This is a simple typo, but the error message that GDB gave was interesting:
Previously, if you stopped on an instruction that does an indirect jump, like
this:
```
jmp [ecx*4 + 0xdeadbeef]
```
then pwndbg would the following exception:
```
gdb.error: evaluation of this expression requires the program to have a function "malloc".
```
The reason is that the code used `memory_sz` and passed that to gdb.Value, thus
creating a string value. When casting the string to a pointer later, GDB tries
to allocate a string in the inferior which failed since malloc is not available.
The fix is, of course, to use the correct function (`memory`) that returns an
int and not a string.
* Fix hard error when something else (not IDA) listens on IDA's port
The default IDA port is 8888 and it can happen that some other program (such as
a jupyter notebook) is listening on that address. This made pwndbg unusable,
because it would crash trying to connect to IDA.
* add timeout to ida connect
* Fix withHexrays decorator not returning wrapper function
* IDA xmlrpc: add cfuncptr_t marshaller & better errors
* IDA xmlrpc server: add shutdown() which can be used for dev
* Small refactor of context.py
* Fix context Hexrays decompiled code display
* Added --all flag to dumpargs command
This gives possibility to dump all register argument even
if we failed to resolve arguments from metadatas.
* Display info when dumpargs not resolved call args
* Dumpargs: changed --all to --force
* Revert telescope changes as it fails when we are not on call instruction.
* Fix isort
* Fix malloc chunk names (#318)
* heap: respect rename of malloc_chunk fields
newer glibc uses different names for the fields of malloc_chunk
* move value_from_type to typeinfo and rename to read_gdbvalue
* add comment about renaming of `[prev_]size`
* Workaround for gdb remote target search bug described in #321 (#322)
* heap: respect rename of malloc_chunk fields
newer glibc uses different names for the fields of malloc_chunk
* move value_from_type to typeinfo and rename to read_gdbvalue
* add comment about renaming of `[prev_]size`
Canary command:
* Displays telescope result of places where canaries are located
* Moved to its own file (`pwndbg/commands/canary.py`)
* Moved to `ArgparsedCommand` (as discussed in https://github.com/pwndbg/pwndbg/issues/244)
pwndbg> u 0x404030
'u': Starting at the specified address, disassemble
N instructions (default 5).
Traceback (most recent call last):
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 99, in __call__
return self.function(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 191, in _OnlyWhenRunning
return function(*a, **kw)
File "/home/dc/installed/pwndbg/pwndbg/commands/windbg.py", line 292, in u
pwndbg.commands.nearpc(where, n)
TypeError: 'module' object is not callable
* added command got to display status of the got table
Signed-off-by: degrigis <degrigis@gmail.com>
* return when checksec is not available and added decorator OnlyWhenRunning
Signed-off-by: degrigis <degrigis@gmail.com>
* removed duplicated code for pie and not pie binaries
Signed-off-by: degrigis <degrigis@gmail.com>
* inserted support function to get checksec output and performed all requirements check initially
Signed-off-by: degrigis <degrigis@gmail.com>
* corrected typo
Signed-off-by: degrigis <degrigis@gmail.com>
* reorganized the command got splitting the code in library routines and moved the checksec internal function in a separate module
Signed-off-by: degrigis <degrigis@gmail.com>
* handled exception directly inside functions and enhanced code
Signed-off-by: degrigis <degrigis@gmail.com>
* extracted only column in readelf output and enhanced exception handling
Signed-off-by: degrigis <degrigis@gmail.com>
* fix exception handling returning subprocess error
Signed-off-by: degrigis <degrigis@gmail.com>
* removed unused import and reordered
Signed-off-by: degrigis <degrigis@gmail.com>
* reordered imports
Signed-off-by: degrigis <degrigis@gmail.com>
* added wrappers module and refactored some code
Signed-off-by: degrigis <degrigis@gmail.com>
* removed not useful comment
Signed-off-by: degrigis <degrigis@gmail.com>
* removed unused import
Signed-off-by: degrigis <degrigis@gmail.com>
* moved comments in docstring
Signed-off-by: degrigis <degrigis@gmail.com>
* refactored code to use partial functions, simplified code
Signed-off-by: degrigis <degrigis@gmail.com>
* simplified a loc
Signed-off-by: degrigis <degrigis@gmail.com>
* capslock char fixed
Signed-off-by: degrigis <degrigis@gmail.com>
* removed unuseful pwndbg.arch.ptrsize check
Signed-off-by: degrigis <degrigis@gmail.com>
* refactored code and added the new module wrapper that contains every new wrapper module
Signed-off-by: degrigis <degrigis@gmail.com>
* used class style decorator for wrapper and improved code style
Signed-off-by: degrigis <degrigis@gmail.com>
* changed return with print for errors
Signed-off-by: degrigis <degrigis@gmail.com>
* removed prints debug and statically linked check moved at the top of the got function
Signed-off-by: degrigis <degrigis@gmail.com>
* refactored OnlyWithCommand decorator
Signed-off-by: degrigis <degrigis@gmail.com>
* wrappers are OnlyWithFile now
Signed-off-by: degrigis <degrigis@gmail.com>
* redirected stderr to stdout in subprocess.check_output and memoized the wrappers for readelf/file/checksec
Signed-off-by: degrigis <degrigis@gmail.com>
* reordered an import
Signed-off-by: degrigis <degrigis@gmail.com>
* removed pdb
Signed-off-by: degrigis <degrigis@gmail.com>
* fixed format string and removed desc from got command
Signed-off-by: degrigis <degrigis@gmail.com>
* consolidated decorators
Signed-off-by: degrigis <degrigis@gmail.com>
* merging
Signed-off-by: degrigis <degrigis@gmail.com>
* reordered import for travis
Signed-off-by: degrigis <degrigis@gmail.com>
* refactored some code
Signed-off-by: degrigis <degrigis@gmail.com>
* resolve travis complains
Signed-off-by: degrigis <degrigis@gmail.com>
* docstring for _extract_jumps
Signed-off-by: degrigis <degrigis@gmail.com>
* fixed isort
Signed-off-by: degrigis <degrigis@gmail.com>
* f*** isort
Signed-off-by: degrigis <degrigis@gmail.com>
pwndbg> u 0x404030
'u': Starting at the specified address, disassemble
N instructions (default 5).
Traceback (most recent call last):
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 99, in __call__
return self.function(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 191, in _OnlyWhenRunning
return function(*a, **kw)
File "/home/dc/installed/pwndbg/pwndbg/commands/windbg.py", line 292, in u
pwndbg.commands.nearpc(where, n)
TypeError: 'module' object is not callable
* Fix got command when using pwntool
Fixes `got` command by changing `call_program` wrapper to pipe stderr to stdout.
This is because there are two `checksec`s:
* the checksec script
* checksec script from pwntools
The latter prints output into stderr and because of that we couldn't detect proper RELRO status (as ggot command parsed an empty string).
* Fix got command error paths
* Got command _extract_jumps comment
* Add documentation for pwndbg.search
* Filter mappings in search command, provide an error message
* Fix issue when searching for strings
* Fix mapping vs mappings confusion
* added command got to display status of the got table
Signed-off-by: degrigis <degrigis@gmail.com>
* return when checksec is not available and added decorator OnlyWhenRunning
Signed-off-by: degrigis <degrigis@gmail.com>
* removed duplicated code for pie and not pie binaries
Signed-off-by: degrigis <degrigis@gmail.com>
* inserted support function to get checksec output and performed all requirements check initially
Signed-off-by: degrigis <degrigis@gmail.com>
* corrected typo
Signed-off-by: degrigis <degrigis@gmail.com>
* reorganized the command got splitting the code in library routines and moved the checksec internal function in a separate module
Signed-off-by: degrigis <degrigis@gmail.com>
* handled exception directly inside functions and enhanced code
Signed-off-by: degrigis <degrigis@gmail.com>
* extracted only column in readelf output and enhanced exception handling
Signed-off-by: degrigis <degrigis@gmail.com>
* fix exception handling returning subprocess error
Signed-off-by: degrigis <degrigis@gmail.com>
* removed unused import and reordered
Signed-off-by: degrigis <degrigis@gmail.com>
* reordered imports
Signed-off-by: degrigis <degrigis@gmail.com>
* added wrappers module and refactored some code
Signed-off-by: degrigis <degrigis@gmail.com>
* removed not useful comment
Signed-off-by: degrigis <degrigis@gmail.com>
* removed unused import
Signed-off-by: degrigis <degrigis@gmail.com>
* moved comments in docstring
Signed-off-by: degrigis <degrigis@gmail.com>
* refactored code to use partial functions, simplified code
Signed-off-by: degrigis <degrigis@gmail.com>
* simplified a loc
Signed-off-by: degrigis <degrigis@gmail.com>
* capslock char fixed
Signed-off-by: degrigis <degrigis@gmail.com>
* removed unuseful pwndbg.arch.ptrsize check
Signed-off-by: degrigis <degrigis@gmail.com>
* Clean up some unnecessary closures in pwndbg.commands
* A bit of cleanup, and a change to split_args
* Move SystemExit except block
* Actually fix command crashes
* A bit of docs
* Attempt to make exception handling a little bit better
* More better errors
* Fix docs
* Simplify command exception debugging and make stdio work correctly
* Make isort happy
* Reorganize exception handler, add default case
* Fix print statement
* Attempt to use ipdb where available
* Sort requirements and add ipdb
* Only use pwndbg.stdio in the exception handler
* Documentation, hook pdb.set_trace()
* Do not require ipdb
* Remove import loop, fix accidental call, set python print-stack
* Use the correct values for print-stack
* Use pdb.Pdb for better set_trace()
* support for multiple arenas
* move get_bounds to get_region and use Page class
* refactor == to is
* add docstring to `arenas`
* refactor get_region a little bit
* heap: gdb.value doesn't have .get
* heap: give `arenas` some colors
* heap: `Page` expects `int`s
* Fix start, entry commands without file loaded in gdb
Both `entry` and `start` commands fails when there is no file loaded in gdb:
```
$ gdb -q
Loaded 106 commands. Type pwndbg [filter] for a list.
pwndbg> entry
Traceback (most recent call last):
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 57, in __call__
return self.function(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/commands/start.py", line 67, in entry
gdb.execute(run, from_tty=False)
gdb.error: No executable file specified.
Use the "file" or "exec-file" command.
```
The patch fixes those issues by introducing `pwndbg.commands.OnlyWithFile` decorator.
* Use pwndbg.commands.OnlyWithFile in rop* commands
* Use pwndbg.commands.OnlyWithFile in elf*, *plt commands
Also refactored the file a bit.
* Use pwndbg.commands.OnlyWithFile in r2 command
* Use pwndbg.commands.OnlyWithFile in errno command
* Use pwndbg.commands.OnlyWithFile in checksec command
* Remove redundant file check in elf.py
* Make save_ida command available only with ida
When there is no file and ida an excetion is thrown:
```
pwndbg> save_ida
Traceback (most recent call last):
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 57, in init_ida_rpc_client
_ida.here()
File "/usr/lib/python3.6/xmlrpc/client.py", line 1112, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1452, in __request
verbose=self.__verbose
File "/usr/lib/python3.6/xmlrpc/client.py", line 1154, in request
return self.single_request(host, handler, request_body, verbose)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1166, in single_request
http_conn = self.send_request(host, handler, request_body, verbose)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1279, in send_request
self.send_content(connection, request_body)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1309, in send_content
connection.endheaders(request_body)
File "/usr/lib/python3.6/http/client.py", line 1234, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.6/http/client.py", line 1026, in _send_output
self.send(msg)
File "/usr/lib/python3.6/http/client.py", line 964, in send
self.connect()
File "/usr/lib/python3.6/http/client.py", line 936, in connect
(self.host,self.port), self.timeout, self.source_address)
File "/usr/lib/python3.6/socket.py", line 704, in create_connection
for res in getaddrinfo(host, port, 0, SOCK_STREAM):
File "/usr/lib/python3.6/socket.py", line 743, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
OSError: Int or String expected
```
Because of recent changes, the IDA synchronization fails on marshalling a xint instance:
```
$ gdb -q ./babyuse
Pwndbg successfully connected to Ida Pro xmlrpc: http://127.0.0.1:8888
Loaded 108 commands. Type pwndbg [filter] for a list.
Reading symbols from ./babyuse...(no debugging symbols found)...done.
pwndbg> entry
Temporary breakpoint 1 at 0x56555ca0
Exception during func=pwndbg.ida.Auto_Color_PC (<gdb.BreakpointEvent object at 0x7f1648274468>,)
Traceback (most recent call last):
File "/usr/lib/python3.6/xmlrpc/client.py", line 510, in __dump
f = self.dispatch[type(value)]
KeyError: <class 'pwndbg.inthook.xint'>
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/dc/installed/pwndbg/pwndbg/events.py", line 122, in caller
func()
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 74, in __call__
return self.fn(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 253, in Auto_Color_PC
SetColor(colored_pc, 0x7f7fff)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 74, in __call__
return self.fn(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 87, in wrapper
return function(l2r(address), *args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 109, in l2r
result = (addr - int(exe.address) + base()) & pwndbg.arch.ptrmask
File "/home/dc/installed/pwndbg/pwndbg/memoize.py", line 47, in __call__
value = self.func(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 131, in base
base = _ida.get_fileregion_offset(segaddr)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1112, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1446, in __request
allow_none=self.__allow_none).encode(self.__encoding, 'xmlcharrefreplace')
File "/usr/lib/python3.6/xmlrpc/client.py", line 971, in dumps
data = m.dumps(params)
File "/usr/lib/python3.6/xmlrpc/client.py", line 502, in dumps
dump(v, write)
File "/usr/lib/python3.6/xmlrpc/client.py", line 520, in __dump
raise TypeError("cannot marshal %s objects" % type(value))
TypeError: cannot marshal <class 'pwndbg.inthook.xint'> objects
Python Exception <class 'TypeError'> cannot marshal <class 'pwndbg.inthook.xint'> objects:
Temporary breakpoint 1, 0x56555ca0 in ?? ()
Exception during func=pwndbg.ida.Auto_Color_PC ()
Traceback (most recent call last):
File "/usr/lib/python3.6/xmlrpc/client.py", line 510, in __dump
f = self.dispatch[type(value)]
KeyError: <class 'pwndbg.inthook.xint'>
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/dc/installed/pwndbg/pwndbg/events.py", line 122, in caller
func()
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 74, in __call__
return self.fn(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 253, in Auto_Color_PC
SetColor(colored_pc, 0x7f7fff)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 74, in __call__
return self.fn(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 87, in wrapper
return function(l2r(address), *args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 109, in l2r
result = (addr - int(exe.address) + base()) & pwndbg.arch.ptrmask
File "/home/dc/installed/pwndbg/pwndbg/memoize.py", line 47, in __call__
value = self.func(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 131, in base
base = _ida.get_fileregion_offset(segaddr)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1112, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1446, in __request
allow_none=self.__allow_none).encode(self.__encoding, 'xmlcharrefreplace')
File "/usr/lib/python3.6/xmlrpc/client.py", line 971, in dumps
data = m.dumps(params)
File "/usr/lib/python3.6/xmlrpc/client.py", line 502, in dumps
dump(v, write)
File "/usr/lib/python3.6/xmlrpc/client.py", line 520, in __dump
raise TypeError("cannot marshal %s objects" % type(value))
TypeError: cannot marshal <class 'pwndbg.inthook.xint'> objects
Python Exception <class 'TypeError'> cannot marshal <class 'pwndbg.inthook.xint'> objects:
```
This patch fixes bug introduced in https://github.com/pwndbg/pwndbg/pull/222 (also discussed a bit in https://github.com/pwndbg/pwndbg/pull/221).
Disconnect3d
Benno Fünfstück
Jonny Balls
Aaron Sedlacek
Zach Riggle
degrigis
Disconnect3d
Levente Polyak
pyllyukko
Zach Riggle
Maciej Kotowicz
Roman