* Initial setup of mkdocs
* Add documentation for every command. Also put them in some structure
* Fix typo
* Fix newline
* Update index
* fix some leakfind errors
* Some more fixes
* Fix search
* More fix
* Fix source code display
Fixes and simplifies source code display in `context code`. The
reasoning below.
---
It turns out that we determine the source code line for known code in a
tricky and buggy way. It is wrong when we are deep inside many calls and
we go to upper frame via e.g. `up` and then display the `context code`.
And this also occurs after applying the PR #637 before/after this fix.
We also do `except` all exceptions happening in the source code
retrieval which makes it hard to spot potential bugs in this code path.
This commit removes the `except` path and checks for particular edge
cases where we wouldn't have sources available.
---
Also note the `FileNotFoundError` path - in this case the debug symbols
have a source file path there, but it hasn't been found by us. It might
be because the program (or anything else) removed it OR maybe we debug
remotely etc (not sure if this is the case).
This being said, we could potentially inform the users about that BUT...
GDB already does that by itself - maybe in a bit vague way, as it does
it before us displaying the context e.g.:
```
pwndbg> r
Starting program: /home/dc/pwndbg/a.out
Program received signal SIGSEGV, Segmentation fault.
0x000055555555460a in foo () at ./a.c:2
2 ./a.c: No such file or directory.
LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA
// (the rest of the context here)
```
But I am fine with that for now - and I am not sure if we could even
suppress this warning (oh, maybe this string comes to us into prompt
hook/event? I don't know)
* Fix wrong code line if source startswith newlines
For some reason the `pygments.hightlight` remove newlines at start.
We need to preserve them in order to keep proper code lines.
* Use lexer's stripnl=False
TLDR:
1. We read registers from `newest_frame` instead of `selected_frame` for GDB>=7.9.
2. We have two ways to fetch registers - `regs.__getitem__` and
`regs.__getattr__` - one of them didn't invalidate cache and so after
fixing 1st, we still shown the old register after switching frames.
GDB's `up` and `down` commands trigger internal notification about
changed frame. It does not happen for `gdb.Frame.select()` which we use
in our own overrides for `up` and `down` commands.
Because of that, the `list` GDB command does not show proper source code
lines.
This can be worked around by firing `frame` command and this is what
this workaround/PR adds.
This bug has also been reported to GDB bugzilla at
https://sourceware.org/bugzilla/show_bug.cgi?id=24534
- fixed incorrect docs of dumpargs command (`--all` vs `--force`)
- dumpargs command does not require `--force` now if we are not on a
call instruction
* Bin annotations
* ASCII representation
* Addresses formatted w/o ':' (ease terminal copy/paste)
* Implicit addr support (pwndbg> vis_heap_chunks)
* Use top_chunk as sanity end-of-heap check, making it easier to use
during non-top_chunk heap corruption
* Added --naive (-n) to disable end-of-heap check
* Swapped arguments:
pwndbg> vis_heap_chunks addr count -> vis_heap_chunks count addr
Arguably, desired number of chunks v. heap addr is more readily
available
* Use ArgparsedCommand for commands/gdbinit.py
* Use ArgparsedCommand for commands/gdbinit.py
* Use ArgparsedCommand for commands/dt.py
* Use ArgparsedCommand for commands/defcon.py. (Not sure what the other one command in there did, didn't bother making it argparsed
* Use ArgparsedCommand for commands/context.py
* Use argparsed command for commands/argv.py
* Use ArgparsedCommand for commands/heap.py
* Use ArgparsedCommand for commands/ida.py
* Use ArgparsedCommand for commands/misc.py
* Use ArgparsedCommand for commands/next.py and commands/nearpc.py
* Use ArgparsedCommand for commands/peda.py
* Use ArgparsedCommand for commands/pie.py
* Use ArgparsedCommand for commands/procinfo.py
* Use ArgparsedCommand for commands/reload.py
* Use ArgparsedCommand for commands/rop.py
* Use ArgparsedCommand for commands/segments.py
* Use ArgparsedCommand for commands/start.py
* Use ArgparsedCommand for commands/telescope.py
* Use ArgparsedCommand for commands/version.py
* Use ArgparsedCommand for commands/vmmap.py
* Use ArgparsedCommand for commands/windbg.py
* Use ArgparsedCommand for commands/xor.py
* Use ArgparsedCommand for commands/windbg.py
* Fix isort
* Fixes#538 - breakrva on symlink targets
Fixes a bug with `breakrva` and `brva` commands and adds some more
explanation on how certain things works:
* `info auxv` or to be more specific: AUXV's `ET_EXECFN` holds path to
the executable, but if it is a symlink, it is not dereferenced
* because of that we need to call `readlink` in `get_exe_name` in pie.py
* Fix isort
* Add option to redirect context output to other tty or files
The output of context/dashboard can be now be redirected with
"set context-output /dev/pts/x" to everything wich python can open and
offers a file like "write".
* Sorted imports correctly (fixing pwndbg CI)
* Enhance remote QEMU targets debugging experience
- improve vmmap command help and inform user that the result might not
be accurate for QEMU targets
- updating stack pages (`pwndbg.stack.stacks`): skip detecting stack pages if SP is 0 (this lead to displaying memory page that started at -0x1000)
- `pwndbg.vmmap.find` - don't skip addresses below `pwndbg.memory.MMAP_MIN_ADDR` -
this function is used by `pwndbg.color.memory.get` which is used by
`vmmap` command - because we skipped addresses - a memory page starting
below that address wasn't colored on `vmmap` display
- memory pages found with exploration will now display with `<explored>` name in `vmmap`
- skip `proc_pid_maps` for QEMU kernel targets too (this was bug-prone
as QEMU targets have 42000 pid returned by GDB and we potentially tried adding
memory pages from another process, which luckily usually wasn't there)
* Update pwndbg/vmmap.py
TLDR: when context has been displayed the higlighted code is cached; if we change the pygmets style, displaying context again does not show the new style. This commit fixes this issue by resetting the memoized/cached highlighted code.
Note that there is already Capstone 4.0.1 but it hasn't been released to
pypi yet.
The current `next.zip` points to Capstone 5.0 and currently breaks
pwndbg (due to bindings and capstone versions mismatch).
* Fix tcache and support it on targets w/o -lpthread
Short summary:
* fixes tcache having wrong address
* adds heuristic to retrieve tcache address when binary is compiled w/o
-lpthread (may not work on glibc's other than 2.27)
* fixes `pwndbg.symbol.address` as it could return offsets instead of
an address
---
Long description below.
This commit fixes tcache: we used the address of &tcache instead of
tcache for dereferencing the struct. This can be observed with:
```
pwndbg> p *tcache
$8 = {
counts = '\000' <repeats 63 times>,
entries = {0x0 <repeats 64 times>}
}
pwndbg> tcache
{
counts = "\020`uUUU\000\000\000\000\000\000\000\000\000\000"...,
entries = {0x0, 0x0, 0x7ffff7fd7740, 0x7ffff7fd80a0, 0x7ffff7fd7740, 0x1, 0x0, 0x7025de0aec8a0300, 0x236a7550e4a6104e, 0x0 <repeats 55 times>}
}
```
It also adds possibility to retrieve tcache information from targets
that are compiled without -lpthread [-pthread].
**NOTE: This is experimental and may not work across different glibc
versions. It was tested on Ubuntu 18.04 on 2.27 glibc.**
This is because we get tcache pointer by making an assumption that it
will lie 0x10 bytes before one of the addresses that points to
&main_arena.
It also fixes `pwndbg.symbol.address`'s `info address` path when it
returned addresses that were out of memory maps due to the fact GDB may
return a string containing an offset instead of an address. E.g.:
```
pwndbg> info address tcache
Symbol "tcache" is a thread-local variable at offset 0x40 in the thread-local storage for `/lib/x86_64-linux-gnu/libc.so.6'.
```
* Fix tcache retrieval heuristic
* Check if override built-in command
* Abort on non-whitelisted command override
* Fixes according to PR discussion
* Check if override built-in command
* Abort on non-whitelisted command override
* Fixes according to PR discussion
* Clearer parsing of gdb output
Co-Authored-By: ZetaTwo <calle.svensson@zeta-two.com>
Stuart Nevans Locke
Disconnect3d
Jan Mazur
Stefan Ilic
NyaMisty
jebjerg
Stuart Nevans Locke
Carlo Maragno
Andrej Zieger
Blueke Zhou
Alisson Bezerra
Tommaso Fontana
Matrix
Yechan Bae
Andrew Righter
Sudhakar Verma
Zach Riggle
Gyorgy Miru
skysider
Yuekai Jia
Paweł Płatek
Calle Svensson