Radare2: Decouple debugging profiles from the code

Created on 5 Feb 2020  Â·  7Comments  Â·  Source: radareorg/radare2

Currently radare2 hardcodes all debugging profiles for both native debugging and external debuggers plugins, like GDB or WinDBG. I suggest to define the file format, e.g. similar to the one we use for syscalls/Windows API and/or SDB. This way they can be changed separately from the code and on the fly when required.

The code should unify the debugging profiles for native debuggers, GDB/LLDB remote client, WinDbg remote client when possible.

RDebug WinDbg gdb refactor

All 7 comments

Debuging profile = register profile? If so. Its already like this

On 5 Feb 2020, at 07:23, Anton Kochkov notifications@github.com wrote:


Currently radare2 hardcodes all debugging profiles for both native debugging and external debuggers plugins, like GDB or WinDBG. I suggest to define the file format, e.g. similar to the one we use for syscalls/Windows API and/or SDB. This way they can be changed separately from the code and on the fly when required.

The code should unify the debugging profiles for native debuggers, GDB/LLDB remote client, WinDbg remote client when possible.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.

As you might notice the format is different between native debuggers, GDB client and WinDbg client.
There are pieces that can't be changed on the fly yet.

I just looked into this issues and here are what I found.

enum {
    E_ActiveProcessLinks, // EPROCESS
    E_UniqueProcessId,    // EPROCESS
    E_Peb,                // EPROCESS
    E_ImageFileName,      // EPROCESS
    E_VadRoot,            // EPROCESS
    E_ThreadListHead,     // EPROCESS
    P_DirectoryTableBase, // PCB
    P_ImageBaseAddress,   // PEB
    P_ProcessParameters,  // PEB
    R_ImagePathName,      // RTL_USER_PROCESS_PARAMETERS
    ET_Tcb,               // ETHREAD
    ET_ThreadListEntry,   // ETHREAD
    ET_Win32StartAddress, // ETHREAD
    ET_Cid,               // ETHREAD
    C_UniqueThread,       // CLIENT_ID
    O_Max,
};

typedef struct {
    int build;
    int sp;
    int bits;
    int flags;
    int f[O_Max];
} Profile;

Profile seems to contain only offsets of Windows kernel internal structure, unrelated to the register profile.

arch.c seems to be the libgdbr's internal structure to locate each register. Refactoring it to make use of RReg API might complicate it (it is actually confusing now as well) since libgdbr is just the backend of the r_debug_plugin_gdb plugin.

libgdbr actually parses the gdb xml target description xml.c:gdbr_parse_target_xml, convert it into the same plaintext format, in order to pass it back in its plugin r_debug_plugin_gdb (debug_gdb.c:r_debug_gdb_reg_profile).

@abcSup I never said it should be exactly the same as RegAPI, but adding the ability to define and store in the text files or something like that.
If you think that WinDbg profiles don't worth the trouble since less numerous than GDB ones - ignore that part then. Good job for digging inside the sources!

@XVilka You are right. My fault that I did overthink about RReg and focused on refactoring them to RReg. So, it should be a more general approach to move every profile regardless of every type to its own header file like how https://github.com/radareorg/radare2/tree/master/libr/debug/p/native/reg does.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

RazviAlex picture RazviAlex  Â·  4Comments

0ki picture 0ki  Â·  6Comments

Manouchehri picture Manouchehri  Â·  3Comments

YugoCode picture YugoCode  Â·  3Comments

crowell picture crowell  Â·  8Comments