Skip to content
Compare
Choose a tag to compare
@dd86k dd86k released this 12 Oct 16:03
· 34 commits to marisa since this release

After 158 commits, a lot happened.

Debugger

FreeBSD Support

The debugger core now has support for FreeBSD (x86 and Arm). Why? Why not!

This officially makes Alicedbg available for Windows, Linux (Glibc, Musl, Bionic), and FreeBSD.

Shell

The debugger shell got a few quality of life improvements:

  • Colors for warning and error messages.
  • Support for external commands prefixed with !: !echo Hello world.
  • cd and pwd commands: To change and print the current working directory.
  • On exit, if a process is alive, a confirmation prompt will appear.

Simple

The simple example is now a non-interactive application, which is used to accelerate some common operations, and features debugging capabilities in a small package, akin to a logger:

>simple segfault_amd64.exe
* tid=21960 exception="BREAKPOINT" oscode=0x80000003 address=0x7fffa030bed4 disasm="int3"
* tid=21960 exception="ACCESS VIOLATION" oscode=0xc0000005 rip=0x0 rflags=0x10202 rax=0x0 rbx=0x1d7045e9a30 rcx=0x1 rdx=0x1d7045e9a30 rsp=0x1000ffd68 rbp=0x1000ffda0 rsi=0x0 rdi=0x1d7045eb680 r8=0x1d7045eb680 r9=0x1d7045ebfd0 r10=0x0 r11=0x1000ffd40 r12=0x0 r13=0x0 r14=0x0 r15=0x0 cs=0x33 ds=0x2b es=0x2b fs=0x53 gs=0x2b ss=0x2b

Object Server Module

The object server module, what essentially loads binary objects in memory, has been rewritten almost entirely.

Previously, the module attempted to load the entire file in memory, which was problematic when attempting to open multi-gigabyte Windows memory dumps. This release fixes this issue by only allocating and reading the required bits off the object files.

Memory-mapping is planned, but not a high priority, due to portability concerns.

Currently, the debugger makes no use of the object server module.

(Slightly) Improved support for Mach-O

It is now possible to get segments and sections off Mach-O executable files.

Dumper

The Alicedump configuration got --no-prefix and --shortname switches for scripting and identification purposes. And --pdb-stream=N to view information of a PDB 7.0 stream. The legacy MZ header is printed alongside NE/LX/PE32 headers.

The summary view got re-simplified:

$ alicedump NDIS-20240309-1549.dmp
NDIS-20240309-1549.dmp: Windows Memory Dump, Memory Dump, AMD x86-64
$ alicedump alicedbg
alicedbg: Executable and Linkable Format, Executable, AMD x86-64
$ alicedump alicedbg.exe
alicedbg.exe: Portable Executable, Executable, Intel x86

The disassembler how has a lot more machine mappings, allowing you to disassemble MIPS, PowerISA, SPARC, Alpha, z/Arch, and Arm targets automatically, as Capstone supports them. And the disassembly output was cleaned:

>alicedump --disassemble o\ppc\test_ppc.exe
filename                    : o\ppc\test_ppc.exe
filesize                    : 5632
type                        : Portable Executable
shortname                   : pe32

# Disassembly
section                     : .text
         400  fc ff e1 93             stw       r31, -4(r1)
         404  a6 02 e8 7f             mflr      r31
         408  08 00 41 90             stw       r2, 8(r1)
         40c  c0 ff 21 94             stwu      r1, -0x40(r1)
         410  58 00 61 90             stw       r3, 0x58(r1)
         414  5c 00 81 90             stw       r4, 0x5c(r1)
         418  60 00 a1 90             stw       r5, 0x60(r1)
         41c  64 00 c1 90             stw       r6, 0x64(r1)
         420  00 80 62 81             lwz       r11, -0x8000(r2)