* Fix upper_stack_boundary not working introduced in 31f468e
The `upper_stack_boundary` we returned wasn't matching the one from `vmmap`.
Previously we determined upper address by having a memory read failure.
Recent changes made it so we got a `None` instead of the address in such situation.
This adds a parameter to `find_elf_magic` which lets us get a result when gdb.MemoryError occurs.
* Small refactor: add missing newlines
Adds `$rebase(offset)` gdbfunction that can be used to set up a breakpoint
over an offset from program image base.
Also changed a bit the pwndbg banner displayed at startup.
* Add dereference-limit and heap-dereference-limit parameters
This allows setting the number of pointers dereferenced during 'telescope'
and in the register context. Separately, the number of heap bins which
are dereferenced can be set.
* Cast LIMIT to an integer, and address off-by-one
This commit adds a `xinfo` command that calculates the offset of a
specified address to other interesting locations within the address
space:
* In the most general case, simply the offset of the pointer into the
current mapping is displayed.
* If the address specified is a stack adress, the offsets to the top and
the bottom of the stack, as well as to the current stack pointer,
frame pointer and stack canary are displayed.
* If the address points into a memory mapped file, the command
additionally shows the offset to the beginning of the file in memory and
on disk.
* Add elf.find_elf_magic() and remove duplicate code
* Add pwndbg.abi.LinuxOnly decorator
* Support bare metal environment
Use @pwndbg.abi.LinuxOnly and pwndbg.abi.linux to disable
several util functions which search the memory to find
the AUXV, the ELF header, or the page bound.
* Fixes `u` command `module object is not callable` (#310)
pwndbg> u 0x404030
'u': Starting at the specified address, disassemble
N instructions (default 5).
Traceback (most recent call last):
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 99, in __call__
return self.function(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 191, in _OnlyWhenRunning
return function(*a, **kw)
File "/home/dc/installed/pwndbg/pwndbg/commands/windbg.py", line 292, in u
pwndbg.commands.nearpc(where, n)
TypeError: 'module' object is not callable
* Fix malloc chunk names (#318)
* heap: respect rename of malloc_chunk fields
newer glibc uses different names for the fields of malloc_chunk
* move value_from_type to typeinfo and rename to read_gdbvalue
* add comment about renaming of `[prev_]size`
* Workaround for gdb remote target search bug described in #321 (#322)
* Fixes issue when we try to display context while selected thread is running #299 (#331)
* Fix tag_release (#348)
* Fix "dt" offsets which are sometimes floating-point (#355)
* Fixes#362 - broken entry command (#363)
This is a simple typo, but the error message that GDB gave was interesting:
Previously, if you stopped on an instruction that does an indirect jump, like
this:
```
jmp [ecx*4 + 0xdeadbeef]
```
then pwndbg would the following exception:
```
gdb.error: evaluation of this expression requires the program to have a function "malloc".
```
The reason is that the code used `memory_sz` and passed that to gdb.Value, thus
creating a string value. When casting the string to a pointer later, GDB tries
to allocate a string in the inferior which failed since malloc is not available.
The fix is, of course, to use the correct function (`memory`) that returns an
int and not a string.
* Fix hard error when something else (not IDA) listens on IDA's port
The default IDA port is 8888 and it can happen that some other program (such as
a jupyter notebook) is listening on that address. This made pwndbg unusable,
because it would crash trying to connect to IDA.
* add timeout to ida connect
* Fix withHexrays decorator not returning wrapper function
* IDA xmlrpc: add cfuncptr_t marshaller & better errors
* IDA xmlrpc server: add shutdown() which can be used for dev
* Small refactor of context.py
* Fix context Hexrays decompiled code display
* Added --all flag to dumpargs command
This gives possibility to dump all register argument even
if we failed to resolve arguments from metadatas.
* Display info when dumpargs not resolved call args
* Dumpargs: changed --all to --force
* Revert telescope changes as it fails when we are not on call instruction.
* Fix isort
* Fix malloc chunk names (#318)
* heap: respect rename of malloc_chunk fields
newer glibc uses different names for the fields of malloc_chunk
* move value_from_type to typeinfo and rename to read_gdbvalue
* add comment about renaming of `[prev_]size`
* Workaround for gdb remote target search bug described in #321 (#322)
* heap: respect rename of malloc_chunk fields
newer glibc uses different names for the fields of malloc_chunk
* move value_from_type to typeinfo and rename to read_gdbvalue
* add comment about renaming of `[prev_]size`
Canary command:
* Displays telescope result of places where canaries are located
* Moved to its own file (`pwndbg/commands/canary.py`)
* Moved to `ArgparsedCommand` (as discussed in https://github.com/pwndbg/pwndbg/issues/244)
pwndbg> u 0x404030
'u': Starting at the specified address, disassemble
N instructions (default 5).
Traceback (most recent call last):
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 99, in __call__
return self.function(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 191, in _OnlyWhenRunning
return function(*a, **kw)
File "/home/dc/installed/pwndbg/pwndbg/commands/windbg.py", line 292, in u
pwndbg.commands.nearpc(where, n)
TypeError: 'module' object is not callable
* added command got to display status of the got table
Signed-off-by: degrigis <degrigis@gmail.com>
* return when checksec is not available and added decorator OnlyWhenRunning
Signed-off-by: degrigis <degrigis@gmail.com>
* removed duplicated code for pie and not pie binaries
Signed-off-by: degrigis <degrigis@gmail.com>
* inserted support function to get checksec output and performed all requirements check initially
Signed-off-by: degrigis <degrigis@gmail.com>
* corrected typo
Signed-off-by: degrigis <degrigis@gmail.com>
* reorganized the command got splitting the code in library routines and moved the checksec internal function in a separate module
Signed-off-by: degrigis <degrigis@gmail.com>
* handled exception directly inside functions and enhanced code
Signed-off-by: degrigis <degrigis@gmail.com>
* extracted only column in readelf output and enhanced exception handling
Signed-off-by: degrigis <degrigis@gmail.com>
* fix exception handling returning subprocess error
Signed-off-by: degrigis <degrigis@gmail.com>
* removed unused import and reordered
Signed-off-by: degrigis <degrigis@gmail.com>
* reordered imports
Signed-off-by: degrigis <degrigis@gmail.com>
* added wrappers module and refactored some code
Signed-off-by: degrigis <degrigis@gmail.com>
* removed not useful comment
Signed-off-by: degrigis <degrigis@gmail.com>
* removed unused import
Signed-off-by: degrigis <degrigis@gmail.com>
* moved comments in docstring
Signed-off-by: degrigis <degrigis@gmail.com>
* refactored code to use partial functions, simplified code
Signed-off-by: degrigis <degrigis@gmail.com>
* simplified a loc
Signed-off-by: degrigis <degrigis@gmail.com>
* capslock char fixed
Signed-off-by: degrigis <degrigis@gmail.com>
* removed unuseful pwndbg.arch.ptrsize check
Signed-off-by: degrigis <degrigis@gmail.com>
* refactored code and added the new module wrapper that contains every new wrapper module
Signed-off-by: degrigis <degrigis@gmail.com>
* used class style decorator for wrapper and improved code style
Signed-off-by: degrigis <degrigis@gmail.com>
* changed return with print for errors
Signed-off-by: degrigis <degrigis@gmail.com>
* removed prints debug and statically linked check moved at the top of the got function
Signed-off-by: degrigis <degrigis@gmail.com>
* refactored OnlyWithCommand decorator
Signed-off-by: degrigis <degrigis@gmail.com>
* wrappers are OnlyWithFile now
Signed-off-by: degrigis <degrigis@gmail.com>
* redirected stderr to stdout in subprocess.check_output and memoized the wrappers for readelf/file/checksec
Signed-off-by: degrigis <degrigis@gmail.com>
* reordered an import
Signed-off-by: degrigis <degrigis@gmail.com>
* removed pdb
Signed-off-by: degrigis <degrigis@gmail.com>
* fixed format string and removed desc from got command
Signed-off-by: degrigis <degrigis@gmail.com>
* consolidated decorators
Signed-off-by: degrigis <degrigis@gmail.com>
* merging
Signed-off-by: degrigis <degrigis@gmail.com>
* reordered import for travis
Signed-off-by: degrigis <degrigis@gmail.com>
* refactored some code
Signed-off-by: degrigis <degrigis@gmail.com>
* resolve travis complains
Signed-off-by: degrigis <degrigis@gmail.com>
* docstring for _extract_jumps
Signed-off-by: degrigis <degrigis@gmail.com>
* fixed isort
Signed-off-by: degrigis <degrigis@gmail.com>
* f*** isort
Signed-off-by: degrigis <degrigis@gmail.com>
pwndbg> u 0x404030
'u': Starting at the specified address, disassemble
N instructions (default 5).
Traceback (most recent call last):
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 99, in __call__
return self.function(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 191, in _OnlyWhenRunning
return function(*a, **kw)
File "/home/dc/installed/pwndbg/pwndbg/commands/windbg.py", line 292, in u
pwndbg.commands.nearpc(where, n)
TypeError: 'module' object is not callable
Disconnect3d
Zach Riggle
Julian Kirsch
Meng-Huan Yu
Devin Neal
Zach Riggle
KillPinguin
Benno Fünfstück
Jonny Balls
Aaron Sedlacek
degrigis
Disconnect3d
Levente Polyak