[GDB] GNU Project Debugger

GDB, the GNU Project debugger, allows you to see what is going on `inside' another program while it executes - or what another program was doing at the moment it crashed.

GDB can do four main kinds of things (plus other things in support of these) to help you catch bugs in the act:

• Start your program, specifying anything that might affect its behavior.
• Make your program stop on specified conditions.
• Examine what has happened, when your program has stopped.
• Change things in your program, so you can experiment with correcting the effects of one bug and go on to learn about another.

The program being debugged can be written in Ada, C, C++, Objective-C, Pascal (and many other languages).

Those programs might be executing on the same machine as GDB (native) or on another machine (remote). GDB can run on most popular UNIX and Microsoft Windows variants.

Download GNU Project debugger

[WinDbg v6.12.2.633] Debugging Tools for Windows

WinDbg is a graphical debugger from Microsoft. It is actually just one component of the Debugging Tools for Windows package, which also includes the KD, CDB, and NTSD debuggers. Its claim to fame is debugging memory dumps produced after a crash. It can even debug in kernel mode. For downloads and more information.

This contains the 32-bit and 64-bit MSI's for Debugging Tools for Windows 6.12.2.633.

Highlights in Version 6.12.2.633

This is the current version of Debugging Tools for Windows 6.12.2.633 and is available in the Windows SDK from http://www.microsoft.com/whdc/DevTools/Debugging/default.mspx. This release of Debugging Tools for Windows contains many bug fixes and new enhancements. The debuggers are stable and more reliable than previous releases and we recommend that you upgrade to this version.

Here are some of the key changes in this version of Debugging Tools for Windows:

1. Several bug fixes in extensions to only use public symbols

2. General BugCheck Analysis Updates including:

• Bug Check 0x9F Update – Added logic to diagnose bugcheck 0x9F minidumps using new data in Windows 7 added to the 0x9F minidumps by the Kernel and Networking Teams.

Data includes:
- All Kernel ExWorkerThreads that process Power IRPs
- IRPs Associated with any ExWorkerThread
- IRPs Associated with PnP Completion Queue
- All Kernel Power IRPs
- Device Stacks for all IRPS
- NTTRIAGEPOWER Structure
- NTTRIAGEPNP structure

• BugCheck 0xFE Update - Add logic to diagnose bugcheck 0xFE minidumps using new to Windows 7 callback data added by the USB team.

3. Fixed user-mode minidump generation problem.

4. Fixed buffer overrun in schannel transport.

5. Fixed several kernel debugger transport issues.

6. Fixed problem with debugger reporting incorrect FPO information.

7. Allowed stack dumps deeper than 65535 if specified explicitly.

8. Changed ".outmask /a" and ".outmask /d" to be set only instead of or/xor.

9. The old ADPlus.vbs is being replaced by ADPlus.exe which requires the .Net Framework 2.0. For those cases where the .Net Framework isn't available we are still shipping the older version renamed to adplus_old.vbs. For detailed documentation of the new ADPlus.exe as well as for its new companion ADPlusManager.exe please see adplus.doc located in the same folder as adplus.exe.

Download WinDbg v6.12.2.633

[WinAppDbg 1.5] Python Debugger

The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment.

It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows.

The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes.

Current features also include disassembling x86/x64 native code, debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing.

What’s new in this version?

In a nutshell…

• full 64-bit support (including function hooks!)
• added support for Windows Vista and above.
• database code migrated to SQLAlchemy, tested on:
  • MySQL
  • SQLite 3
  • Microsoft SQL Server
  should work on other servers too (let me know if it doesn’t!)
• added integration with more disassemblers:
  • BeaEngine: http://www.beaengine.org/
  • Capstone: http://capstone-engine.org/
  • Libdisassemble: http://www.immunitysec.com/resources-freesoftware.shtml
  • PyDasm: https://code.google.com/p/libdasm/
• added support for postmortem (just-in-time) debugging
• added support for deferred breakpoints
• now fully supports manipulating and debugging system services
• the interactive command-line debugger is now launchable from your scripts (thanks Zen One for the idea!)
• more UAC-friendly, only requests the privileges it needs before any action
• added functions to work with UAC and different privilege levels, so it’s now possible to run debugees with lower privileges than the debugger
• added memory search and registry search support
• added string extraction functionality
• added functions to work with DEP settings
• added a new event handler, EventSift, that can greatly simplify coding a debugger script to run multiple targets at the same time
• added new utility functions to work with colored console output
• several improvements to the Crash Logger tool
• integration with already open debugging sessions from other libraries is now possible
• improvements to the Process and GUI instrumentation functionality
• implemented more anti-antidebug tricks
• more tools and code examples, and improvements to the existing ones
• more Win32 API wrappers
• lots of miscellaneous improvements, more documentation and bugfixes as usual!

Download WinAppDbg 1.5