From beb2d3f8cb5a4da1c0806cc1ed801e108159e464 Mon Sep 17 00:00:00 2001
From: Gulshan Singh <gsingh2011@gmail.com>
Date: Sun, 15 Jan 2023 16:11:44 -0800
Subject: [PATCH] Add valist command (#1524)

---
 pwndbg/color/memory.py      |  2 +-
 pwndbg/commands/__init__.py |  1 +
 pwndbg/commands/valist.py   | 51 +++++++++++++++++++++++++++++++++++++
 3 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 pwndbg/commands/valist.py

diff --git a/pwndbg/color/memory.py b/pwndbg/color/memory.py
index 4214654ed..33058f943 100644
--- a/pwndbg/color/memory.py
+++ b/pwndbg/color/memory.py
@@ -16,7 +16,7 @@ c = ColorConfig(
 )
 
 
-def get(address, text=None):
+def get(address, text=None) -> str:
     """
     Returns a colorized string representing the provided address.
 
diff --git a/pwndbg/commands/__init__.py b/pwndbg/commands/__init__.py
index bfb39ef8b..6bc172a33 100644
--- a/pwndbg/commands/__init__.py
+++ b/pwndbg/commands/__init__.py
@@ -639,6 +639,7 @@ def load_commands() -> None:
     import pwndbg.commands.start
     import pwndbg.commands.telescope
     import pwndbg.commands.tls
+    import pwndbg.commands.valist
     import pwndbg.commands.version
     import pwndbg.commands.vmmap
     import pwndbg.commands.windbg
diff --git a/pwndbg/commands/valist.py b/pwndbg/commands/valist.py
new file mode 100644
index 000000000..f2e8d14b1
--- /dev/null
+++ b/pwndbg/commands/valist.py
@@ -0,0 +1,51 @@
+import argparse
+
+import gdb
+
+import pwndbg.chain
+import pwndbg.color as C
+import pwndbg.commands
+
+parser = argparse.ArgumentParser(description="Dumps the arguments of a va_list.")
+parser.add_argument("addr", type=int, help="Address of the va_list")
+parser.add_argument("count", type=int, nargs="?", default=8, help="Number of arguments to dump")
+
+
+@pwndbg.commands.ArgparsedCommand(parser)
+@pwndbg.commands.OnlyWhenRunning
+def valist(addr: gdb.Value, count: int) -> None:
+    # The `va_list` struct looks like this:
+    #
+    # ```
+    # typedef struct {
+    #    unsigned int gp_offset;
+    #    unsigned int fp_offset;
+    #    void *overflow_arg_area;
+    #    void *reg_save_area;
+    # } va_list[1];
+    # ```
+
+    addr = int(addr)
+    gp_offset = pwndbg.gdblib.memory.u32(addr)
+    gp_index = gp_offset / 8
+
+    overflow_arg_area = pwndbg.gdblib.memory.u64(addr + 8)
+    reg_save_area = pwndbg.gdblib.memory.u64(addr + 16)
+
+    indent = " " * len("gp_offset => ")
+    heading = C.blue("reg_save_area".ljust(len(indent) - 1))
+    print(f"{C.blue('reg_save_area')}")
+    for i in range(6):
+        line = ""
+        if i == gp_index:
+            line += "gp_offset => "
+        else:
+            line += indent
+
+        line += pwndbg.chain.format(reg_save_area + i * 8)
+        print(line)
+
+    print()
+    print(f"{C.blue('overflow_arg_area')}")
+    for i in range(count - 6):
+        print(indent + pwndbg.chain.format(overflow_arg_area + i * 8))