Idbg pre-release.

See history.txt for changes.

Idbg is a Ring3 (application layer) debugger plugin for IDA.
It is a very early release and should be a preview only.

Included in this Zipfile:

- 421\idbg.plw	Idbg for IDA 4.21
- 430\idbg.plw	Idbg for IDA 4.30
- readme.txt	this file
- history.txt	list of changes
- cmds.txt	list of supported commands
- bugs.txt		list of known bugs


1. WHAT IT DOES
2. IDEAS:
3. CREDITS:
4. SOURCECODE:
5. CONTACT:






1. WHAT IT DOES

Idbg adds debugging facilities to IDA so that the user will be able to

- singlestep through the code		->	implemented (press F8 to singlestep)
- view/edit the contents of registers		->	implemented
- dump memory to hard disk			->	implemented
- inject a file into memory			->	implemented
- view/edit memory				->	to be done
- set breakpoints				->	internally implemented; not user-driven yet
- ... see the IDEAS section

As you can see, there's a lot of work to be done. Currently I am working on the user interface
which may change in future releases. However, it will mostly be command line driven just
like that commercial and famous Ring0/kernel debugger ;-)

I find it quite difficult to explain what this plugin does, just try it right now ;-)

Otherwise, go on reading about my ideas for the debugger:



2. IDEAS:

- autocommenting				->	Automatically comment each line with contents/changes of
						of registers and/or variables being "watched"

- script language/system			->	Automate the debugger

- freeze/resume the process being debugged	->	Freeze the process being debugged by completely
						saving its state to harddisk (memory, registers etc.)
						and resuming it at a later point of time.
						I hope this can be done in Ring3 if it can be done at all ;-)

- "repetitive code-execution"			->	This will allow the user to execute/analyze/singlestep
						a selected block of code multiple times in order to
						protocol (or whatever) its codeflow at different conditions,
						fuzz functions, stress test the code and so on...
						The state of the code block is saved when being executed
						for the first time and restored when the end of the code block
						is reached (including Eip).
- "code-matching"				->	Update the IDA database with memory contents.
						
- your ideas here						


For additional information, click the 'Help' button on the Idbg dialog.



3. CREDITS:

A big THANK YOU to DATARESCUE for their great support and to all the ones who always had the time
to help me during the development (I think you prefer not to be mentioned here).



4. SOURCECODE:

*At this point of time* I won't give out the sourcecode, because it needs lots of code cleaning once it is
in a final and stable state ;-)

I am in no way responsible for any damage Idbg may cause or for misuse of Idbg from the side of the user !
You better backup/save your database before running this plugin!
I have warned you !


5. CONTACT:

--
trapflag(at)backtrace.de