Added command to list slabs (#1442)

3 years ago · caa22ce04e
parent 6a6107b4bf
commit caa22ce04e
5 changed files with 85 additions and 0 deletions
--- a/pwndbg/commands/init.py
+++ b/pwndbg/commands/init.py
@ -558,6 +558,7 @@ def load_commands():
    import pwndbg.commands.search
    import pwndbg.commands.segments
    import pwndbg.commands.shell
    import pwndbg.commands.slab
    import pwndbg.commands.stack
    import pwndbg.commands.start
    import pwndbg.commands.telescope
--- a/pwndbg/commands/slab.py
+++ b/pwndbg/commands/slab.py
@ -0,0 +1,42 @@
 import argparse
 from tabulate import tabulate
 import pwndbg.commands
 import pwndbg.gdblib.kernel.slab
 from pwndbg.gdblib.kernel.slab import oo_objects
 from pwndbg.gdblib.kernel.slab import oo_order
 parser = argparse.ArgumentParser(description="Prints information about the SLUB allocator")
 parser.add_argument(
    "filter_",
    metavar="filter",
    type=str,
    nargs="?",
    help="Only show caches that contain the given filter string",
 )
@pwndbg.commands.ArgparsedCommand(parser)
@pwndbg.commands.OnlyWhenQemuKernel
@pwndbg.commands.OnlyWithKernelDebugSyms
 def slab(filter_=None):
    results = []
    for cache in pwndbg.gdblib.kernel.slab.caches():
        name = pwndbg.gdblib.memory.string(cache["name"]).decode("ascii")
        if filter_ and filter_ not in name:
            continue
        order = oo_order(int(cache["oo"]["x"]))
        objects = oo_objects(int(cache["oo"]["x"]))
        results.append(
            [
                name,
                objects,
                int(cache["size"]),
                int(cache["object_size"]),
                int(cache["inuse"]),
                order,
            ]
        )
    print(tabulate(results, headers=["Name", "# Objects", "Size", "Obj Size", "# inuse", "order"]))
--- a/pwndbg/gdblib/kernel/macros.py
+++ b/pwndbg/gdblib/kernel/macros.py
@ -0,0 +1,20 @@
 import gdb
 def offset_of(typename: str, fieldname: str):
    ptr_type = gdb.lookup_type(typename).pointer()
    dummy = gdb.Value(0).cast(ptr_type)
    return int(dummy[fieldname].address)
 def container_of(ptr, typename: str, fieldname: str):
    ptr_type = gdb.lookup_type(typename).pointer()
    obj_addr = int(ptr) - offset_of(typename, fieldname)
    return gdb.Value(obj_addr).cast(ptr_type)
 def for_each_entry(head, typename, field):
    addr = head["next"]
    while addr != head.address:
        yield container_of(addr, typename, field)
        addr = addr.dereference()["next"]
--- a/pwndbg/gdblib/kernel/slab.py
+++ b/pwndbg/gdblib/kernel/slab.py
@ -0,0 +1,21 @@
 import gdb
 from pwndbg.gdblib.kernel.macros import for_each_entry
 def caches():
    slab_caches = gdb.lookup_global_symbol("slab_caches").value()
    for slab_cache in for_each_entry(slab_caches, "struct kmem_cache", "list"):
        yield slab_cache
 OO_SHIFT = 16
 OO_MASK = (1 << OO_SHIFT) - 1
 def oo_order(x: int) -> int:
    return int(x) >> OO_SHIFT
 def oo_objects(x: int) -> int:
    return int(x) & OO_MASK
--- a/requirements.txt
+++ b/requirements.txt
@ -7,5 +7,6 @@ pycparser==2.21
 pyelftools==0.29
 Pygments==2.13.0
 ROPGadget==7.1
 tabulate==0.8.10
 unicorn==2.0.1; python_version >= '3.7'
 unicorn==2.0.0rc7; python_version < '3.7'