From e0e32dca792fe4cf47adeb8d3edeb38a793531d5 Mon Sep 17 00:00:00 2001
From: cnwangjihe <wangjihe.mail@gmail.com>
Date: Mon, 18 Oct 2021 08:58:36 +0800
Subject: [PATCH] fix ending of chain

---
 pwndbg/chain.py   | 2 +-
 pwndbg/enhance.py | 5 ++++-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/pwndbg/chain.py b/pwndbg/chain.py
index 5d2a3be88..52fb7916d 100755
--- a/pwndbg/chain.py
+++ b/pwndbg/chain.py
@@ -115,7 +115,7 @@ def format(value, limit=LIMIT, code=True, offset=0, hard_stop=None, hard_end=0,
     # We want to enhance the last pointer value. If an offset was used
     # chain failed at that offset, so display that offset.
     elif len(chain) < limit + 1:
-        enhanced = pwndbg.enhance.enhance(chain[-2] + offset, code=code)
+        enhanced = pwndbg.enhance.enhance(chain[-2] + offset, code=code, safe_linking=safe_linking)
 
     else:
         enhanced = C.contiguous('%s' % config_contiguous)
diff --git a/pwndbg/enhance.py b/pwndbg/enhance.py
index 3e2fc8b99..049838969 100644
--- a/pwndbg/enhance.py
+++ b/pwndbg/enhance.py
@@ -50,7 +50,7 @@ def int_str(value):
 
 
 # @pwndbg.memoize.reset_on_stop
-def enhance(value, code = True):
+def enhance(value, code = True, safe_linking = False):
     """
     Given the last pointer in a chain, attempt to characterize
 
@@ -64,6 +64,7 @@ def enhance(value, code = True):
     Arguments:
         value(obj): Value to enhance
         code(bool): Hint that indicates the value may be an instruction
+        safe_linking(bool): Whether this chain use safe-linking
     """
     value = int(value)
 
@@ -111,6 +112,8 @@ def enhance(value, code = True):
         return E.integer(int_str(value))
 
     intval  = int(pwndbg.memory.poi(pwndbg.typeinfo.pvoid, value))
+    if safe_linking:
+        intval ^= value >> 12
     intval0 = intval
     if 0 <= intval < 10:
         intval = E.integer(str(intval))