Re: Universal Kernel Debugger
- From: klaushuotari@xxxxxxxxx
- Date: 24 Feb 2007 11:56:00 -0800
On 24 helmi, 19:30, adx <a...@xxxxxxx> wrote:
Hello,
I've been working for some time on a multi-platform, multi-OS
kernel-mode debugger which would work as an equivalent for SoftICE. I
hope some of you might be interested in making it a feature-rich open
source software.
http://irc7.pl/cgi-bin/viewcvs.cgi/ukd/(a few months/years ago I also
started a project with this name on SF)
What it already can:
- pop up its window on Ctrl+G (configurable via variable in source code)
or (optionally) int1/int3 or breakpoint, using universal video driver
siwvid.sys; this driver is actually very easy to rewrite as open source
(could be 200 lines or so), I just didn't feel the need to do so (in
short: int 2D hook on bootup, watch loaded modules, activate when GDI
driver is being loaded, hook [call/jmp] its entry point; then, from it,
modify returned block to include changed Init_DirectDraw handler or so,
and finally when we reach there, save screen info along with surface
pointer);
- trace/step over F8/F10, Go, (Un)assemble and a few others; well
written disassembler/assembler stuff (can easily support various formats
like AT&T/Intel, can easily be extended e.g. x64);
- breakpoints in kernel or user code;
- ability to load PE export names and use them instead of addresses;
expression parser (seg:offs, calculations, addr->ofs syntax for
[addr+ofs] etc.)
- SoftICE-alike look&feel, e.g. register window (can be edited), code
(optionally with opcodes), data (various widths, edition, physical
memory too), status, command editor with history, similar keystrokes
(e.g. [Ctrl/Shift]+(Pg)Up/Dn), mouse;
- first steps taken in implementing USB stuff;
- some NT-specific stuff like display current process in bottom right
corner, ADDR command (view another context) and more.
Current problems and possible work areas include:
- when tracing, PUSHF/POPF need to be emulated or we could have a crash
after tracing through PUSHF and then resuming before POPF (uncought i1);
- more portability across Windows versions (structure offsets vary, e.g.
in EPROCESS, you might experience crashes because of this); more
separation between core and OS-dependent stuff;
- interface improvements, window resizing, floating point window;
- handle USB HID;
- add features you like.
Regards.
Sounds interesting. I've been tinkering around with my own SoftIce
clone. At least I've got that text-based look and feel right :)
I could provide especially command routines, since I have many of
those implemented in C. Incremental command hints, command dispatching
via function pointer table, the works. Projects like this are always
very rewarding. I have to study this one and see what I can
contribute.
.
- Follow-Ups:
- Re: Universal Kernel Debugger
- From: Wolfgang Kern
- Re: Universal Kernel Debugger
- Prev by Date: Re: Accessing Command-line text
- Next by Date: Re: Help me about this question.
- Previous by thread: Clarification on the cmp instruction
- Next by thread: Re: Universal Kernel Debugger
- Index(es):
Relevant Pages
|
