Download3k has downloaded and tested version 2.0.1 of Affinic Debugger (GDB/LLDB) for Mac OS X - Lite Version on 11 Jan 2016 using only the best antivirus engines available Today. We have found it to be clean of any form of badware (viruses, spyware, adware, etc.). Instructions for installing cuda-gdb on the macOS. This tar archive holds the distribution of the CUDA 11.0 cuda-gdb debugger front-end for macOS. Native macOS debugging is not supported in this release. Remote debugging from a macOS host to other CUDA enabled targets, however, is supported. To install: Create an installation directory.
Affinic Debugger,.aka. ADG, is designed to be your everyday graphical user interface (GUI) for various debuggers. This build is specifically targeted on GDB, the GNU debugger and LLDB, the LLVM. Debugging Mbed OS in Mac OS X (and Linux) Pre-requisities. For succesfully building Mbed OS applications in Mac OS X, following tools are required.
帮朋友破解了个Linux版本的调试器,大家可以下载使用。目前只支持64位的linux系统。
解压crack_adg_driver后替换原来的adg_driver。
解压crack_adg_driver后替换原来的adg_driver。
在ubuntu 14.04 LTS下测试成功。
在Mac OS 10.13.6 下测试通过.
Linux下载地址:
- 链接:https://pan.baidu.com/s/1PU1AweVyaYWI9zI903Jc9g
- 提取码:fz2p
Mac版下载地址:
- 链接:https://pan.baidu.com/s/1WFlZGKeFFnG2f2haiikUIQ
- 密码:7bzf
引用原版说明
Affinic Debugger for GDB/LLDB
Affinic Debugger, .aka. ADG, is designed to be your everyday graphical user interface (GUI) for various debuggers. This build is specifically targeted on GDB, the GNU debugger and LLDB, the LLVM debugger. With the graphical windows, ADG can unleash the full power of the debuggers you are using by viewing multiple information within one view and debugging with easily clicking. ADG also provides an unique integrated command terminal for users to input debugger command directly to achieve any task you can do where you can do in text mode. ADG is available on Linux/Windows/Mac OS X.
Affinic Debugger, .aka. ADG, is designed to be your everyday graphical user interface (GUI) for various debuggers. This build is specifically targeted on GDB, the GNU debugger and LLDB, the LLVM debugger. With the graphical windows, ADG can unleash the full power of the debuggers you are using by viewing multiple information within one view and debugging with easily clicking. ADG also provides an unique integrated command terminal for users to input debugger command directly to achieve any task you can do where you can do in text mode. ADG is available on Linux/Windows/Mac OS X.
The goal of Affinic Debugger focuses on providing the best debugging experience to any type of users. It tries to provide ultra fast speed with an intuitive interface to maneuver the code and extensive data to help analysis. ADG provides features other IDEs cannot do, such as a GDB/LLDB terminal, assembly debugging, remote debugging, disassemble, memory update and thread debugging etc. ADG is a growing product. You are welcome to provide your feedback to help it to be better and more powerful. Just send us an email.
Current Version[PAD]: 2.0.1
Click Here for the Release Information
Download Links*:
Lite version is completely FREE to download, use and redistribute. It also works as Professional version for the first 30 days.
Download Affinic Debugger for Linux x86/x86-64 – Lite Version
Download Affinic Debugger for Windows – Lite Version
Download Affinic Debugger for Mac OS X – Lite Version
Professional version includes all features of ADG.
Download Affinic Debugger for Linux x86/x86-64 – Professional Version
Download Affinic Debugger for Windows – Professional Version Download mac os x 10.5.
Download Affinic Debugger for Mac OS X – Professional Version
- You automatically agree with Affinic Technology End User License Agreement [EULA.TXT] if you download or use any portion of ADG packages.
Key Features:
Direct access most of basic debugger operations from tool bars and menus
Debugger command line console to fully maneuver an debugger
Cursor -traced value printing provides the fast way to understand the code.
Best-in-class assembly level graphical debugging capability with multiple views of register values, especially useful for debugging vector instructions.
Memory many historical data like program, argument, environment, breakpoint, commands etc.
Powerful dual-Mode symbol assist for auto completion on your console input
Cross platform design and bring unified experience for Windows/Linux/Mac OS X
Support CYGWIN path on Windows
The new kernel makes remote debugging can be interrupted.
Support GDB for not only x86/x86-64 but also for ARM and other compatible architectures
Thread View with easy thread switch combobox.
Support LLDB as the background debugger.
Display memory data with modification.
Assembly to binary conversion.
Version Comparison:
Debugger command line console to fully maneuver an debugger
Cursor -traced value printing provides the fast way to understand the code.
Best-in-class assembly level graphical debugging capability with multiple views of register values, especially useful for debugging vector instructions.
Memory many historical data like program, argument, environment, breakpoint, commands etc.
Powerful dual-Mode symbol assist for auto completion on your console input
Cross platform design and bring unified experience for Windows/Linux/Mac OS X
Support CYGWIN path on Windows
The new kernel makes remote debugging can be interrupted.
Support GDB for not only x86/x86-64 but also for ARM and other compatible architectures
Thread View with easy thread switch combobox.
Support LLDB as the background debugger.
Display memory data with modification.
Assembly to binary conversion.
Version Comparison:
Feature Lite Pro
Directly terminal inputting NO YES
Symbol Assist for terminal inputting NO YES
Menu for assembly level debugging NO YES
Menu for remote debugging NO YES
Thread switching and monitoring NO YES
Thread locking operations NO YES
Debug programs having 20+ source files NO YES
Customer support NO YES
Memory Dump Dock Widget NO YES
Assembly Binary Conversion Dock Widget NO YES
Screenshot and Description:
Directly terminal inputting NO YES
Symbol Assist for terminal inputting NO YES
Menu for assembly level debugging NO YES
Menu for remote debugging NO YES
Thread switching and monitoring NO YES
Thread locking operations NO YES
Debug programs having 20+ source files NO YES
Customer support NO YES
Memory Dump Dock Widget NO YES
Assembly Binary Conversion Dock Widget NO YES
Screenshot and Description:
Please click HERE to view screenshots and descriptions.
FAQ and Manual:
Please click HERE to view FAQ and operation manual.
Bug Report/Feature Request:
Please email us for bug reports and feature requests.
Download Previous Versions:
Please click HERE to download previous version.
Get Registration Code for Professional Version*:
Click Here to purchase license for Windows.
Click Here to purchase license for Linux.
Click Here to purchase license for Mac OS X.
- Affinic Debugger registration is one time charge. The serial code will be valid permanently and it doesn’t require internet to activate. You will have free upgrade and lifetime email support with your purchase.
- ADG uses floating licensing. You can use the same code to register ADG on multiple machines. You only need to buy more than one licenses when more than one users run ADG concurrently.
- ADG 2.x version doesn’t share ADG 1.x license. Please purchase new license.
- Please visit the promotion page to see if there is any coupon that applies for you.
As security researchers, we often find ourselves needing to look deep into various kernels to fully understand our target and accomplish our goals. Doing so on the Windows platform is no mystery, as there have been countless well-written posts about kernel debugging setups. For macOS, however, the situation is slightly different.
There are many great posts describing how to set up kernel debugging between two machines, but all of them suggest that SIP (System Integrity Protection) should be disabled for kernel debugging. This creates a problem if we want to investigate the inner workings of macOS’s security mechanisms, since turning off SIP will also turn off most of the foundational security features of the operating system.
This blog post will describe a couple of setups that allow you to have SIP enabled while debugging.
Our setup is as follows:
- HOST: macOS Catalina 10.15.4 with supplemental update
- GUEST: macOS Catalina 10.15.4 with supplemental update
- VMware Fusion 11.5.3
- Debugger: LLDB
The Good
We will start by debugging the original release version of the kernel, which is included by default on macOS. This is by far the easiest method we will see.
Gdb Download Mac
Our first step is to download the Kernel Debug Kit (KDK) from Apple’s Developer Downloads. Before we do that however, we need to determine the build version we are interested in. This can be accomplished with the following command on the guest VM:
% sw_vers
ProductName: Mac OS X
ProductVersion: 10.15.4
BuildVersion: 19E287
ProductName: Mac OS X
ProductVersion: 10.15.4
BuildVersion: 19E287
Listing 1 – Retrieving the kernel build version info
Once we know the BuildVersion number, we can download the corresponding KDK and install it on our host. It will be installed under /Library/Developer/KDKs/.
% ls -l /Library/Developer/KDKs/KDK_10.15.4_19E287.kdk/System/Library/Kernels/
total 212112
-rwxr-xr-x 1 root wheel 16030560 Mar 5 07:38 kernel
drwxr-xr-x 3 root wheel 96 Mar 5 07:38 kernel.dSYM
-rwxr-xr-x 1 root wheel 23795528 Mar 5 07:27 kernel.debug
drwxr-xr-x 3 root wheel 96 Mar 5 07:27 kernel.debug.dSYM
-rwxr-xr-x 1 root wheel 19329072 Mar 5 07:39 kernel.development
drwxr-xr-x 3 root wheel 96 Mar 5 07:39 kernel.development.dSYM
-rwxr-xr-x 1 root wheel 49436536 Mar 5 07:30 kernel.kasan
total 212112
-rwxr-xr-x 1 root wheel 16030560 Mar 5 07:38 kernel
drwxr-xr-x 3 root wheel 96 Mar 5 07:38 kernel.dSYM
-rwxr-xr-x 1 root wheel 23795528 Mar 5 07:27 kernel.debug
drwxr-xr-x 3 root wheel 96 Mar 5 07:27 kernel.debug.dSYM
-rwxr-xr-x 1 root wheel 19329072 Mar 5 07:39 kernel.development
drwxr-xr-x 3 root wheel 96 Mar 5 07:39 kernel.development.dSYM
-rwxr-xr-x 1 root wheel 49436536 Mar 5 07:30 kernel.kasan
Listing 2 – KDK location
The next step is to enable remote debugging on our guest VM. Fortunately, VMware Fusion has a feature called gdb stub, which sets up a GDB server and allows a debugger to debug any VM (including Windows) using the GDB remote protocol. Since LLDB supports the GDB protocol, we can use this approach.
To enable the GDB stub for our guest VM, we need to add the following line to our virtual machine vmx configuration file:
Listing 3 – Enabling the VMware gdb stub
Next, we boot up the VM, launch lldb on our host, and issue the following commands to specify our kernel and also enable loading of symbol files:
(lldb) target create /Library/Developer/KDKs/KDK_10.15.4_19E287.kdk/System/Library/Kernels/kernel
(lldb) settings set target.load-script-from-symbol-file true
(lldb) gdb-remote 8864
(lldb) settings set target.load-script-from-symbol-file true
(lldb) gdb-remote 8864
Listing 4 – Starting LLBD with appropriate symbols
The first command will tell lldb where to find the kernel symbols. This command is not strictly necessary, as lldb will search the /Library/Developer/KDKs path and any other which is indexed by Spotlight, but it can be still a good practice in case the search fails.
The second command will tell lldb to load any scripts found inside the symbol (dSYM) directories. This is extremely useful, as these scripts typically extend the functionality of lldb. In the case of the kernel, we get about 400 new commands available to us.
Gdb For Mac
The last command tells lldb which port the remote server is listening on. If we don’t specify the IP address or hostname, like here, it will connect to the localhost. By default, VMware listens on port 8864 on the localhost, so this is where we connect to.
If everything has gone well, we should be breaking into our VM and can start debugging. We can also break again at any point using the “CTRL+C” shortcut from the debugger.
(lldb) gdb-remote 8864
Kernel UUID: AB0AA7EE-3D03-3C21-91AD-5719D79D7AF6
Load Address: 0xffffff8002600000
Kernel slid 0x2400000 in memory.
(..)
Process 1 stopped
* thread #3, name = '0xffffff8009854a40', queue = 'cpu-0', stop reason = signal SIGTRAP
frame #0: 0xffffff800284dede kernel`machine_idle at pmCPU.c:181:3 [opt]
Target 0: (kernel) stopped.
(lldb) image list
[ 0] AB0AA7EE-3D03-3C21-91AD-5719D79D7AF6 0xffffff8002600000 /Library/Developer/KDKs/KDK_10.15.4_19E287.kdk/System/Library/Kernels/kernel
/Library/Developer/KDKs/KDK_10.15.4_19E287.kdk/System/Library/Kernels/kernel.dSYM/Contents/Resources/DWARF/kernel
(..)
Kernel UUID: AB0AA7EE-3D03-3C21-91AD-5719D79D7AF6
Load Address: 0xffffff8002600000
Kernel slid 0x2400000 in memory.
(..)
Process 1 stopped
* thread #3, name = '0xffffff8009854a40', queue = 'cpu-0', stop reason = signal SIGTRAP
frame #0: 0xffffff800284dede kernel`machine_idle at pmCPU.c:181:3 [opt]
Target 0: (kernel) stopped.
(lldb) image list
[ 0] AB0AA7EE-3D03-3C21-91AD-5719D79D7AF6 0xffffff8002600000 /Library/Developer/KDKs/KDK_10.15.4_19E287.kdk/System/Library/Kernels/kernel
/Library/Developer/KDKs/KDK_10.15.4_19E287.kdk/System/Library/Kernels/kernel.dSYM/Contents/Resources/DWARF/kernel
(..)
Listing 5 – LLDB macOS kernel debugging with symbols
One thing to note is that if our VM and Host are running the same kernel, we could also use the basic kernel binary (/System/Library/Kernels/kernel) as a target. However, we would not have any access to the symbols.
(lldb) target create /System/Library/Kernels/kernel
Current executable set to '/System/Library/Kernels/kernel' (x86_64).
(lldb) gdb-remote 8864
Process 1 stopped
* thread #1, stop reason = signal SIGTRAP
frame #0: 0xffffff8003b980f6
-> 0xffffff8003b980f6: rep stosb byte ptr es:[rdi], al
0xffffff8003b980f8: ret
0xffffff8003b980f9: add byte ptr [rax], al
0xffffff8003b980fb: add byte ptr [rax], al
Target 0: (kernel) stopped.
(lldb) image list
[ 0] AB0AA7EE-3D03-3C21-91AD-5719D79D7AF6 0xffffff8000200000 /System/Library/Kernels/kernel
(lldb) memory read 0xffffff8000200000
0xffffff8000200000: cf fa ed fe 07 00 00 01 03 00 00 00 02 00 00 00 ????......
0xffffff8000200010: 12 00 00 00 d0 0f 00 00 01 00 20 00 00 00 00 00 ..?... ...
(lldb) continue
Current executable set to '/System/Library/Kernels/kernel' (x86_64).
(lldb) gdb-remote 8864
Process 1 stopped
* thread #1, stop reason = signal SIGTRAP
frame #0: 0xffffff8003b980f6
-> 0xffffff8003b980f6: rep stosb byte ptr es:[rdi], al
0xffffff8003b980f8: ret
0xffffff8003b980f9: add byte ptr [rax], al
0xffffff8003b980fb: add byte ptr [rax], al
Target 0: (kernel) stopped.
(lldb) image list
[ 0] AB0AA7EE-3D03-3C21-91AD-5719D79D7AF6 0xffffff8000200000 /System/Library/Kernels/kernel
(lldb) memory read 0xffffff8000200000
0xffffff8000200000: cf fa ed fe 07 00 00 01 03 00 00 00 02 00 00 00 ????......
0xffffff8000200010: 12 00 00 00 d0 0f 00 00 01 00 20 00 00 00 00 00 ..?... ...
(lldb) continue
Listing 6 – LLDB macOS kernel debuging without symbols
Finally, it is important to note that VMware uses hardware breakpoints by default, which limits us to four total. However, this limitation can be overcome by setting the hideBreakpoints setting in the vmx configuration file to FALSE, as shown below:
Listing 6 – Disabling VMWare use of hardware breakpoints
The Bad
In the previous section, we discussed how to set up macOS kernel debugging with the release version of the kernel. Nevertheless, it is important to mention that Apple also releases debug or development kernels as well. According to Apple, they are compiled with “additional assertions and error checking” and these are the ones that can stop and wait for a debugger to connect after initial startup.
How To Use Gdb Debugger
For this setup, these kernels are not strictly needed as we will still use the previous feature of VMware. More specifically, the macOS kernel will not be responsible for the actual debugging. However, in case we do need these kernels for a special use case, this is how we can set this up.
Before we do anything else on our guest VM, we first need to temporarily disable SIP. The reason for this because the /System/ path is write-protected by SIP. We can do that by booting into recovery mode (CMD+R after turning on the VM), running the csrutil disable command, and rebooting.
Since the release of macOS Catalina, the / path is mounted as read-only as an additional protection beyond SIP. Therefore, we will need to make it writable so that we copy the debug kernel to the correct location.
Once rebooted, we mount the root directory as writable:
Listing 7 – Mounting the root directory as writable
And copy the kernel of our choice (debug in this case):
sudo cp /Library/Developer/KDKs/KDK_10.15.4_19E287.kdk/System/Library/Kernels/kernel.debug /System/Library/Kernels/
Listing 8 – Copying the debug kernel to the appropriate location
Then we need to invalidate the kernel cache. This is required because macOS doesn’t run the kernel binary directly, but rather as a prelinked kernel, which is built from the kernel and the kernel extensions. Normally, the prelinking happens when we install a new kernel extension or kernel, but not in this case. Here, we simply copy in the development or debug version of the kernel.
sudo kextcache -invalidate /
sudo kextcache -invalidate /Volumes/Macintosh HD
sudo kextcache -invalidate /Volumes/Macintosh HD
Listing 9 – Invalidating the kernel cache
Finally, we will need to set the NVRAM boot arguments to boot into the debug kernel instead of the regular one, and boot into recovery mode to turn SIP back on using the csrutil enable command.
Listing 10 – Setting the boot kernel
We can now run the same commands on our host as before, this time specifying the debug kernel.
(lldb) target create /Library/Developer/KDKs/KDK_10.15.4_19E287.kdk/System/Library/Kernels/kernel.debug
(lldb) settings set target.load-script-from-symbol-file true
(lldb) gdb-remote 8864
(lldb) settings set target.load-script-from-symbol-file true
(lldb) gdb-remote 8864
Listing 11 – Commands to start debug kernel debugging
At this point, we are able to perform macOS kernel debugging on a debug rather than a release version of the kernel.
Process 1 stopped
* thread #2, name = '0xffffff80158f0e28', queue = 'cpu-0', stop reason = signal SIGTRAP
frame #0: 0xffffff80052ee796 kernel.debug`machine_idle at pmCPU.c:181:3
Target 0: (kernel.debug) stopped.
(lldb) image list
[ 0] 16545FA7-C11F-3D9E-88FA-8DDB13E1A439 0xffffff8005000000 /Library/Developer/KDKs/KDK_10.15.4_19E287.kdk/System/Library/Kernels/kernel.debug
/Library/Developer/KDKs/KDK_10.15.4_19E287.kdk/System/Library/Kernels/kernel.debug.dSYM/Contents/Resources/DWARF/kernel.debug
[ 1] A6D59354-C9A1-3C61-87A7-C04DD74421B1 0xffffff7f8609f000 //System/Library/Extensions/corecrypto.kext/Contents/MacOS/corecrypto
(..)
* thread #2, name = '0xffffff80158f0e28', queue = 'cpu-0', stop reason = signal SIGTRAP
frame #0: 0xffffff80052ee796 kernel.debug`machine_idle at pmCPU.c:181:3
Target 0: (kernel.debug) stopped.
(lldb) image list
[ 0] 16545FA7-C11F-3D9E-88FA-8DDB13E1A439 0xffffff8005000000 /Library/Developer/KDKs/KDK_10.15.4_19E287.kdk/System/Library/Kernels/kernel.debug
/Library/Developer/KDKs/KDK_10.15.4_19E287.kdk/System/Library/Kernels/kernel.debug.dSYM/Contents/Resources/DWARF/kernel.debug
[ 1] A6D59354-C9A1-3C61-87A7-C04DD74421B1 0xffffff7f8609f000 //System/Library/Extensions/corecrypto.kext/Contents/MacOS/corecrypto
(..)
Listing 12 – Debugging the macOS debug kernel
The Ugly
For completeness, we’ll briefly discuss how to set up kernel debugging using the macOS kernel instead of VMware gdb stub. This is the most commonly covered method elsewhere. Download mavericks os x. We will also show that we can enable SIP despite the common misbelief that it has to be turned off.
The steps are essentially the same as before with a small difference. In this case, the NVRAM variables in the debugger box should be set as shown below:
Listing 13 – Setting the NVRAM variables for kernel debugging
In essence, these settings indicate that the debuggee can perform network-level debugging and break on interrupts. The interrupt is tricky, however, as we need to press
CMD + OPTION + CONTROL + SHIFT + ESCAPE
to break into the debugger. Furthermore, this has to be done on the target VM we are debugging. While others have had success in causing interrupts using this method, we were not as lucky. Instead, we made a keyboard shortcut in VMware Key Mappings using CMD + B
for this combination.“Windows” and “Alt” buttons as the target key mappings, however they translate into “Command” and “Option” respectively in macOS. VMware doesn’t provide an option to specify the macOS version of the keys.
Figure 1: VMware Key Mappings configuration
Finally, on the host machine we will use the kdp-remote command with our debugee IP address, instead of gdb-remote. Please note that before we issue this command, we will need to break into debugger on the debuggee.
Listing 14 – Using kdp-remote
Conclusion
Amule for mac catalina. In this post, we demonstrated three different ways of debugging the macOS kernel while determining that permanent disabling of SIP is not necessary. Due to the ease of setup, our preferred method is the first one we described, but others are available if the circumstances require them.
Additional resources:
- Presentation: SyScan360 – Stefan Esser – OS X El Capitan sinking the SH/IP
About the Author
Csaba Fitzl has worked for 6 years as a network engineer and 8 years as a blue/red teamer in a large enterprise focusing on malware analysis, threat hunting, exploitation, and defense evasion. Currently, he is focusing on macOS research and working at OffSec as a content developer. He gives talks and workshops at various international IT security conferences, including Hacktivity, hack.lu, Troopers, SecurityFest, DEFCON, and Objective By The Sea. @theevilbit