lyc
/
pwndbg
mirror of https://github.com/pwndbg/pwndbg.git
1
0
Fork 0
Code Releases Activity

Print real size in heap command #1748 (#1781)

Browse Source 
* Updated heap command to show real size without flag bits

* Fixed linters

* Fixed linters

* Fixed real size

* Fixed heap tests

* Fixed linters
pull/1804/head
NT Sleep 2 years ago committed by GitHub
parent 71c4e1d6f3
commit e37591b25d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 66 additions and 10 deletions
Show Stats Download Patch File Download Diff File

11
pwndbg/commands/heap.py
Unescape View File

@ -422,7 +422,7 @@ def malloc_chunk(addr, fake=False, verbose=False, simple=False) -> None:
if verbose: if verbose:
fields_to_print.update(["prev_size", "size", "fd", "bk", "fd_nextsize", "bk_nextsize"]) fields_to_print.update(["prev_size", "size", "fd", "bk", "fd_nextsize", "bk_nextsize"])
else: else:
out_fields += f"Size: 0x{chunk.size:02x}\n" out_fields += f"Size: 0x{chunk.real_size:02x} (with flag bits: 0x{chunk.size:02x})\n"
prev_inuse, is_mmapped, non_main_arena = allocator.chunk_flags(chunk.size) prev_inuse, is_mmapped, non_main_arena = allocator.chunk_flags(chunk.size)
if prev_inuse: if prev_inuse:
@ -434,7 +434,14 @@ def malloc_chunk(addr, fake=False, verbose=False, simple=False) -> None:
fields_ordered = ["prev_size", "size", "fd", "bk", "fd_nextsize", "bk_nextsize"] fields_ordered = ["prev_size", "size", "fd", "bk", "fd_nextsize", "bk_nextsize"]
for field_to_print in fields_ordered: for field_to_print in fields_ordered:
if field_to_print in fields_to_print: if field_to_print not in fields_to_print:
continue
if field_to_print == "size":
out_fields += (
message.system("size")
+ f": 0x{chunk.real_size:02x} (with flag bits: 0x{chunk.size:02x})\n"
)
else:
out_fields += ( out_fields += (
message.system(field_to_print) + f": 0x{getattr(chunk, field_to_print):02x}\n" message.system(field_to_print) + f": 0x{getattr(chunk, field_to_print):02x}\n"
) )

4
tests/gdb-tests/tests/heap/test_find_fake_fast.py
Unescape View File

@ -68,10 +68,10 @@ def test_find_fake_fast_command(start_binary):
# setup_mem(0x2F, 0x8) # setup_mem(0x2F, 0x8)
result = gdb.execute("find_fake_fast &target_address", to_string=True) result = gdb.execute("find_fake_fast &target_address", to_string=True)
check_result(result, 0x2F) check_result(result, 0x28)
result = gdb.execute("find_fake_fast --align &target_address", to_string=True) result = gdb.execute("find_fake_fast --align &target_address", to_string=True)
check_result(result, 0x2F) check_result(result, 0x28)
gdb.execute("continue") gdb.execute("continue")
# setup_mem(0x20, 0x9) # setup_mem(0x20, 0x9)

61
tests/gdb-tests/tests/heap/test_heap.py
Unescape View File

@ -14,42 +14,83 @@ HEAP_MALLOC_CHUNK = tests.binaries.get("heap_malloc_chunk.out")
def generate_expected_malloc_chunk_output(chunks): def generate_expected_malloc_chunk_output(chunks):
expected = {} expected = {}
size = int(
chunks["allocated"][
"mchunk_size"
if "mchunk_size" in (f.name for f in chunks["allocated"].type.fields())
else "size"
]
)
real_size = size & (0xFFFFFFFFFFFFFFF - 0b111)
expected["allocated"] = [ expected["allocated"] = [
"Allocated chunk | PREV_INUSE", "Allocated chunk | PREV_INUSE",
f"Addr: {chunks['allocated'].address}", f"Addr: {chunks['allocated'].address}",
f"Size: 0x{int(chunks['allocated']['mchunk_size' if 'mchunk_size' in (f.name for f in chunks['allocated'].type.fields()) else 'size']):02x}", f"Size: 0x{real_size:02x} (with flag bits: 0x{size:02x})",
"", "",
] ]
size = int(
chunks["tcache"][
"mchunk_size"
if "mchunk_size" in (f.name for f in chunks["tcache"].type.fields())
else "size"
]
)
real_size = size & (0xFFFFFFFFFFFFFFF - 0b111)
expected["tcache"] = [ expected["tcache"] = [
f"Free chunk ({'tcachebins' if pwndbg.heap.current.has_tcache else 'fastbins'}) | PREV_INUSE", f"Free chunk ({'tcachebins' if pwndbg.heap.current.has_tcache else 'fastbins'}) | PREV_INUSE",
f"Addr: {chunks['tcache'].address}", f"Addr: {chunks['tcache'].address}",
f"Size: 0x{int(chunks['tcache']['mchunk_size' if 'mchunk_size' in (f.name for f in chunks['tcache'].type.fields()) else 'size']):02x}", f"Size: 0x{real_size:02x} (with flag bits: 0x{size:02x})",
f"fd: 0x{int(chunks['tcache']['fd']):02x}", f"fd: 0x{int(chunks['tcache']['fd']):02x}",
"", "",
] ]
size = int(
chunks["fast"][
"mchunk_size"
if "mchunk_size" in (f.name for f in chunks["fast"].type.fields())
else "size"
]
)
real_size = size & (0xFFFFFFFFFFFFFFF - 0b111)
expected["fast"] = [ expected["fast"] = [
"Free chunk (fastbins) | PREV_INUSE", "Free chunk (fastbins) | PREV_INUSE",
f"Addr: {chunks['fast'].address}", f"Addr: {chunks['fast'].address}",
f"Size: 0x{int(chunks['fast']['mchunk_size' if 'mchunk_size' in (f.name for f in chunks['fast'].type.fields()) else 'size']):02x}", f"Size: 0x{real_size:02x} (with flag bits: 0x{size:02x})",
f"fd: 0x{int(chunks['fast']['fd']):02x}", f"fd: 0x{int(chunks['fast']['fd']):02x}",
"", "",
] ]
size = int(
chunks["small"][
"mchunk_size"
if "mchunk_size" in (f.name for f in chunks["small"].type.fields())
else "size"
]
)
real_size = size & (0xFFFFFFFFFFFFFFF - 0b111)
expected["small"] = [ expected["small"] = [
"Free chunk (smallbins) | PREV_INUSE", "Free chunk (smallbins) | PREV_INUSE",
f"Addr: {chunks['small'].address}", f"Addr: {chunks['small'].address}",
f"Size: 0x{int(chunks['small']['mchunk_size' if 'mchunk_size' in (f.name for f in chunks['small'].type.fields()) else 'size']):02x}", f"Size: 0x{real_size:02x} (with flag bits: 0x{size:02x})",
f"fd: 0x{int(chunks['small']['fd']):02x}", f"fd: 0x{int(chunks['small']['fd']):02x}",
f"bk: 0x{int(chunks['small']['bk']):02x}", f"bk: 0x{int(chunks['small']['bk']):02x}",
"", "",
] ]
size = int(
chunks["large"][
"mchunk_size"
if "mchunk_size" in (f.name for f in chunks["large"].type.fields())
else "size"
]
)
real_size = size & (0xFFFFFFFFFFFFFFF - 0b111)
expected["large"] = [ expected["large"] = [
"Free chunk (largebins) | PREV_INUSE", "Free chunk (largebins) | PREV_INUSE",
f"Addr: {chunks['large'].address}", f"Addr: {chunks['large'].address}",
f"Size: 0x{int(chunks['large']['mchunk_size' if 'mchunk_size' in (f.name for f in chunks['large'].type.fields()) else 'size']):02x}", f"Size: 0x{real_size:02x} (with flag bits: 0x{size:02x})",
f"fd: 0x{int(chunks['large']['fd']):02x}", f"fd: 0x{int(chunks['large']['fd']):02x}",
f"bk: 0x{int(chunks['large']['bk']):02x}", f"bk: 0x{int(chunks['large']['bk']):02x}",
f"fd_nextsize: 0x{int(chunks['large']['fd_nextsize']):02x}", f"fd_nextsize: 0x{int(chunks['large']['fd_nextsize']):02x}",
@ -57,10 +98,18 @@ def generate_expected_malloc_chunk_output(chunks):
"", "",
] ]
size = int(
chunks["unsorted"][
"mchunk_size"
if "mchunk_size" in (f.name for f in chunks["unsorted"].type.fields())
else "size"
]
)
real_size = size & (0xFFFFFFFFFFFFFFF - 0b111)
expected["unsorted"] = [ expected["unsorted"] = [
"Free chunk (unsortedbin) | PREV_INUSE", "Free chunk (unsortedbin) | PREV_INUSE",
f"Addr: {chunks['unsorted'].address}", f"Addr: {chunks['unsorted'].address}",
f"Size: 0x{int(chunks['unsorted']['mchunk_size' if 'mchunk_size' in (f.name for f in chunks['unsorted'].type.fields()) else 'size']):02x}", f"Size: 0x{real_size:02x} (with flag bits: 0x{size:02x})",
f"fd: 0x{int(chunks['unsorted']['fd']):02x}", f"fd: 0x{int(chunks['unsorted']['fd']):02x}",
f"bk: 0x{int(chunks['unsorted']['bk']):02x}", f"bk: 0x{int(chunks['unsorted']['bk']):02x}",
"", "",

Write Preview
Loading…
Cancel
Save