Q's Experimental Debugger
Integrating modern program analysis techniques inside a debugger. Please note the "E" in QED, this is very experimental, do not use as a stable debugger.
[12/31/2015] The biggest idea I want to explore first is modeling a binary as a graph, which is not a new idea but it is what I intend to do with the graph that I think will be interesting. The debugger will be based on LLDB because it is extremely modular, built as a series of components instead of a monsterish monolithic code-base. To start I will attempt the route of McSema and attempt to recover the Control Flow Graph using IDA as a place to start. I really dig the ideas behind QIRA as well, and may work on introducing QED as a timeless debugger, recording the entire state of execution. The biggest advantage is that this allows me to build a system that can run automated against a binary like the features of MAYHEM and more importantly as a teaching platform - which I am incredibly interested in. Finally I am convinced that KLEE has features that should be integrated into a debugger, such as interactively marking a function as symbolic to then attempt to solve inputs for the path of execution.
- Model Binary as a Graph
- Extend LLDB with KLEE engine
One of the biggest things I have been playing with is building a better frontend for a debugger, while tools like Voltron are super helpful I want to solve CTF problems faster which requires more abstraction and quicker access to binary features. The result that I have come up with is the idea of an Interactive Graph Debugger where the graph represents both control flow and data flow (like Joern) but the nodes are "clickable" UI-components that display state when enabled.