forked from eteran/edb-debugger
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
2196 lines (1520 loc) · 69.4 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
NOTE: for future change logs, please refer to the commit logs found at:
https://github.com/eteran/edb-debugger/commits/master
2011-07-11
----------
* Fixed a typo in the configuration where the close_behavior wasn't getting
loaded correctly.
2011-07-07
----------
* Environment plugin now can get environment variables when no symbols are found
it doesn't know the address of the variables, but at least you can view them.
2011-06-22
----------
* Code cleanup, some minor optimizations.
2010-10-16
----------
* Since the tools that ./edb_make_symbolmap is dependant on are not uniform
across all the platforms that I intend to support. I have built symbol
file generation into edb directly. Running './edb --symbols <filename>' will
create a symbol file in the same format as the old script. For now, ELF is the
only supported format but more will be added as needed. This also means
that future versions of edb will be able to generate symbols as needed
if no symbol file is provided, making things "just work" more often.
2010-10-14
----------
* Improved the way that different OS's are handled in the source tree a bit
* Added more detection of suspicious breakpoints (ones that are likely
a user error).
* OpenBSD support is now at a functional level. There are some features
missing, but it is a good start. You can do all of the basic debugging
tasks now.
2010-10-10
----------
* Reference finder now will find calls/jumps and consider them code refernces
double clicking those results will jump to the address in the CPU view.
* Code in general has now adopted a more clean and consistant style. It is
a work in progress, but almost all plugin accessible code is conformant.
* Compiles and attaches on OpenBSD, but unfortunately cannot step yet. Almost
functional.
* OpenBSD use KVM to get process maps, much cleaner than relying on other
meathods.
* The breakpoint API is simpler and has less redundancy between the core and
the edb namespace.
* Minor fixes for arches that don't support unaligned access. No such arch is
currently supported, but may as well plan ahead ;-).
* New ROP gadget finder plugin. It is in the early stages, but will evolve over
time. I hope to support some form of automatic shellcode generation in the
future.
* Experimental "run until return" support. This is slow and not always correct
but a start. It seems that linux delivers a different event when stepping
over a syscall instruction, so I'm not sure of the best way to address that.
2010-09-20
----------
* Lots of small fixes here and there.
* Lots of work towards a working OSX port. It isn't quite there yet, but the
ground work is being layed.
* Fixed a bug in the expression parser.
* Working towards a new improved edisassm API which will make introducing new
arches much simpler in the long run.
* Fixed a hang when trying to use gnome-terminal as the I/O TTY. It's not what
I consider an ideal fix (string compare to determine what terminal you are
using), but it appears to be reasonable.
* LOTS of small speed tweaks all over the place.
* Did some work trying to get a functional trace mode, in my tests it is almost
working correctly, but not quite there.
2010-07-02
----------
* Added Ctrl+G shortcut. This is a global shortcut which will activate the
"goto" functionality of the widget with the focus.
* Made the instruction analysis window update the register values are
changed by the user.
2010-06-07
----------
* Added the ability to analyze the currently *viewed* region, not just the one
that the IP is in currently. Also added an "Analyze Here" context menu to the
cpu view.
2010-05-27
----------
* Added display of fs and gs base addresses. There is not an aweful lot of
things you can do with this information since you cannot set this value
directly. But it does provide a nice way to see what the address of the
what is commonly the TEB/TCB.
* [E/R]FLAGS is now editable again in the GUI. I accidentally disabled this
in the last release while refactoring some code.
* Much cleaner event model implemented. It is much more robust and simpler too!
Now handlers simply return codes describing the resume state. The only thing
to keep in mind is that if you play with the state in a handler. You almost
always have to call edb::v1::syncronizeState() so the resume functions have
an up to date view to work with.
* Thanks to the new event model, breakpoint conditions work much more reliably.
* Minor optimization in resuming, no longer steps before a resume when it isn't
necessary.
* NOTE: I believe that I found a kernel bug where stepping in a signal handler
can cause the target process to have the TF flag set incorrectly. Resulting
in a purpetual stepping state. I may be able to work around this by
explicitly masking the flag in certain circumstances. But I feel this might
result in other subtle bugs. Hopefully, if this isn't the expected behavior
the linux guys will have this fixed soon.
See: https://bugzilla.kernel.org/show_bug.cgi?id=16061 for details.
2010-05-26
----------
* Fixed decoding of cmpxchg8b in 64-bit mode. It was incorrectly being
decoded as cmpxchg16b.
* Started working on improving the event model of edb. It will be a lot of
work, but in the end it will be much more robust
* Fixed a fairly major bug, I'm suprised that noone noticed ;) Opcodes which
are completely different in 64-bit mode (like 0x06 is "push es" in 32-bit
but invalid in 64-bit) were not being decoded properly at all. The alternated
tables were not being linked into the disassembly library correctly.
2010-04-27
----------
* Lots of minor tweaks and code refactoring
* Themes! there is no UI for modifying them, but you can set them up in the
config file (~/.config/codef00.com/edb.conf) manually. Basically there is a
"[Theme]" section which gets read on startup (a change will need a restart
to take effect). In this section there are a bunch of settings that effect
the look of the disassembly which looks like this:
theme.<category>.<property>=<value>
Valid categories are:
register
constant
ptr
prefix
flow_ctrl
function
stack
comparison
data_xfer
arithmetic
logic
shift
Valid properties are:
foreground
background
weight
italic
underline
NOTES:
you may omit any property, which will yield the default value look for that
property.
foreground and background are colors, this is a string which can be anything
you can pass to a QColor(const char *) constructor. So, it can take named
constants such as "green" or hex color codes like "#00ff00", the special value,
transparent is also allowed. See the Qt documentation for the full details.
weight is on a scale of 0 to 99. 50 being normal and 75 being bold.
italic and underline are typical boolean values.
EXAMPLE (this will give the default look):
[Theme]
theme.register.foreground=red
theme.register.background=transparent
theme.register.weight=75
theme.register.italic=false
theme.register.underline=false
theme.constant.foreground=black
theme.constant.background=transparent
theme.constant.weight=50
theme.constant.italic=false
theme.constant.underline=false
theme.ptr.foreground=darkGreen
theme.ptr.background=transparent
theme.ptr.weight=50
theme.ptr.italic=false
theme.ptr.underline=false
theme.prefix.foreground=black
theme.prefix.background=transparent
theme.prefix.weight=75
theme.prefix.italic=false
theme.prefix.underline=false
theme.flow_ctrl.foreground=blue
theme.flow_ctrl.background=yellow
theme.flow_ctrl.weight=50
theme.flow_ctrl.italic=false
theme.flow_ctrl.underline=false
theme.function.foreground=blue
theme.function.background=yellow
theme.function.weight=50
theme.function.italic=false
theme.function.underline=false
theme.stack.foreground=blue
theme.stack.background=transparent
theme.stack.weight=50
theme.stack.italic=false
theme.stack.underline=false
theme.comparison.foreground=blue
theme.comparison.background=transparent
theme.comparison.weight=50
theme.comparison.italic=false
theme.comparison.underline=false
theme.data_xfer.foreground=blue
theme.data_xfer.background=transparent
theme.data_xfer.weight=50
theme.data_xfer.italic=false
theme.data_xfer.underline=false
theme.arithmetic.foreground=blue
theme.arithmetic.background=transparent
theme.arithmetic.weight=50
theme.arithmetic.italic=false
theme.arithmetic.underline=false
theme.logic.foreground=blue
theme.logic.background=transparent
theme.logic.weight=50
theme.logic.italic=false
theme.logic.underline=false
theme.shift.foreground=blue
theme.shift.background=transparent
theme.shift.weight=50
theme.shift.italic=false
theme.shift.underline=false
theme.system.foreground=blue
theme.system.background=transparent
theme.system.weight=75
theme.system.italic=false
theme.system.underline=false
2010-04-01
----------
* Made the copy operation of QHexView widgets do an ascii rendering of what the
user has selected, this is infinitely more useful.
* Re-added the jump/call target symbol display in the disassembly view. This
was accidentally chopped when I added syntax highlighting.
2010-03-31
----------
* Code cleanup
* Fixed potential memory corruption in symbol management code (could not
demonstrate it, but technically it was possible).
* Added some options to the DumpState plugin
* The DumpState plugin now uses the current data view tab as the basis for
its "data" portion of the output
* Got rid of the insanity of having "ctrl+c" mean "check version". :-P
* The BreakpointManager is no longer a modal dialog.
* Improved const correctness of some things
* Fixed corner case where the UI wouldn't update immediately
2010-02-26
----------
* Added support for highlighting of flow control commands
* Next version will allow "schemes" in the same sense that ollydbg does
you will be able to edit the configuration file to adjust the colors to your
liking.
2010-02-25
----------
* Added support for comments for bookmarks
* Fixed a bug where the UI didn't update immediately after closing the config
dialog
* syntax highlighting in the CPU view!
2010-01-15
----------
* Added "Add Bookmark" to CPU view context menu.
2009-12-28
----------
* Too many small changes to list here :-P
* Increased minimum Qt version from 4.2 to 4.5. Now that 4.5 is widely deployed
I think this is a reasonable requirement.
2009-10-19
----------
* Fixed builds on some systems.
* Made it so you can load plugins in any order and they should work just fine.
* Disabled graphing capabilities for this release. Unfortunately, graphviz
has made a habit of breaking source compatibility in there C API which means
that the build will break on some systems. I may need to add some sort of
configure script in order to make this work correctly on all supported systems
:-(.
2009-10-17
----------
* Fixed a crash if edb was set to use a terminal for I/O, but the program
field was empty.
* Many small optimizations.
* A little bit of reorganization in the source tree.
* More steps towards good thread support.
* More functional in Win32 builds (still not good enough yet, but getting
closer)
* Heap Graphs! Sometimes they take a really long time to render, but they work
and can show relationships between nodes!
2009-09-10
----------
* A few portability tweaks, working on creating a proper visual studio project
file eventually.
* QHexView and QDisassemblyView now format the address based on the size of
address_t instead of the native pointer size of the machine. This will allow
the possibility of future builds being able to do remote debugging and/or
debugging of 32-bit apps on a 64-bit platform.
2009-08-17
----------
* Fixed a crashable dead reference usage in Analyzer/FunctionFinder plugins.
* Improved the way that stop codes are handled internally, should make for
cleaner code.
* Some of the bigger operator new usages have exception guards. They shouldn't
be needed in 99% of cases, but it's better to not crash :-P.
2009-08-11
----------
* Lots of minor code improvements.
* Fixed conditional Breakpoints.
* Fixed HW Breakpoints (I think).
2009-07-16
----------
* Improved the way plugin options pages are shown.
2009-07-13
----------
* Instruction<> objects are now "copyable", this is a somewhat expensive
operation, but is the first step towards making edisassm support being an
assembler as well (since it will return an Instruction object).
2009-07-11
----------
* Made DebugEvent object a bit smarter as far as the info they carry with them.
This should simplify things a bit.
* Now passing DebugEvent by reference to handlers. I couldn't before because
the events were coming from the "Event Thread" but now that that is phased out
it is more efficient to pass them this way.
* Changed the binary info plugins to be based on looking at a region, not a file
this is more flexible as it will allow it to analyze data which is only seen
at runtime.
2009-07-09
----------
* Seems that older versions of gcc have slightly different behavior with
regard to exported embedded classes. Minor update
2009-07-08
----------
* Heap analyzer now uses a linear search for the heap structures. This seem to
work nicely for both x86-64 and x86 arches.
2009-07-03
----------
* Added code to the heap analyzer to have it work with newer versions of glibc.
I should probably have some sort of search method instead of fixed offsets,
or better yet, do something reliable :-P.
* Provided a means for plugins to add tabs to the options dialog. The
CheckVersion and Analyzer plugins now use this feature.
* The analyzer now has the option of not using "fuzzy" logic to find functions.
Without fuzzy logic, it is *much* faster and the results are very high
quality (since it only searches for functions reachable from known code). But
will find much less. The default is to use fuzzy logic.
2009-07-01
----------
* Analyzer is *much* faster than it was, and more accurate in finding functions.
2009-06-30
----------
* More work done to the core to help add thread support (not quite there yet).
* Working on cleaning up the conditional BP stuff, making it more robust.
* I believe that I have fixed the restart occasionally failing issue. Turns out
that you should do a waitpid() after a detach to avoid getting events from the
previously debugged process.
2009-06-20
----------
* Enabled UTF-16 support in base string searching routines. For now, it only
will find strings which use the basic ASCII character set. Eventually I'll
find a good technique for finding non-english language strings as well.
* I Finally figured out how to safely catch SIGCHLD when using Qt4. This has
enabled me to implement a version of waitpid which has a timeout! I am hoping
that this proves to be nice and stable to I can finally phase out the
"Event Thread." Which is necessary since ptrace really doesn't play nicely
when different threads are used.
2009-05-29
----------
* Once again revised the plugin API. Now that the win32 build produces an
edb.lib file, the original style is more appropriate. So once again, plugins
can directly access the exported API. However, only the classes and functions
which are part of the stable API will be exported since edb is now compiled
with -fvisibility=hidden.
* Cleaned up a lot of code now that the plugin system is simpler.
* Internal management of breakpoints is now simpler. Now I use shared pointers
to BP objects which use RAII techniques. This has made the code which manages
breakpoints MUCH cleaner :).
* Fixed a crash when removing breakpoints via the breakpoint manager plugin.
2009-05-27
----------
* Fixed the current line being outside of the disassembly view in certain
circumstances.
2009-05-26
----------
* Added display of symbols in the code view.
* Added the basis for future colorization in the disassembly.
* Improved the way uppercase disassembly is handled. Most visibly, hex strings
are displayed like "0xDEADBEEF" instead of "0XDEADBEEF" making this much more
readable in uppercase mode.
2009-05-15
----------
* Fixed crash during initial config if it couldn't find the DebuggerCore plugin.
2009-04-14
----------
* Added the undocumented SAL opcode to edisassm.
2009-03-30
----------
* Fixed a bug in edisassm's disassembly of operands of type Ob and Ow.
2009-02-10
----------
* Moved the session handler code to be a plugin now. This will allow more
creative session implementations. For example, the session files could
be actually in a sqlite3 database, or even a mysql database for collaborative
commenting. It should be much more flexible.
2009-02-04
----------
* Fixed a bug in the memory region modification code. It would ask if you wanted
to remove the execute permissions of the last executable region any time
there was only one left with execute permissions. This was the case even if
the region you wanted to modify wasn't executable to begin with.
* Started using boost::bind a lot more to make the code much more concise. Doing
this will allow me to make a lot of the "search memory" code be run by a
std::for_each calling a function object. The nice thing about this is that
it will nicely match the way that Qt's concurrent model. Making for a smooth
transition.
2009-01-23
----------
* I've decided to start using boost (particularly smart pointers) wherever
appropriate. It will help make the code less likely to have bugs. Once Qt 4.5
is out for long enough, I'll likely switch over to them their smart pointers
since there is no point in having multiple library dependencies. But I feel
that boost is such a robust library, it would be silly not to take advantage
of it.
2009-01-22
----------
* Implemented the "Find ASCII string in stack" feature. Works like a charm.
To be clear, it is searching for pointers to matching strings on the stack,
no strings in the stack itself. I *think* this is what people would want.
Also, it only cares if the the search string is the beginning of the string
on the stack (so if you look for "/bin/" it'll find "/bin/ls"). This is
because there could be any amount of data (or characters) after the string
on the stack.
* Added the ability for plugins to add items to the various context menus. This
should allow much more useful plugins in the future. Starting with the
recently requested "Find ASCII string in stack" feature.
2009-01-08
----------
* Reorganized much of the DebuggerCore code into separate platform specific
files to make things much easier to maintain.
2008-12-28
----------
* Imported some code provided by Phillip Mayhew which is the beginning of a
OSX port. He provided almost all of the functionality necessary to get the
DebuggerCore plugin to be functional. Now I'll just have to start testing
on a Mac soon.
2008-12-11
----------
* Fixed defunct process issue on kill/restart (missing waitpid)
* simplified a lot of code involving starting and stopping things. I used to
delete/create objects each time. But simply stopping/starting them is
sufficient and means that I can do less NULL checks.
* Simplified the event loop.
* Replaced all dynamic_cast's with qobject_cast's which don't require rtti.
2008-12-10
----------
* New plugin system is complete and things are working normally again. A few
internal functions take more parameters but it decouples those parts from the
rest of the system.
* Windows port is now able to attach and (usually) step.
* Improved portability of error handing system.
2008-12-08
----------
* Started to make some large changes to how plugins interact with the core
application. Not all platforms I'd like to target support having a plugin
import symbols from the application that is loading it
(*cough* windows *cough*). So now there is a "PluginAPI" structure which is
passed to every plugin upon init which it will make a copy of (the interface
code does this for you and makes it accessible through an m_API variable).
This new system allows me to have much more strict control over what a plugin
is allowed to do within edb which is nice, but it also will require I have a
"Core Library" that all plugins and edb will have to link to in order for
them to share classes which unfortunately means a little bit of binary code
duplication. Oh well.
2008-12-07
----------
* Added a messagebox warning when the arch edb was built for doesn't match the
target process's arch.
2008-12-06
----------
* More changes to support Win32/Win64
* Fixed a crash when no analyzer plugin is available.
* Started framework for supporting UTF16 strings in analysis. Currently it's a
lot of boxes and such, but I beleive it is working generally OK.
2008-12-05
----------
* Made some minor changes to the edisassm.pro file
* Reworked some function definitions to work around a visual studio bug.
* edisassm *finally* builds with visual studio 2008! Time to start porting edb
to windows :-)
2008-11-14
----------
* Improved the ebuild on 64-bit platforms.
* Fixed search and replace error with default plugin path, it should work
correctly now.
* Minor improvements to the html documentation.
2008-10-20
----------
* Right clicking in the register view will no longer show "Follow In ___"
options for things such as segments, eflags and FPU values. these do not
have meaningful values as addresses.
2008-10-14
----------
* Fixed a bug where some old stub code from before the 64-bit port was breaking
any instructions which use the FS or GS segments :(.
* Made the find ASCII string routines more intelligent about what they consider
to be an "ASCII" character. The output is a lot more comparable to the unix
strings command.
2008-10-08
----------
* Switched from edb::v1::log to qDebug. The nice thing about this is that it
functions very much the same as my old logging. But also supports stream
oriented logging. Finally, it is "hookable" so that a widget could be used to
show the logging in a widget if we want.
* Made several string displays a bit more Unicode friendly. This most visibly
results in "high" ASCII characters no longer appearing as junk.
2008-10-06
----------
* Started prepping the code for internationalization, this will be an ongoing
process. Once the process is started and I have at least one non-english
translation, then it will be helpful if people report un-translated strings.
But we aren't quite ready for that yet ;).
* Fixed a 64-bit compatibility bug in the breakpoint plugin.
* Sped up heap analyzer a lot by disabling updates during population.
2008-10-01
----------
* Fixed a bug introduced in last version where several entries for 0x00000000
were be entered in the function finder plugin. This was actually a bug in
the analysis engine where I failed to notice the side effects of reading a
map using the [] syntax.
* Made it so the symbol viewer plugin will by default open up symbols for code
in the disassembly and data in the data views when double clicked.
* Vastly improved the analyzer's handling of symbol information in its function
search algorithm.
2008-09-29
----------
* Added context menu to Symbol viewer's list so that you can select where to
view the symbol in.
* Added a plugin management window. Currently, it just lets you see what's been
loaded. But in the future, I will try to make it so you can disable/enable
different plugins.
2008-08-29
----------
* Attempt #2 at making the /lib/ vs. /lib64/ automatic for 64-bit platforms. I
think the new solution should work.
2008-08-25
----------
* Added the ability for edb to get the base of the GS and FS segments. This
allows the instruction analyzer to correctly display the values of certain
expressions. This also makes segments valid in expressions, they will resolve
to the base of the segment. Though CS/DS/ES/SS will always resolve to 0.
One nice trick is that you can break on each system call by putting a
breakpoint on [gs+0x10] (though 0x10 may vary from system to system).
2008-08-16
----------
* Finished making the Heap Analyzer plugin work on x86-64.
2008-08-12
----------
* Sped up analysis by avoiding redundant function analysis. It still isn't
blazing fast, but is significantly better.
* Fixed a few previously missed 64-bit portability issues.
(toULong -> toULongLong). They were minor, but all of this type should be
resolved.
* Added a symbol viewer plugin. Double click to see a symbol's value in the
the current data view. Eventually, I'll add a context menu to make it
so you can view it in the code view too depending on the type.
2008-08-11
----------
* Continued to make improvements to analyzer. It is more accurate, but also
slower at the moment. I will look into good ways to speed it up.
2008-08-10
----------
* Fixed some compilation issues on x86-64. Thanks to Stephan Hegel for working
with me to make sure that x86-64 users have a functioning edb.
* Reworked analysis to have a higher initial favoritism towards findings
functions by recursively tracing known functions
(symbols/main/entry point, etc). This will make the analysis more accurate
though it does have the side effect of making "percentage complete" at lot
less meaningful since while it will always stop, the number of iterations
during analysis is indefinite.
2008-08-09
----------
* Seems that <QtGlobal> needed to be included in QDisassemblyView.cpp for x86-64
targets. Simple fix, but it broke compilation for some platforms so I'm going
to make a release for it.
2008-08-08
----------
* Ouch, another bug fix. At least this time it was a failed assert. Basically,
during my last fix, I forgot that reads can and will fail if done while the
debugee is running. I have added code to special case this and handle it more
correctly. (Which is of course how it used to act in the first place).
2008-08-04
----------
* made plugins.pri smarter with library location. For 64-bit builds it will
default to $prefix/lib64/edb/
2008-07-29
----------
* Since the config file was partially broken, I am taking this opportunity to
finish reworking the naming convention for settings. Some settings will
unfortunately be lost. But odds are they were being dropped anyway :-/.
* WOW, I just noticed that for a long time (2-3 versions) options were not being
actually saved. Fixed.
* Seems that my QDisassemblyView optimization revealed an off by one error in
the DebuggerCore which unfortunately was also crashable :(. But I believe
that the logic is correct now. I've added a few more asserts to help avoid
this type of bug in the future.
2008-07-25
----------
* Made analysis slightly faster by factoring out some no longer needed code.
* Simplified some code in the QDisassembler widget. Instead of passing an
instruction, its buffer and its size, you can now just pass the instruction
since it has references to the buffer and its size anyway.
* Made the analyzer aware of using zeros as padding between functions. This will
make the display more correct if displaying analyzed code.
2008-07-15
----------
* Added "Follow Immediate in Dump" and "Follow Immediate in Stack" CPU context
menus. They act similarly to the generic "Follow" CPU context menu.
* Improved analysis speed.
* Improved analysis quality, a few more types of common optimizations are
detected.
2008-07-13
----------
* Added a "Follow" item to the CPU context menu. Basically, if you right click
on either a JMP or CALL which has an operand which can be evaluated, then
there will be a "Follow" menu item that will scroll the CPU view to that
location.
2008-07-12
----------
* Removed some code which was implemented to work around Qt 4.0.x bugs since
4.2 is now a base requirement.
* Added some atomic-ness for pointer manipulations.
* Renamed some settings in configuration file to make them more consistent with
new convention.
* Fixed a integer underflow crash involving trying to select an address beyond
the end of a region. Which was causing a negative size to be passed to the
"edb::v1::getInstructionBytes" function. Q_ASSERTS were added to catch this
in the future if a similar bug is present elsewhere.
* Fixed a minor bug where tooltips would show data outside of the current
region if there is an adjacent region sometimes.
* Now attaching to a new process or opening a new program to debug will
invalidate any analysis that has been done. Eventually, the analysis will be
stored in session files so that it can be reused. But not yet ;).
2008-07-05
----------
* more minor improvements to the analysis engine.
* Fixed a corner case in the disassembler where it would misformat things like
"and eax, 0xffff" as "and eax, -1" due to a mis-optimization.
2008-07-03
----------
* Improved the analysis engine to be slightly more accurate.
* Added graphical indication of function bounds based on analysis results.
* You can now scroll the QHexView widgets by individual bytes by pressing up
or down while holding the control key.
2008-07-01
----------
* Centralized analysis engine and provided it with a plugin. The FunctionFinder
plugin is now just an interface towards it. Ctrl+A will analyze the current
region (though nothing is done with the results yet). I am hoping to have
function framing and scrolling by instructions.
* Added a "set EIP to selected instruction" to CPU context menu.
* Improved hueristic for analyzer. It will now more accurately identify certain
types of functions.
2008-06-18
----------
* Fixed a bug in the hardware breakpoint manager plugin which didn't allow
disabling of the last breakpoint.
* Extended the maximum size that OpcodeSearcher will consider from 4 bytes to
8 bytes, which yields some more options.
* Finished changing OpcodeSearcher plugin to use edisassm, it should be a lot
more robust now. Forutnately, edisassm is pretty fast, so the performance
impact isn't too bad.
* Most dialogs use Qt 4.2.x's QDialogButtonBox's now which should give a better
look on non-KDE platforms.
2008-06-12
----------
* Fixed a bug in DebuggerCore involving hardware debug registers in 64-bit mode.
this fix allows hardware breakpoints to work in 64-bit builds.
* Changed OpcodeSearcher plugin to use edisassm when searching instead of hard
coded values. This allows the code to be more easily ported to new archs such
as x86-64.
2008-06-06
----------
* Fixed minor bug with selections in QHexWidgets when selecting outside of the
viewable range. There was an underflow, which was cast to an unsigned type
causing some upward selections to select from start to the end of the range.
* More improvements in 64-bit support. The ArchProcessor for x86-64 is now
aware of the amd64 C calling convention and will now properly predict function
arguments for when symbols are available.
2008-06-01
----------
* Hardware breakpoints are much more complete, supporting Write, Read/Write,
and Execute types of 1, 2, and 4 bytes sizes.
2008-05-31
----------
* edisassm 1.5.2 released, mostely making the code more standards compliant to
ensure that the code will compile on newer versions of g++.
tested with 4.2.3 on Ubuntu.
2008-05-28
----------
* edisassm 1.5.1 released with some minor bug fixes
* Corrected some bugs in edb under x86-64 involving the analysis engine.
2008-05-28
----------
* edisassm 1.5.0 released with EMT64 support! A lot of time was put into
verifying the instruction tables to ensure that disassembly would be accurate.
* A couple of minor bug fixes were done in edb.
* Added patches to clean up build on ubuntu systems.
2008-05-18
----------
* Added LOTs of SSE4 ops to edissasm, updated a bunch of the tables.
2008-05-07
----------
* edisassm now can handle RIP relative addressing mode. I also fixed some decode
ordering issues that were introduced when 64-bit mode was being added. The
only piece left is the tweaking of the instruction tables to match what was
added/removed/changed for 64-bit mode!
2008-05-06
----------
* edisassm now can disassemble 64-bit code partially correct. It does not yet
support RIP relative modes and does not take into account changes in the
opcode map (new and removed opcodes). Soon edb will have full 64-bit support!
2008-04-30
----------
* Made a large effort to port edisassm to 64-bit :) The most visible change
is that is makes much larger use of templates. Instruction and Operand now
take a template param (32 and 64 are valid). which can be used like this:
Instruction<32> inst(buf, size); or you can use edb::Instruction which will be
be typedefed to the appropriate type based on your build environment. Because
of the massive ammount of templating needed to implement this, it is possible
that older compilers will have trouble with it. I will test which compilers