eDBG is a debugging tool based on eBPF technology, designed for Android native reverse engineering in highly adversarial environments. It provides essential debugging functionalities while avoiding any attachment to the target process. Unlike traditional debugging approaches, eDBG operates independently from the debugged program, with both interacting solely with the kernel. This design makes it extremely difficult for the target process to detect or interfere with the debugger.
Additionally, eDBG and the debugged program run in mutually isolated states. Breakpoints are not registered based on runtime addresses, ensuring that even if one side crashes or restarts unexpectedly, the other continues functioning normally.
Key Features
Core functionalities include:
- Breakpoints: Implemented via uprobes, pausing execution and allowing inspection of arbitrary context.
- Single-Step Debugging: Supports step into and step over.
- Memory Read/Write: Read memory at any address or write to writable addresses during breakpoints.
- Symbol Resolution, Disassembly, and other standard debugger features.
Supported GDB Commands:
break / continue / step / next / finish / until / examine / display / quit / list / info / thread
For detailed usage, refer to the README.
Requirements
Currently supports ARM64 Android (root required; KernelSU recommended).
Kernel version 5.10+ (check with uname -r).
Like the project? Give it a ⭐ Star!
Suggestions, issues, and PRs are welcome!
Top comments (0)