lyc
/
pwndbg
mirror of https://github.com/pwndbg/pwndbg.git
1
0
Fork 0
Code Releases Activity

Docs and search enhancements

Browse Source
pull/10/head
Zach Riggle 11 years ago
parent cf459f5e78
commit 86497b14aa
6 changed files with 124 additions and 11 deletions
Show Stats Download Patch File Download Diff File

26
pwndbg/commands/search.py
Unescape View File

@ -14,10 +14,24 @@ import pwndbg.vmmap
@pwndbg.commands.Command
@pwndbg.commands.OnlyWhenRunning
def search(value):
"""
Search memory for the specified value, provided
either as a pointer-width integer, or a string.
> search 0xdeadbeef
> search "/bin/sh"
"""
hits = set()
for address in pwndbg.search.search(value):
if not address:
continue
if address in hits:
continue
hits.add(address)
vmmap = pwndbg.vmmap.find(address)
if vmmap:
region = os.path.basename(vmmap.objfile)
@ -30,3 +44,15 @@ def search(value):
addr = pwndbg.color.get(address)
display = pwndbg.enhance.enhance(address)
print(region,addr,display)
@pwndbg.commands.Command
@pwndbg.commands.OnlyWhenRunning
def searchmem(value):
"""
Search memory for the specified value, provided
either as a pointer-width integer, or a string.
> search 0xdeadbeef
> search "/bin/sh"
"""
return search(value)

15
pwndbg/commands/telescope.py
Unescape View File

@ -15,6 +15,10 @@ import pwndbg.typeinfo
@pwndbg.commands.ParsedCommand
@pwndbg.commands.OnlyWhenRunning
def telescope(address=None, count=8, to_string=False):
"""
Starting at the specified address, recursively dereference
N pointers (default 8).
"""
if None not in (address, count) and int(address) < int(count):
count -= address
@ -63,3 +67,14 @@ def telescope(address=None, count=8, to_string=False):
print('\n'.join(result))
return result
@pwndbg.commands.ParsedCommand
@pwndbg.commands.OnlyWhenRunning
def stack(*a):
"""
Starting at the specified address, recursively dereference
N pointers (default 8).
"""
telescope(*a)

3
pwndbg/commands/vmmap.py
Unescape View File

@ -12,6 +12,9 @@ import pwndbg.vmmap
@pwndbg.commands.ParsedCommand
@pwndbg.commands.OnlyWhenRunning
def vmmap(map=None):
"""
Print the virtal memory map
"""
int_map = None
str_map = None
if isinstance(map, str):

73
pwndbg/commands/windbg.py
Unescape View File

@ -25,21 +25,37 @@ def get_type(size):
@pwndbg.commands.ParsedCommand
@pwndbg.commands.OnlyWhenRunning
def db(address, count=64):
"""
Starting at the specified address, dump N bytes
(default 64).
"""
return dX(1, int(address), int(count))
@pwndbg.commands.ParsedCommand
@pwndbg.commands.OnlyWhenRunning
def dw(address, count=32):
"""
Starting at the specified address, dump N words
(default 32).
"""
return dX(2, int(address), int(count))
@pwndbg.commands.ParsedCommand
@pwndbg.commands.OnlyWhenRunning
def dd(address, count=16):
"""
Starting at the specified address, dump N dwords
(default 16).
"""
return dX(4, int(address), int(count))
@pwndbg.commands.ParsedCommand
@pwndbg.commands.OnlyWhenRunning
def dq(address, count=8):
"""
Starting at the specified address, dump N qwords
(default 8).
"""
return dX(8, int(address), int(count))
@ -81,32 +97,49 @@ def enhex(size, value):
@pwndbg.commands.Command
@pwndbg.commands.OnlyWhenRunning
def eb(address, *data):
"""
Write hex bytes at the specified address.
"""
return eX(1, address, data)
@pwndbg.commands.Command
@pwndbg.commands.OnlyWhenRunning
def ew(address, *data):
"""
Write hex words at the specified address.
"""
return eX(2, address, data)
@pwndbg.commands.Command
@pwndbg.commands.OnlyWhenRunning
def ed(address, *data):
"""Edits DWORDs"""
"""
Write hex dwords at the specified address.
"""
return eX(4, address, data)
@pwndbg.commands.Command
@pwndbg.commands.OnlyWhenRunning
def eq(address, *data):
"""
Write hex qwords at the specified address.
"""
return eX(8, address, data)
@pwndbg.commands.Command
@pwndbg.commands.OnlyWhenRunning
def ez(address, *data):
"""
Write a string at the specified address.
"""
return eX(1, address, data[0], hex=False)
@pwndbg.commands.Command
@pwndbg.commands.OnlyWhenRunning
def eza(address, *data):
"""
Write a string at the specified address.
"""
return ez(address, data)
def eX(size, address, data, hex=True):
@ -126,32 +159,50 @@ def eX(size, address, data, hex=True):
@pwndbg.commands.ParsedCommand
@pwndbg.commands.OnlyWhenRunning
def dds(*a):
"""
Dump pointers and symbols at the specified address.
"""
return pwndbg.commands.telescope.telescope(*a)
@pwndbg.commands.ParsedCommand
@pwndbg.commands.OnlyWhenRunning
def dps(*a):
"""
Dump pointers and symbols at the specified address.
"""
return pwndbg.commands.telescope.telescope(*a)
@pwndbg.commands.ParsedCommand
@pwndbg.commands.OnlyWhenRunning
def dqs(*a):
"""
Dump pointers and symbols at the specified address.
"""
return pwndbg.commands.telescope.telescope(*a)
@pwndbg.commands.ParsedCommand
@pwndbg.commands.OnlyWhenRunning
def da(address):
"""
Dump a string at the specified address.
"""
print("%x" % address, pwndbg.strings.get(address))
@pwndbg.commands.ParsedCommand
@pwndbg.commands.OnlyWhenRunning
def bl():
"""
List breakpoints
"""
gdb.execute('info breakpoints')
@pwndbg.commands.Command
@pwndbg.commands.OnlyWhenRunning
def bd(which = '*'):
"""
Disable the breapoint with the specified index.
"""
if which == '*':
gdb.execute('disable breakpoints')
else:
@ -160,7 +211,10 @@ def bd(which = '*'):
@pwndbg.commands.Command
@pwndbg.commands.OnlyWhenRunning
def bd(which = '*'):
def be(which = '*'):
"""
Enable the breapoint with the specified index.
"""
if which == '*':
gdb.execute('enable breakpoints')
else:
@ -169,6 +223,9 @@ def bd(which = '*'):
@pwndbg.commands.Command
@pwndbg.commands.OnlyWhenRunning
def bc(which = '*'):
"""
Clear the breapoint with the specified index.
"""
if which == '*':
gdb.execute('delete breakpoints')
else:
@ -178,16 +235,18 @@ def bc(which = '*'):
@pwndbg.commands.ParsedCommand
@pwndbg.commands.OnlyWhenRunning
def bp(where):
gdb.execute('break *%#x' % int(where))
@pwndbg.commands.ParsedCommand
@pwndbg.commands.OnlyWhenRunning
def bp(where):
"""
Set a breakpoint
"""
gdb.execute('break *%#x' % int(where))
@pwndbg.commands.ParsedCommand
@pwndbg.commands.OnlyWhenRunning
def u(where=None, n=5):
"""
Starting at the specified address, disassemble
N instructions (default 5).
"""
if where is None:
where = pwndbg.regs.pc
cmd = 'x/%ii %#x' % (int(n), int(where))

1
pwndbg/proc.py
Unescape View File

@ -30,6 +30,7 @@ class module(ModuleType):
return func(*a, **kw)
wrapper.__name__ = func.__name__
wrapper.__module__ = func.__module__
wrapper.__doc__ = func.__doc__
return wrapper
# To prevent garbage collection

17
pwndbg/search.py
Unescape View File

@ -9,6 +9,7 @@ import gdb
import pwndbg.memory
import pwndbg.typeinfo
import pwndbg.vmmap
import pwndbg.arch
def search(searchfor):
@ -21,9 +22,9 @@ def search(searchfor):
searchfor = int(searchfor, 16)
if isinstance(searchfor, (long, int)):
if searchfor <= 0xffffffff:
if pwndbg.arch.ptrsize == 4:
searchfor = struct.pack('I', searchfor)
elif searchfor <= 0xffffffffffffffff:
elif pwndbg.arch.ptrsize == 8:
searchfor = struct.pack('L', searchfor)
i = gdb.selected_inferior()
@ -34,11 +35,19 @@ def search(searchfor):
start = vmmap.vaddr
end = start + vmmap.memsz
while True:
# No point in searching if we can't read the memory
if not pwndbg.memory.peek(start):
break
start = i.search_memory(start, end - start, searchfor)
if start is None:
break
hits.append(start)
# For some reason, search_memory will return a positive hit
# when it's unable to read memory.
if not pwndbg.memory.peek(start):
break
yield start
start += len(searchfor)
return hits

Write Preview
Loading…
Cancel
Save