Update Leakfind (#620)

* Fix stride vs step also fix warning * Fix behaviour on 0x8000000000000000 with negative offsets * Fix spacing * Update FEATURES.md * Rename file
7 years ago · 2b507038b8
parent 45a624e18b
commit 2b507038b8
3 changed files with 10 additions and 4 deletions
--- a/FEATURES.md
+++ b/FEATURES.md
@ -136,6 +136,11 @@ Pwndbg makes searching the target memory space easy, with a complete and easy-to
 ![](caps/search.png)  
 ## Finding Leaks
 ![](caps/leakfind.png)
 Finding leak chains can be done using the `leakfind` command. It recurisvely inspects address ranges for pointers, and reports on all pointers found.
 ## Telescope
 Inspecting memory dumps is easy with the `telescope` command.  It recursively dereferences a range of memory, letting you see everything at once.  As an added bonus, Pwndbg checks all of the available registers to see if they point into the memory range.
--- a/caps/leakfind.png
+++ b/caps/leakfind.png
--- a/pwndbg/commands/leakfind.py
+++ b/pwndbg/commands/leakfind.py
@ -15,6 +15,7 @@ import gdb
 import pwndbg.color.chain as C
 import pwndbg.color.memory as M
 import pwndbg.color.message as message
 import pwndbg.color.theme as theme
 import pwndbg.commands
 import pwndbg.vmmap
@ -66,10 +67,9 @@ parser.add_argument("-s", "--step", nargs="?", default=0x1, help="Step to add be
 parser.add_argument('--negative_offset',nargs="?", default=0x0, help="Max negative offset to search before an address when looking for a leak")
@pwndbg.commands.ArgparsedCommand(parser)
@pwndbg.commands.OnlyWhenRunning
-def leakfind(address=None, page_name=None, max_offset=0x40, max_depth=0x4, stride=0x1, negative_offset=0x0):
+def leakfind(address=None, page_name=None, max_offset=0x40, max_depth=0x4, step=0x1, negative_offset=0x0):
    if address is None:
        raise argparse.ArgumentTypeError('No starting address provided.')
    foundPages = pwndbg.vmmap.find(address)
    if not foundPages:
@ -82,9 +82,9 @@ def leakfind(address=None, page_name=None, max_offset=0x40, max_depth=0x4, strid
    # Just warn the user that a large depth might be slow.
    # Probably worth checking offset^depth < threshold. Do this when more benchmarking is established.
    if max_depth > 8:
-        print("leakfind may take a while to run on larger depths.")
+        print(message.warn("leakfind may take a while to run on larger depths."))
-    stride = int(stride)
+    stride = int(step)
    address = int(address)
    max_offset = int(max_offset)
    negative_offset = int(negative_offset)
@ -111,6 +111,7 @@ def leakfind(address=None, page_name=None, max_offset=0x40, max_depth=0x4, strid
        time_to_depth_increase -= 1
        for cur_addr in range(cur_start_addr - negative_offset, cur_start_addr + max_offset, stride):
            try:
                cur_addr &= pwndbg.arch.ptrmask
                result = int(pwndbg.memory.pvoid(cur_addr))
                if result in visited_map or result in visited_set:
                    continue