lldbinit - Improving LLDB

Many years ago I had to use gdb for the first time and I absolutely hated it. At the time I was reversing (cof cof cof) Windows apps so SoftIce and friends were my favorite tools. Compared to these gdb was a complete trash, mostly because the naked gdb lacks a nice context display. I like to know what the hell is going around each time I step in the debugger, without having to type a bunch of commands for it. Then I discovered the original gdbinit by +mammon and life with gdb was a bit easier.

Ten years ago (wut?!?) when I bought my first MacBook Pro and started this blog I started using gdb again and slowly improved gdbinit to OS X specifics. This was a messy project since gdb scripting language is quite limited. But I started to love gdb+gdbinit combo versus GUI debuggers such as Ollydbg. I got used to the command line and everything was faster with it.

These days gdb is essentially dead after OS X Sierra release. The old Apple gdb fork doesn’t work anymore and I am too lazy to fix it. GNU’s gdb was a complete piece of junk (still is?) in OS X (a bunch of stupid unsolved problems, such as fat binaries, etc) so LLDB is really the only alternative (personally I never really used IDA’s debugger - I really prefer command line debuggers these days). I resisted for long to start using LLDB, mostly because the lack of a gdbinit port to it. Naked LLDB is mostly useless, and it is worse than gdb because of it’s horrendous command line syntax (gdb is a mess but at least I don’t have to type a train of commands to write to a damn register or memorize a million keywords).

Luckly for us, Deroko decided to save the day and created a basic port of gdbinit called lldbinit. This made my life easier but still not perfect!

A few weeks ago I was starting to reverse a variant of dumb malware (technically adware but it is the same crap) from IronSource known as IronCore and getting tired of typing some LLDB commands I decided to bite the bullet and finally dive into lldbinit code and improve it. I don’t like Python at all (C FTW!) so this was a big step for me!

And so an improved lldbinit is born. You can find it at https://github.com/gdbinit/lldbinit. I have ported most of gdbinit functionality that was missing and added a bunch of new commands. Also converted some commands that were issued via the command line interface to Python API, because it looks better and you also learn about API internals.

Feel free to report bugs, fixes, etc to my mail or open an issue at Github.

My focus was on x86 related code so ARM features are pretty much untested/missing.

Tested with lldb-900.0.64 (from Xcode 9.2) but it should work with any recent LLDB (very old versions should have problems judging from Deroko original comments).

A huge thanks to Deroko for his original efforts, without it I would never started this and my reversing engineering life would be harder.

Bye bye gdb, welcome LLDB!

Have fun,