Merge branch 'beta' into dev

pwndbg/arch.py

@@ -5,7 +5,6 @@ from __future__ import division
 from __future__ import print_function
 from __future__ import unicode_literals
 
-import collections
 import struct
 import sys
 
@@ -25,12 +24,14 @@ ptrsize = pwndbg.typeinfo.ptrsize
 fmt     = '=I'
 native_endian = str(sys.byteorder)
 
+
 def fix_arch(arch):
     arches = ['x86-64', 'i386', 'mips', 'powerpc', 'sparc', 'arm', 'aarch64', arch]
     return next(a for a in arches if a in arch)
 
+
 @pwndbg.events.start
-@pwndbg.events.stop
+@pwndbg.events.new_objfile
 def update():
     m = sys.modules[__name__]
 
@@ -67,14 +68,18 @@ def update():
     else:
         m.qemu = m.current
 
+
 def pack(integer):
     return struct.pack(fmt, integer & ptrmask)
 
+
 def unpack(data):
     return struct.unpack(fmt, data)[0]
 
+
 def signed(integer):
     return unpack(pack(integer), signed=True)
 
+
 def unsigned(integer):
     return unpack(pack(integer))

pwndbg/commands/nearpc.py

@@ -5,6 +5,8 @@ from __future__ import division
 from __future__ import print_function
 from __future__ import unicode_literals
 
+import codecs
+
 import gdb
 from capstone import *
 
@@ -104,7 +106,12 @@ def nearpc(pc=None, lines=None, to_string=False, emulate=False):
     # Print out each instruction
     for address_str, s, i in zip(addresses, symbols, instructions):
         asm    = D.instruction(i)
-        prefix = ' %s' % (pwndbg.config.nearpc_prefix if i.address == pc else ' ' * len(pwndbg.config.nearpc_prefix.value))
+        value  = pwndbg.config.nearpc_prefix.value
+
+        if isinstance(value, bytes):
+            value = codecs.decode(value, 'utf-8')
+
+        prefix = ' %s' % (pwndbg.config.nearpc_prefix if i.address == pc else ' ' * len(value))
         prefix = N.prefix(prefix)
         if pwndbg.config.highlight_pc:
             prefix = C.highlight(prefix)

pwndbg/commands/search.py

@@ -73,7 +73,7 @@ parser.add_argument('-w', '--writable', action='store_true',
                     help='Search writable segments only')
 parser.add_argument('value', type=str,
                     help='Value to search for')
-parser.add_argument('mapping', type=str, nargs='?', default=None,
+parser.add_argument('mapping_name', type=str, nargs='?', default=None,
                     help='Mapping to search [e.g. libc]')
 parser.add_argument('--save', action='store_true', default=None,
                     help='Save results for --resume.  Default comes from config %r' % auto_save.name)
@@ -84,7 +84,7 @@ parser.add_argument('-n', '--next', action='store_true',
 
 @pwndbg.commands.ArgparsedCommand(parser)
 @pwndbg.commands.OnlyWhenRunning
-def search(type, hex, string, executable, writable, value, mapping, save, next):
+def search(type, hex, string, executable, writable, value, mapping_name, save, next):
     # Adjust pointer sizes to the local architecture
     if type == 'pointer':
         type = {
@@ -126,8 +126,19 @@ def search(type, hex, string, executable, writable, value, mapping, save, next):
 
     # Null-terminate strings
     elif type == 'string':
+        value = value.encode()
         value += b'\x00'
 
+    # Find the mappings that we're looking for
+    mappings = pwndbg.vmmap.get()
+
+    if mapping_name:
+        mappings = [m for m in mappings if mapping_name in m.objfile]
+
+    if not mappings:
+        print(M.red("Could not find mapping %r" % mapping_name))
+        return
+
     # Prep the saved set if necessary
     global saved
     if save:
@@ -135,7 +146,7 @@ def search(type, hex, string, executable, writable, value, mapping, save, next):
 
     # Perform the search
     for address in pwndbg.search.search(value,
-                                        mapping=mapping,
+                                        mappings=mappings,
                                         executable=executable,
                                         writable=writable):
 

pwndbg/elf.py

@@ -13,13 +13,10 @@ from __future__ import print_function
 from __future__ import unicode_literals
 
 import ctypes
-import os
-import re
-import subprocess
 import sys
-import tempfile
 
 import gdb
+from six.moves import reload_module
 
 import pwndbg.auxv
 import pwndbg.elftypes
@@ -30,6 +27,7 @@ import pwndbg.memory
 import pwndbg.proc
 import pwndbg.stack
 
+
 # ELF constants
 PF_X, PF_W, PF_R = 1,2,4
 ET_EXEC, ET_DYN  = 2,3
@@ -37,9 +35,12 @@ ET_EXEC, ET_DYN  = 2,3
 
 module = sys.modules[__name__]
 
+
 @pwndbg.events.start
 @pwndbg.events.new_objfile
 def update():
+    reload_module(pwndbg.elftypes)
+
     if pwndbg.arch.ptrsize == 4:
         Ehdr = pwndbg.elftypes.Elf32_Ehdr
         Phdr = pwndbg.elftypes.Elf32_Phdr

pwndbg/search.py

@@ -17,15 +17,28 @@ import pwndbg.memory
 import pwndbg.typeinfo
 import pwndbg.vmmap
 
-
-def search(searchfor, mapping=None, start=None, end=None, 
+def search(searchfor, mappings=None, start=None, end=None, 
            executable=False, writable=False):
+    """Search inferior memory for a byte sequence.
+
+    Arguments:
+        searchfor(bytes): Byte sequence to find
+        mappings(list): List of pwndbg.memory.Page objects to search
+            By default, uses all available mappings.
+        start(int): First address to search, inclusive.
+        end(int): Last address to search, exclusive.
+        executable(bool): Restrict search to executable pages
+        writable(bool): Restrict search to writable pages
+
+    Yields:
+        An iterator on the address matches
+    """
     value = searchfor
     size  = None
 
     i = gdb.selected_inferior()
 
-    maps = pwndbg.vmmap.get()
+    maps = mappings or pwndbg.vmmap.get()
     hits = []
 
     if end and start:
@@ -41,9 +54,6 @@ def search(searchfor, mapping=None, start=None, end=None,
         start = vmmap.vaddr
         end   = start + vmmap.memsz
 
-        if mapping and mapping not in vmmap.objfile:
-            continue
-
         while True:
             # No point in searching if we can't read the memory
             if not pwndbg.memory.peek(start):