vector35 / deprecated_python_debugger Goto Github PK

I noticed here that you are initializing a COM interface inside of DllMain, which is likely to cause issues and is not good practice.

https://docs.microsoft.com/en-us/windows/win32/dlls/dllmain says:

There are significant limits on what you can safely do in a DLL entry point. See General Best Practices for specific Windows APIs that are unsafe to call in DllMain. If you need anything but the simplest initialization then do that in an initialization function for the DLL. You can require applications to call the initialization function after DllMain has run and before they call any other functions in the DLL.

See https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-best-practices for more information about the potential issues.

Bug where the debugger doesn't let you run it form the Tools>Debugger>Process>Run, you must go to the View>Debugger first.

This is on Windows 10. Tried it with both Python 3.7 and 3.8 with the same results.

It also freezes randomly with some binaries and gets an "Exception: Cannot resolve relative address:" with others.

Need a mechanism to send data to the stdin of the running process

This means that if your adapter cannot connect, the debugger state will be left with a nonworking adapter and no way to exit it. We need to set adapter to None on exception.

If the analyzed file does not exist on disk, dump the saved binary in our analysis so we can still debug it

The "run" button is disabled unless you enable the debugger view, but once you've navigated to it once you can change back to another view and it will work.

Screenshots in order:

Related to #21, currently the debug view does not respond when the user tries to navigate to functions. Need some way to determine if they are navigating to code (show in the left view) or local data (linear view in the left view?) or memory (show in the right view).

Also need to figure out how history works

Needs testing

Currently these are printed to sys.stderr and any errors they send are lost.

When stepping, if the user is in LLIL or MLIL view, add a setting so that the debugger can step over optimized-away disassembly and just step between each LLIL/MLIL instruction, similar to "source mode" in WinDbg

Can only switch in STOPPED state right now, seems to be a UI limitation.

add setting that will automatically add register states (maybe stack for function entry/exit?) as ephemeral comments. Blocking on Vector35/binaryninja-api#1532

Needs the following features:

• Show program output
• Accept user input
• (Potentially) Accept debugger commands

The current method uses a read of /proc//maps which won't work on remote targets.

This also prevents finding the location of the module being debugged and resolving ASLR'd addresses.

At least on x86_64, I cannot set r10-r15, cs, fs, or any of the eax, ebx, etc registers.
Sometimes rip/rflags/gs are writable and sometimes not.

I would at least expect r10-r15 to be writable. rip/rflags/fs/gs potentially could be. cs is fine being immutable.

Environment: macOS + lldb

List active threads. Double click to navigate to the location the clicked thread is at. Right-click to follow that thread.

When code is being executed outside the current BinaryView (or inside but not at a code aligned address) the raw disassembly view will be shown.

Two important features we plan:

1. when single stepping through a call and the call-target is a function in the current view's segments that we do not have a function for, create the function
2. likewise for discovering other indirect control flow such as jump targets (though obviously not creating a function but using set_user_indirect_branches

See title

The function binaryninja.binaryview.BinaryView.get_functions_containing in version 1.2 (tested on 1.2.1921) returns None in some cases and thus breaks the debugger's UI.update_highlights function:
Traceback (most recent call last):
File "/Applications/Binary Ninja.app/Contents/MacOS/plugins/../../Resources/python/binaryninja/plugin.py", line 227, in _default_is_valid
return is_valid(view_obj)
File "/Users/someuser/Library/Application Support/Binary Ninja/repositories/official/plugins/Vector35_debugger/ui.py", line 601, in valid_control_pause
debug_state = binjaplug.get_state(bv)
File "/Users/someuser/Library/Application Support/Binary Ninja/repositories/official/plugins/Vector35_debugger/binjaplug.py", line 35, in get_state
state = DebuggerState(bv)
File "/Users/someuser/Library/Application Support/Binary Ninja/repositories/official/plugins/Vector35_debugger/binjaplug.py", line 409, in init
self.ui = ui.DebuggerUI(self)
File "/Users/someuser/Library/Application Support/Binary Ninja/repositories/official/plugins/Vector35_debugger/ui.py", line 37, in init
self.update_highlights()
File "/Users/someuser/Library/Application Support/Binary Ninja/repositories/official/plugins/Vector35_debugger/ui.py", line 315, in update_highlights
for func in self.state.bv.get_functions_containing(self.last_ip):
TypeError: 'NoneType' object is not iterable

Potential fix for older versions is verify that the returned value is not None.

Should be able to examine memory at arbitrary addresses. It would probably make sense for this to be a LinearView. Potential feature: follow register (i.e. each time the debugger stops navigate to rax)

In dockwidgets/StackWidget.py:116 you have

		old_val = info['value']
		new_val = int(value, 16) # <------
		address = info['address']

		# Tell the debugger to update
		adapter = binjaplug.get_state(self.bv).adapter
		adapter.mem_write(address, new_val) # <------

but adapter.mem_write expects bytes and not an int resulting in the crash.

Also you could check if old_val == new_val to avoid doing the write if the value didn't actually change. In my use case, I was just copying the value for example.

Simple buttons to

• single step
• step over
• continue (Play Button)
• break (Pause Button)
• terminate (Stop Button)
• step out (continue executing until current function returns)

And tag a release

Currently, if a user does not have lldb installed, the debugger will throw lots of exceptions. To better handle this, we should:

• Destruct the adapter if execution failed
• Show the user a prompt to install Xcode

I intentionally tried to crash the running program, and instead of telling me anything, it just keeps trying to resume when I step or resume, rather than alerting me that the program has crashed

If Xcode is installed, but the command-line utilities have not been, then the expected path for debugserver is not valid. We need to prompt the user to install the command-line utilities with xcode-select --install

Currently there are some cases where two threads send messages to the adapter at the same time. This causes race conditions when the adapter returns data. There are a few solutions to this:

• Guard all adapter functions with a mutex
• Guard access to the adapter itself with a mutex
• Maintain a mutex-guarded queue of pending adapter functions and run all adapter code on one thread

re: Vector35/binaryninja-api#1527 we need to re-arrange the import order to fix an annoying py3.8.1 issue.

Currently the breakpoint tags are piggybacking off the default "Crashes" tag type. We should instead create our own tag type and create tags for it. Also may want to investigate alternate tags when we have additional line-data (eg as in #36)

Currently all debugger configuration is cleared on reload. Here is a tentative list of data we need to save:

• Breakpoints (location and enabled)
• Command line arguments
• (when implemented) adapter address/port

Already have the svgs, just need to integrate them

Setting rsp to 0x10 will throw a ValueError as the stack view tries to read negative addresses.

We need a way to view mapped regions of memory. Essentially /proc/<pid>/maps

Not sure if linux specific or not, but with current dev and latest debugger master:

1. open /bin/ls
2. "run"
3. "resume" since the initial breakpoint is in the libc loader?
4. from _start, double click main, then right-click anywhere any select "set breakopint"

Traceback (most recent call last):
  File "/home/williamg/binaryninja/plugins/../python/binaryninja/plugin.py", line 144, in _default_action
    action(view_obj)
TypeError: cb_bp_set() missing 1 required positional argument: 'local_address'

Each of the widgets need to be dynamically populated with current state from the debugger

• Breakpoints
• Stackview
• Registers
• Console