Features

• Telescope: You can now telescope a memory area using Debugger.memory.telescope(address, max_depth, min_str_len, max_str_len).
• You can now specify a filepath for the running file that is different from argv[0].
• You can now set a timeout when using Debugger.run to automatically limit the execution time of the binary.
• You can now easily change argv, path, and environment variables after instantiating the debugger (Debugger.argv, Debugger.env, Debugger.path).

Other Improvements

• More functions are now available inside callbacks (e.g., Debugger.gdb, Debugger.breakpoint, Debugger.interrupt, etc.).
• Exceptions raised by libdebug's background thread are now more reliably handled.
• The interactive mode is now significantly faster.
• Control-C should now work in almost all cases, avoiding the need to kill the Python process running libdebug when background thread issues occur.
• Syscall definitions are now statically included in each libdebug release, eliminating the need to connect to a remote server the first time a syscall is resolved.
• A new, more reliable build system has been introduced, with better integration for pre-built wheels.
• Improved typing inference via easier imports.
• libdebug is now more robust when handling corrupted ELF files.

Bug Fixes

• Fixed issues with hardware breakpoints/watchpoints on x86 systems to prevent architecturally undefined behavior.
• Resolved issues with AVX-512 on virtual machines that do not expose vector registers.
• Fixed problems with snapshots when AVX-512 is involved.
• Fixed an issue with snapshots when the debugged process is dead.
• Fixed several issues with symbol searching.
• Resolved infinite wait conditions in edge cases when debugging processes.
• Fixed conversion bugs with AVX registers that could cause crashes during register assignment.
• Addressed several race conditions, making libdebug more reliable than ever.

Testing & CI

• The CI pipeline now includes additional checks on more distributions, including tests for wheels and builds.
• Resolved a race condition in multi-threaded signal tests due to incorrect test synchronization, which caused false failures.

Documentation

• Updated the README: thanks to wheels, no additional dependencies are now required.
• Updated the documentation to reflect all changes in version 0.9.0, including detailed instructions for manually building libdebug.
• General improvements for clarity, informativeness, and better examples.

New Contributors

• @12Boti
• @MrSmoer

Improvements

• Improved the build system to better support newer versions of libdwarf.
• Added an option to compile libdebug without dependencies on libdwarf, lidelf, and libiberty. Note: this disables symbol resolution.
• Fixed an issue with virtual machines that do not expose the xsave feature.

Release Remarks

• Roberto needs to sleep.

Changelog: libdebug 0.8 - 🍣 Chutoro Nigiri 🍣

Features

• Process/Thread Snapshots & Diffs: Take snapshots of the execution state of the debuggee and compare them across different points in time.
• Multiprocessing Support: Automatically manage child processes created via fork(), attaching new debuggers to them. This behavior can be customized with the Debugger parameter follow_children.
• Find References Between Memory Maps: Introduced d.memory.find_pointers to identify all pointers in a memory region that reference another region, useful for detecting memory leaks in cybersecurity applictions.
• SIGTRAP Signal Handling: Now it is possible to catch SIGTRAP signals, excluding those directly related to debugging, exposing only unrecognized signals from the process or external sources.
• Defaulted Fast Memory Access (fast_memory=True): Improves performance of memory access. Can be disabled using the fast_memory parameter in Debugger.
• New Terminal Autodetection for d.gdb(open_in_new_process=True): Ensures GDB opens correctly in a newly detected terminal without user-defined commands.
• Automatic Symbol Resolution for Unspecified Backing Files: When no specific file is set, symbols are resolved for all memory maps, with a warning due to potential performance impact.

Other Improvements

• Migration from CFFI to Nanobind.
• Refined Exception Handling: Standardized across the codebase for improved consistency.
• Improved IDE Support: Enhancements to improve autocompletion and code suggestions.
• Exposed zombie attribute in ThreadContext: Allows users to check if a thread is a zombie.

Bug Fixes

• Fixed Memory Leaks: Resolved multiple leaks across various libdebug modules.
• Fixed SymbolList Slicing: Properly supports slice operations.
• Improved debuginfod Handling: Enhanced caching logic when a file is not available on debuginfod, improving compatibility with other binaries that use debuginfod on your system.
• Fixed Resource Access Issues After Detach.
• Resolved Object Collisions in Event Handling: Addressed key-collision issues in event-related objects (e.g., SyscallHandler, SignalCatcher).
• Fixed Binary Path Resolution: Prevents incorrect binary paths in certain edge cases.
• Improved d.gdb for Edge Cases: Fixed several inconsistencies in execution.
• Fixed step, finish, and next Operations in Callbacks: Now executed correctly.
• Enhanced Stability & Performance Optimizations.

Testing & CI

• CI Support for arm64 & Ubuntu 24.04: Improved compatibility and test automation.

Documentation

• Added Documentation for New Features.
• Updated Contributing Guidelines.
• Fixed Broken Links & Missing Pydocs.
• Added Reference to Published Research Poster at a Top Conference.

New Contributors

• @collodel
• @myasn1k

Features:

• Interactive Mode: Introducing PipeManager.interactive mode!
• Enhanced Performance: PipeManager has been updated for significantly improved performance. New options are available; refer to the updated documentation for more details.
• Legacy FP Support: Added support for legacy x86 floating-point registers (mmx/st).
• Enhanced AVX Register Support: Improved support for AVX x86 registers.
• Full i386 Support (Alpha): Full support for i386 over amd64 introduced as an alpha feature.
• Native i386 Support (Alpha): Introduced native i386 support as an alpha feature.
• Event Notification System: Alerts users when the process stops during specific operations.
• Automatic Process Termination: The debuggee is now automatically terminated when the libdebug script ends. This behavior can be modified using the kill_on_exit option in the debugger.
• String Representations: Added string representation for Debugger, ThreadContext, and Registers objects.
• Enhanced Pretty Printing: New pretty prints introduced and improvements made to existing ones.
  • d.print_maps is deprecated and will be removed in future releases. Use d.pprint_maps instead. Moreover, it has a more colorful output.
  • t.pprint_regs is now available.
  • Improved d.pprint_syscalls, which now includes the thread originating the syscall and more.
  • t.pprint_backtrace is now available.
• Search in Memory: New memory search functionality: t.memory.find().
• Filtering: New filters for memory maps (d.maps.filter()) and register content (t.regs.filter()).
• Symbols access: Access and filter executable symbols, including libraries, with d.symbols and d.symbols.filter().
• Syscall and Signal Handling: Enhanced handling for all syscalls and catching all signals with "*", "all", or "ALL".
• Empty Callback: Now you can create empty callbacks by setting callback=True.
• Enhanced GDB support
  • d.gdb can now run non-blocking with blocking=False. Refer to the documentation for more details.
  • d.gdb now automatically detects the terminal in most cases.
  • Option to omit the breakpoint migration when using d.gdb.
• More Registers: Access to segment registers and CPU flags.
• Pipe redirect: You can now choose whether to redirect pipes when running the process using d.run.

Documentation:

• Complete Rewrite: The documentation has been completely revised and rewritten.

Bug Fixing

• Debugging Symbols: Improved logging and error handling for debuginfod symbols download system.
• Watchpoint Handling: hit_on for watchpoints now works correctly.
• Stack Unwinding: Enhanced error handling that avoids certain exceptions.
• Memory and Attach Handling: Resolved race conditions with fast_memory=True and d.attach.
• Threaded Process Attach: Improved attach functionality for multi-threaded processes.
• Internal Debugger Conflicts: Resolved dictionary conflicts in some edge cases.
• Signal Management: Improved RT signals management.
• Terminal Compatibility: Enhanced support of d.gdb on various terminals.
• Path resolution: Improved path resolution for the argv path passed to the debugger.
• Detach and Kill: Now you cannot kill a process after detaching from it.
• Many other fixes.

Others

• IDE Improvements: Typing fixes to enhance usability and IDE suggestions.
• AARCH64 Support: Upgraded from alpha to beta.
• ASLR: Enabled by default.
• Symbol Level: Default sym_level set to 5.
• Custom Exceptions: Introduced custom exception for attach operations without ptrace_scope.
• Public Debugger Access: Now accessible from ThreadContext (d.debugger).
• Base Alias: MemoryMap.start now has an alias called base

Test:

• New Test Suite: More consistent across different architectures.
• Python 3.13 Support: Added in CI.

Full Changelog: 0.6.0...0.7.0

What's Changed

Features

• Introduced full support for AArch64
• Added support for vector registers (AVX)
• Added the debugger.next feature, which works similarly to GDB's next instruction
• Added an optional memory access mode (fast memory), which improves speed during memory operations
• Process is now killed automatically when the script ends (can be disabled in debugger APIs)

Tests

• Updated the test suite with more tests

Documentation

• Updated the documentation to reflect the new features
• Added a DOI and updated the citation reference

Fixes

• Unwind manager fixes
• Fixed an issue with d.run() when anti-debug escaping is active

Full Changelog: 0.5.4...0.6.0

What's Changed

Hotfixes

• A hotfix for the _background_invalid_call function, which is called when a user tries to call an unsupported libdebug function in a callback. It did not correctly handle a variadic number of (positional) arguments.
• Better management of edge cases in the get_return_address function.
• Solved a problem with the breakpoint disable option if called right after the installation of the breakpoint.

Performance Optimizations

• A slight optimization in the performance and logic of breakpoints.
• Memory access latency improvements with absolute addresses.

Additional Improvements

• An info message is now displayed when symbols are downloaded from debuginfod.
• Now the backtrace function has a new parameter to choose to return either a list of addresses or symbols. Additionally, a public pretty print for the backtrace has been added.
• Rationalized the debugging levels.

Tests and Examples

• Added use case examples to show how to use libdebug in different contexts.
• Added benchmark tests on event handling, related results, and comparison with GDB Python API.

Documentation

• Updated the documentation for the new logging system.

Full Changelog: 0.5.3...0.5.4

What's Changed

• Fixed post-mortem register access

Full Changelog: 0.5.2...0.5.3

What's Changed

• Fixed GDB migration command (d.gdb) not working

Full Changelog: 0.5.1...0.5.2

What's Changed

• fix: lint mistake with f-string by @io-no in #68
  Full Changelog: 0.5.0...0.5.1

First official release of libdebug with a stable API and feature set