mallocng: Allow users to index into groups and metaareas (#3216)

* index into a group

* index into a meta area

* add ng-ma alias for mallocng-meta-area

* check for negative index

docs/commands/musl/mallocng-group.md

@@ -2,7 +2,7 @@
 # mallocng-group
 
 ```text
-usage: mallocng-group [-h] address
+usage: mallocng-group [-h] [-i INDEX] address
 
 ```
 
@@ -20,6 +20,7 @@ Print out information about a mallocng group at the given address.
 |Short|Long|Help|
 | :--- | :--- | :--- |
 |-h|--help|show this help message and exit|
+|-i|--index|Print start address of slot at given index (0-indexed).|
 
 <!-- END OF AUTOGENERATED PART. Do not modify this line or the line below, they mark the end of the auto-generated part of the file. If you want to extend the documentation in a way which cannot easily be done by adding to the command help description, write below the following line. -->
 <!-- ------------\>8---- ----\>8---- ----\>8------------ -->

docs/commands/musl/mallocng-meta-area.md

@@ -2,13 +2,13 @@
 # mallocng-meta-area
 
 ```text
-usage: mallocng-meta-area [-h] address
+usage: mallocng-meta-area [-h] [-i INDEX] address
 
 ```
 
 Print out a mallocng meta_area object at the given address.
 
-**Alias:** ng-metaarea
+**Aliases:** ng-metaarea, ng-ma
 ### Positional arguments
 
 |Positional Argument|Help|
@@ -20,6 +20,7 @@ Print out a mallocng meta_area object at the given address.
 |Short|Long|Help|
 | :--- | :--- | :--- |
 |-h|--help|show this help message and exit|
+|-i|--index|Print address of meta at given index (0-indexed).|
 
 <!-- END OF AUTOGENERATED PART. Do not modify this line or the line below, they mark the end of the auto-generated part of the file. If you want to extend the documentation in a way which cannot easily be done by adding to the command help description, write below the following line. -->
 <!-- ------------\>8---- ----\>8---- ----\>8------------ -->

pwndbg/commands/mallocng.py

@@ -785,6 +785,13 @@ parser.add_argument(
     type=int,
     help="The address of the group object.",
 )
+parser.add_argument(
+    "-i",
+    "--index",
+    type=int,
+    default=None,
+    help="Print start address of slot at given index (0-indexed).",
+)
 
 
 @pwndbg.commands.Command(
@@ -793,7 +800,7 @@ parser.add_argument(
     aliases=["ng-group"],
 )
 @pwndbg.commands.OnlyWhenRunning
-def mallocng_group(address: int) -> None:
+def mallocng_group(address: int, index: Optional[int] = None) -> None:
     if not memory.is_readable_address(address):
         print(message.error(f"Address {address:#x} not readable."))
         return
@@ -806,14 +813,29 @@ def mallocng_group(address: int) -> None:
         print(message.error(str(e)))
         return
 
-    print(dump_group(group), end="")
+    if index is None:
+        print(dump_group(group), end="")
+    else:
+        if index < 0:
+            print(message.error("Index is negative."))
+            return
+        print(f"Start of slot {index} is @ " + C.memory.get(group.at_index(index)))
 
     try:
         meta = group.meta
         meta.preload()
-        print(dump_meta(meta), end="")
+
+        if index is None:
+            print(dump_meta(meta), end="")
+        elif index >= meta.cnt:
+            # If the index is outside of the group, warn the user.
+            print(
+                message.warn("Index is outside of group! ") + f"Group hosts only {meta.cnt} slots."
+            )
+
     except pwndbg.dbg_mod.Error as e:
         print(message.error(f"Failed loading meta: {e}"))
+        print("Cannot determine whether index is within group bounds.")
         return
 
 
@@ -827,22 +849,44 @@ parser.add_argument(
     type=int,
     help="The address of the meta_area object.",
 )
+parser.add_argument(
+    "-i",
+    "--index",
+    type=int,
+    default=None,
+    help="Print address of meta at given index (0-indexed).",
+)
 
 
 @pwndbg.commands.Command(
     parser,
     category=CommandCategory.MUSL,
-    aliases=["ng-metaarea"],
+    aliases=["ng-metaarea", "ng-ma"],
 )
 @pwndbg.commands.OnlyWhenRunning
-def mallocng_meta_area(address: int) -> None:
+def mallocng_meta_area(address: int, index: Optional[int] = None) -> None:
     if not memory.is_readable_address(address):
         print(message.error(f"Address {address:#x} not readable."))
         return
 
     try:
         meta_area = mallocng.MetaArea(address)
+
         print(dump_meta_area(meta_area), end="")
+
+        if index is not None:
+            if index < 0:
+                print(message.error("\nIndex is negative."))
+                return
+
+            print(f"\nMeta {index} is @ " + C.memory.get(meta_area.at_index(index)))
+
+            if index >= meta_area.nslots:
+                print(
+                    message.warn("Index is outside of meta area! ")
+                    + f"Meta area only hosts {meta_area.nslots} meta's."
+                )
+
     except pwndbg.dbg_mod.Error as e:
         print(message.error(str(e)))
         return