Project Slot 5 - Binary Debugger Frontend

Student: Felix Glasern (DE)
Primary mentor: Mark Schloesser (DE)
Backup mentor: Tillmann Werner (DE)

Google Melange: https://www.google-melange.com/gsoc/proposal/review/google/gsoc2013/leex/1

Project Overview:

In this project a debugger frontend that closes the gap to best-in-field debuggers like OllyDbg (which only runs on Windows) offers a better designed UI and scriptability will be implemented. Because sofar, (most) existing open-source debugger frontends lack good configurability, scriptability and professional features of OllyDbg and IDA, especially when debugging binaries without source code (such as malware samples).
The frontend will be programed in such a way that it can be easily adopted to different backends. The primary backend will be GDB which allows for debugging every target that implements the GDB stub (for example Qemu or lldb). First GDB server will be used as a backend during milestone 1 and then the Binary Debugger Backend (Project Slot 4) be supported as a backend as well during Milestone 2.

To achieve this modularity with backends a simple controller will be implemented that offers a set of widgets to plugins, as well as database for storing relevant debugging information. The plugins are where the actual work is done. They pull information from the backend and save it to the "knowledge base". Then plugins perform operations on the information in the knowledge base to provide the frontend with relevant data to display. For example, if the frontend shall display assembler code a plugin will pull data from the backend and create an element containing assembly code which then can be displayed by the frontend. A more complex plugin would then provide an annotated version of the assembly code using the disassembled version from the database and create a new data set containing the annotated version.

Deliverables :
In the end the frontend shall contain:

  • standard disassembly views with jump analysis
  • memory views (hex dumping/editing)
  • live patching
  • register modification
  • an interface for easily adding new plugins
  • target-specific views for structures/threads/loaded modules, etc. if there is time
  • a graphview if there is enough time
  • support for at least gdb and the backend that is developed in project slot 4

Project Source Code Repository:
https://github.com/honeynet Will be updated once an intial version is pushed

Student Weekly Blog: http://www.honeynet.org/blog

Project Useful Links:
hexgolems Will come online with the first usable version

Project Plan:
The plan is split into 2 milestones and each todo has a priority.

Milestone 1

Controller:
preliminary API [high]
PoC Plugin interface [high]
connect to GDB to get debugging information [high]

Knowledge Database
decide which database to use [high]
design db layout [high]
preliminary integration into controller [high]

Controller plugins for:
normal breakpoints [high]
watch expressions [optional]
view plugin [high]
analyze JMPs, execution trace info [optional]
feeding database with disasm [high]

Frontend:
intial design for UI [high]
connecting frontend to Controller [high]
Hex view widget [high]
Code view widget [medium]
Structure view widget [medium]

Views:
- register-view (plugin with structure view) [low]
- memory-view (plugin mit hex view) [low]
- stack-view (plugin mit hex view) [low]
Operations:
- single step [high], step over [medium], run until breakpoint [high]
- breakpoints [code, memory] [high]
- register editing [optional]
- memory editing [optional]

Documentation for:
- frontend [optional]
- Knowledge base [low]
- preliminary Controller API [high]
- preliminary Plugin Interface [high]

strong> Milestone 2

Controller:
full API [high]
fully functional Plugin interface [high]
connect to GDB to get debugging information [done]
connect to Binary Debugger Backend (Project Slot 4) [high]

Knowledge Database
decide which database to use [done]
design db layout [done]
finish integration into controller [high]

Controller Plugins for:
normal breakpoints [done]
feeding database with disasm [done]
watch expressions [high]
editing [high]
patching [high]
view plugins (see below) [done]
analyze JMPs, execution trace info [high]
Custom breakpoints [medium]
Junk code removal [medium]
new origin here [medium]
dumping to executable [optional]
disasm to meta code translation [optional]
referenced text strings [optional]
history [optional]
diff [optional]
logging [optional]
snapshot [optional]
show loaded libs [optional

Frontend:
final design for UI [high]
connecting frontend to controller [done]
Hex view widget [done]
Code view widget [high]
Structure view widget [high]

Views:
- register-view (plugin with structure view) [high]
- memory-view (plugin mit hex view) [high]
- stack-view (plugin mit hex view) [high]

Operations:
- single step [done], step over [high], run until breakpoint [done]
- breakpoints (code, memory) [done]
- register editing [high]
- memory editing [high]

Documentation for:
- frontend [optional]
- Knowledge base [high]
- Controller API [high]
- Plugin Interface [high]