
2008-11-14
----------

* Improved the ebuild on 64-bit platforms.

* Fixed search and replace error with default plugin path, it should work 
  correctly now.

* Minor improvments to the html documentation.

2008-10-20
----------

* Right clicking in the register view will no longer show "Follow In ___" 
  options for things such as segments, eflags and FPU values. these do not
  have meaningful values as addresses.

2008-10-14
----------

* Fixed a bug where some old stub code from before the 64-bit port was breaking
  any instructions which use the FS or GS segments :(.
  
* Made the find ascii string routines more intelligent about what they consider 
  to be an "ascii" character. The output is a lot more comparable to the unix
  strings command.

2008-10-08
----------

* Switched from edb::v1::log to qDebug. The nice thing about this is that it 
  functions very much the same as my old logging. But also supports stream
  oriented logging. Finally, it is "hookable" so that a widget could be used to
  show the logging in a widget if we want.
  
* Made several string displays a bit more unicode friendly. This most visibly
  results in "high" ascii characters no longer appearing as junk.

2008-10-06
----------

* Started prepping the code for internationalization, this will be an ongoing 
  process. Once the process is started and I have at least one non-english
  translation, then it will be helpful if people report un-translated strings.
  But we aren't quite ready for that yet ;).
  
* Fixed a 64-bit compatibility bug in the breakpoint plugin.

* Sped up heap analyzer a lot by disabling updates during population.

2008-10-01
----------

* Fixed a bug introduced in last version where several entries for 0x00000000 
  were be entered in the function finder plugin. This was actually a bug in
  the analysis engine where I failed to notice the side effects of reading a 
  map using the [] syntax.
  
* Made it so the symbol viewer plugin will by default open up symbols for code
  in the disassembly and data in the data views when double clicked.
  
* Vastly improved the analyzer's handling of symbol information in its function
  search algorithm.

2008-09-29
----------

* Added context menu to Symbol viewer's list so that you can select where to 
  view the symbol in.
  
* Added a plugin managment window. Currently, it just lets you see what's been
  loaded. But in the future, I will try to make it so you can disable/enable
  different plugins.

2008-08-29
----------

* Attempt #2 at making the /lib/ vs. /lib64/ automatic for 64-bit platforms. I 
  think the new solution should work.

2008-08-25
----------

* Added the ability for edb to get the base of the GS and FS segments. This 
  allows the instruction analyzer to correctly display the values of certain 
  expressions. This also makes segments valid in expressions, they will resolve
  to the base of the segment. Though CS/DS/ES/SS will always resolve to 0.
  One nice trick is that you can break on each system call by puting a 
  breakpoint on [gs+0x10] (though 0x10 may vary from system to system).

2008-08-16
----------

* Finished making the Heap Analyzer plugin work on x86-64.

2008-08-12
----------

* Sped up analysis by avoiding redundant function analysis. It still isn't 
  blazing fast, but is significantly better.
  
* Fixed a few previously missed 64-bit portability issues. 
  (toULong -> toULongLong). They were minor, but all of this type should be
  resolved.
  
* Added a symbol viewer plugin. Double click to see a symbol's value in the
  the current data view. Eventually, I'll add a context menu to make it
  so you can view it in the code view too depending on the type.

2008-08-11
----------

* Continued to make improvements to analyzer. It is more accurate, but also
  slower at the moment. I will look into good ways to speed it up.

2008-08-10
----------

* Fixed some compilation issues on x86-64. Thanks to Stephan Hegel for working
  with me to make sure that x86-64 users have a functioning EDB.
  
* Reworked analysis to have a higher initial favoritism towards findings
  functions by recursivly tracing known functions 
  (symbols/main/entry point, etc). This will make the analysis more accurate
  though it does have the side effect of making "percentage complete" at lot
  less meaningful since while it will always stop, the number of iterations
  during analysis is indefinite.

2008-08-09
----------

* Seems that <QtGlobal> needed to be included in QDisassemblyView.cpp for x86-64
  targets. Simple fix, but it broke compilation for some platforms so I'm going
  to make a release for it.

2008-08-08
----------

* Ouch, another bug fix. At least this time it was a failed assert. Basically
  During my last fix, I forgot that reads can and will fail if done while the 
  debugee is running. I have added code to special case this and handle it more
  correctly. (Which is of course how it used to act in the first place).

2008-08-04
----------

* made plugins.pri smarter with library location. For 64-bit builds it will
  default to $prefix/lib64/edb/

2008-07-29
----------

* Since the config file was partially broken, I am taking this opportunity to 
  finish reworking the naming convention for settings. Some settings will
  unfortunately be lost. But odds are they were being dropped anyway :-/.

* WOW, I just noticed that for a long time (2-3 versions) options were not being
  actually saved. Fixed.

* Seems that my QDisassemblyView optimization revealed an off by one error in 
  the DebuggerCore which unfortunately was also crashable :(. But I believe 
  that the logic is correct now. I've added a few more asserts to help avoid 
  this type of bug in the future.

2008-07-25
----------

* Made analysis slightly faster by factoring out some no longer needed code.

* Simplified some code in the QDisassembler widget. Instead of passing an 
  instruction, its buffer and its size, you can now just pass the instruction
  since it has references to the buffer and its size anyway.

* Made the analyzer aware of using zeros as padding between functions. This will
  make the display more correct if displaying analyzed code.

2008-07-15
----------

* Added "Follow Immediate in Dump" and "Follow Immediate in Stack" CPU context 
  menus. They act similarly to the generic "Follow" CPU context menu.
  
* Improved analysis speed.

* Improved analysis quality, a few more types of common optimizations are 
  detected.

2008-07-13
----------

* Added a "Follow" item to the CPU context menu. Basically, if you right click
  on either a JMP or CALL which has an operand which can be evaluated, then 
  there will be a "Follow" menu item that will scroll the CPU view to that 
  location.

2008-07-12
----------

* Removed some code which was implemented to work around QT 4.0.x bugs since
  4.2 is now a base requirement.

* Added some atomic-ness for pointer manipulations.

* Renamed some settings in configuration file to make them more consistent with 
  new convention.
  
* Fixed a integer underflow crash involving trying to select an address beyond 
  the end of a region. Which was causing a negative size to be passed to the
  "edb::v1::getInstructionBytes" function. Q_ASSERTS were added to catch this
  in the future if a similar bug is present elsewhere.
  
* Fixed a minor bug where tooltips would show data outside of the current 
  region if there is an adjacent region sometimes.
  
* Now attaching to a new process or opening a new program to debug will 
  invalidate any analysis that has been done. Eventually, the analysis will be
  stored in session files so that it can be reused. But not yet ;).

2008-07-05
----------

* more minor improvements to the analysis engine.

* Fixed a corner case in the disassembler where it would misformat things like
  "and eax, 0xffff" as "and eax, -1" due to a mis-optimization.

2008-07-03
----------

* Improved the analysis engine to be slightly more accurate.

* Added graphical indication of function bounds based on analysis results.

* You can now scroll the QHexView widgets by individual bytes by pressing up
  or down while holding the control key.

2008-07-01
----------

* Centralized analysis engine and provided it with a plugin. The FunctionFinder
  plugin is now just an interface towards it. Ctrl+A will analyze the current 
  region (though nothing is done with the results yet). I am hoping to have 
  function framing and scrolling by instructions.

* Added a "set EIP to selected instruction" to CPU context menu.

* Improved hueristic for analyzer. It will now more accurately identify certain
  types of functions.

2008-06-18
----------

* Fixed a bug in the hardware breakpoint manager plugin which didn't allow
  disabling of the last breakpoint.

* Extended the maximum size that OpcodeSearcher will consider from 4 bytes to 
  8 bytes, which yields some more options.

* Finished changing OpcodeSearcher plugin to use edisassm, it should be a lot more
  robust now. Forutnately, edisassm is pretty fast, so the performance impact isn't too
  bad.
  
* Most dialogs use QT 4.2.x's QDialogButtonBox's now which should give a better
  look on non-KDE platforms.

2008-06-12
----------

* Fixed a bug in DebuggerCore involving hardware debug registers in 64-bit mode.
  this fix allows hardware breakpoints to work in 64-bit builds.
  
* Changed OpcodeSearcher plugin to use edisassm when searching instead of hard
  coded values. This allows the code to be more easily ported to new archs such
  as x86-64.

2008-06-06
----------

* Fixed minor bug with selections in QHexWidgets when selecting outside of the
  viewable range. There was an underflow, which was cast to an unsigned type
  causing some upward selections to select from start to the end of the range.
  
* More improvements in 64-bit support. The ArchProcessor for x86-64 is now
  aware of the amd64 C calling convention and will now properly predict function
  arguments for when symbols are available.

2008-06-01
----------

* Hardware breakpoints are much more complete, supporting Write, Read/Write, 
  and Execute types of 1, 2, and 4 bytes sizes.
  
2008-05-31
----------

* edisassm 1.5.2 released, mostely making the code more standards compliant to
  ensure that the code will compile on newer versions of g++.
  tested with 4.2.3 on Ubuntu.
  
2008-05-28
----------

* edisassm 1.5.1 released with some minor bug fixes

* Corrected some bugs in edb under x86-64 involving the analysis engine.

2008-05-28
----------

* edisassm 1.5.0 released with EMT64 support! A lot of time was put into 
  verifying the instruction tables to ensure that disassembly woudl be accurate.
  
* A couple of minor bug fixes were done in EDB.

* Added patches to clean up build on ubuntu systems.

2008-05-18
----------

* Added LOTs of SSE4 ops to edissasm, updated a bunch of the tables.

2008-05-07
----------

* edisassm now can handle RIP relative addressing mode. I also fixed some decode
  ordering issues that were introduced when 64-bit mode was being added. The 
  only piece left is the tweaking of the instruction tables to match what was 
  added/removed/changed for 64-bit mode!

2008-05-06
----------

* edisassm now can disassemble 64-bit code partially correct. It does not yet
  support RIP relative modes and does not take into account changes in the 
  opcode map (new and removed opcodes). Soon edb will have full 64-bit support!

2008-04-30
----------

* Made a large effort to port edisassm to 64-bit :) The most visible change
  is that is makes much larger use of templates. Instruction and Operand now 
  take a template param (32 and 64 are valid). which can be used like this:
  Instruction<32> insn(buf, size); or you can use edb::Instruction which will be
  be typedefed to the appropriate type based on your build environment. Because
  of the massive ammount of templating needed to implement this, it is possible
  that older compilers will have trouble with it. I will test which compilers
  are expected to work.

2008-04-11
----------

* Renamed REG_NONE to REG_NULL to avoid a conflict with windows headers.

* Got edisassm compile on win32 for the first time :)

2008-03-24
----------

* Improved some of the function finder code, I am planning on moving this to a
  more central analysis system.

2008-03-15
----------

* Fixed some incorrect bit setting in HW breakpoint code.

2008-03-14
----------

* Improved the HW breakpoint code. It will now show the enabled state based on
  what the application is actually in. So if you do something like reset the
  application, then the HW breakpoints will show as disabled (because they are).
  
* Some general code optimizations.

2008-02-29
----------

* First code for hardware breakpoints is in, edb can now set a hardware bp
  and resume from it, next is setting the proper type of bp (read/write/execute)
  as needed and also making the dialog show correctly even when application
  has been terminated or restarted.

2008-02-27
----------

* Simplified some signal code in QHexView and Bookmarks plugin.

* Started some very preliminary work on the hardware breakpoint plugin. So far
  I have the GUI planned out for it. It will likely require that the plugin 
  hook the debug event system in order to enable resuming after hitting the BP.
  This is ok though since there is an infrastructure in place for that :).

2008-02-25
----------

* Improved handling of breakpoints which aren't caused by int3 bytes placed by
  edb. for example: "int 3" (which encodes as 0xcd 0x03) is now handeled more
  correctly.
  
* Preliminary code for hardware breakpoints is in place, the DebuggerCore is now
  able to get/set the debug registers on intel. The only real hurdle left is
  continuing after it is hit. This will need a similar system to software 
  breakpoints.

2008-02-15
----------

* Made some changes to help with portability.

* Made edisassm use std::ifstream instead of mmap.

2008-02-12
----------

* Simplified the expression code a bit by factoring down common code a bit. This
  results in a slightly larger binary, but smaller source (due to small function
  inlining). I think this is fine since the code is more managable.
  
* Fixed expressions handling of the XOR operator "^". It was not properly 
  implemented.

* Moved the known function table to a plugin. It isn't super efficient quite yet
  but works well.

2008-02-10
----------

* Made the columns in the disassembly view movable when mouse is 2 or less 
  pixels away from from the line, not just exact match. This should make it an
  easier target.

2008-02-08
----------

* Made DebuggerCore::readPages account for breakpoints in its results.

* Fixed a bug where reads/writes could return success when they couldn't read
  this resulted. Fortunately this really didn't effect the result of any 
  operations.

2008-02-06
----------

* applied patch from elitak@gmail.com to plugins.pri to help avoid build errors
  on certain configuration.

2008-01-28
----------

* updates QT dependancy to be for version 4.2 or greater. There are a few 
  features of QT that I have held off from using or have worked around in the 
  past. The next version (0.9.0) will no longer compile on versions lower than
  4.2

2008-01-24
----------

* Fixed more bugs in edisassm, it was some SSE opcodes where Intel docs claimed
  both operands have be Mod/RM, in which case I have no idea what the proper
  thing to do is. So, it is now in sync with what sandpile.org says, which 
  matches other disassemblers output. I have also added a regression test for
  this.
  
* You can now see symbols in the disassembler view if you move the left most 
  line right. By default it will look as usual. But in a very similar way to 
  ollydbg, you can now see known symbols next to addresses.
  
* Improved function finder plugin. It will now give "bonus points" to functions
  which have known symbols.
 

2008-01-19
----------

* Fixed a harmless crash when EDB failed to load the debugger core plugin. This
  was introduced in the last release :(.

2008-01-17
----------

* For builds on QT >= 4.3, you can now give a tab a label but right clicking
  on it.

* Made the QHexView and QDisassembly widgets use the system palette colors.
  This will make it so EDB will match the prefered colour scheme of the user.

2008-01-16
----------

* Fixed a potential crash on shutdown in the cleanup code

* Fixed a silly crash where if you ran the function finder with no selected 
  region (or if you are not attached to a program) it would crash.

2008-01-15
----------

* Fixed a bug in ModRM/SIB decoding where in some cases the index and base were
  inversed. This only really showed up in the less used redundant encodings, so
  it didn't show up until I started my regression tests.

2008-01-14
----------

* Fixed a bug in edisassm where it would think it didn't have enough space in
  the instruction buffer when prefixes are used.

2008-01-13
----------

* Added a graphical indicator of the direction for relative jumps.

2008-01-12
----------

* Improved load time.

* Fixed some very minor bugs in the disassembler.

* made disassembler differentiate between the different versions of ins/outs.

2008-01-10
----------

* Fixed a bug in edisassm where 32-bit signed offsets which have the 16-bit 
  set were being printed as 16-bit sign extended values.
  
* Added some regression tests to edisassm. Unfortunately nasm and edisassm 
  disagree on some syntax points and likes to re-order expressions sometimes, 
  so I'll have to come up with some normalization strategy before it can be
  fully automated. But it's a start :).


2008-01-03
----------

* Fixed a bug where if you used the fill feature ontop of a breakpoint it
  would not properly clear the breakpoint first.

2007-12-12
----------

* Moved the ELFxxBinaryInfo classes to plugins. This is more modular and makes
  it far simpler to add new BinaryFile handlers in the future.

2007-12-10
----------

* Added command line running of a program. You may write things like this:
  $ ./edb --run /bin/ls /etc /bin
  and it will start edb attached to a new instance of /bin/ls with the correct
  arguments passed.

2007-12-06
----------

* Fixed a display bug (Bug #37) where it was possible to make the data tabs show data to
  a region which does not exist after detaching (showing all 0xff's).

2007-12-03
----------

* Changed some code to convert numbers to toULongLong instead of toUInt to 
  ensure that when 64-bit is supported, addresses will be interpreted correctly.

2007-11-31
----------

* Ported the dump state plugin to be able to compile correctly on x86-64.

2007-11-29
----------

* Added code to load/save session files (which are currently mostely empty)
  This will read the file header, check it for the session signature, md5 the
  file in the sessiona and compare that to the md5 of the currently debugged
  application. This way, it should never load a session file for the wrong
  application. Next, I'll be adding useful data to the session files, for
  starters I plan on having sessions remember breakpoints and bookmarks.

2007-11-28
----------

* EDBTypes.h is now Types.h this will include the OSTypes.h and ArchTypes.h
  files, this makes adding new arch and os combinations much easier.

* Made various input dialogs accept 64-bit values when building on an x86-64 
  platform.

* Made many changes to help in portability to other platforms. EDB will likely 
  be ready for x86-64 within a version or two. The big stumbling block left is
  edisassm support for proper disassembly.

2007-11-27
----------

* Now that I discovered that QT has a qmake variable (undocumented) which 
  represents the arch it is being compiled on. I have started work on dividing
  the code which is arch specific into special arch dirs, one for each build 
  target (i386 is only which compiles, but it's a start). This should really
  help with porting to new targets.
  
* Started very begining work towards a session file concept. I have mostely
  fleshed out what I want the file to look like.

2007-11-24
----------

* EDBTypes.h will now define some macros based on the arch it beleives it is 
  being built on such as EDB_X86_64 or EDB_X86. Also, it will define EDB_FMT_PTR
  which is a format specifier suitable for printing an edb::address_t type.
  
* DebuggerCore now compiles on x86-64, however there is still much work left to
  be done. I need to add x86-64 support the the disassembler, and to a few other
  arch sensitive areas.

2007-11-20
----------

* Added preliminary code for "--run" option which will allow the user
  to execute a program and attach to it from the command line, for example:
  $ ./edb --run /bin/ls /etc
  which would run /bin/ls with "/etc" as it's argument and attach to it.
  This code is not functional yet.

* Added new findPluginByName to plugin API. This should allow some basic
  for of dependancies to plugins. This should not be used until plugins are
  fully loaded because there is no gaurantee as to the order of loading yet.
  So, as a good rule of thumb, don't use it in the plugin constructor.
  Hopefully, this will lead to more code reuse and maintainability.

2007-11-15
----------

* Added identification of jump sources to instruction analysis. Now whenever 
  stopped on an instruction, it will attempt to find out if a nearby relative
  jump has a target equaling the the instruction you are stopped on.

2007-11-14
----------

* Setup new bugzilla for EDB at: http://bugs.codef00.com/

* Implemented locked stack feature. It will stay locked at the position of the
  stack pointer (unless the stack pointer jumps to a whole other memory region) 
  when enabled.

2007-11-08
----------

* Added preliminary support for resizing the columns in the disassembly view.

2007-11-07
----------

* Fixed a bug in the disassembler where it would ignore the displacement of
  an opcode encoded in a particular way.


2007-11-06
----------

* Added option for CheckVersion plugin to automatically check for newest version
  on startup. It will not report anything if you are running an up to date 
  version of edb. This feature is enabled by default. You can disable this 
  feature by unchecking the menu item for it, found at: 
  "Plugins" -> "CheckVersion" -> "Check On Start". When enabled, the plugin 
  will perform a single HTTP get request to retrieve the latest available 
  version number each time edb is started.

2007-10-23
----------

* Worked on developing function and code analysis. I now have developed an 
  algorithm which can do reasonable accurate degree which bytes are actually
  code bytes. Basically the concept is first to enumerate potential functions
  by disassembling at each possible address in a region. For each call I see I 
  add it to a list and increase its reference count. Then for each function with
  2 or more references, I do further analysis. While reviewing these functions 
  with 2 or more references, I follow the code looking for the function end. If
  I see any calls to functions with a single reference, then they get a bonus 
  reference and are re-added onto the list of calls to analyze. For now, the 
  primary goal is to figure out the actual code bytes and bounds of the 
  functions. Next I will try to identify the conditional logic in the functions.
  
* Fixed duplicate error reporting on some invalid expressions.

2007-10-20
----------

* Added a heuristic for locating the heap start when using a newer ld. It isn't
  100% reliable, but seems to work "ok", I am hoping to solidify more checks 
  in the future to make it more reliable.

2007-10-11
----------

* Made some changes to the plugin API in order to help move towards 
  a stable 1.0 API.

2007-10-09
----------

* General code cleanups and optimizations

* Added support for arguments with spaces in them. Arguments with spaces are 
  specified with quotes, and if you need to have a quote character in the 
  argument then you can escape it with \.

2007-09-17
----------

* Added shortcuts to bookmarks (Ctrl + N will trigger the first 10 bookmarks).

2007-09-14
----------

* Fixed a bug where I accidentally was copying from a QByteArray directly 
  memcpy. It worked because the data array was the first class variable, but
  was not correct in principle.

2007-09-10
----------

* Corrected a minor bug where the GUI didn't update correctly when using the
  stack widgets push/pop menu items.

* Made Debugger::log a variadic function, this allows for passing formatted 
  output directly without a temp, allowing for cleaner code.

2007-09-08
----------

* Focused on optimising the code in certain locations.

* FunctionFinder now uses the new readPages interface.
  This costs more memory, but seems to be more than twice as fast :).

2007-09-05
----------

* BinaryStringSearch and ReferenceSearch now use the new readPages interface.
  This costs more memory, but seems to be more than twice as fast :).

* Added a readPages routine to the DebuggerCoreInterface, since reading large 
  blocks of data can be done more efficiently that individual bytes.

2007-08-28
----------

* Fixed a bug where EDB would hang if the TTY console specified in the options
  does not exist. It defaults to "/usr/bin/xterm". Thanks Dmitry Bulashev for
  reporting!

2007-08-27
----------

* Corrected a minor bug where the core plugin would report success when trying
  to read when not attached.

* Bookmarks plugin can now take expressions.

2007-08-26
----------

* Added cool "data dump" plugin as per 0xf001s request :). Just hit ctrl+D and 
  it'll shoot out a dump similar to GDB to stdout.

* Added the ability to skip in-accessible regions (permissions currently "---")
  to both the reference search and the binary string plugins. Some applications
  such as wine like to create dummy regions like this. It should make the 
  searching a little more bareable.

2007-08-20
----------

* "Filling" instructions, as in functions which either have no real effect, 
  and/or are usually used to fill the space between functions are now displayed
  in grey. This makes seeing where function boundaries are easier.

2007-08-20
----------

* Added pointer detection to heap analysis.

2007-08-18
----------

* Tables with numeric content columns are now sorted numerically.

* I am working on stabalizing the programming API, BaseTypes:: and Debugger:: 
  namespaces will be merged and renamed to edb::. The contents of Debugger:: 
  will be located in in edb::v1:: to indicate version 1 of the plugin API. This
  way plugins will have a nice clean way of knowing which version of the API
  they are using. Functions in edb::v1:: will never be removed, after 1.0 is
  released.
  
* Corrected a bug where step over didn't work if you were on a breakpoint.

2007-08-16
----------

* Corrected copy and past bug in FunctionFinder plugin menu item name.

2007-08-15
----------

* updated some of the documentation.

2007-08-14
----------

* Added a "bookmarks" plugin, which allows you to put code addresses of your
  choice into a list, which you can later jump to. This plugin also serves
  as an example of how to add dock widgets to the main gui in a safe manor.

* Fixed a subtle crash caused by debugging an app, opening a plugin dialog, then
  detaching, and eventually debugging a new process (which not closing the
  dialog.
  
* Added a new "function finder" plugin. Suprisingly accurate. It includes a
  "reference count" column which is how many potential calls to this function
  the plugin saw. The higher the number, the greater the confidence that it is
  really a function entry point.

* Speed increases.

2007-08-13
----------

* Changed some of the global objects from pointers to references, this will
  reduce the need for null checks in many situations as well as simplify code.
  
* added wait for console process to die before closing for a better cleanup.

2007-08-10
----------

* Fixed accidentaly reference of breakpoint data after it was free when using
  one time breakpoints. Dangling pointers are no bueno!

2007-08-09
----------

* Removed references to QT 4.3 features from UI files.

2007-08-08
----------

* Fixed a crashable bug introduced in last version, this was related to clearing
  the process state variable. Now that the state has virtual functions, it is
  no longer correct to use memset.

* Added search filter to the opcode search plugin so you can find the region you
  want to search more easily.

* Added search filter to the strings plugin so you can find the region you
  want to search more easily.

* Made the MemoryRegions object also a QAbstraceItemModel, suitable for a 
  QTableView. This should make it simpler/cleaner to display a table of
  available regions (there were already 3 copies of the code to fill the table
  in edb which will now no longer be needed, in addition to making the filtering
  code MUCH simpler since QT can do it for us.

2007-08-06
----------

* Improved the build system a little for plugins. They now all share common 
  portions.

* Added ascii string display in heap viewer plugin. Now if, the heap block 
  contains an ascii string, it'll be displayed in the data column. I plan to
  add more types of known "data" to this column over time.

* Added a filter to the environment viewer plugin so you can quickly find the
  variable you are looking for.

2007-08-02
----------

* Conditional MOVs are now part of the instruction analysis, it will display 
  whether or not the MOV will be performed based on the current flags.

* I am making the config file entries use a more organized naming convention in
  the past they were very ad-hoc, but now i am going with namespaces. For 
  example: debugger.terminal.enabled=true. For now this will only apply to new
  settings so no one loses settings, but the old names will eventually be phased
  out in 0.9.0 which is when I will start to stabilize the varying APIs in EDB.

* The view options for the stack and data views (word width/row width/which 
  columns to display) are now stored in the config file and restored on reload. 
  Data view is stored as well but is based on the options dialog because saving 
  the options set in the context menu makes no sense (many tabs, which to use).

2007-08-01
----------

* Added different binary fill options to the CPU context menu. Good for REMing
  out individual ops quickly.

* Command window program is now configurable in the debugging options dialog.
  You can enable/disable it, and you can use the terminal program of your 
  choice. The default is /usr/bin/xterm, as this should be fairly ubiquitous.
  "konsole --nomenubar --notabbar" works well for us KDE users out there as 
  well. The only real rule is that whitespace is assumed to be an argument 
  separator and bad things may happen if you try to be clever and use a program
  name or argument with a space in it. I was able to get launching konsole to 
  simply lock up EDB (no idea why) simply by using it from a path with a space
  in it.

2007-07-31
----------

* Experimental code for opening an I/O window for command line apps is almost
  done. It actually works well, just need it to be more tunable. This is a
  big feature as it will allow more complete debugging of applications with a 
  CLI.

2007-07-30
----------

* Made the 3 byte UD opcode no decode as "invalid" but as "ud", since this op
  isn't really invalid, just is hardwired to generate an exception.

* FPU registers are now highlighted on changes.

* Made changes towards abstracting State such that it can be an opaque type.

* Renamed types.h to EDBTypes.h to avoid conflict with system types.h. Sorry
  if this makes people change code, but API isn't stable yet ;).

* Moved *nix specific headers to ROOT/include/os/unix from src, since plugins 
  may and likely need to see those types, now the include dir is all that is 
  NEEDED to have a plugin development setup.

* Changed getValueFromUser to get a reg_t value, this should be more 
  portable. (Thanks Thomas Faber!)
  
* Improved DebuggerCore's reading/writing routines to be more portable and
  more flexible with regards to endian size and word size. 
  (Thanks Thomas Faber!)
  
* Thomas Faber's changes make EDB a few steps closer to compiling and 
  functioning correctly in an x86-64 setup.


2007-07-26
----------

* Implemented PID enumeration on FreeBSD. Still a lot to go for things to 
  compile and work...

* Made edb_make_symbolmap work if you have md5 instead of md5sum in your system.

* Added breakpoint management to CPU view context menu.

2007-07-25
----------
* Fixed error in which a shallow copy of a transient variable was being used
  which is bad because the data could be trashed.

2007-07-21
----------

* You can now see the FPU registers, they are currently read only, but it 
  appears to work correctly.

2007-07-19
----------

* Fixed a silly bug introduced recently where registers aren't properly 
  un-highlighted when no longer attached.
  
* Internally layed some ground work for reading FPU register support.

* Fixed a bug in the debugging core plugin which could cause a caller of a 
  read or write to think it succeeded when it didn't. It was very unlikely to
  get triggered and even so would likely have little to no side effects.

2007-07-17
----------

* Made it so when you try to modify bytes which overlap a breakpoint, 
  you are given the option to continue (which removes the breakpoints), or 
  abort the modification.
  
* Finally made the breakpoint dialog show the breakpoint type.

* Introduced initial code for supporting more than one binary type. It still 
  only accepts ELF32, but the framework is in place.
  
* Fixed a bug where misaligned jumps were fooling the disassembly view widget
  this was pretty bad since a lot of the point of active debugging versus static
  analysis is to avoid getting fooled by tricks like this!

2007-07-16
----------

* Fixed a bug where certain strings may not be reported corrected 
  (some characters chopped out).

* Fixed bug where offsets of 16-bit relative jumps were not being truncated like
  the CPU actually does. In the real thing, the target address has the upper 
  16-bits cleared. Not very useful in 32-bit code, but important to be correct.

* Fixed bug in new register reading code.

* Removed segfault due to settings invalid segments from TODO list, this is a 
  kernel bug and entirely out of EDB's control.

2007-07-13
----------

* Numerous improvements to the disassembler, I believe it is fairly complete
  the only thing that's missing that I'm aware of is enforcement of certain 
  rules (like mod/rm that must only be mem, and which ops certain prefixes are
  valid for).

2007-07-12
----------

* Worked around a bug where QT would deliver events to disabled actions if the
  shortcut key-combination is pressed. For now I have a check in each action
  where it simply returns if that action is not enabled. The QT people seem
  to be aware of the issue, hopefully it'll be addressed in a future version
  of QT.

* Fixed ability to debug a process which receives unknown stop signals. Now it 
  will simply break if you were trying to step. It is still annoying since 
  frequent signals will make you have to step twice all the time, but at least
  it is now possible.

* Fixed long standing (apparently no one noticed) bug where if you detached
  from a process while a breakpoint was set, the process had a chance of 
  crashing.

* Made operand analysis smarter, it now knows about different expression types
  (byte ptr, word ptr, dword ptr).
  
* Identified a few bugs I would like ironed out before next release.

* Many minor improvements in the disassembly output. It is difficult to decide
  when to use hex and when to use decimal, but I think I have something
  reasonable.
  
* Good speedup in instruction analysis.

2007-07-11
----------

* Finally compiled EDB with edisassm ! This disassembly engine is faster and
  more robust than the previous one because I am more easily able to add
  specific features that EDB can use into it. Unfortunately, this does mean
  that AT&T syntax is temporarily disabled.
  
* Fixed a major crashable bug in QDisassemblyView widget, it was very subtle.

2007-07-06
----------

* Finished environment viewer plugin

* edisassm is almost complete and ready for integration

* Condition flags can now be seen in the register view as a sub item to eflags

* Split out the i386 stuff away from the GUI yet more, almost at a good point
  of portability.
  
* More robust error checking

* A few minor UI updates.


2007-05-31
----------

* Multibyte invalid ops are now displayed properly.

2007-05-23
----------

* Very preliminary TTY support.

2007-05-20
----------

* Fixed a bug in getBinaryStringFromUser where it was setting the value 
  before the maximum allowed length. This made it so values were truncated 
  incorrectly.
  
* Added Edit bytes to the QDisassembly viewer!

* Fixed DebuggerCore incorrectly reporting success on reads/writes of where
  no bytes are read.

2007-05-16
----------

* Added UID to attach dialog.

* Added ability to filter out entries that don't match your UID in the attach
  dialog.

2007-05-15
----------

* Added "Goto ESP/EBP" to stack context menu.

* Fixed crashable bug in QDisassembly view, involving libdisasm, libdisasm will
  do a double free if "x86_oplist_free" is called on invalid opcodes, this is
  now avoided.
  
* You can now always disassemble code nearing the edge of a region.

2007-04-30
----------

* Isolated how recent files are managed away from primary GUI code.

* Made register view and disassembly view fonts configurable from options 
  dialog.
  
* Made data view's font default to what is set in the options.

* Font changes in the options now show immediately after accepting (clicking ok)
  the options dialog.

2007-04-27
----------

* Break point manger now takes an expression for it's address

* General code cleanups

* Added stack analysis, will now show returns and ascii strings in stack viewer!

2007-04-24
----------

* Made minimum length for ascii string detection tunable in options.

* Improved the String Searcher plugin to reuse code in the Debugger API instead
  of using its own.

2007-04-23
----------

* Began work on a new "Open Files" plugin, it can currently list open files
  and will eventually be able to show socket/pipe information as well.

* Fixed minor display bug in tooltips for long instructions

* Improved the internal disassembly API to make it more adaptable to other 
  disassembly libraries

2007-04-19
----------

* Vastley improved the speed of the Heap Analyzer's result view (order of 
  minutes to seconds)

2007-04-15
----------
* Added heuristic for resolving "main" symbol byte on bytecode matching
  if the symbol is not provided in the symbol map. This feature is currently
  very likely glibc specific.
  
* Added some more steps towards 64-bit build support.

2007-04-13
----------

* Added more constancy to context menus (operations you can do in the dump 
  view, you can also do in the stack view most of the time now.

2007-04-11
----------

* Registers are now highlighted in red if they have changed.

2007-04-08
----------

* Fixed a crashable bug BinaryString search plugin if an empty string was 
  supplied.

2007-04-07
----------

* CheckVersion plugin will now respect the HTTP_PROXY environment variable.

2007-04-06
----------

* corrected minor bug in edb_make_symbolmap.sh which preventing it from running
  on certain distributions which actually have /bin/sh act like the original sh
  not bash :)

* Added basic conditional breakpoints. The can be set in the breakpoint 
  manager plugin and are based on the expressions that were recently added.
  At the moment, the expressions are tested for validity at the moment of 
  the breakpoint, eventually this will be checked when you enter it.

2007-04-02
----------

* Added expression support to "Goto Address" in both the CPU and data views.
  Please see the README for more detailed information on this.
 
2007-03-29
----------

* Added MD5 code, which will notify the user of outdated symbol files.
  
* Added code to remove duplicates from the instruction analysis list.

2007-03-28
----------

* Renamed make_symbolmap.sh to edb_make_symbolmap.sh to make it more 
  distribution friendly.

* edb_make_symbolmap.sh now puts errors to stderr, not stdout, so you don't get
  false symbol files if you process a whole dir at a time.

2007-03-24
----------

* Shellcode address used to change region permissions is now chosen dynamically.

2007-03-20
----------

* Added preliminary framework for resolving parameters to standard library 
  functions.
  
* Added ability to show/hide the toolbar.

2007-03-15
----------

* Added ability to specify compile time some default directory strings, 
  makes package management easier.

* Added preliminary method for code to find a plugin based on the plugins name
  this will allow code to be written which depends on functionality exported
  by plugins, which could be cool.

* Added some basic measures to help prevent duplicate plugin loading caused
  by symlink trickery
  
* EDB will now look in the current working directory as well as the path 
  specified in the options for plugins

2007-03-14
----------

* Added getting of working directory and arguments from attached processes
  this makes restarting work much better (which is now enabled).

2007-03-12
----------

* Internally,a lot of i386 specific code was moved to a new class 
  "i386ArchProcessor", which will eventually be a plugin (one for each arch).
  It is still a work in progress, but is a start.

* Removed quit role property from exit menu as this prevented 
  compiles on QT < 4.2.0

2007-03-03
----------

* started work on restart code, seems to work ok

2007-02-26
----------

* Added ability to change the working directory opened applications run in. 

2007-02-23
----------

* Improved about dialog box :-P

2007-02-15
----------

* Added ability to dump the contents of a data view tab to a file.

2007-01-17
----------

* Added recent file list to File menu.

2007-01-16
----------

* Cleared internal state tracking on detach, nothing major.

2006-12-23
----------

* Added new stylized register view window, still working out the programmers API
  for it, but at least it looks nice :)

2006-12-22
----------

* Making slightly less assumptions about the architecture being 32-bit.

2006-12-18
----------

* Added a search filter to the attach and memory region dialogs.

* Fixed compilation issue with gcc 3.x series compilers.

2006-12-16
----------

* Added a tooltip to the disassembly view when there are too many instruction
  bytes to display which shows all bytes in the instruction.

* Added display of ASCII strings next to registers if analysis decides that 
  what the register points to is an ASCII string.

* Added push/pop operations to the stack context menu.

2006-12-13
----------

* Added preliminary PLT support to make_symbolmap.sh, this will allow EDB 
  to properly display library calls, eventually, this will lead to a database
  of known functions with parameters so the analyzer can display the parameters
  correctly.

2006-12-12
----------

* Finally added the ability to edit the bytes in the data and stack dump 
  widgets! Simply right click and choose "Edit Bytes" and modify away :).
  If the new string of bytes is smaller, the debugger will zero fill the
  difference, in the future this will be tunable.

2006-12-08
----------

* Improved efficiency and clarity of rendering code for some custom widgets.

2006-12-06
----------

* Started working on some html based help files in doc directory, don't
  expect anything useful in there quite yet, but it'll get there.

* Isolated libdisasm calls to a single part of the code, this allowed 
  consolidation of common functions as well as creating a central point to 
  replace the code as I feel that libdisasm will likely be dropped in a later 
  version.

* Added more information in the instruction information panel.

* Made DebuggerCore plugin readBytes fill the trailing end of the buffer with 
  0xff if it could not read as many bytes as requested, this is to give more
  predictable results if only a partial read is possible.

2006-12-01
----------

* Reduced redundant drawing in QDisassembly widget, which should make things
  slightly faster due to less redraw.

2006-11-30
----------

* Added some more sanity checks to the internal reads and writes in the 
  debugger core plugin, this should prevent reporting incorrect data if a 
  add breakpoint failed to read/write correctly.

* Made step over, also step over REP prefixed ops.

* Fixed bug in indirect call/jmp analysis which resulted in the target symbol
  not being resolved even though it was in the symbol map.

* Made it so the expression evaluator shows a ? instead of junk when it can't 
  read from the effective address.

2006-11-29
----------

* Corrected bug in libdisasm which caused the instruction  8e e8 to disassemble 
  incorrectly as "mov ds, ax" instead of the correct "mov gs, ax".

2006-11-28
----------

* Added ability to choose both how many bytes per "word" in the displays
  and how many "words" per row via the context menu, this setting is not
  remembered yet, but that will follow shortly.

* Fixed very annoying bug where it was possible to make the QHexView widget
  not correctly highlight things if the origin was not aligned to the word 
  width * row width.

* Added ability for QHexView widget to display 64-bit formatted hex, once
  a bug related to selection of misaligned text is resolved this will be 
  enabled.

2006-11-27
----------

* Added getBinaryStringFromUser to debugger API.

* Added filename to title bar when opening an application.

* Removed updating of all views when selecting a memory region to view,
  now it only updates the data view tab.
  
* Fixed green arrow showing outside of viewable area sometimes.

2006-11-25
----------

* Changed string searcher to allow newlines in a string.

* Corrected DebuggerCore's behavior when writing less than 4 bytes from the 
  edge of a memory region, previously the result was undefined, now it acts
  as expected.

2006-11-22
----------

* Added double click to follow in dump to StringSearcher plugin

* Fixed rare double-free crash found by valgrind.

* Fixed occasional crash due to lack of copy constructor in a class.

* Now the open dialog will start in the directory which you last opened a file 
  from, this should make reloading the same file you previously ran quicker.

* Added a function to Debugger namespace which make it easier to properly 
  compare version numbers numerically.

* Added a plugin "CheckVersion" which will read the file 
  http://www.codef00.com/projects/debugger-latest and determine if a new version
  has been released.

2006-11-21
----------

* Added another opcode class "[esp + 8]->eip" in OpcodeSearcher and improved 
  efficiency of search by reducing memory compares.
  
* Added ability to double click results in OpcodeSearcher and it will jump
  the disassembly view to the found address.

2006-11-20
----------

* Improved instruction analysis, now it will attempt to give symbol relative
  information on many control flow ops such as calls/returns/jumps, more of 
  this to come.

2006-11-17
----------

* Changed name of utility functions ByteShiftArray::rol() and 
  ByteShiftArray::ror() to ByteShiftArray::shl and 
  ByteShiftArray::shr to reflect what they actually do
  
* Updated the makesymbolmap.sh script based on patch from pancake, SymbolManager
  has been updated to use the slightly different format.
  
* Reduced scrolling in disassembly view by only scrolling when new instruction
  isn't in visible range.
  
* Added arrow icon next to current instruction.

* Changed resultant binary from "debugger" to "edb" to reflect actual project 
  name.
  
* Added some basic documentation on how to write plugins, though the example 
  plugins are still the best way to learn.
  
* Added jump to address and jump to EIP to disassembly view context menu.

* Main window will now remember it size and restore it next time EDB is run.

2006-11-16
----------

* Minor code cleanups.

* Slight change to DebuggerCoreInterface to have waits specify a timeout, 
  it is not required that the class actually do anything with the timeout, 
  but the groundwork is being set.
  
* Hopefully have a good solution for terminating the event server thread

* Removed parts of libdisasm which aren't needed for libdisasm.a to build
  this cuts the download size by 75%!

2006-11-13
----------

* Removed parts of libdisasm from source tree that aren't related to the build
  which cut the tarball down to a quarter of the size :)
  
* Working on cleaning up internal breakpoint management, current implementation
  works most of the time, but there are a few corner cases where it isn't 
  perfect. I plan to rework this so that the logic is more clear.

2006-11-12
----------

* Added upper limit of one second to how long debugger will wait for the event 
  thread to terminate. Eventually I will fix the fact that it doesn't always 
  terminate, but for now this seems to work ok.
  
2006-11-10
----------

* Fixed QTableWidgets not being populated correctly with QT 4.2.x and up, it 
  seems that you must disable sorting before inserting to guarantee correct
  behavior.

2006-11-10
----------

* Fixed a bug related to adjacent breakpoints which were not placed by the 
  debugger (already in the code).

2006-11-09
----------

* Initial Release
