diff --git a/Building-API-plugins.md b/Building-API-plugins.md new file mode 100644 index 0000000..f11a16d --- /dev/null +++ b/Building-API-plugins.md @@ -0,0 +1,3 @@ +# Building API plugins + +To be completed. \ No newline at end of file diff --git a/Building-debugger-adaptor-plugins.md b/Building-debugger-adaptor-plugins.md new file mode 100644 index 0000000..0befea5 --- /dev/null +++ b/Building-debugger-adaptor-plugins.md @@ -0,0 +1,3 @@ +# Building debugger adaptor plugins + +To be completed. \ No newline at end of file diff --git a/Building-view-plugins.md b/Building-view-plugins.md new file mode 100644 index 0000000..9d636f7 --- /dev/null +++ b/Building-view-plugins.md @@ -0,0 +1,3 @@ +# Building view plugins + +To be completed. \ No newline at end of file diff --git a/Building-web-plugins.md b/Building-web-plugins.md new file mode 100644 index 0000000..20b169c --- /dev/null +++ b/Building-web-plugins.md @@ -0,0 +1,3 @@ +# Building web plugins + +To be completed. \ No newline at end of file diff --git a/Extending.md b/Extending.md new file mode 100644 index 0000000..9b18429 --- /dev/null +++ b/Extending.md @@ -0,0 +1,15 @@ +# Extending Voltron + +[Plugin architecture](Plugin-architecture) + +[Building debugger adaptor plugins](Building-debugger-adaptor-plugins) + +[Building API plugins](Building-API-plugins) + +[Building view plugins](Building-view-plugins) + +[Building web plugins](Building-web-plugins) + +[Building custom clients](Building-custom-clients) + +[JSON API reference](JSON-API-reference) \ No newline at end of file diff --git a/Home.md b/Home.md index 1f7b63e..509e879 100644 --- a/Home.md +++ b/Home.md @@ -1 +1,6 @@ -Welcome to the voltron wiki! +# Voltron + +Voltron is a debugger thingy. + +The info on this wiki relates to the new version on the `lionforce` branch. + diff --git a/JSON-API-reference.md b/JSON-API-reference.md new file mode 100644 index 0000000..8076173 --- /dev/null +++ b/JSON-API-reference.md @@ -0,0 +1,453 @@ +# JSON API + +Voltron clients communicate with the back end by means of a JSON API which is exposed over a UNIX domain socket (`~/.voltron/voltron.sock`), and optionally a TCP socket and HTTP server. All of these methods expose the same API. + +## API messages + +All API messages are valid JSON objects containing at least a `type` field, which specifies whether the message is a request or response message. + +Messages may contain an optional `data` field, which is a hash containing message-specific data. + + { + "type": "", + ... + "data": { + "": "some data" + } + } + +### Requests + +A request contains at least a `type` field (which is always "request") and a `request` field that defines the type of request. + +For example, a `state` request to get the current state of a debugger target: + + { + "type": "request", + "request": "state" + } + +Requests may also contain a `data` section which is used to pass request-specific parameters to the back end. For example, many request types accept a `target_id` field in the `data` section to specify a debugger target ("inferior" in GDB parlance). + +For example, a `registers` request with a `target_id` field: + + { + "type": "request", + "request": "registers", + "data": { + "target_id":0 + } + } + +### Responses + +Responses always have a `data` section, which either contains the result of the request, or an error code and message. + +For example, the response to a `targets` request with an array containing the info for one target: + + { + "type": "response", + "status": "success", + "data": { + "targets": [ + { + "id": 0, + "file": "/bin/ls", + "arch": "x86_64" + } + ] + } + } + +An error response: + + { + "type": "response", + "status": "error", + "data": { + "code": 0x1000, + "message": "An error occurred" + } + } + + +## Request types + +The following request types are defined in the core API: + +1. [Version](#version) +2. [Wait](#wait) +3. [State](#state) +4. [Targets](#targets) +5. [Registers](#registers) +6. [Memory](#memory) +7. [Stack](#stack) +8. [Disassemble](#disassemble) +9. [Command](#command) +10. [Backtrace](#backtrace) +11. [Breakpoints](#breakpoints) +12. [Connect FD](#connect_fd) + +All requests (except `wait`) can return a busy error if the debugger is busy and unable to respond. + +## Version + +Get the API and debugger host version. + +### Request + + { + "type": "request", + "request": "version" + } + +### Response + + { + "type": "response", + "status": "success", + "data": { + "api_version": 1.0, + "host_version": "lldb-something" + } + } + +## Wait + +Block until one of the requested state changes occurs or the timeout is up, in which case it will return an error. + +### Request + + { + "type": "request", + "request": "wait", + "data" { + "state_changes": [ + "stopped" + ], + "timeout": 10 + } + } + +`state_changes` - an array of state changes to wait for. Currently only "stopped" is supported. Optional. Default is `["stopped"]`. +`timeout` - timeout value after which the server will return an error response. Optional. Default is block indefinitely. + +### Success response + + { + "type": "response", + "status": "success", + "data": { + "state": "stopped" + } + } + +### Error response if the timeout is reached + + { + "type": "response", + "status": "error", + "data": { + "message": "The request timed out", + "code": 4100 + }, + } + +## State + +Get a the state of a debugger target. + +### Request + + { + "type": "request", + "request": "state", + "data": { + "target_id": 0 + } + } + +### Success response + + { + "type": "response", + "status": "success", + "data": { + "state": "stopped" + } + } + + +## Targets + +Get a list of the debugger's targets. + +### Request + + { + "type": "request", + "request": "targets" + } + +### Success response + + { + "type": "response", + "status": "success", + "data": { + "targets": [ + { + "id": 0, + "file": "/bin/ls", + "arch": "x86_64" + } + ] + } + } + +## Registers + +Get the values of the CPU registers for a given target and thread. + +### Request + + { + "type": "request", + "request": "registers", + "data": { + "target_id": 0, + "thread_id": 1234 + } + } + +`target_id` - the target ID from which to read register values. Optional. Default is the first target. +`thread_id` - the thread ID from which to read register values. Optional. Default is the current thread. + +### Response + + { + "type": "response", + "status": "success", + "data": { + "registers": { + "rip": 0xffffff8012341234, + "rax": 0x4141414141414141, + ... + } + } + } + +## Memory + +Read memory from the inferior. + +### Request + + { + "type": "request", + "request": "read_memory", + "data": { + "target_id": 0, + "address": 0xffffff8012341234, + "bytes": 1024, + } + } + +`target_id` - the target ID from which to read memory. Optional. Default is the first target. +`bytes` - the number of bytes to read. Required. +`address` - the address at which to start reading. +`register` - the register which contains the address at which to start reading. + +Either `address` or `register` must be specified. + +### Response + + { + "type": "response", + "status": "success", + "data": { + "memory": "\x41\x41\x41\x41...", + "bytes": 1024 + } + } + +### Error response with partial read: + +XXX: This isn't implemented yet, probably do it + + { + "type": "response", + "status": "error", + "data": { + "code": 666, + "message": "Read failed at 0xffffff8012341266, only 50 bytes read", + "bytes": 50, + "memory": "\x41\x41\x41\x41..." + } + } + +## Stack + +Read memory starting from the value contained in the inferior's stack pointer register. + +### Request + + { + "type": "request", + "request": "stack", + "data": { + "target_id": 0, + "bytes": 512 + } + } + +`target_id` - the target ID from which to read stack memory. Optional. Default is the first target. +`bytes` - the number of bytes to read. Required. + +### Response + +See [Memory](#memory). + +## Disassemble + +Disassemble instructions from the inferior's memory. + +### Request + + { + "type": "request", + "request": "disassemble", + "data": { + "target_id": 0, + "address": 0xffffff8012341234, + "count": 16 + } + } + +`target_id` - the target ID. Optional. +`address` - the address at which to start disassembling. Optional. +`count` - the number of instructions to disassemble. Required. + +### Response + + { + "type": "response", + "status": "success", + "data": { + "output": "mov blah blah", + "bytes": 1024 + } + } + +## Command + +Execute a command in the debugger host and return the output. + +### Request + + { + "type": "request", + "request": "execute_command", + "data": { + "command": "x/32x $rsp" + } + } + +`command` - the command to execute. + +### Response + + { + "type": "response", + "status": "success", + "data": { + "output": "0x12341234 0x12341234..." + } + } + +## Backtrace + +Get a list of the current stack of function calls in a given thread. + +XXX: Not implemented yet + +### Request + + { + "type": "request", + "request": "backtrace", + "data": { + "target_id": 0, + "thread_id": 1234 + } + } + +### Response + { + "type": "response", + "status": "success", + "data": { + "frames": [ + etc + ] + } + } + +## Breakpoints + +Get a list of the breakpoints set in an inferior. + +XXX: Not implemented yet + +### Request + + { + "type": "request", + "request": "list_breakpoints", + "data": { + "target_id": 0 + } + } + +### Response + + { + "type": "response", + "status": "success", + "data": { + "breakpoints": [ + {"address": 0xffffff8012341234, "enabled": true} + ] + } + } + +## Connect FD + +This is a special request that connects this client session directly to a file descriptor belonging to the inferior. + +Once the response has been sent the socket will be connected to the file descriptor. Once a session is connected to an fd, it cannot be disconnected without closing the socket. + +If the request fails, an error response will be sent to the client. + +XXX: Not implemented yet + +### Request + + { + "type": "request", + "request": "connect_fd", + "data": { + "fd": 0 + } + } + +### Response + + { + "type": "response", + "status": "success" + } + +# Errors + +XXX: List all the error types here \ No newline at end of file diff --git a/Plugin-architecture.md b/Plugin-architecture.md new file mode 100644 index 0000000..02c08af --- /dev/null +++ b/Plugin-architecture.md @@ -0,0 +1,91 @@ +# Plugin architecture + +Voltron uses a plugin architecture for implementing debugger host suppprt, API methods, and UI views. Much of the core of Voltron is implemented using this plugin architecture, and it can also be used to extend Voltron to support new debugger hosts and add new custom API methods and views. + +## Types of plugins + +There are four types of plugins supported in Voltron. + +### Debugger adaptor plugins + +Debugger adaptor plugins implement the majority of the support for a given debugger host platform. There are two core debugger adaptor plugins included with Voltron which provide support for LLDB and GDB. These plugins both implement a common set of methods that are used by the core API plugins. If you want to add support for a new debugger host, you'll need to look at the code for one of these plugins in `voltron/plugins/debugger/{dbg_lldb|dbg_gdb}.py` and implement the same methods. They are reasonably well-documented and should provide a reasonable starting point. + +More information on building API plugins can be found [here](Building-debugger-adaptor-plugins). + +### API plugins + +API plugins implement an API method which is accessible via the various configured listeners. These define a request and response class, and interact with a package-wide instance of one of the above debugger adaptor plugins. When an incoming API request is received, its `request` field is used to look up the appropraite API plugin to handle the request. See the included core API plugins in `voltron/plugins/api/*.py`. + +More information on building API plugins can be found [here](Building-API-plugins). + +### View plugins + +View plugins provide views that can be run from the `voltron` command-line entry point. Typically these are, as are the included views, terminal-based. These plugins define a view class, which is instantiated and run by the command-line entry point program. See the included views in `voltron/plugins/views/*.py`. + +More information on building API plugins can be found [here](Building-view-plugins). + +### Web plugins + +Web plugins provide views or other features that are accessible via the embedded CherryPy web server. They typically define a Flask app or just provide a directory of static which is served by the embedded web server, and use JavaScript to talk to the API back end. No web plugins are included in the core at the moment, but see the `examples` directory. + +More information on building API plugins can be found [here](Building-web-plugins). + +## Anatomy of a plugin + +The bare minimum for a Voltron plugin is a Python module containing a subclass of one of the plugin classes - `APIPlugin`, `DebuggerAdaptorPlugin`, `ViewPlugin` or `WebPlugin` (see `voltron/plugin.py`). The plugin class is the top-level object in a plugin. It usually has a name and references to other resources in the plugin. For example an `APIPlugin` has a name like `wait`, and references to an `APIRequest` subclass and an `APIResponse` subclass used to handle the API request. This is what a sample API plugin class might look like: + + class SampleAPIPlugin(APIPlugin): + name = 'sample' + request_class = SampleAPIRequest + response_class = SampleAPIResponse + +The plugin class itself typically does not contain any methods, it is just used as the top-level object to reference a plugin. The common parent of all the plugin classes, `Plugin` (in [Scruffy](https://github.com/snarez/scruffy)) utilises a metaclass, `PluginRegistry`, to collect all its subclasses as they're loaded by Scruffy. Voltron implements its own `PluginManager` class which is used as an interface to the `PluginRegistry`. + +## Installing plugins + +### User plugins directory + +When Voltron is loaded into the debugger, the [Scruffy](https://github.com/snarez/scruffy) environment is initialised and plugins are discovered in two locations: the `plugins` directory within the `voltron` package, and the user plugins directory in `~/.voltron/plugins`. The latter is where custom plugins should be installed. These directories are searched recursively, and any Python module discovered within is loaded. Classes in these modules that inherit from one of the Voltron plugin classes will be recognised and loaded into the plugin registry. + +### Registering programmatically + +Plugins can also be loaded and registered programmatically. This may be useful for custom clients that aren't using the standard view architecture, or for loading plugins from the debugger's init script. + +After Voltron has been loaded into the debugger, a package-wide shared instance of the `PluginManager` class will be available at `voltron.plugin.pm`. This instance can be used to programmatically register plugins like so: + + from myplugin import MyAPIPlugin, MyAPIRequest, MyAPIResponse + voltron.plugin.pm.register_plugin(MyAPIPlugin) + +This will make an instance of the plugin class available through the shared `PluginManager` instance. + +### Accessing plugins + +The shared `PluginManager` instance `voltron.plugin.pm` can also be used to access plugins programmatically from your custom plugins or Voltron clients. There are convenience methods in `voltron/plugin.py` to make this easier. + +For example, to instantiate an API request: + + req = api_request('disassemble', count=16) + +An API response: + + res = api_response('disassemble', disassembly="push r...") + +To allocate a view class: + + view = view('register') + +To allocate a new debugger adaptor instance (this would only really be useful if you were building another tool on top of Voltron): + + adaptor = debugger_adaptor('lldb') + +If you want to access the plugin classes themselves directly, you can call the `PluginManager` methods: + + plugin = voltron.plugin.pm.api_plugin_for_request('wait') + + plugin = voltron.plugin.pm.debugger_plugin_for_host('lldb') + + plugin = voltron.plugin.pm.view_plugin_with_name('register') + + plugin = voltron.plugin.pm.web_plugin_with_name('angularview') + +The package-wide debugger adaptor is located at `voltron.debugger`. This can be used from your custom API plugins to query the debugger host back end. See some of the core API plugins and the included LLDB and GDB host adaptor plugins for usage.