From 27506431e81da5c221480ddc58b6381b5a060a74 Mon Sep 17 00:00:00 2001 From: Disconnect3d Date: Sat, 21 Aug 2021 23:43:40 +0200 Subject: [PATCH] Fix bug when restarting binary after set disable-randomization off There is a bug when the `pwndbg.auxv.get()` and `pwndbg.vmmap.get()` caches are not resetted when the binary is restarted. This causes an error when `disable-randomization` is set to off and the binary is restarted. TL;DR to reproduce: 1. Run `gdb /bin/ls` 2. Invoke `entry` 3. Invoke `set disable-randomization off` 4. Invoke `starti` or `entry` Or it can be seen here: ``` dc@dc:~$ gdb /bin/ls -q pwndbg: loaded 195 commands. Type pwndbg [filter] for a list. pwndbg: created $rebase, $ida gdb functions (can be used with print/break) Reading symbols from /bin/ls... (No debugging symbols found in /bin/ls) pwndbg> set context-sections '' Sections set to be empty. FYI valid values are: regs, disasm, args, code, stack, backtrace, expressions, ghidra Set which context sections are displayed (controls order) to '' pwndbg> entry Temporary breakpoint 1 at 0x55555555a810 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Temporary breakpoint 1, 0x000055555555a810 in ?? () pwndbg> set exception-verbose on Set whether to print a full stacktrace for exceptions raised in Pwndbg commands to True pwndbg> set disable-randomization off pwndbg> starti Starting program: /usr/bin/ls Traceback (most recent call last): File "/home/dc/src/pwndbg/pwndbg/events.py", line 165, in caller func() File "/home/dc/src/pwndbg/pwndbg/memoize.py", line 194, in __reset_on_base base = pwndbg.elf.exe().address if pwndbg.elf.exe() else None File "/home/dc/src/pwndbg/pwndbg/proc.py", line 71, in wrapper return func(*a, **kw) File "/home/dc/src/pwndbg/pwndbg/memoize.py", line 46, in __call__ value = self.func(*args, **kwargs) File "/home/dc/src/pwndbg/pwndbg/elf.py", line 182, in exe return load(e) File "/home/dc/src/pwndbg/pwndbg/elf.py", line 220, in load return get_ehdr(pointer)[1] File "/home/dc/src/pwndbg/pwndbg/elf.py", line 241, in get_ehdr if pwndbg.memory.read(vmmap.start, 4) == b'\x7fELF': File "/home/dc/src/pwndbg/pwndbg/memory.py", line 40, in read result = gdb.selected_inferior().read_memory(addr, count) gdb.MemoryError: Cannot access memory at address 0x555555558000 ``` This commit fixes the above problem by making sure those function caches are cleared on binary start. --- pwndbg/auxv.py | 1 + pwndbg/vmmap.py | 2 ++ 2 files changed, 3 insertions(+) diff --git a/pwndbg/auxv.py b/pwndbg/auxv.py index 0e380f6cd..80dbd7a59 100644 --- a/pwndbg/auxv.py +++ b/pwndbg/auxv.py @@ -102,6 +102,7 @@ class AUXV(dict): return str({k:v for k,v in self.items() if v is not None}) @pwndbg.memoize.reset_on_objfile +@pwndbg.memoize.reset_on_start def get(): return use_info_auxv() or walk_stack() or AUXV() diff --git a/pwndbg/vmmap.py b/pwndbg/vmmap.py index 54b579e97..aefa28c51 100644 --- a/pwndbg/vmmap.py +++ b/pwndbg/vmmap.py @@ -33,6 +33,7 @@ explored_pages = [] # List of custom pages that can be managed manually by vmmap_* commands family custom_pages = [] +@pwndbg.memoize.reset_on_start @pwndbg.memoize.reset_on_stop def get(): if not pwndbg.proc.alive: @@ -142,6 +143,7 @@ def clear_custom_page(): pwndbg.memoize.reset() +@pwndbg.memoize.reset_on_start @pwndbg.memoize.reset_on_stop def proc_pid_maps(): """