Author Topic: oBFusCATed - gdbmi plugin query  (Read 17220 times)

Offline AndrewCot

  • Plugin developer
  • Lives here!
  • ****
  • Posts: 653
oBFusCATed - gdbmi plugin query
« on: October 29, 2021, 07:04:30 am »
Has anyone done any work or played with oBFusCATed  gdbmi plugin in the last say 2 years? If you have does it compile against the latest C::B sources?

The existing source does not build due to C::B SDK a number of years ago (I think it may be 6 years, but I could be totally wrong). I have it building and loading, but not working. I have been looking at it on and off for the last 4 months.

Online ollydbg

  • Developer
  • Lives here!
  • *****
  • Posts: 5634
  • OpenCV and Robotics
    • Chinese OpenCV forum moderator
Re: oBFusCATed - gdbmi plugin query
« Reply #1 on: October 29, 2021, 12:00:34 pm »
I haven't build his gdb-mi plugin recent years. But I did build and use it before.

Basic debugging feature should work OK.
If some piece of memory should be reused, turn them to variables (or const variables).
If some piece of operations should be reused, turn them to functions.
If they happened together, then turn them to classes.

Offline AndrewCot

  • Plugin developer
  • Lives here!
  • ****
  • Posts: 653
Re: oBFusCATed - gdbmi plugin query
« Reply #2 on: March 23, 2022, 12:16:32 pm »
I have forked the code and got it building and running with the C::B SVN code. There were a few changes due to SDK updates and a mod to the GDB breakpoint address decoding to support 64 bit address space.
The code is currently available from https://github.com/acotty/cb_gdbmi , but be aware that the plugin functionality has not changed so it is not complete.

Offline AndrewCot

  • Plugin developer
  • Lives here!
  • ****
  • Posts: 653
Re: oBFusCATed - gdbmi plugin query
« Reply #3 on: March 24, 2022, 09:12:36 am »
Updated the logging and add extra logging, so the logging in the version from this afternoon (Oz time) is  a heck of allot better.
How did the devs who cloned it go with playing with it? Please raise issues or PR's or add as an issue extra testes that I have not included in the readme.md file so I can make sure all of the tests pass before finishing working on the code.

BTW: Instead of cloning the repo you are better forking the repo and then cloning it.
This post is up for the last commit on 24MAR2022.


Offline AndrewCot

  • Plugin developer
  • Lives here!
  • ****
  • Posts: 653
Re: oBFusCATed - gdbmi plugin query
« Reply #4 on: March 25, 2022, 10:53:09 am »
I have started fixing bugs I come across by using the small test source code below.

I can do the following:1. set breakpoints
2. run to the first breakpoint3. Continue to the next breakpoint4. step to the next line
5. watch cTest
6. Expand the cTest in the watch window. Fixed a bug that limited the size to 100 in the original code
7. cTest updates between breakpoints or stepping to the next line is working. Fixed a bug that would stop updates after the 9th item.

Code
#include <stdio.h>#include <cstring>

using namespace std;


int main()
{
    char cTest[300];
    memset(cTest, 0x00, 300);
    //              00000000001111111111
    //              01234567890123456789
    strcat(cTest, "This is a char array");
    strcat(cTest, "This is a char array");
    strcat(cTest, "This is a char array");
    strcat(cTest, "This is a char array");
    strcat(cTest, "This is a char array");
    strcat(cTest, "This is a char array");
    strcat(cTest, "This is a char array");
    strcat(cTest, "This is a char array");
    strcat(cTest, "This is a char array");
    strcat(cTest, "END END END END END ");
    printf("Hello world!\n");
    printf("Array: \n%s", cTest);

    getchar();

    return 0;
}
I am slowly making progress. If you cloned the repo or download the source zip over the last few days then I would advise updating your code as the code works allot better now and will continue to improve, so check the git repo for changes every few days.

Offline AndrewCot

  • Plugin developer
  • Lives here!
  • ****
  • Posts: 653
Re: oBFusCATed - gdbmi plugin query
« Reply #5 on: March 26, 2022, 06:46:58 am »
I have fixed more issues with watches and from my testing I think the watches now look good, but I have not stressed the watches.

I have updated the readme.md to show the pass and fails for the testing I have done (this is the default readme.md that github uses to show on the main page).
At this point in time I think that I can add to my local C::B installation the GDB/MI debugger. This will allow me to use the GDB/MI debugger as my main debugger.

If you need any of the following functionality then you will need to wait for the missing functionality to be added or if you can help with any of it please let me know so the work is not duplicated:
  • CPU registers
  • Memory display
  • debugging console projects where you need to see the console
  • Disassembly
  • conditional breakpoints

Offline AndrewCot

  • Plugin developer
  • Lives here!
  • ****
  • Posts: 653
Re: oBFusCATed - gdbmi plugin query
« Reply #6 on: March 27, 2022, 12:39:58 pm »
I have updated the Github source with a working CPU registry display. The GDB/MI and GDB command are not the same. The new GDB/MI commands used are the same as CodeLite uses as the old command used does not fit the new way of sending a command and receiving a single response message to process. In the case of the CPU registries there are two GDB/MI command that are needed, one for the names and one for the values.

If you need any of the following functionality then you will need to wait for the missing functionality to be added or if you can help with any of it please let me know so the work is not duplicated:
  • Memory display
  • debugging console projects where you need to see the console
  • Disassembly
  • conditional breakpoints
I am now using the GDB/MI debugger to debug the changes I am doing and it's working as expected (aka usable for what works).

Offline BlueHazzard

  • Developer
  • Lives here!
  • *****
  • Posts: 3255
Re: oBFusCATed - gdbmi plugin query
« Reply #7 on: March 27, 2022, 08:46:14 pm »
> Memory display
So memory watches are not working?

I will try to test it later...

Offline AndrewCot

  • Plugin developer
  • Lives here!
  • ****
  • Posts: 653
Re: oBFusCATed - gdbmi plugin query
« Reply #8 on: March 27, 2022, 10:57:24 pm »
Watches are working.

No memory display "stuff" is working as there is no code for the "memory dump" or "memory view" dialogs/features.

Offline AndrewCot

  • Plugin developer
  • Lives here!
  • ****
  • Posts: 653
Re: oBFusCATed - gdbmi plugin query
« Reply #9 on: March 28, 2022, 01:16:15 am »
The missing code to hook up to the GetExamineMemoryDialog appear to be simple and similar to the CPU registry functionality and I can borrow bits of it.

The process I have found the seems to be the fastest is:
  • Search the Codelite source code for a keyword and see if there is any lines with a "cmd" in them and they look like the line sends a GDB/MI request.
  • Open the file and look at the line found in 1)
  • If it is not obvipus what the parameters are lookup the command int he GDB 11.2 manual
  • Add the new action and Code up the start() to send the cmd and the OnCommandOutput() to display the result.6) Look at the exsting code for the "dialog" to use or where the data needs to go.
  • Code up the rest of the OnCommandOutput().
  • Test and mod/fix until the new functionality works like the existing GDB.
I have found that unless you want to read the GDB manual from one end to another searching it can result in finding command that look like they should be used, but there may be other ones that work way better. Found this out with the CPU register commands and wasted a few hours and then looked at how Codelite did it and used the new commands and it worked out allot easier.
« Last Edit: March 28, 2022, 04:43:35 am by AndrewCot »

Offline AndrewCot

  • Plugin developer
  • Lives here!
  • ****
  • Posts: 653
Re: oBFusCATed - gdbmi plugin query
« Reply #10 on: March 28, 2022, 04:44:33 am »
The Examine Memory Dialog is now working.

Online ollydbg

  • Developer
  • Lives here!
  • *****
  • Posts: 5634
  • OpenCV and Robotics
    • Chinese OpenCV forum moderator
Re: oBFusCATed - gdbmi plugin query
« Reply #11 on: March 28, 2022, 04:51:19 am »
AndrewCot, thanks for your contribution!

I will try to build this plugin as soon as possible.  ;)
If some piece of memory should be reused, turn them to variables (or const variables).
If some piece of operations should be reused, turn them to functions.
If they happened together, then turn them to classes.

Offline AndrewCot

  • Plugin developer
  • Lives here!
  • ****
  • Posts: 653
Re: oBFusCATed - gdbmi plugin query
« Reply #12 on: March 28, 2022, 07:06:56 am »
I would wait as I am making good progress.

The enable/disable pop up menu is now working. Github has the updated source with it in it.

I added the missing code and then spent an hour of debugging as I thought I missed something, but found that the toggling did not work because the "m_enabled = flag;" line in the following function was missing (already in the class and hooked up to the Breakpoint::IsEnabled() function.....

Quote
    void Breakpoint::SetEnabled(bool flag)
    {
        m_enabled = flag;
    }

Offline AndrewCot

  • Plugin developer
  • Lives here!
  • ****
  • Posts: 653
Re: oBFusCATed - gdbmi plugin query
« Reply #13 on: March 28, 2022, 08:22:16 am »
Fixed debugging console projects where you need to see the console. Github updated. 

If you need any of the following functionality then you will need to wait for the missing functionality to be added or if you can help with any of it please let me know so the work is not duplicated:
  • Debug -> Memory view dialog
  • Disassembly
  • conditional breakpoints
Memory dialog info:
The "Memory view window dialog" has "Memory view window" as the title and has tabbed memory view and the data display is shown as two panels.The "Memory examine dialog" has "Memory" as the title and one panel for the data and has a "Go" button. Below the "Address:" static control is "(e.g. 0x401060, or &variable or $$eax)"


Offline AndrewCot

  • Plugin developer
  • Lives here!
  • ****
  • Posts: 653
Re: oBFusCATed - gdbmi plugin query
« Reply #14 on: March 28, 2022, 11:20:09 am »
I think I have a handle on the cbMemoryView plugin, which hopefully I will be able to get working tomorrow.


@BlueHazzard : Once I get it working and upload the source do you think you test it to try and break it?  The changes are in the GDB/MI debugger as it is missing the AddMemoryRange() function that the plugin requires and the rest of the missing functionality.
« Last Edit: March 28, 2022, 11:42:00 am by AndrewCot »