From f69b285ad4309fdcdb6b0770257d76e95ca3b1fb Mon Sep 17 00:00:00 2001
From: Disconnect3d <dominik.b.czarnota@gmail.com>
Date: Fri, 4 Aug 2017 00:50:36 +0200
Subject: [PATCH] Enhance canary command

Canary command:
* Displays telescope result of places where canaries are located
* Moved to its own file (`pwndbg/commands/canary.py`)
* Moved to `ArgparsedCommand` (as discussed in https://github.com/pwndbg/pwndbg/issues/244)
---
 pwndbg/__init__.py        |  1 +
 pwndbg/commands/canary.py | 48 +++++++++++++++++++++++++++++++++++++++
 pwndbg/commands/misc.py   | 12 ----------
 3 files changed, 49 insertions(+), 12 deletions(-)
 create mode 100644 pwndbg/commands/canary.py

diff --git a/pwndbg/__init__.py b/pwndbg/__init__.py
index 2387a2b88..236337fec 100755
--- a/pwndbg/__init__.py
+++ b/pwndbg/__init__.py
@@ -18,6 +18,7 @@ import pwndbg.commands
 import pwndbg.commands.argv
 import pwndbg.commands.aslr
 import pwndbg.commands.auxv
+import pwndbg.commands.canary
 import pwndbg.commands.checksec
 import pwndbg.commands.config
 import pwndbg.commands.context
diff --git a/pwndbg/commands/canary.py b/pwndbg/commands/canary.py
new file mode 100644
index 000000000..bedc8e8d0
--- /dev/null
+++ b/pwndbg/commands/canary.py
@@ -0,0 +1,48 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+from __future__ import absolute_import
+from __future__ import division
+from __future__ import print_function
+from __future__ import unicode_literals
+
+import argparse
+
+import pwndbg.auxv
+import pwndbg.color
+import pwndbg.commands
+import pwndbg.commands.telescope
+import pwndbg.memory
+import pwndbg.regs
+import pwndbg.search
+
+parser = argparse.ArgumentParser(description='Print out the current stack canary')
+
+
+@pwndbg.commands.ArgparsedCommand(parser)
+@pwndbg.commands.OnlyWhenRunning
+def canary():
+    auxv = pwndbg.auxv.get()
+    at_random = auxv.get('AT_RANDOM', None)
+    if at_random is None:
+        print("Couldn't find AT_RANDOM - can't display canary.")
+        return
+
+    global_canary = pwndbg.memory.pvoid(at_random)
+
+    # masking canary value as canaries on the stack has last byte = 0
+    global_canary &= (pwndbg.arch.ptrmask ^ 0xFF)
+
+    print("AT_RANDOM = %#x # points to (not masked) global canary value" % at_random)
+    print("Canary    = 0x%x" % global_canary)
+
+    stack_canaries = list(
+        pwndbg.search.search(pwndbg.arch.pack(global_canary), mappings=pwndbg.stack.stacks.values())
+    )
+
+    if not stack_canaries:
+        print(pwndbg.color.yellow('No valid canaries found on the stacks.'))
+        return
+
+    print(pwndbg.color.green('Found valid canaries on the stacks:'))
+    for stack_canary in stack_canaries:
+        pwndbg.commands.telescope.telescope(address=stack_canary, count=1)
diff --git a/pwndbg/commands/misc.py b/pwndbg/commands/misc.py
index 89acec7e1..f6f28b34f 100644
--- a/pwndbg/commands/misc.py
+++ b/pwndbg/commands/misc.py
@@ -76,15 +76,3 @@ def distance(a, b):
     distance = (b-a)
 
     print("%#x->%#x is %#x bytes (%#x words)" % (a, b, distance, distance // _arch.ptrsize))
-
-
-@_pwndbg.commands.Command
-@_pwndbg.commands.OnlyWhenRunning
-def canary():
-    """Print out the current stack canary"""
-    auxv = _pwndbg.auxv.get()
-    at_random = auxv.get('AT_RANDOM', None)
-    if at_random is not None:
-        print("AT_RANDOM=%#x" % at_random)
-    else:
-        print("Couldn't find AT_RANDOM")