Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/udbg/udbg

Cross-platform library for binary debugging and memory hacking written in Rust
https://github.com/udbg/udbg

cross-platform debug debugger debugging memory-hacking reverse-engineering rust utility-library

Last synced: 2 months ago
JSON representation

Cross-platform library for binary debugging and memory hacking written in Rust

Awesome Lists containing this project

README

        

# udbg

[![crates.io](https://img.shields.io/crates/v/udbg.svg)](https://crates.io/crates/udbg)
[![docs.rs](https://docs.rs/udbg/badge.svg)](https://docs.rs/udbg)

Cross-platform library for binary debugging and memory hacking written in Rust.

- 👍 Cross-platform: udbg wraps the details of different interfaces on different platform, and provides uniform interfaces
- 👍 Multiple-target: you can control multiple debug target in most cases
- 👍 Non-invasive: you can only view the information of target, instead of attaching to it
- 👍 Various target types: In addition to process, target can be a [`minidump`](struct@minidump::MiniDumpTarget), a [`PE file`](struct@pe::PETarget), even be the OS-Kernel space with extra extension.

## API Overview

There are two main kinds of interfaces in udbg, target information and debugging interfaces.

Interfaces of target information, which abstracted as the [`UDbgTarget`](trait@target::UDbgTarget) trait, represents an observable debugging target, it is an [`active process`](struct@os::ProcessTarget) in most cases, also it can be a [`minidump`](struct@minidump::MiniDumpTarget), a [`PE file`](struct@pe::PETarget), even be the OS-Kernel space with extra extension.

[`UDbgTarget`](trait@target::UDbgTarget) contains these functions, [`memory operation`](trait@memory::TargetMemory) (read/write/enumeration), [`module`](trait@symbol::UDbgModule) enumeration, [`thread`](trait@target::UDbgThread) enumeration, [`handle/FDs`](struct@shell::HandleInfo) enumeration, etc. Based on these functions, we can implement some utililties over the different types of target, such as **[module dump](https://github.com/glmcdona/Process-Dump)**, **memory search**, **hook scanning**, **malicious code scanning**, etc.

Debugging interfaces, which abstracted as the [`UDbgEngine`](trait@target::UDbgEngine) trait, mainly provides the ability of process control. There is a [`default implementation`](struct@os::DefaultEngine), typically it wraps the [Debugging Functions](https://docs.microsoft.com/en-us/windows/win32/debug/debugging-functions) on Windows, and wraps the [ptrace](https://man7.org/linux/man-pages/man2/ptrace.2.html) interfaces on Linux.

Most of above interfaces were designed to be dynamic objects, which is for script-binding friendly, and udbg provides [`lua bindings`](mod@lua) defaultly.

Current status of target information interfaces

| Platform/Target | Memory operation | Memory List | Thread | Module/Symbol | Handle/FD List |
| --------------- | ---------------- | ----------- | ------ | ------------- | -------------- |
| Windows Process | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| Linux Process | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| MacOs Process | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| Minidump | ✔️ (readonly) | ✔️ | ✔️ | ✔️ | 🚧 |
| PE File | ✔️ (readonly) | ✔️ | - | - | - |

Current status of debugging interfaces

| Platform/Target | Debug Symbol | Breakpoint | Watchpoint(HWBP) | Multiple Target |
| ---------------- | ------------ | ---------- | ---------------- | --------------- |
| Windows(x86/x64) | ✔️ (pdb) | ✔️ | ✔️ | ✔️ |
| Windows(aarch64) | ✔️ (pdb) | ✔️ | ✔️ | ✔️ |
| Linux(x86_64) | ✔️ (elf) | ✔️ | ✔️ | ✔️ |
| Linux(aarch64) | ✔️ (elf) | ✔️ | ✔️ | ✔️ |

## Examples

- Cross-platform interfaces to get target information, see `src/test.rs` `fn target`
- Write a basic debugger, see `src/test.rs` `fn test_debug`