This looks nice. From the layout of some of the menus, it seems like it was written by fans of OllyDbg, maybe because OllyDbg still has no 64-bit support. OllyDbg is great, so hopefully I can get some use out of this tool as well.
Hey, great work! It's a little bit unfortunate it doesn't work for Linux, since I've been looking for something like that for a long time and haven't found one, yet.
How hard would it be to port this to Linux? What would need to be ported? I don't have much free time, but I might be able to contribute to a port for Linux, given enough free time.
There's generally very little call for binary-level debuggers in linux. So everything is oriented towards source-level debuggng. Which makes sense since normally source code is available.
IMO gdb isn't very good for binary-level debugging, which is pretty much a euphemism for reverse-engineering anyway. It'd be nice to have something like that. I tinkered around with building such a thing years ago[0] but I wanted it to be cross-platform (I was using PPC at the time). But found libdisasm to be a bit limited as a disassembler suitable for such a thing.
> So everything is oriented towards source-level debuggng. Which makes sense since normally source code is available.
Maybe it's just the way I use debuggers, but I don't find this to be a particularly compelling reason; I use instruction-level debugging quite often even when I have the source (debugging a program I wrote, when simpler methods fail), to [1] verify that the high-level language statements are doing the expected, [2] ensure that the compiler is generating the expected instructions, and [3] to observe where exactly the bug is.
> IMO gdb isn't very good for binary-level debugging
Having come from a Windows background, I'd say using gdb for that is an absolute nightmare - it appears to almost be designed to actively make it harder to do instruction-level debugging, despite the fact that the implementation of a debugger for source code is far more complex than one that doesn't. E.g. the "disassemble" command absolutely requires a symbol table, and will still complain if there's no "function" at some address, when all it really needs to do is start reading the bytes at the address it's given as a parameter - which could be the name of a symbol - and interpret them as instructions. Instead the somewhat unintuitive "workaround" is to use "x/i".
IDA Pro is available on Linux, but I think you were looking for a free option. Although the shareware version of IDA Pro works very well under WINE (the shareware version is an old release that is missing some features and is before they added Linux support)
Perhaps worth noting that there is a difference between MinGW [1] and MinGW-w64 [2] - namely, the latter supports building 64-bit applications. In combination with msys2 [3], its pacman port [4], and mingw-builds [5] the toolchain has become very easy to install, and quite pleasant to use.
I had previously commented [6] on stability issues using mingw-w64. After some snooping using vmmap, Dependency Walker, and PE Explorer, I found that disabling the Windows Superfetch service dropped memory usage significantly. It turns out that this has been observed by cygwin devs [7]. I also disabled the Program Compatibility assistant, and my system now stays stable even after rebuilding LLVM and OpenBLAS multiple times.
1. Visual Studio is not free. Yes there is Visual C++ express but for a while it didn't have C99 support because in general it was only a C++ compiler. I believe C99 support was added with VS2013.
2. It's just really nice to use the same compiler on Linux, BSD and Windows. This is possible with GCC and LLVM but not Visual C++.
Microsoft tools are not bad (in fact I like SQL server over MySQL or Postgres) but because they aren't cross platform it's very difficult to adopt. them.
It's really good to see such a lightweight interface, like Ollydbg. I stopped using Ollydbg back then when I had to debug some x64, but didn't find anything free with such a minimalist and powerful UI. I guess you guys made it, good job :)! I wish it was available for Mac too thought - not using Windows anymore.
For OSX there is now hopper, a binary debugger and reverse Engineering tool. Something between Olly and IDA with a nice interface. Can work on x86 as well as ARM binaries. Hopper is not open source.
http://www.hopperapp.com
I'm really really hoping Hopper can catch up to IDA. I'm still not good enough with assembly to make much use of either, but the free version of IDA can make some really nice flowcharts which are pretty helpful.
How does this compare to WinDBG, which already seems fairly mature? Why would I switch to this? (if you ask me, the problem of FOSS doesn't come into play here, since Windows itself is a closed platform).
And indeed, a similar GUI-based debugger for Linux would be awesome as well.
To me the strength of windbg is not the 1990s style Multiple Document Interface UI. It's the fact that the commands are so terse and powerful. Once you get over the (steep, I'll admit) learning curve, you get a lot done without typing very much. I find gdb a lot more painful to get around for even simple stuff.
The remote debugging support is also phenomenal, though you need a culture to support it. I've only seen it work really well on the MS campus.
> if you ask me, the problem of FOSS doesn't come into play here, since Windows itself is a closed platform
There are many Windows users who prefer to use FOSS despite the OS itself not being so, and have more pragmatic reasons for using Windows over some other (possibly FOSS) OS.
Windbg was broken on Win 7, in that it no longer is able to walk the stack by following [EBP]. If I want to get a call stack, I have to use Windbg on Windows XP.
Hey look, it's GPLv3. So the only people using it are probably writing malware. I don't expect any commercial windows shops or anyone at MS will use this tool. That said, seems like a pretty cool project.
You're better of just calling it x86 to describe the 32-bit instruction set.
I love the connections between jumps and landing sites though, very helpful!
[1]: https://en.wikipedia.org/wiki/X32_ABI