Add start and function

pwndbg/__init__.py

@@ -9,6 +9,7 @@ import pwndbg.proc
 import pwndbg.regs
 import pwndbg.stack
 import pwndbg.color
+import pwndbg.function
 import pwndbg.typeinfo
 import pwndbg.commands
 import pwndbg.commands.hexdump
@@ -17,6 +18,7 @@ import pwndbg.commands.telescope
 import pwndbg.commands.vmmap
 import pwndbg.commands.dt
 import pwndbg.commands.search
+import pwndbg.commands.start
 import pwndbg.commands.auxv
 import pwndbg.commands.windbg
 import pwndbg.commands.ida

pwndbg/commands/start.py

@@ -1,29 +1,21 @@
 import gdb
 import pwndbg.commands
+import pwndbg.symbol
 
 @pwndbg.commands.ParsedCommand
-@pwndbg.commands.OnlyWhenRunning
 def start():
+    symbols = ["main",
+               "_main",
+               "start",
+               "_start",
+               "init",
+               "_init",
+               pwndbg.elf.entry()]
 
-    entries = ["main"]
+    for address in filter(bool, map(pwndbg.symbol.address, symbols)):
-    main_addr = peda.main_entry()
+        if address:
-    if main_addr:
+            b = gdb.Breakpoint('*%#x' % address, temporary=True)
-        entries += ["*0x%x" % main_addr]
+            gdb.execute('run', from_tty=False, to_string=True)
-    entries += ["__libc_start_main@plt"]
-    entries += ["_start"]
-    entries += ["_init"]
-
-    started = 0
-    for e in entries:
-        out = peda.execute_redirect("tbreak %s" % e)
-        if out and "breakpoint" in out:
-            peda.execute("run %s" % ' '.join(arg))
-            started = 1
             break
-
+    else:
-    if not started: # try ELF entry point or just "run" as the last resort
+        print "Could not find a good place to start :("
-        elf_entry = peda.elfentry()
-        if elf_entry:
-            out = peda.execute_redirect("tbreak *%s" % elf_entry)
-
-        peda.execute("run")

pwndbg/function.py

@@ -0,0 +1,36 @@
+import gdb
+import pwndbg.typeinfo
+import pwndbg.arch
+import pwndbg.typeinfo
+import pwndbg.regs
+import pwndbg.memory
+
+def arguments():
+    """
+    Returns an array containing the arguments to the current function,
+    if $pc is a 'call' or 'bl' type instruction.
+
+    Otherwise, returns None.
+    """
+
+def argument(n):
+    """
+    Returns the nth argument, as if $pc were a 'call' or 'bl' type
+    instruction.
+    """
+    arch = pwndbg.arch.current
+    regs = []
+
+    if 'x86-64' in arch:
+        regs = ['rdi','rsi','rdx','rcx','r8','r9']
+    elif 'arm' == arch:
+        regs = ['r0','r1','r2','r3']
+
+    if n < len(regs):
+        return getattr(pwndbg.regs, regs[n])
+
+    n -= len(regs)
+
+    sp = pwndbg.regs.sp + (n * pwndbg.arch.ptrsize)
+
+    return int(pwndbg.memory.poi(pwndbg.typeinfo.ppvoid, sp))