LLDBinit: Improving LLDB

January 15, 2018 ~ hucktech ~ Leave a comment

My mad Python skills are finally exposed: "lldbinit – Improving LLDB" -> https://t.co/mTfWz9ypze
Code @ https://t.co/qArzufRI7Z

— The Uninitialized Pointer Guru 🥇 (@osxreverser) January 15, 2018

https://reverse.put.as/2018/01/15/lldbinit-improving-lldb/

https://github.com/gdbinit/lldbinit

Voltron integration for Binary Ninja

September 4, 2016 ~ hucktech ~ Leave a comment

Binary Ninja plugins, Based on Binary Ninja, voltron. https://t.co/7OwcQ4IhEx

— PythonArsenal (@PythonArsenal) September 1, 2016

https://github.com/snare/binjatron
https://github.com/snare/voltron
http://ho.ax/

Binary Ninja plugin for Voltron integration.

Features:
* Synchronise the selected instruction in Binary Ninja with the instruction pointer in the debugger
* Mark breakpoints that are set in the debugger in Binary Ninja
* Set and delete breakpoints in the debugger from Binary Ninja

https://firmwaresecurity.com/2016/04/09/voltron/

https://firmwaresecurity.com/2016/06/05/binary-ninja/

Voltron

April 9, 2016 ~ hucktech ~ Leave a comment

If you have not looked at Voltron, by Jim Fear, please check it out, it is quite powerful:

https://twitter.com/snare/status/718720138866917376

Voltron is an extensible debugger UI toolkit written in Python. It aims to improve the user experience of various debuggers (LLDB, GDB, VDB and WinDbg) by enabling the attachment of utility views that can retrieve and display data from the debugger host. By running these views in other TTYs, you can build a customised debugger user interface to suit your needs. Voltron does not aim to be everything to everyone. It’s not a wholesale replacement for your debugger’s CLI. Rather, it aims to complement your existing setup and allow you to extend your CLI debugger as much or as little as you like. If you just want a view of the register contents in a window alongside your debugger, you can do that. If you want to go all out and have something that looks more like OllyDbg, you can do that too.

https://github.com/snare/voltron

RET-Sync: multi-debugger tool for IDA Dissassembler

January 14, 2016 ~ hucktech ~ Leave a comment

ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/Oldbg2/x64dbg) with IDA https://t.co/PsKpFN4Ofw

— `Ivan (@Ivanlef0u) January 12, 2016

ret-sync stands for Reverse-Engineering Tools synchronization. It’s a set of plugins that help to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA disassembler. The underlying idea is simple: take the best from both worlds (static and dynamic analysis).

From debuggers and dynamic analysis we got:

local view, with live dynamic context (registers, memory, etc.)
built-in specialized features/API (ex: Windbg’s !peb, !drvobj, !address, etc.)

From IDA and static analysis we got:

    macro view over modules
    code analysis, signatures, types, etc.
    fancy graph view
    persistent storage of knowledge within IDBs

Keys features:

    Pass data (comment, command output) from debugger to disassembler (IDA)
    Multiple IDBs can be synced at the same time allowing to easily trace through multiple modules
    No need to deal with ALSR, addresses are rebased on-the-fly
    IDBs and debugger can be on different hosts

ret-sync is a fork of qb-sync that I developed and maintained during my stay at Quarkslab.

https://github.com/bootleg/ret-sync
https://github.com/quarkslab/qb-sync

Kernel debugging with LLDB and VMware Fusion

August 17, 2015 ~ hucktech ~ Leave a comment

Last week Damien DeVille posted a long article on how to use VMware Fusion with LLDB to do remote kenel debugging, on a Mac system:

https://twitter.com/revskills/status/632984441565134848

http://ddeville.me/2015/08/kernel-debugging-with-lldb-and-vmware-fusion/