you are using), but it appears to be reasonable. * LOTS of small speed tweaks all over the place. * Did some work trying to get a functional trace mode, in my tests it is almost working correctly, but not quite there. 2010-07-02 ---------- * Added Ctrl+G shortcut. This is a global shortcut which will activate the "goto" functionality of the widget with the focus. * Made the instruction analysis window update the register values are changed by the user. 2010-06-07 ---------- * Added the ability to analyze the currently *viewed* region, not just the one that the IP is in currently. Also added an "Analyze Here" context menu to the cpu view. 2010-05-27 ---------- * Added display of fs and gs base addresses. There is not an aweful lot of things you can do with this information since you cannot set this value directly. But it does provide a nice way to see what the address of the what is commonly the TEB/TCB. * [E/R]FLAGS is now editable again in the GUI. I accidentally disabled this in the last release while refactoring some code. * Much cleaner event model implemented. It is much more robust and simpler too! Now handlers simply return codes describing the resume state. The only thing to keep in mind is that if you play with the state in a handler. You almost always have to call edb::v1::syncronizeState() so the resume functions have an up to date view to work with. * Thanks to the new event model, breakpoint conditions work much more reliably. * Minor optimization in resuming, no longer steps before a resume when it isn't neccessary. * NOTE: I believe that I found a kernel bug where stepping in a signal handler can cause the target process to have the TF flag set incorrectly. Resulting in a purpetual stepping state. I may be able to work around this by explicitly masking the flag in certain circumstances. But I feel this might result in other subtle bugs. Hopefully, if this isn't the expected behavior the linux guys will have this fixed soon. See: https://bugzilla.kernel.org/show_bug.cgi?id=16061 for details. 2010-05-26 ---------- * Fixed decoding of cmpxchg8b in 64-bit mode. It was incorrectly being decoded as cmpxchg16b. * Started working on improving the event model of edb. It will be a lot of work, but in the end it will be much more robust * Fixed a fairly major bug, I'm suprised that noone noticed ;) Opcodes which are completely different in 64-bit mode (like 0x06 is "push es" in 32-bit but invalid in 64-bit) were not being decoded properly at all. The alternated tables were not being linked into the disassembly library correctly. 2010-04-27 ---------- * Lots of minor tweaks and code refactoring * Themes! there is no UI for modifying them, but you can set them up in the config file (~/.config/codef00.com/edb.conf) manually. Basically there is a "[Theme]" section which gets read on startup (a change will need a restart to take effect). In this section there are a bunch of settings that effect the look of the disassembly which looks like this: theme.<category>.<property>=<value> Valid categories are: register constant ptr prefix flow_ctrl function stack comparison data_xfer arithmetic logic shift Valid properties are: foreground background weight italic underline NOTES: you may omit any property, which will yield the default value look for that property. foreground and background are colors, this is a string which can be anything you can pass to a QColor(const char *) constructor. So, it can take named constants such as "green" or hex color codes like "#00ff00", the special value, transparent is also allowed. See the Qt documentation for the full details. weight is on a scale of 0 to 99. 50 being normal and 75 being bold. italic and underline are typical boolean values. EXAMPLE (this will give the default look): [Theme] theme.register.foreground=red theme.register.background=transparent theme.register.weight=75 theme.register.italic=false theme.register.underline=false theme.constant.foreground=black theme.constant.background=transparent theme.constant.weight=50 theme.constant.italic=false theme.constant.underline=false theme.ptr.foreground=darkGreen theme.ptr.background=transparent theme.ptr.weight=50 theme.ptr.italic=false theme.ptr.underline=false theme.prefix.foreground=black theme.prefix.background=transparent theme.prefix.weight=75 theme.prefix.italic=false theme.prefix.underline=false theme.flow_ctrl.foreground=blue theme.flow_ctrl.background=yellow theme.flow_ctrl.weight=50 theme.flow_ctrl.italic=false theme.flow_ctrl.underline=false theme.function.foreground=blue theme.function.background=yellow theme.function.weight=50 theme.function.italic=false theme.function.underline=false theme.stack.foreground=blue theme.stack.background=transparent theme.stack.weight=50 theme.stack.italic=false theme.stack.underline=false theme.comparison.foreground=blue theme.comparison.background=transparent theme.comparison.weight=50 theme.comparison.italic=false theme.comparison.underline=false theme.data_xfer.foreground=blue theme.data_xfer.background=transparent theme.data_xfer.weight=50 theme.data_xfer.italic=false theme.data_xfer.underline=false theme.arithmetic.foreground=blue theme.arithmetic.background=transparent theme.arithmetic.weight=50 theme.arithmetic.italic=false theme.arithmetic.underline=false theme.logic.foreground=blue theme.logic.background=transparent theme.logic.weight=50 theme.logic.italic=false theme.logic.underline=false theme.shift.foreground=blue theme.shift.background=transparent theme.shift.weight=50 theme.shift.italic=false theme.shift.underline=false theme.system.foreground=blue theme.system.background=transparent theme.system.weight=75 theme.system.italic=false theme.system.underline=false 2010-04-01 ---------- * Made the copy operation of QHexView widgets do an ascii rendering of what the user has selected, this is infinitely more useful. * Re-added the jump/call target symbol display in the disassembly view. This was accidentally chopped when I added syntax highlighting. 2010-03-31 ---------- * Code cleanup * Fixed potential memory corruption in symbol management code (could not demonstrate it, but technically it was possible). * Added some options to the DumpState plugin * The DumpState plugin now uses the current data view tab as the basis for its "data" portion of the output * Got rid of the insanity of having "ctrl+c" mean "check version". :-P * The BreakpointManager is no longer a modal dialog. * Improved const correctness of some things * Fixed corner case where the UI wouldn't update immediately 2010-02-26 ---------- * Added support for highlighting of flow control commands * Next version will allow "schemes" in the same sense that ollydbg does you will be able to edit the configuration file to adjust the colors to your liking. 2010-02-25 ---------- * Added support for comments for bookmarks * Fixed a bug where the UI didn't update immediately after closing the config dialog * syntax highlighting in the CPU view! 2010-01-15 ---------- * Added "Add Bookmark" to CPU view context menu. 2009-12-28 ---------- * Too many small changes to list here :-P * Increased minimum Qt version from 4.2 to 4.5. Now that 4.5 is widely deployed I think this is a reasonable requirement. 2009-10-19 ---------- * Fixed builds on some systems. * Made it so you can load plugins in any order and they should work just fine. * Disabled graphing capabilities for this release. Unfortunately, graphviz has made a habit of breaking source compatibility in there C API which means that the build will break on some systems. I may need to add some sort of configure script in order to make this work correctly on all supported systems :-(. 2009-10-17 ---------- * Fixed a crash if edb was set to use a terminal for I/O, but the program field was empty. * Many small optimizations. * A little bit of reorganization in the source tree. * More steps towards good thread support. * More functional in Win32 builds (still not good enough yet, but getting closer) * Heap Graphs! Sometimes they take a really long time to render, but they work and can show relationships between nodes! 2009-09-10 ---------- * A few portability tweaks, working on creating a proper visual studio project file eventually. * QHexView and QDisassemblyView now format the address based on the size of address_t instead of the native pointer size of the machine. This will allow the possibility of future builds being able to do remote debugging and/or debugging of 32-bit apps on a 64-bit platform. 2009-08-17 ---------- * Fixed a crashable dead reference usage in Analyzer/FunctionFinder plugins. * Improved the way that stop codes are handled internally, should make for cleaner code. * Some of the bigger operator new usages have exception guards. They shouldn't be needed in 99% of cases, but it's better to not crash :-P. 2009-08-11 ---------- * Lots of minor code improvements. * Fixed conditional Breakpoints. * Fixed HW Breakpoints (I think). 2009-07-16 ---------- * Improved the way plugin options pages are shown. 2009-07-13 ---------- * Instruction<> objects are now "copyable", this is a somewhat expensive operation, but is the first step towards making edisassm support being an assembler as well (since it will return an Instruction object). 2009-07-11 ---------- * Made DebugEvent object a bit smarter as far as the info they carry with them. This should simplify things a bit. * Now passing DebugEvent by reference to handlers. I couldn't before because the events were coming from the "Event Thread" but now that that is phased out it is more efficient to pass them this way. * Changed the binary info plugins to be based on looking at a region, not a file this is more flexible as it will allow it to analyze data which is only seen at runtime. 2009-07-09 ---------- * Seems that older versions of gcc have slightly different behavior with regard to exported embedded classes. Minor update 2009-07-08 ---------- * Heap analyzer now uses a linear search for the heap structures. This seem to work nicely for both x86-64 and x86 arches. 2009-07-03 ---------- * Added code to the heap analyzer to have it work with newer versions of glibc. I should probably have some sort of search method instead of fixed offsets, or better yet, do something reliable :-P. * Provided a means for plugins to add tabs to the options dialog. The CheckVersion and Analyzer plugins now use this feature. * The analyzer now has the option of not using "fuzzy" logic to find functions. Without fuzzy logic, it is *much* faster and the results are very high quality (since it only searches for functions reachable from known code). But will find much less. The default is to use fuzzy logic. 2009-07-01 ---------- * Analyzer is *much* faster than it was, and more accurate in finding functions. 2009-06-30 ---------- * More work done to the core to help add thread support (not quite there yet). * Working on cleaning up the conditional BP stuff, making it more robust. * I believe that I have fixed the restart occasionally failing issue. Turns out that you should do a waitpid() after a detach to avoid getting events from the previously debugged process. 2009-06-20 ---------- * Enabled UTF-16 support in base string searching routines. For now, it only will find strings which use the basic ASCII character set. Eventually I'll find a good technique for finding non-english language strings as well. * I Finally figured out how to safely catch SIGCHLD when using Qt4. This has enabled me to implement a version of waitpid which has a timeout! I am hoping that this proves to be nice and stable to I can finally phase out the "Event Thread." Which is necessary since ptrace really doesn't play nicely when different threads are used. 2009-05-29 ---------- * Once again revised the plugin API. Now that the win32 build produces an edb.lib file, the original style is more appropriate. So once again, plugins can directly access the exported API. However, only the classes and functions which are part of the stable API will be exported since edb is now compiled with -fvisibility=hidden. * Cleaned up a lot of code now that the plugin system is simpler. * Internal management of breakpoints is now simpler. Now I use shared pointers to BP objects which use RAII techniques. This has made the code which manages breakpoints MUCH cleaner :). * Fixed a crash when removing breakpoints via the breakpoint manager plugin. 2009-05-27 ---------- * Fixed the current line being outside of the disassembly view in certain circumstances. 2009-05-26 ---------- * Added display of symbols in the code view. * Added the basis for future colorization in the disassembly. * Improved the way uppercase disassembly is handled. Most visibly, hex strings are displayed like "0xDEADBEEF" instead of "0XDEADBEEF" making this much more readable in uppercase mode. 2009-05-15 ---------- * Fixed crash during initial config if it couldn't find the DebuggerCore plugin. 2009-04-14 ---------- * Added the undocumented SAL opcode to edisassm. 2009-03-30 ---------- * Fixed a bug in edisassm's disassembly of operands of type Ob and Ow. 2009-02-10 ---------- * Moved the session handler code to be a plugin now. This will allow more creative session implementations. For example, the session files could be actually in a sqlite3 database, or even a mysql database for collaborative commenting. It should be much more flexible. 2009-02-04 ---------- * Fixed a bug in the memory region modification code. It would ask if you wanted to remove the execute permissions of the last executable region any time there was only one left with execute permissions. This was the case even if the region you wanted to modify wasn't executable to begin with. * Started using boost::bind a lot more to make the code much more concise. Doing this will allow me to make a lot of the "search memory" code be run by a std::for_each calling a function object. The nice thing about this is that it will nicely match the way that Qt's concurrent model. Making for a smooth transition. 2009-01-23 ---------- * I've decided to start using boost (particularly smart pointers) wherever appropriate. It will help make the code less likely to have bugs. Once Qt 4.5 is out for long enough, I'll likely switch over to them their smart pointers since there is no point in having multiple library dependencies. But I feel that boost is such a robust library, it would be silly not to take advantage of it. 2009-01-22 ---------- * Implemented the "Find ASCII string in stack" feature. Works like a charm. To be clear, it is searching for pointers to matching strings on the stack, no strings in the stack itself. I *think* this is what people would want. Also, it only cares if the the search string is the beginning of the string on the stack (so if you look for "/bin/" it'll find "/bin/ls"). This is because there could be any amount of data (or characters) after the string on the stack. * Added the ability for plugins to add items to the various context menus. This should allow much more useful plugins in the future. Starting with the recently requested "Find ASCII string in stack" feature. 2009-01-08 ---------- * Reorganized much of the DebuggerCore code into separate platform specific files to make things much easier to maintain. 2008-12-28 ---------- * Imported some code provided by Phillip Mayhew which is the beginning of a OSX port. He provided almost all of the functionality necessary to get the DebuggerCore plugin to be functional. Now I'll just have to start testing on a Mac soon. 2008-12-11 ---------- * Fixed defunct process issue on kill/restart (missing waitpid) * simplified a lot of code involving starting and stopping things. I used to delete/create objects each time. But simply stopping/starting them is sufficient and means that I can do less NULL checks. * Simplified the event loop. * Replaced all dynamic_cast's with qobject_cast's which don't require rtti. 2008-12-10 ---------- * New plugin system is complete and things are working normally again. A few internal functions take more parameters but it decouples those parts from the rest of the system. * Windows port is now able to attach and (usually) step. * Improved portability of error handing system. 2008-12-08 ---------- * Started to make some large changes to how plugins interact with the core application. Not all platforms I'd like to target support having a plugin import symbols from the application that is loading it (*cough* windows *cough*). So now there is a "PluginAPI" structure which is passed to every plugin upon init which it will make a copy of (the interface code does this for you and makes it accessible through an m_API variable). This new system allows me to have much more strict control over what a plugin is allowed to do within edb which is nice, but it also will require I have a "Core Library" that all plugins and edb will have to link to in order for them to share classes which unfortunately means a little bit of binary code duplication. Oh well. 2008-12-07 ---------- * Added a messagebox warning when the arch edb was built for doesn't match the target process's arch. 2008-12-06 ---------- * More changes to support Win32/Win64 * Fixed a crash when no analyzer plugin is available. * Started framework for supporting UTF16 strings in analysis. Currently it's a lot of boxes and such, but I beleive it is working generally OK. 2008-12-05 ---------- * Made some minor changes to the edisassm.pro file * Reworked some function definitions to work around a visual studio bug. * edisassm *finally* builds with visual studio 2008! Time to start porting edb to windows :-) 2008-11-14 ---------- * Improved the ebuild on 64-bit platforms. * Fixed search and replace error with default plugin path, it should work correctly now. * Minor improvements to the html documentation. 2008-10-20 ---------- * Right clicking in the register view will no longer show "Follow In ___" options for things such as segments, eflags and FPU values. these do not have meaningful values as addresses. 2008-10-14 ---------- * Fixed a bug where some old stub code from before the 64-bit port was breaking any instructions which use the FS or GS segments :(. * Made the find ASCII string routines more intelligent about what they consider to be an "ASCII" character. The output is a lot more comparable to the unix strings command. 2008-10-08 ---------- * Switched from edb::v1::log to qDebug. The nice thing about this is that it functions very much the same as my old logging. But also supports stream oriented logging. Finally, it is "hookable" so that a widget could be used to show the logging in a widget if we want. * Made several string displays a bit more Unicode friendly. This most visibly results in "high" ASCII characters no longer appearing as junk. 2008-10-06 ---------- * Started prepping the code for internationalization, this will be an ongoing process. Once the process is started and I have at least one non-english translation, then it will be helpful if people report un-translated strings. But we aren't quite ready for that yet ;). * Fixed a 64-bit compatibility bug in the breakpoint plugin. * Sped up heap analyzer a lot by disabling updates during population. 2008-10-01 ---------- * Fixed a bug introduced in last version where several entries for 0x00000000 were be entered in the function finder plugin. This was actually a bug in the analysis engine where I failed to notice the side effects of reading a map using the [] syntax. * Made it so the symbol viewer plugin will by default open up symbols for code in the disassembly and data in the data views when double clicked. * Vastly improved the analyzer's handling of symbol information in its function search algorithm. 2008-09-29 ---------- * Added context menu to Symbol viewer's list so that you can select where to view the symbol in. * Added a plugin management window. Currently, it just lets you see what's been loaded. But in the future, I will try to make it so you can disable/enable different plugins. 2008-08-29 ---------- * Attempt #2 at making the /lib/ vs. /lib64/ automatic for 64-bit platforms. I think the new solution should work. 2008-08-25 ---------- * Added the ability for edb to get the base of the GS and FS segments. This allows the instruction analyzer to correctly display the values of certain expressions. This also makes segments valid in expressions, they will resolve to the base of the segment. Though CS/DS/ES/SS will always resolve to 0. One nice trick is that you can break on each system call by putting a breakpoint on [gs+0x10] (though 0x10 may vary from system to system). 2008-08-16 ---------- * Finished making the Heap Analyzer plugin work on x86-64. 2008-08-12 ---------- * Sped up analysis by avoiding redundant function analysis. It still isn't blazing fast, but is significantly better. * Fixed a few previously missed 64-bit portability issues. (toULong -> toULongLong). They were minor, but all of this type should be resolved. * Added a symbol viewer plugin. Double click to see a symbol's value in the the current data view. Eventually, I'll add a context menu to make it so you can view it in the code view too depending on the type. 2008-08-11 ---------- * Continued to make improvements to analyzer. It is more accurate, but also slower at the moment. I will look into good ways to speed it up. 2008-08-10 ---------- * Fixed some compilation issues on x86-64. Thanks to Stephan Hegel for working with me to make sure that x86-64 users have a functioning edb. * Reworked analysis to have a higher initial favoritism towards findings functions by recursively tracing known functions (symbols/main/entry point, etc). This will make the analysis more accurate though it does have the side effect of making "percentage complete" at lot less meaningful since while it will always stop, the number of iterations during analysis is indefinite. 2008-08-09 ---------- * Seems that <QtGlobal> needed to be included in QDisassemblyView.cpp for x86-64 targets. Simple fix, but it broke compilation for some platforms so I'm going to make a release for it. 2008-08-08 ---------- * Ouch, another bug fix. At least this time it was a failed assert. Basically, during my last fix, I forgot that reads can and will fail if done while the debugee is running. I have added code to special case this and handle it more correctly. (Which is of course how it used to act in the first place). 2008-08-04 ---------- * made plugins.pri smarter with library location. For 64-bit builds it will default to $prefix/lib64/edb/ 2008-07-29 ---------- * Since the config file was partially broken, I am taking this opportunity to finish reworking the naming convention for settings. Some settings will unfortunately be lost. But odds are they were being dropped anyway :-/. * WOW, I just noticed that for a long time (2-3 versions) options were not being actually saved. Fixed. * Seems that my QDisassemblyView optimization revealed an off by one error in the DebuggerCore which unfortunately was also crashable :(. But I believe that the logic is correct now. I've added a few more asserts to help avoid this type of bug in the future. 2008-07-25 ---------- * Made analysis slightly faster by factoring out some no longer needed code. * Simplified some code in the QDisassembler widget. Instead of passing an instruction, its buffer and its size, you can now just pass the instruction since it has references to the buffer and its size anyway. * Made the analyzer aware of using zeros as padding between functions. This will make the display more correct if displaying analyzed code. 2008-07-15 ---------- * Added "Follow Immediate in Dump" and "Follow Immediate in Stack" CPU context menus. They act similarly to the generic "Follow" CPU context menu. * Improved analysis speed. * Improved analysis quality, a few more types of common optimizations are detected. 2008-07-13 ---------- * Added a "Follow" item to the CPU context menu. Basically, if you right click on either a JMP or CALL which has an operand which can be evaluated, then there will be a "Follow" menu item that will scroll the CPU view to that location. 2008-07-12 ---------- * Removed some code which was implemented to work around Qt 4.0.x bugs since 4.2 is now a base requirement. * Added some atomic-ness for pointer manipulations. * Renamed some settings in configuration file to make them more consistent with new convention. * Fixed a integer underflow crash involving trying to select an address beyond the end of a region. Which was causing a negative size to be passed to the "edb::v1::getInstructionBytes" function. Q_ASSERTS were added to catch this in the future if a similar bug is present elsewhere. * Fixed a minor bug where tooltips would show data outside of the current region if there is an adjacent region sometimes. * Now attaching to a new process or opening a new program to debug will invalidate any analysis that has been done. Eventually, the analysis will be stored in session files so that it can be reused. But not yet ;). 2008-07-05 ---------- * more minor improvements to the analysis engine. * Fixed a corner case in the disassembler where it would misformat things like "and eax, 0xffff" as "and eax, -1" due to a mis-optimization. 2008-07-03 ---------- * Improved the analysis engine to be slightly more accurate. * Added graphical indication of function bounds based on analysis results. * You can now scroll the QHexView widgets by individual bytes by pressing up or down while holding the control key. 2008-07-01 ---------- * Centralized analysis engine and provided it with a plugin. The FunctionFinder plugin is now just an interface towards it. Ctrl+A will analyze the current region (though nothing is done with the results yet). I am hoping to have function framing and scrolling by instructions. * Added a "set EIP to selected instruction" to CPU context menu. * Improved hueristic for analyzer. It will now more accurately identify certain types of functions. 2008-06-18 ---------- * Fixed a bug in the hardware breakpoint manager plugin which didn't allow disabling of the last breakpoint. * Extended the maximum size that OpcodeSearcher will consider from 4 bytes to 8 bytes, which yields some more options. * Finished changing OpcodeSearcher plugin to use edisassm, it should be a lot more robust now. Forutnately, edisassm is pretty fast, so the performance impact isn't too bad. * Most dialogs use Qt 4.2.x's QDialogButtonBox's now which should give a better look on non-KDE platforms. 2008-06-12 ---------- * Fixed a bug in DebuggerCore involving hardware debug registers in 64-bit mode. this fix allows hardware breakpoints to work in 64-bit builds. * Changed OpcodeSearcher plugin to use edisassm when searching instead of hard coded values. This allows the code to be more easily ported to new archs such as x86-64. 2008-06-06 ---------- * Fixed minor bug with selections in QHexWidgets when selecting outside of the viewable range. There was an underflow, which was cast to an unsigned type causing some upward selections to select from start to the end of the range. * More improvements in 64-bit support. The ArchProcessor for x86-64 is now aware of the amd64 C calling convention and will now properly predict function arguments for when symbols are available. 2008-06-01 ---------- * Hardware breakpoints are much more complete, supporting Write, Read/Write, and Execute types of 1, 2, and 4 bytes sizes. 2008-05-31 ---------- * edisassm 1.5.2 released, mostely making the code more standards compliant to ensure that the code will compile on newer versions of g++. tested with 4.2.3 on Ubuntu. 2008-05-28 ---------- * edisassm 1.5.1 released with some minor bug fixes * Corrected some bugs in edb under x86-64 involving the analysis engine. 2008-05-28 ---------- * edisassm 1.5.0 released with EMT64 support! A lot of time was put into verifying the instruction tables to ensure that disassembly would be accurate. * A couple of minor bug fixes were done in edb. * Added patches to clean up build on ubuntu systems. 2008-05-18 ---------- * Added LOTs of SSE4 ops to edissasm, updated a bunch of the tables. 2008-05-07 ---------- * edisassm now can handle RIP relative addressing mode. I also fixed some decode ordering issues that were introduced when 64-bit mode was being added. The only piece left is the tweaking of the instruction tables to match what was added/removed/changed for 64-bit mode! 2008-05-06 ---------- * edisassm now can disassemble 64-bit code partially correct. It does not yet support RIP relative modes and does not take into account changes in the opcode map (new and removed opcodes). Soon edb will have full 64-bit support! 2008-04-30 ---------- * Made a large effort to port edisassm to 64-bit :) The most visible change is that is makes much larger use of templates. Instruction and Operand now take a template param (32 and 64 are valid). which can be used like this: Instruction<32> insn(buf, size); or you can use edb::Instruction which will be be typedefed to the appropriate type based on your build environment. Because of the massive ammount of templating needed to implement this, it is possible that older compilers will have trouble with it. I will test which compilers are expected to work. 2008-04-11 ---------- * Renamed REG_NONE to REG_NULL to avoid a conflict with windows headers. * Got edisassm compile on win32 for the first time :) 2008-03-24 ---------- * Improved some of the function finder code, I am planning on moving this to a more central analysis system. 2008-03-15 ---------- * Fixed some incorrect bit setting in HW breakpoint code. 2008-03-14 ---------- * Improved the HW breakpoint code. It will now show the enabled state based on what the application is actually in. So if you do something like reset the application, then the HW breakpoints will show as disabled (because they are). * Some general code optimizations. 2008-02-29 ---------- * First code for hardware breakpoints is in, edb can now set a hardware bp and resume from it, next is setting the proper type of bp (read/write/execute) as needed and also making the dialog show correctly even when application has been terminated or restarted. 2008-02-27 ---------- * Simplified some signal code in QHexView and Bookmarks plugin. * Started some very preliminary work on the hardware breakpoint plugin. So far I have the GUI planned out for it. It will likely require that the plugin hook the debug event system in order to enable resuming after hitting the BP. This is ok though since there is an infrastructure in place for that :). 2008-02-25 ---------- * Improved handling of breakpoints which aren't caused by int3 bytes placed by edb. for example: "int 3" (which encodes as 0xcd 0x03) is now handeled more correctly. * Preliminary code for hardware breakpoints is in place, the DebuggerCore is now able to get/set the debug registers on intel. The only real hurdle left is continuing after it is hit. This will need a similar system to software breakpoints. 2008-02-15 ---------- * Made some changes to help with portability. * Made edisassm use std::ifstream instead of mmap. 2008-02-12 ---------- * Simplified the expression code a bit by factoring down common code a bit. This results in a slightly larger binary, but smaller source (due to small function inlining). I think this is fine since the code is more managable. * Fixed expressions handling of the XOR operator "^". It was not properly implemented. * Moved the known function table to a plugin. It isn't super efficient quite yet but works well. 2008-02-10 ---------- * Made the columns in the disassembly view movable when mouse is 2 or less pixels away from from the line, not just exact match. This should make it an easier target. 2008-02-08 ---------- * Made DebuggerCore::readPages account for breakpoints in its results. * Fixed a bug where reads/writes could return success when they couldn't read this resulted. Fortunately this really didn't effect the result of any operations. 2008-02-06 ---------- * applied patch from elitak@gmail.com to plugins.pri to help avoid build errors on certain configuration. 2008-01-28 ---------- * updates Qt dependancy to be for version 4.2 or greater. There are a few features of Qt that I have held off from using or have worked around in the past. The next version (0.9.0) will no longer compile on versions lower than 4.2 2008-01-24 ---------- * Fixed more bugs in edisassm, it was some SSE opcodes where Intel docs claimed both operands have be Mod/RM, in which case I have no idea what the proper thing to do is. So, it is now in sync with what sandpile.org says, which matches other disassemblers output. I have also added a regression test for this. * You can now see symbols in the disassembler view if you move the left most line right. By default it will look as usual. But in a very similar way to ollydbg, you can now see known symbols next to addresses. * Improved function finder plugin. It will now give "bonus points" to functions which have known symbols. 2008-01-19 ---------- * Fixed a harmless crash when edb failed to load the debugger core plugin. This was introduced in the last release :(. 2008-01-17 ---------- * For builds on Qt >= 4.3, you can now give a tab a label but right clicking on it. * Made the QHexView and QDisassembly widgets use the system palette colors. This will make it so edb will match the prefered colour scheme of the user. 2008-01-16 ---------- * Fixed a potential crash on shutdown in the cleanup code * Fixed a silly crash where if you ran the function finder with no selected region (or if you are not attached to a program) it would crash. 2008-01-15 ---------- * Fixed a bug in ModRM/SIB decoding where in some cases the index and base were inversed. This only really showed up in the less used redundant encodings, so it didn't show up until I started my regression tests. 2008-01-14 ---------- * Fixed a bug in edisassm where it would think it didn't have enough space in the instruction buffer when prefixes are used. 2008-01-13 ---------- * Added a graphical indicator of the direction for relative jumps. 2008-01-12 ---------- * Improved load time. * Fixed some very minor bugs in the disassembler. * made disassembler differentiate between the different versions of ins/outs. 2008-01-10 ---------- * Fixed a bug in edisassm where 32-bit signed offsets which have the 16-bit set were being printed as 16-bit sign extended values. * Added some regression tests to edisassm. Unfortunately nasm and edisassm disagree on some syntax points and likes to re-order expressions sometimes, so I'll have to come up with some normalization strategy before it can be fully automated. But it's a start :). 2008-01-03 ---------- * Fixed a bug where if you used the fill feature ontop of a breakpoint it would not properly clear the breakpoint first. 2007-12-12 ---------- * Moved the ELFxxBinaryInfo classes to plugins. This is more modular and makes it far simpler to add new BinaryFile handlers in the future. 2007-12-10 ---------- * Added command line running of a program. You may write things like this: $ ./edb --run /bin/ls /etc /bin and it will start edb attached to a new instance of /bin/ls with the correct arguments passed. 2007-12-06 ---------- * Fixed a display bug (Bug #37) where it was possible to make the data tabs show data to a region which does not exist after detaching (showing all 0xff's). 2007-12-03 ---------- * Changed some code to convert numbers to toULongLong instead of toUInt to ensure that when 64-bit is supported, addresses will be interpreted correctly. 2007-11-31 ---------- * Ported the dump state plugin to be able to compile correctly on x86-64. 2007-11-29 ---------- * Added code to load/save session files (which are currently mostely empty) This will read the file header, check it for the session signature, md5 the file in the sessiona and compare that to the md5 of the currently debugged application. This way, it should never load a session file for the wrong application. Next, I'll be adding useful data to the session files, for starters I plan on having sessions remember breakpoints and bookmarks. 2007-11-28 ---------- * EDBTypes.h is now Types.h this will include the OSTypes.h and ArchTypes.h files, this makes adding new arch and os combinations much easier. * Made various input dialogs accept 64-bit values when building on an x86-64 platform. * Made many changes to help in portability to other platforms. edb will likely be ready for x86-64 within a version or two. The big stumbling block left is edisassm support for proper disassembly. 2007-11-27 ---------- * Now that I discovered that Qt has a qmake variable (undocumented) which represents the arch it is being compiled on. I have started work on dividing the code which is arch specific into special arch dirs, one for each build target (i386 is only which compiles, but it's a start). This should really help with porting to new targets. * Started very begining work towards a session file concept. I have mostely fleshed out what I want the file to look like. 2007-11-24 ---------- * EDBTypes.h will now define some macros based on the arch it beleives it is being built on such as EDB_X86_64 or EDB_X86. Also, it will define EDB_FMT_PTR which is a format specifier suitable for printing an edb::address_t type. * DebuggerCore now compiles on x86-64, however there is still much work left to be done. I need to add x86-64 support the the disassembler, and to a few other arch sensitive areas. 2007-11-20 ---------- * Added preliminary code for "--run" option which will allow the user to execute a program and attach to it from the command line, for example: $ ./edb --run /bin/ls /etc which would run /bin/ls with "/etc" as it's argument and attach to it. This code is not functional yet. * Added new findPluginByName to plugin API. This should allow some basic for of dependancies to plugins. This should not be used until plugins are fully loaded because there is no gaurantee as to the order of loading yet. So, as a good rule of thumb, don't use it in the plugin constructor. Hopefully, this will lead to more code reuse and maintainability. 2007-11-15 ---------- * Added identification of jump sources to instruction analysis. Now whenever stopped on an instruction, it will attempt to find out if a nearby relative jump has a target equaling the the instruction you are stopped on. 2007-11-14 ---------- * Setup new bugzilla for edb at: http://bugs.codef00.com/ * Implemented locked stack feature. It will stay locked at the position of the stack pointer (unless the stack pointer jumps to a whole other memory region) when enabled. 2007-11-08 ---------- * Added preliminary support for resizing the columns in the disassembly view. 2007-11-07 ---------- * Fixed a bug in the disassembler where it would ignore the displacement of an opcode encoded in a particular way. 2007-11-06 ---------- * Added option for CheckVersion plugin to automatically check for newest version on startup. It will not report anything if you are running an up to date version of edb. This feature is enabled by default. You can disable this feature by unchecking the menu item for it, found at: "Plugins" -> "CheckVersion" -> "Check On Start". When enabled, the plugin will perform a single HTTP get request to retrieve the latest available version number each time edb is started. 2007-10-23 ---------- * Worked on developing function and code analysis. I now have developed an algorithm which can do reasonable accurate degree which bytes are actually code bytes. Basically the concept is first to enumerate potential functions by disassembling at each possible address in a region. For each call I see I add it to a list and increase its reference count. Then for each function with 2 or more references, I do further analysis. While reviewing these functions with 2 or more references, I follow the code looking for the function end. If I see any calls to functions with a single reference, then they get a bonus reference and are re-added onto the list of calls to analyze. For now, the primary goal is to figure out the actual code bytes and bounds of the functions. Next I will try to identify the conditional logic in the functions. * Fixed duplicate error reporting on some invalid expressions. 2007-10-20 ---------- * Added a heuristic for locating the heap start when using a newer ld. It isn't 100% reliable, but seems to work "ok", I am hoping to solidify more checks in the future to make it more reliable. 2007-10-11 ---------- * Made some changes to the plugin API in order to help move towards a stable 1.0 API. 2007-10-09 ---------- * General code cleanups and optimizations * Added support for arguments with spaces in them. Arguments with spaces are specified with quotes, and if you need to have a quote character in the argument then you can escape it with \. 2007-09-17 ---------- * Added shortcuts to bookmarks (Ctrl + N will trigger the first 10 bookmarks). 2007-09-14 ---------- * Fixed a bug where I accidentally was copying from a QByteArray directly memcpy. It worked because the data array was the first class variable, but was not correct in principle. 2007-09-10 ---------- * Corrected a minor bug where the GUI didn't update correctly when using the stack widgets push/pop menu items. * Made Debugger::log a variadic function, this allows for passing formatted output directly without a temp, allowing for cleaner code. 2007-09-08 ---------- * Focused on optimising the code in certain locations. * FunctionFinder now uses the new readPages interface. This costs more memory, but seems to be more than twice as fast :). 2007-09-05 ---------- * BinaryStringSearch and ReferenceSearch now use the new readPages interface. This costs more memory, but seems to be more than twice as fast :). * Added a readPages routine to the DebuggerCoreInterface, since reading large blocks of data can be done more efficiently that individual bytes. 2007-08-28 ---------- * Fixed a bug where edb would hang if the TTY console specified in the options does not exist. It defaults to "/usr/bin/xterm". Thanks Dmitry Bulashev for reporting! 2007-08-27 ---------- * Corrected a minor bug where the core plugin would report success when trying to read when not attached. * Bookmarks plugin can now take expressions. 2007-08-26 ---------- * Added cool "data dump" plugin as per 0xf001s request :). Just hit ctrl+D and it'll shoot out a dump similar to GDB to stdout. * Added the ability to skip in-accessible regions (permissions currently "---") to both the reference search and the binary string plugins. Some applications such as wine like to create dummy regions like this. It should make the searching a little more bareable. 2007-08-20 ---------- * "Filling" instructions, as in functions which either have no real effect, and/or are usually used to fill the space between functions are now displayed in grey. This makes seeing where function boundaries are easier. 2007-08-20 ---------- * Added pointer detection to heap analysis. 2007-08-18 ---------- * Tables with numeric content columns are now sorted numerically. * I am working on stabalizing the programming API, BaseTypes:: and Debugger:: namespaces will be merged and renamed to edb::. The contents of Debugger:: will be located in in edb::v1:: to indicate version 1 of the plugin API. This way plugins will have a nice clean way of knowing which version of the API they are using. Functions in edb::v1:: will never be removed, after 1.0 is released. * Corrected a bug where step over didn't work if you were on a breakpoint. 2007-08-16 ---------- * Corrected copy and past bug in FunctionFinder plugin menu item name. 2007-08-15 ---------- * updated some of the documentation. 2007-08-14 ---------- * Added a "bookmarks" plugin, which allows you to put code addresses of your choice into a list, which you can later jump to. This plugin also serves as an example of how to add dock widgets to the main gui in a safe manor. * Fixed a subtle crash caused by debugging an app, opening a plugin dialog, then detaching, and eventually debugging a new process (which not closing the dialog. * Added a new "function finder" plugin. Suprisingly accurate. It includes a "reference count" column which is how many potential calls to this function the plugin saw. The higher the number, the greater the confidence that it is really a function entry point. * Speed increases. 2007-08-13 ---------- * Changed some of the global objects from pointers to references, this will reduce the need for null checks in many situations as well as simplify code. * added wait for console process to die before closing for a better cleanup. 2007-08-10 ---------- * Fixed accidentaly reference of breakpoint data after it was free when using one time breakpoints. Dangling pointers are no bueno! 2007-08-09 ---------- * Removed references to Qt 4.3 features from UI files. 2007-08-08 ---------- * Fixed a crashable bug introduced in last version, this was related to clearing the process state variable. Now that the state has virtual functions, it is no longer correct to use memset. * Added search filter to the opcode search plugin so you can find the region you want to search more easily. * Added search filter to the strings plugin so you can find the region you want to search more easily. * Made the MemoryRegions object also a QAbstraceItemModel, suitable for a QTableView. This should make it simpler/cleaner to display a table of available regions (there were already 3 copies of the code to fill the table in edb which will now no longer be needed, in addition to making the filtering code MUCH simpler since Qt can do it for us. 2007-08-06 ---------- * Improved the build system a little for plugins. They now all share common portions. * Added ascii string display in heap viewer plugin. Now if, the heap block contains an ascii string, it'll be displayed in the data column. I plan to add more types of known "data" to this column over time. * Added a filter to the environment viewer plugin so you can quickly find the variable you are looking for. 2007-08-02 ---------- * Conditional MOVs are now part of the instruction analysis, it will display whether or not the MOV will be performed based on the current flags. * I am making the config file entries use a more organized naming convention in the past they were very ad-hoc, but now i am going with namespaces. For example: debugger.terminal.enabled=true. For now this will only apply to new settings so no one loses settings, but the old names will eventually be phased out in 0.9.0 which is when I will start to stabilize the varying APIs in edb. * The view options for the stack and data views (word width/row width/which columns to display) are now stored in the config file and restored on reload. Data view is stored as well but is based on the options dialog because saving the options set in the context menu makes no sense (many tabs, which to use). 2007-08-01 ---------- * Added different binary fill options to the CPU context menu. Good for REMing out individual ops quickly. * Command window program is now configurable in the debugging options dialog. You can enable/disable it, and you can use the terminal program of your choice. The default is /usr/bin/xterm, as this should be fairly ubiquitous. "konsole --nomenubar --notabbar" works well for us KDE users out there as well. The only real rule is that whitespace is assumed to be an argument separator and bad things may happen if you try to be clever and use a program name or argument with a space in it. I was able to get launching konsole to simply lock up edb (no idea why) simply by using it from a path with a space in it. 2007-07-31 ---------- * Experimental code for opening an I/O window for command line apps is almost done. It actually works well, just need it to be more tunable. This is a big feature as it will allow more complete debugging of applications with a CLI. 2007-07-30 ---------- * Made the 3 byte UD opcode not decode as "invalid" but as "ud", since this op isn't really invalid, just is hardwired to generate an exception. * FPU registers are now highlighted on changes. * Made changes towards abstracting State such that it can be an opaque type. * Renamed types.h to EDBTypes.h to avoid conflict with system types.h. Sorry if this makes people change code, but API isn't stable yet ;). * Moved *nix specific headers to ROOT/include/os/unix from src, since plugins may and likely need to see those types, now the include dir is all that is NEEDED to have a plugin development setup. * Changed getValueFromUser to get a reg_t value, this should be more portable. (Thanks Thomas Faber!) * Improved DebuggerCore's reading/writing routines to be more portable and more flexible with regards to endian size and word size. (Thanks Thomas Faber!) * Thomas Faber's changes make edb a few steps closer to compiling and functioning correctly in an x86-64 setup. 2007-07-26 ---------- * Implemented PID enumeration on FreeBSD. Still a lot to go for things to compile and work... * Made edb_make_symbolmap work if you have md5 instead of md5sum in your system. * Added breakpoint management to CPU view context menu. 2007-07-25 ---------- * Fixed error in which a shallow copy of a transient variable was being used which is bad because the data could be trashed. 2007-07-21 ---------- * You can now see the FPU registers, they are currently read only, but it appears to work correctly. 2007-07-19 ---------- * Fixed a silly bug introduced recently where registers aren't properly un-highlighted when no longer attached. * Internally layed some ground work for reading FPU register support. * Fixed a bug in the debugging core plugin which could cause a caller of a read or write to think it succeeded when it didn't. It was very unlikely to get triggered and even so would likely have little to no side effects. 2007-07-17 ---------- * Made it so when you try to modify bytes which overlap a breakpoint, you are given the option to continue (which removes the breakpoints), or abort the modification. * Finally made the breakpoint dialog show the breakpoint type. * Introduced initial code for supporting more than one binary type. It still only accepts ELF32, but the framework is in place. * Fixed a bug where misaligned jumps were fooling the disassembly view widget this was pretty bad since a lot of the point of active debugging versus static analysis is to avoid getting fooled by tricks like this! 2007-07-16 ---------- * Fixed a bug where certain strings may not be reported corrected (some characters chopped out). * Fixed bug where offsets of 16-bit relative jumps were not being truncated like the CPU actually does. In the real thing, the target address has the upper 16-bits cleared. Not very useful in 32-bit code, but important to be correct. * Fixed bug in new register reading code. * Removed segfault due to settings invalid segments from TODO list, this is a kernel bug and entirely out of edb's control. 2007-07-13 ---------- * Numerous improvements to the disassembler, I believe it is fairly complete the only thing that's missing that I'm aware of is enforcement of certain rules (like mod/rm that must only be mem, and which ops certain prefixes are valid for). 2007-07-12 ---------- * Worked around a bug where Qt would deliver events to disabled actions if the shortcut key-combination is pressed. For now I have a check in each action where it simply returns if that action is not enabled. The Qt people seem to be aware of the issue, hopefully it'll be addressed in a future version of Qt. * Fixed ability to debug a process which receives unknown stop signals. Now it will simply break if you were trying to step. It is still annoying since frequent signals will make you have to step twice all the time, but at least it is now possible. * Fixed long standing (apparently no one noticed) bug where if you detached from a process while a breakpoint was set, the process had a chance of crashing. * Made operand analysis smarter, it now knows about different expression types (byte ptr, word ptr, dword ptr). * Identified a few bugs I would like ironed out before next release. * Many minor improvements in the disassembly output. It is difficult to decide when to use hex and when to use decimal, but I think I have something reasonable. * Good speedup in instruction analysis. 2007-07-11 ---------- * Finally compiled edb with edisassm ! This disassembly engine is faster and more robust than the previous one because I am more easily able to add specific features that edb can use into it. Unfortunately, this does mean that AT&T syntax is temporarily disabled. * Fixed a major crashable bug in QDisassemblyView widget, it was very subtle. 2007-07-06 ---------- * Finished environment viewer plugin * edisassm is almost complete and ready for integration * Condition flags can now be seen in the register view as a sub item to eflags * Split out the i386 stuff away from the GUI yet more, almost at a good point of portability. * More robust error checking * A few minor UI updates. 2007-05-31 ---------- * Multibyte invalid ops are now displayed properly. 2007-05-23 ---------- * Very preliminary TTY support. 2007-05-20 ---------- * Fixed a bug in getBinaryStringFromUser where it was setting the value before the maximum allowed length. This made it so values were truncated incorrectly. * Added Edit bytes to the QDisassembly viewer! * Fixed DebuggerCore incorrectly reporting success on reads/writes of where no bytes are read. 2007-05-16 ---------- * Added UID to attach dialog. * Added ability to filter out entries that don't match your UID in the attach dialog. 2007-05-15 ---------- * Added "Goto ESP/EBP" to stack context menu. * Fixed crashable bug in QDisassembly view, involving libdisasm, libdisasm will do a double free if "x86_oplist_free" is called on invalid opcodes, this is now avoided. * You can now always disassemble code nearing the edge of a region. 2007-04-30 ---------- * Isolated how recent files are managed away from primary GUI code. * Made register view and disassembly view fonts configurable from options dialog. * Made data view's font default to what is set in the options. * Font changes in the options now show immediately after accepting (clicking ok) the options dialog. 2007-04-27 ---------- * Break point manger now takes an expression for it's address * General code cleanups * Added stack analysis, will now show returns and ascii strings in stack viewer! 2007-04-24 ---------- * Made minimum length for ascii string detection tunable in options. * Improved the String Searcher plugin to reuse code in the Debugger API instead of using its own. 2007-04-23 ---------- * Began work on a new "Open Files" plugin, it can currently list open files and will eventually be able to show socket/pipe information as well. * Fixed minor display bug in tooltips for long instructions * Improved the internal disassembly API to make it more adaptable to other disassembly libraries 2007-04-19 ---------- * Vastley improved the speed of the Heap Analyzer's result view (order of minutes to seconds) 2007-04-15 ---------- * Added heuristic for resolving "main" symbol byte on bytecode matching if the symbol is not provided in the symbol map. This feature is currently very likely glibc specific. * Added some more steps towards 64-bit build support. 2007-04-13 ---------- * Added more constancy to context menus (operations you can do in the dump view, you can also do in the stack view most of the time now. 2007-04-11 ---------- * Registers are now highlighted in red if they have changed. 2007-04-08 ---------- * Fixed a crashable bug BinaryString search plugin if an empty string was supplied. 2007-04-07 ---------- * CheckVersion plugin will now respect the HTTP_PROXY environment variable. 2007-04-06 ---------- * corrected minor bug in edb_make_symbolmap.sh which preventing it from running on certain distributions which actually have /bin/sh act like the original sh not bash :) * Added basic conditional breakpoints. The can be set in the breakpoint manager plugin and are based on the expressions that were recently added. At the moment, the expressions are tested for validity at the moment of the breakpoint, eventually this will be checked when you enter it. 2007-04-02 ---------- * Added expression support to "Goto Address" in both the CPU and data views. Please see the README for more detailed information on this. 2007-03-29 ---------- * Added MD5 code, which will notify the user of outdated symbol files. * Added code to remove duplicates from the instruction analysis list. 2007-03-28 ---------- * Renamed make_symbolmap.sh to edb_make_symbolmap.sh to make it more distribution friendly. * edb_make_symbolmap.sh now puts errors to stderr, not stdout, so you don't get false symbol files if you process a whole dir at a time. 2007-03-24 ---------- * Shellcode address used to change region permissions is now chosen dynamically. 2007-03-20 ---------- * Added preliminary framework for resolving parameters to standard library functions. * Added ability to show/hide the toolbar. 2007-03-15 ---------- * Added ability to specify compile time some default directory strings, makes package management easier. * Added preliminary method for code to find a plugin based on the plugins name this will allow code to be written which depends on functionality exported by plugins, which could be cool. * Added some basic measures to help prevent duplicate plugin loading caused by symlink trickery * edb will now look in the current working directory as well as the path specified in the options for plugins 2007-03-14 ---------- * Added getting of working directory and arguments from attached processes this makes restarting work much better (which is now enabled). 2007-03-12 ---------- * Internally, a lot of i386 specific code was moved to a new class "i386ArchProcessor", which will eventually be a plugin (one for each arch). It is still a work in progress, but is a start. * Removed quit role property from exit menu as this prevented compiles on Qt < 4.2.0 2007-03-03 ---------- * started work on restart code, seems to work ok 2007-02-26 ---------- * Added ability to change the working directory opened applications run in. 2007-02-23 ---------- * Improved about dialog box :-P 2007-02-15 ---------- * Added ability to dump the contents of a data view tab to a file. 2007-01-17 ---------- * Added recent file list to File menu. 2007-01-16 ---------- * Cleared internal state tracking on detach, nothing major. 2006-12-23 ---------- * Added new stylized register view window, still working out the programmers API for it, but at least it looks nice :) 2006-12-22 ---------- * Making slightly less assumptions about the architecture being 32-bit. 2006-12-18 ---------- * Added a search filter to the attach and memory region dialogs. * Fixed compilation issue with gcc 3.x series compilers. 2006-12-16 ---------- * Added a tooltip to the disassembly view when there are too many instruction bytes to display which shows all bytes in the instruction. * Added display of ASCII strings next to registers if analysis decides that what the register points to is an ASCII string. * Added push/pop operations to the stack context menu. 2006-12-13 ---------- * Added preliminary PLT support to make_symbolmap.sh, this will allow edb to properly display library calls, eventually, this will lead to a database of known functions with parameters so the analyzer can display the parameters correctly. 2006-12-12 ---------- * Finally added the ability to edit the bytes in the data and stack dump widgets! Simply right click and choose "Edit Bytes" and modify away :). If the new string of bytes is smaller, the debugger will zero fill the difference, in the future this will be tunable. 2006-12-08 ---------- * Improved efficiency and clarity of rendering code for some custom widgets. 2006-12-06 ---------- * Started working on some html based help files in doc directory, don't expect anything useful in there quite yet, but it'll get there. * Isolated libdisasm calls to a single part of the code, this allowed consolidation of common functions as well as creating a central point to replace the code as I feel that libdisasm will likely be dropped in a later version. * Added more information in the instruction information panel. * Made DebuggerCore plugin readBytes fill the trailing end of the buffer with 0xff if it could not read as many bytes as requested, this is to give more predictable results if only a partial read is possible. 2006-12-01 ---------- * Reduced redundant drawing in QDisassembly widget, which should make things slightly faster due to less redraw. 2006-11-30 ---------- * Added some more sanity checks to the internal reads and writes in the debugger core plugin, this should prevent reporting incorrect data if a add breakpoint failed to read/write correctly. * Made step over, also step over REP prefixed ops. * Fixed bug in indirect call/jmp analysis which resulted in the target symbol not being resolved even though it was in the symbol map. * Made it so the expression evaluator shows a ? instead of junk when it can't read from the effective address. 2006-11-29 ---------- * Corrected bug in libdisasm which caused the instruction 8e e8 to disassemble incorrectly as "mov ds, ax" instead of the correct "mov gs, ax". 2006-11-28 ---------- * Added ability to choose both how many bytes per "word" in the displays and how many "words" per row via the context menu, this setting is not remembered yet, but that will follow shortly. * Fixed very annoying bug where it was possible to make the QHexView widget not correctly highlight things if the origin was not aligned to the word width * row width. * Added ability for QHexView widget to display 64-bit formatted hex, once a bug related to selection of misaligned text is resolved this will be enabled. 2006-11-27 ---------- * Added getBinaryStringFromUser to debugger API. * Added filename to title bar when opening an application. * Removed updating of all views when selecting a memory region to view, now it only updates the data view tab. * Fixed green arrow showing outside of viewable area sometimes. 2006-11-25 ---------- * Changed string searcher to allow newlines in a string. * Corrected DebuggerCore's behavior when writing less than 4 bytes from the edge of a memory region, previously the result was undefined, now it acts as expected. 2006-11-22 ---------- * Added double click to follow in dump to StringSearcher plugin * Fixed rare double-free crash found by valgrind. * Fixed occasional crash due to lack of copy constructor in a class. * Now the open dialog will start in the directory which you last opened a file from, this should make reloading the same file you previously ran quicker. * Added a function to Debugger namespace which make it easier to properly compare version numbers numerically. * Added a plugin "CheckVersion" which will read the file http://www.codef00.com/projects/debugger-latest and determine if a new version has been released. 2006-11-21 ---------- * Added another opcode class "[esp + 8]->eip" in OpcodeSearcher and improved efficiency of search by reducing memory compares. * Added ability to double click results in OpcodeSearcher and it will jump the disassembly view to the found address. 2006-11-20 ---------- * Improved instruction analysis, now it will attempt to give symbol relative information on many control flow ops such as calls/returns/jumps, more of this to come. 2006-11-17 ---------- * Changed name of utility functions ByteShiftArray::rol() and ByteShiftArray::ror() to ByteShiftArray::shl and ByteShiftArray::shr to reflect what they actually do * Updated the makesymbolmap.sh script based on patch from pancake, SymbolManager has been updated to use the slightly different format. * Reduced scrolling in disassembly view by only scrolling when new instruction isn't in visible range. * Added arrow icon next to current instruction. * Changed resultant binary from "debugger" to "edb" to reflect actual project name. * Added some basic documentation on how to write plugins, though the example plugins are still the best way to learn. * Added jump to address and jump to EIP to disassembly view context menu. * Main window will now remember it size and restore it next time edb is run. 2006-11-16 ---------- * Minor code cleanups. * Slight change to DebuggerCoreInterface to have waits specify a timeout, it is not required that the class actually do anything with the timeout, but the groundwork is being set. * Hopefully have a good solution for terminating the event server thread * Removed parts of libdisasm which aren't needed for libdisasm.a to build this cuts the download size by 75%! 2006-11-13 ---------- * Removed parts of libdisasm from source tree that aren't related to the build which cut the tarball down to a quarter of the size :) * Working on cleaning up internal breakpoint management, current implementation works most of the time, but there are a few corner cases where it isn't perfect. I plan to rework this so that the logic is more clear. 2006-11-12 ---------- * Added upper limit of one second to how long debugger will wait for the event thread to terminate. Eventually I will fix the fact that it doesn't always terminate, but for now this seems to work OK. 2006-11-10 ---------- * Fixed QTableWidgets not being populated correctly with Qt 4.2.x and up, it seems that you must disable sorting before inserting to guarantee correct behavior. 2006-11-10 ---------- * Fixed a bug related to adjacent breakpoints which were not placed by the debugger (already in the code). 2006-11-09 ---------- * Initial Release