Add nextcall and nextjmp

11 years ago · 9665afa67d
parent ad8b57f312
commit 9665afa67d
3 changed files with 65 additions and 5 deletions
--- a/pwndbg/init.py
+++ b/pwndbg/init.py
@ -39,6 +39,7 @@ import pwndbg.commands.rop
 import pwndbg.commands.shell
 import pwndbg.commands.aslr
 import pwndbg.commands.misc
 import pwndbg.commands.next
 __all__ = [
 'arch',
--- a/pwndbg/commands/next.py
+++ b/pwndbg/commands/next.py
@ -3,7 +3,32 @@
 """
 Stepping until an event occurs
 """
 import gdb
 import pwndbg.commands
 import pwndbg.next
@pwndbg.commands.Command
@pwndbg.commands.OnlyWhenRunning
 def nextjmp(*args):
    pwndbg.next.break_next_branch()
@pwndbg.commands.Command
@pwndbg.commands.OnlyWhenRunning
 def nextj(*args):
    nextjmp(*args)
@pwndbg.commands.Command
@pwndbg.commands.OnlyWhenRunning
 def nextjump(*args):
    nextjmp(*args)
@pwndbg.commands.Command
@pwndbg.commands.OnlyWhenRunning
 def nextcall(*args):
    pwndbg.next.break_next_call()
@pwndbg.commands.Command
@pwndbg.commands.OnlyWhenRunning
 def nextc(*args):
    nextcall(*args)
--- a/pwndbg/next.py
+++ b/pwndbg/next.py
@ -8,11 +8,45 @@ import gdb
 import pwndbg.disasm
 import pwndbg.regs
 import capstone
-def next_branch(callback, address=None):
+jumps = set((
    capstone.CS_GRP_CALL,
    capstone.CS_GRP_JUMP,
    capstone.CS_GRP_RET,
    capstone.CS_GRP_IRET
 ))
 def next_branch(address=None):
    if address is None:
-        address = pwndbg.regs.pc
+        ins = pwndbg.disasm.one(pwndbg.regs.pc)
        if not ins:
            return None
        address = ins.next
    ins = pwndbg.disasm.one(address)
    while ins:
        if set(ins.groups) & jumps:
            return ins
        ins = pwndbg.disasm.one(ins.next)
    return None
 def break_next_branch(address=None):
    ins = next_branch(address)
    if ins:
        gdb.Breakpoint("*%#x" % ins.address, temporary=True)
        gdb.execute('continue')
        return ins
 def break_next_call(address=None):
    while True:
        ins = break_next_branch(address)
        if not ins:
            break
        if capstone.CS_GRP_CALL in ins.groups:
            return ins
    # Disassemble forward until we find *any* branch instruction
    # Set a temporary, internal breakpoint on it so the user is
    # not bothered.