Update debugger docs

Author: xusheng6

README.md

@@ -4,30 +4,25 @@ This is the repository for Binary Ninja Debugger. The debugger is written in C++
 
 ## Platform and Target Support
 
-This is the current comparability matrix of the debugger. The horizontal lines stand for where we run BN and the vertical lines stand for the targets.
-
-| Target  🔽 Host ▶️    | macOS              | Linux              | Windows            | Note |
-|-----------------------|--------------------|--------------------|--------------------|------|
-| macOS                 | Yes (Local/Remote) | Yes (Remote)       | Yes (Remote)       |      |
-| Linux                 | Yes (Remote)       | Yes (Local/Remote) | Yes (Remote)       |      |
-| Windows               | Planned            | Planned            | Yes (Local/Remote) |      |
-| GDB Server            | Yes                | Yes                | Yes                | (1)  |
-| LLDB Server           | Yes                | Yes                | Yes                |      |
-| Windows Kernel        | TBD                | TBD                | Planned            |      |
-| DebugAdapter Protocol | Planned            | Planned            | Planned            |      |
-
-Explanation:
-- `Yes` means the feature is supported.
-- `Planned` means that we plan to implement it.
-- `TBD` means that we have not decided whether to support it, or how to support it.
-- `No` means it is not possible to do, at least for now.
-
-Notes:
-
-(1). Right now, we only support gdbserver with android remote debugging. Support for other gdbserver or gdb stub, e.g., qiling, VMWare, QEMU, will be added later.
-
-The progress is tracked in [this issue](https://github.com/Vector35/debugger/issues/122).
-
+This is the current comparability matrix of the debugger. The columns stand for where we run BN and the rows stand for the targets.
+
+| Target  🔽 Host ▶️                   | macOS                                                   | Linux                                                   | Windows                                                 | Note |
+|--------------------------------------|---------------------------------------------------------|---------------------------------------------------------|---------------------------------------------------------|------|
+| macOS user                           | Yes (Local/Remote)                                      | Yes (Remote)                                            | Yes (Remote)                                            |      |
+| Linux user                           | Yes (Remote)                                            | Yes (Local/Remote)                                      | Yes (Remote)                                            |      |
+| Windows user                         | [#70](https://github.com/Vector35/debugger/issues/70)   | [#70](https://github.com/Vector35/debugger/issues/70)   | Yes (Local/Remote)                                      |      |
+| GDB Server                           | Yes                                                     | Yes                                                     | Yes                                                     |      |
+| GDB RSP (QEMU/VMWare/Qiling/Android) | Yes                                                     | Yes                                                     | Yes                                                     |      |
+| GDB Machine Interface                | [#170](https://github.com/Vector35/debugger/issues/170) | [#170](https://github.com/Vector35/debugger/issues/170) | [#170](https://github.com/Vector35/debugger/issues/170) |      |
+| LLDB Server                          | Yes                                                     | Yes                                                     | Yes                                                     |      |
+| iOS/debugserver                      | Yes                                                     | Yes                                                     | Yes                                                     |      |
+| Windows Kernel                       | No                                                      | No                                                      | Yes (Local/Remote)                                      |      |
+| Windows TTD (WinDbg)                 | No                                                      | No                                                      | Yes (Local)                                             |      |
+| Linux TTD (rr)                       | Yes (Remote)                                            | Yes (Local/Remote)                                      | Yes (Remote)                                            |      |
+| Windows Dump File                    | No                                                      | No                                                      | Yes (Local)                                             |      |
+| Corellium                            | Yes (Remote)                                            | Yes (Remote)                                            | Yes (Remote)                                            |      |
+
+The progress is also tracked in issue [#122](https://github.com/Vector35/debugger/issues/122).
 
 
 

build.md

@@ -14,10 +14,10 @@ git checkout dev
 # or git checkout commit_hash
 ```
 
-- Download LLDB development build for your OS at https://github.com/Vector35/lldb-artifacts/releases - make sure that the correct LLDB version is downloaded (`grep 'LLVM_VERSION ' core/CMakeLists.txt` can help)
+- Download LLDB development build for your OS at https://github.com/Vector35/lldb-artifacts/releases/latest - make sure that the correct LLDB version is downloaded (`grep 'LLVM_VERSION ' core/CMakeLists.txt` can help)
   - Extract the zip archive to `~/libclang`
 
-- Download Qt development build for your OS at https://github.com/Vector35/qt-artifacts/releases.
+- Download Qt development build for your OS at https://github.com/Vector35/qt-artifacts/releases/latest.
   - Extract the zip archive to `~/Qt`
 
 - Build the debugger

core/debugger.cpp

@@ -56,15 +56,6 @@ static void RegisterSettings()
 {
 	Ref<Settings> settings = Settings::Instance();
 	settings->RegisterGroup("debugger", "Debugger");
-	/*
-
-	Removed blockPython -- we can re-add it once this debugger is enabled by
-	default
-
-	Leaving this function for migration of the settings popup.
-
-	*/
-
 	settings->RegisterSetting("debugger.stopAtSystemEntryPoint",
 		R"({
 			"title" : "Stop At System Entry Point",
@@ -112,7 +103,7 @@ static void RegisterSettings()
 			})");
 	settings->RegisterSetting("debugger.tryUnloadWrongDbgEngDLL",
 		R"({
-			"title" : "Attempt to unload the DLL with wrong path",
+			"title" : "Attempt to unload the DbgEng DLLs from wrong path",
 			"type" : "boolean",
 			"default" : false,
 			"description" : "Attempt to unload the already loaded DLL if they are from a wrong path. You may turn this on if the DbgEng DLLs, e.g., dbghelp.dll, is loaded from a wrong path, but it happens early than the debugger initialization",
@@ -125,7 +116,7 @@ static void RegisterSettings()
 			"title" : "Stack Variable Annotations",
 			"type" : "boolean",
 			"default" : false,
-			"description" : "Add stack variable annotations",
+			"description" : "Annotate stack variables in linear view",
 			"ignore" : ["SettingsProjectScope", "SettingsResourceScope"]
 			})");
 

docs/guide/corellium-remote-debugging.md

@@ -0,0 +1,30 @@
+# Corellium Remote Debugging
+
+[Corellium](https://www.corellium.com/) is a leading solution for virtual devices. It exposes a hypervisor-level
+debugger that enables the debugging of the entire device. Binary Ninja debugger has a dedicated debug adapter to
+connect to it. Below is a guide to set it up.
+
+
+## Preparation
+
+- Create a virtual device following the Corellium documentation
+- In the "Connect" page, download the OpenVPN configuration file and connect to the [VPN](https://support.corellium.com/features/connect/vpn) 
+- In the "Connect" page, find the gdb connection string, e.g., `lldb --one-line "gdb-remote 10.11.1.4:4000"`. Take
+note of the IP address and port
+- Download and install the [Debug Accelerator](https://support.corellium.com/features/connect/debug-accelerator)
+- Run `/path/to/debug_accelerator 10.11.1.1:4000 127.0.0.1:4000`, where the first address is the remote ip:port to
+connect to, and the second one is a local ip:port to listen on
+
+## Connect to the Debugger from Binary NInja
+
+- In Menu, click "File" -> "Create New Mapped Data"
+- In the dialog that pops up, select an architecture that matches your target, which should be `aarch64`
+- In Menu, click "Debugger" -> "Connect to Remote Process..."
+- In the "Debug Adapter Settings" dialog, Select the `Corellium` adapter 
+- Type in the local ip:port that the debug accelerator is operating on, e.g., `127.0.0.1:4000`
+- Click "Accept"
+
+Note, the above guide is for the cloud version of Corellium. If you have a
+[Desktop Appliance](https://support.corellium.com/environments/desktop-appliance), then you can skip the VPN connection
+and the debug accelerator -- the local connection is often times faster without it.
+

docs/guide/dbgeng-ttd.md

@@ -1,9 +1,9 @@
-# Time Travel Debugging
+# Time Travel Debugging (Windows)
 
 Time travel debugging (TTD) allows you to record an execution trace of a program or system and replay it back and forth.
 It can speed up the process of reverse engineering/vulnerability research, and deal with certain tasks that are not easy to handle in regular forward debugging.
 
-Several tools implement TTD. As of now, Binary Ninja debugger integrates with the WinDbg/DbgEng TTD so that you can replay and analyze a trace recorded by WinDbg.
+Several tools implement TTD. On Windows, Binary Ninja debugger integrates with the WinDbg/DbgEng TTD so that you can replay and analyze a trace recorded by WinDbg.
 The combination of TTD and your familiar reverse engineer tool would hopefully supercharge the ability to time travel and make your workflow even more effective.
 
 Below is a guide to set it up.
@@ -54,9 +54,12 @@ all types of recording supported by WinDbg (e.g., attach to a running process an
 
 ### Record a TTD Trace in Binary Ninja
 
+- Make sure you have WinDbg property installed and configured
 - Open the file you wish to trace in Binary Ninja (optional)
 - Click Menu -> "Debugger" -> "Record TTD Trace"
-- <img src="../../img/debugger/ttd_record.png" width="600px">
+
+<img src="../../img/debugger/ttd_record.png" width="600px">
+
 - In the "TTD Record" dialog, configure the recording as you wish:
     - Executable Path: the path of the executable to trace
     - Working Directory: the working directory to launch the executable in
@@ -85,8 +88,8 @@ https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-
 
 - Open the .exe or .dll file in Binary Ninja
 - Click `Debugger` -> `Debug Adapter Settings`
-- For `Adapter Type`, select `DBGENG_TTD`
-- For `Executable Path`, select the trace file recorded in the previous step
+- Select `DBGENG_TTD` as the debug adapter
+- For `Trace Path`, select the trace file recorded in the previous step
     - E.g., `C:/Users/xushe/Documents/helloworld01.run`
 - Click `Accept`
 
@@ -107,9 +110,10 @@ https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-
     - t-: step into back
     - g-u: step out back
 - The [!position](https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-debugging-extension-positions) command prints the `position` of all active threads
-- The [!tt](https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-debugging-extension-tt) command navigates to a `position` in the trace
+- The [!tt navigation](https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/time-travel-debugging-extension-tt) command navigates to a `position` in the trace
     - E.g., `!tt 1A0:12F`
     - While using the debugger, when the target stops, the current position will be printed in the debugger console
+- The new [!tt breakpoint](https://learn.microsoft.com/en-us/windows-hardware/drivers/debuggercmds/time-travel-debugging-extension-tt#tt-break-commands) now supports breaking the target when a memory is read/written/executed, a register value is changed, or a module has been loaded, both in forward and backward direction. This is very powerful and worth checking out!
 
 
 ## Feedback and Suggestions

docs/guide/gdbrsp-ttd.md

@@ -0,0 +1,50 @@
+# Time Travel Debugging (Linux)
+
+Time travel debugging (TTD) allows you to record an execution trace of a program or system and replay it back and forth.
+It can speed up the process of reverse engineering/vulnerability research, and deal with certain tasks that are not easy to handle in regular forward debugging.
+
+Several tools implement TTD. On Linux, Binary Ninja debugger has a GDB RSP adapter which can be used to replay/debug the
+trace produced by [rr](https://rr-project.org/).
+The combination of TTD and your familiar reverse engineer tool would hopefully supercharge the ability to time travel
+and make your workflow even more effective.
+
+Below is a guide to set it up.
+
+## Install rr
+
+- Download and install the latest release from https://github.com/rr-debugger/rr/releases
+
+## Record an rr Trace
+
+- Record a trace with `rr your_program arg1 arg2`
+- This saves the trace into the default directory (`$HOME/.local/share/rr`). To specify a custom directory,
+use `-o target_dir`
+- For more options during the record, check out `rr record -h`
+
+## Replay an rr Trace
+
+- Run `rr replay -h 0.0.0.0 -s 31337`
+- This will instruct rr to spawn a GDB stub and listen on port 31337 of all interfaces
+- It will replay the last recorded trace. To replay a different trace, specify the trace directory on the command line
+- For more options during the replay, check out `rr replay -h`
+
+## Connect to the gdb stub in Binary Ninja
+
+- Open the binary file in Binary Ninja (optional)
+- Click Menu -> "Debugger" -> "Connect To Remote Process", the `Debug Adapter Settings` will popup
+- Select `GDB RSP` as the debug adapter
+- Type in the `IP Address` and `Port` in the previous step
+- Click `Accept`
+
+<img src="../../img/debugger/gdbrsp_ttd.png" width="600px">
+
+
+## Debug the rr Trace
+
+- Once connected, the debugger should be paused within the loader (ld)
+- Now resume the target once, and the target should be paused at the program entry point
+- Most of the debugger functionalities should work in the very same way as a forward debugging
+- The control buttons in the debugger sidebar widget shows four new buttons for reverse debugging on the right side:
+    - <img src="../../img/debugger/ttd_buttons.png" width="600px">
+    - These new buttons are in red color and flipped
+    - You can hover over the button to see what they do and the keybindings for them