edb-debugger
edb is a graphical cross-platform x86/x86-64 debugger and disassembler for ELF binaries. It supports debugging on Linux with additional ports in development for other operating systems.
Description
edb (Evan's Debugger) is a modular and modern graphical debugger and disassembler for binary ELF files. Inspired by Ollydbg, it functions on x86 and x86-64 architectures across multiple OSes, with Linux as the only officially supported platform currently. It leverages the ptrace API for process interaction and the Capstone disassembly library for analysis.
Use cases include generating symbol maps for libraries, attaching to running processes by PID, and launching programs directly in the debugger with arguments. This makes it valuable for reverse engineering, malware analysis, and binary exploitation on Kali Linux systems. Symbol maps can be stored in edb's configured directory for reference during debugging sessions.
The tool is installed via apt and includes separate plugin packages for extended functionality. It is licensed under GPLv2 and actively maintained with bug reports handled via GitHub.
How It Works
edb operates as a graphical frontend using the ptrace API to control and inspect processes. It integrates the Capstone disassembly library for generating disassembly output and supports symbol map generation for ELF binaries. Plugins extend core functionality, relying on Qt5 for the user interface and dependencies like libcapstone for disassembly.
Installation
sudo apt install edb-debuggerFlags
Examples
edb --symbols /lib/libc.so.6 > libc.so.6.mapfor i in $(ls /lib); do edb --symbols $i > $(basename $i).map; doneedb --run /bin/lsedb --attach 1720edb --helpedb --versionedb --dump-versionedb --run /bin/ls -l