Releases: dd86k/alicedbg
0.5
After 158 commits, a lot happened.
Debugger
FreeBSD Support
The debugger core now has support for FreeBSD (x86 and Arm). Why? Why not!
This officially makes Alicedbg available for Windows, Linux (Glibc, Musl, Bionic), and FreeBSD.
Shell
The debugger shell got a few quality of life improvements:
- Colors for warning and error messages.
- Support for external commands prefixed with
!:!echo Hello world. cdandpwdcommands: To change and print the current working directory.- On exit, if a process is alive, a confirmation prompt will appear.
Simple
The simple example is now a non-interactive application, which is used to accelerate some common operations, and features debugging capabilities in a small package, akin to a logger:
>simple segfault_amd64.exe
* tid=21960 exception="BREAKPOINT" oscode=0x80000003 address=0x7fffa030bed4 disasm="int3"
* tid=21960 exception="ACCESS VIOLATION" oscode=0xc0000005 rip=0x0 rflags=0x10202 rax=0x0 rbx=0x1d7045e9a30 rcx=0x1 rdx=0x1d7045e9a30 rsp=0x1000ffd68 rbp=0x1000ffda0 rsi=0x0 rdi=0x1d7045eb680 r8=0x1d7045eb680 r9=0x1d7045ebfd0 r10=0x0 r11=0x1000ffd40 r12=0x0 r13=0x0 r14=0x0 r15=0x0 cs=0x33 ds=0x2b es=0x2b fs=0x53 gs=0x2b ss=0x2b
Object Server Module
The object server module, what essentially loads binary objects in memory, has been rewritten almost entirely.
Previously, the module attempted to load the entire file in memory, which was problematic when attempting to open multi-gigabyte Windows memory dumps. This release fixes this issue by only allocating and reading the required bits off the object files.
Memory-mapping is planned, but not a high priority, due to portability concerns.
Currently, the debugger makes no use of the object server module.
(Slightly) Improved support for Mach-O
It is now possible to get segments and sections off Mach-O executable files.
Dumper
The Alicedump configuration got --no-prefix and --shortname switches for scripting and identification purposes. And --pdb-stream=N to view information of a PDB 7.0 stream. The legacy MZ header is printed alongside NE/LX/PE32 headers.
The summary view got re-simplified:
$ alicedump NDIS-20240309-1549.dmp
NDIS-20240309-1549.dmp: Windows Memory Dump, Memory Dump, AMD x86-64
$ alicedump alicedbg
alicedbg: Executable and Linkable Format, Executable, AMD x86-64
$ alicedump alicedbg.exe
alicedbg.exe: Portable Executable, Executable, Intel x86
The disassembler how has a lot more machine mappings, allowing you to disassemble MIPS, PowerISA, SPARC, Alpha, z/Arch, and Arm targets automatically, as Capstone supports them. And the disassembly output was cleaned:
>alicedump --disassemble o\ppc\test_ppc.exe
filename : o\ppc\test_ppc.exe
filesize : 5632
type : Portable Executable
shortname : pe32
# Disassembly
section : .text
400 fc ff e1 93 stw r31, -4(r1)
404 a6 02 e8 7f mflr r31
408 08 00 41 90 stw r2, 8(r1)
40c c0 ff 21 94 stwu r1, -0x40(r1)
410 58 00 61 90 stw r3, 0x58(r1)
414 5c 00 81 90 stw r4, 0x5c(r1)
418 60 00 a1 90 stw r5, 0x60(r1)
41c 64 00 c1 90 stw r6, 0x64(r1)
420 00 80 62 81 lwz r11, -0x8000(r2)
0.4.1
0.4
Overview
Minor release featuring various work on object dumping.
New License
The license was changed from BSD-3-Clause to BSD-3-Clause-Clear.
New CLI Module
A new CLI module was introduced to keep options and behaviors consistent in both Alicedbg and Alicedump.
Long format options now require the equal sign (--example=) with options that requires a value.
New Alicedump Configuration
A new Alicedump configuration was created with its own set of options, to avoid polluting the debugger's set of options.
Alicedump is a direct alternative, but still work-in-progress, to tools such as objdump(1), nm(1), and readelf(1).
By default, without any specific data requested, a file(1)-like output is provided:
$ alicedump alicedump
alicedump: Executable and Linkable Format (elf), Executable, for AMD x86-64 (amd64) machines
$ alicedump alicedump.exe
alicedump.exe: Portable Executable (pe32), Executable, for AMD x86-64 (amd64) machines
The --extract option was added to allow for some binary information to be set to stdout, allowing data to be piped to other tools.
The --hexdump option was added to allow for some binary information to be hexdumped and formatted on screen.
Support for OMF objects and libraries were initiated.
New Shared Configuration
The Alicedbg library can now be compiled as a shared object (also known as a dynamically linked library).
Notes
The Linux static builds should work regardless of the host C runtime environment, such as glibc, because the executables do not rely on the host C runtime and includes its own.
Changelog
- cli: Change
--debug-infoto--build-info. - cli: Change
-a|--archto-m|--machine=. - debugger: Align disassembly output.
- debugger:
disassemblecommand uses EIP or RIP by default if no memory location was given. - dumper: Now available as a
alicedumpcommand. - dumper: Add a new "Summary View", which is the new default, and outputs information in a file(1) style format.
- dumper: Add
--hexdump. Certain elements can be dumped using Alicedump's internal hexdump printer. - dumper: Remove redundant quotes for UNIX archive (ar) names.
- dumper: Able to dump all UNIX archive (ar) headers.
- library: Add missing OS values for LX objects.
- library: Add missing header flags and OS values for NE objects.
- library: Add XBOX Code Catalog subsystem value for PE objects.
- library: Add VC Feature debug structure for PE objects.
- library: Limit to 96 sections when selecting a PE section, not when loading, as per spec.
- library: Start support for OMF objects and libraries.
- library: Add support for ELF dynamic symbols. Sort of.
- library:
x86machine was renamed toi386for consistency. - library: Return "
le" as a short name if it is one (LX).
0.3
This release features new APIs and new additions for the dumper for informative reasons.
A crash handler was introduced in the application, and hopefully in the long-term future, the debugger can force itself in.
The plan for version 0.4 can be viewed on GitHub.
Changelog
- cli: Add
--debug-versionand dump the build information there. Will be renamed in a later release. - dumper: Add support for Library Archives (.lib), header only.
- dumper: Add support for coredumps, x86-64 only, header only.
- dumper: Add support for Windows memory dumps, x86 and x86-64 only, header only.
- dumper: Add support for Minidumps, header only.
- dumper: Add support for PDB 7.0 stream information. This will help support source debugging.
- dumper: Add the remaining header fields for PDB 2.0.
- dumper: Add support for COFF objects for x86, x86-IAX, x86-64, Z80, some TI and some MIPS platforms (excluding ECOFF). Header only.
- dumper: Add (untested) support for MS-COFF anonymous objects, header only.
- shell: Add
plistcommand to list running processes. - shell: Fix
go,restartcommands. Makegoa little prettier. - shell: The memory command now has an ASCII column.
- shell: Reworked the way readline works. Should be a little more consistent with the host console/terminal application.
- library: Add
selfmodule for self-diagnosis, crash handling. Used with the application. - library: Add missing fields for NE executables.
- library: Enhance memory transfer speed on Linux when possible.
- library: Fix debugger continuing with attached processes on Windows.
- library: Fix Android build.
- library: PE32 images are now limited to 96 sections as per specification (v11, 2017).
0.2
I've been busy catching up!
While it's still a toy debugger, I'm hoping to chew my own food one day... At least, the current focus is the object server, as it allows me to view inside executable images and how to better parse them. I'd like to continue working on the PDB parser (and obviously support DWARF) for the next version, as any other good debuggers.
Changelog
- app: Add
--dump-everythingoption to dump everything but disassembly. - app: Enhance dump options.
- Changes the old options of
--dump --show xyzto just--dump-*for readability. - Example: Instead of
-D --show i, use--dump-imports.
- Changes the old options of
- app: Fix printing ELF program headers.
- app: Fix printing PE imports and exports.
- app: Fix MZ disassembly.
- app: Fix shell not attaching to process when indicated via CLI.
- app: Fix base address for blob disassembly.
- lib: Add a custom dynamic library loader to replace BindBC.
- lib: Add support for getting process memory map on Windows with full paths.
- lib: Add support for NE and LX executables, including dumping. (header only)
- lib: Add support for PDB 7.0 debug objects, including dumping. (header only)
- lib: Add detecting POGO and Portable PDB debug entries for PE executables.
- lib: Add getting pagesize.
- lib: Add support to enumerate running processes.
- lib: Improve bound-checking for object server.
- lib: Improve scenarios loading MZ executables.
Notes:
- The musl static build should work as-is in other environments, such as glibc.
- I couldn't formulate some changelog items... I'll try to keep my commit consistency better.
0.1
After 228 commits, wow, I finally made it.
Giving up on the x86 decoder multiple times, embracing Capstone, redoing the entire API...
It's still not done. You can't do much with it, but, I plan to release 0.2 early 2024 with something more useful.
Changelog
- Add API V2:
- Add primitive memory scanner.
- Make the debugger to be process-focused instead of itself.
- Make disassembler to use Capstone 4.0.
- Deprecate API V1.
- Make application use API V2.
- Shell: Add scan command.
- Shell: Add status command.
- Shell: Add detach command.
- Shell: Add memory command.
- Shell: Add restart command.
- Shell: Introduce manpage-like articles for commands.
- Shell: Make regs command search register with an optional parameter.
alicedbg v0.0.1
Initial release.
FAQ
- Can I use this?
- I hope you don't
- Binaries where?
- I really hope you don't use this
- Do you need help?
- Not at the moment
- DUB registry when?
- Maybe at 0.1
- Are you asking yourself these questions?
- Yes