Add heuristic to add executable base in qemu-user (#1695)

vmmap would try to add the executable to memory pages if the `info auxv`
command contained an address, but the memory maps would be accessed
recursively when trying to lookup the start of the ELF based on the
given address.

Since qemu doesn't provide memory map info, do a leap of faith and try
if the start of the page of the given address contains the ELF magic
header.

Since the program headers are more likely to be on the same page as the
ELF header than the program entrypoint, try both.

pwndbg/gdblib/elf.py

@@ -273,12 +273,18 @@ def get_ehdr(pointer):
     We expect the `pointer` to be an address from the binary.
     """
 
-    # This just does not work :(
+    base = None
+
     if pwndbg.gdblib.qemu.is_qemu():
+        # Only check if the beginning of the page contains the ELF magic,
+        # since we cannot get the memory map in qemu-user.
+        page_start = pwndbg.lib.memory.page_align(pointer)
+        if pwndbg.gdblib.memory.read(page_start, 4, partial=True) == b"\x7fELF":
+            base = page_start
+        else:
             return None, None
-
+    else:
         vmmap = pwndbg.gdblib.vmmap.find(pointer)
-    base = None
 
         # If there is no vmmap for the requested address, we can't do much
         # (e.g. it could have been unmapped for whatever reason)

pwndbg/gdblib/vmmap.py

@@ -675,7 +675,13 @@ def info_auxv(skip_exe=False):
     phdr = auxv.AT_PHDR
 
     if not skip_exe and (entry or phdr):
-        pages.extend(pwndbg.gdblib.elf.map(entry or phdr, exe_name))
+        for addr in [entry, phdr]:
+            if not addr:
+                continue
+            new_pages = pwndbg.gdblib.elf.map(addr, exe_name)
+            if new_pages:
+                pages.extend(new_pages)
+                break
 
     if base:
         pages.extend(pwndbg.gdblib.elf.map(base, "[linker]"))