The remote ERESI kernel debugger takes advantage of a new concept of debugging the kernel: we use a virtual machine like VMWare or an emulator like Qemu to start debugging from the "very beginning". To communicate with the virtual world, a gdb serial protocol has been implemented and interfaced with ERESI. The definition of the protocol and its implementation is done in libgdbwrap, gdb wrapper that "wraps any proprietary protocol to the gdb serial protocol". This gives the ability to debug the virtual machine's BIOS, and by the same way, any ring 0 software in the guest OS.

The main features of kedbg are:

• Ability to communicate with different gdb servers.
• Ability to set breakpoints and stepping code.
• Ability to dynamically retrieve the CPU execution mode.
• Adaptive Backtracing in real-mode and protected-mode.
• Printing and modifying the Interrupt Vector Table (IVT)
• Interrupt tracing, reporting or breaking on any happening interrupts.
• Instruction tracer between two breakpoints.
• Asynchronous stop (Ctrl-C)
• Control-flow graphs of the BIOS and Kernel code.
• Ability to attach a running userland process and debug with ERESI scripting.

This list shows major modifications in Kedbg since the first version:

• December 21 2008 - First release of kedbg.

Currently, kedbg only supports Intel IA16 / IA32.

Kedbg depends on other components from the ERESI framework :

• libelfsh : the binary manipulation library, for runtime ET_REL injection, function redirection, and symbol resolution.
• libasm : the disassembly engine, for full disassembly of binary code with or without symbols of mapped code.
• librevm : the Reverse Engineering Vector Machine, for dynamic analysis using the ERESI scripting language.
• libaspect : the types specification library, a lower-level component necessary for the ERESI language interpreter.
• libmjollnir : the control flow analysis and fingerprinting library.
• libe2dbg : the embedded debugger library from which some features are imported.
• libgdbwrap : The GDB serial protocol library, for compatibility between ERESI and GDB/VMware/Boches/Qemu.