TLDR:
1. We read registers from `newest_frame` instead of `selected_frame` for GDB>=7.9.
2. We have two ways to fetch registers - `regs.__getitem__` and
`regs.__getattr__` - one of them didn't invalidate cache and so after
fixing 1st, we still shown the old register after switching frames.
GDB's `up` and `down` commands trigger internal notification about
changed frame. It does not happen for `gdb.Frame.select()` which we use
in our own overrides for `up` and `down` commands.
Because of that, the `list` GDB command does not show proper source code
lines.
This can be worked around by firing `frame` command and this is what
this workaround/PR adds.
This bug has also been reported to GDB bugzilla at
https://sourceware.org/bugzilla/show_bug.cgi?id=24534
- fixed incorrect docs of dumpargs command (`--all` vs `--force`)
- dumpargs command does not require `--force` now if we are not on a
call instruction
* Bin annotations
* ASCII representation
* Addresses formatted w/o ':' (ease terminal copy/paste)
* Implicit addr support (pwndbg> vis_heap_chunks)
* Use top_chunk as sanity end-of-heap check, making it easier to use
during non-top_chunk heap corruption
* Added --naive (-n) to disable end-of-heap check
* Swapped arguments:
pwndbg> vis_heap_chunks addr count -> vis_heap_chunks count addr
Arguably, desired number of chunks v. heap addr is more readily
available
* Use ArgparsedCommand for commands/gdbinit.py
* Use ArgparsedCommand for commands/gdbinit.py
* Use ArgparsedCommand for commands/dt.py
* Use ArgparsedCommand for commands/defcon.py. (Not sure what the other one command in there did, didn't bother making it argparsed
* Use ArgparsedCommand for commands/context.py
* Use argparsed command for commands/argv.py
* Use ArgparsedCommand for commands/heap.py
* Use ArgparsedCommand for commands/ida.py
* Use ArgparsedCommand for commands/misc.py
* Use ArgparsedCommand for commands/next.py and commands/nearpc.py
* Use ArgparsedCommand for commands/peda.py
* Use ArgparsedCommand for commands/pie.py
* Use ArgparsedCommand for commands/procinfo.py
* Use ArgparsedCommand for commands/reload.py
* Use ArgparsedCommand for commands/rop.py
* Use ArgparsedCommand for commands/segments.py
* Use ArgparsedCommand for commands/start.py
* Use ArgparsedCommand for commands/telescope.py
* Use ArgparsedCommand for commands/version.py
* Use ArgparsedCommand for commands/vmmap.py
* Use ArgparsedCommand for commands/windbg.py
* Use ArgparsedCommand for commands/xor.py
* Use ArgparsedCommand for commands/windbg.py
* Fix isort
* Fixes#538 - breakrva on symlink targets
Fixes a bug with `breakrva` and `brva` commands and adds some more
explanation on how certain things works:
* `info auxv` or to be more specific: AUXV's `ET_EXECFN` holds path to
the executable, but if it is a symlink, it is not dereferenced
* because of that we need to call `readlink` in `get_exe_name` in pie.py
* Fix isort
* Add option to redirect context output to other tty or files
The output of context/dashboard can be now be redirected with
"set context-output /dev/pts/x" to everything wich python can open and
offers a file like "write".
* Sorted imports correctly (fixing pwndbg CI)
* Enhance remote QEMU targets debugging experience
- improve vmmap command help and inform user that the result might not
be accurate for QEMU targets
- updating stack pages (`pwndbg.stack.stacks`): skip detecting stack pages if SP is 0 (this lead to displaying memory page that started at -0x1000)
- `pwndbg.vmmap.find` - don't skip addresses below `pwndbg.memory.MMAP_MIN_ADDR` -
this function is used by `pwndbg.color.memory.get` which is used by
`vmmap` command - because we skipped addresses - a memory page starting
below that address wasn't colored on `vmmap` display
- memory pages found with exploration will now display with `<explored>` name in `vmmap`
- skip `proc_pid_maps` for QEMU kernel targets too (this was bug-prone
as QEMU targets have 42000 pid returned by GDB and we potentially tried adding
memory pages from another process, which luckily usually wasn't there)
* Update pwndbg/vmmap.py
TLDR: when context has been displayed the higlighted code is cached; if we change the pygmets style, displaying context again does not show the new style. This commit fixes this issue by resetting the memoized/cached highlighted code.
Note that there is already Capstone 4.0.1 but it hasn't been released to
pypi yet.
The current `next.zip` points to Capstone 5.0 and currently breaks
pwndbg (due to bindings and capstone versions mismatch).
* Fix tcache and support it on targets w/o -lpthread
Short summary:
* fixes tcache having wrong address
* adds heuristic to retrieve tcache address when binary is compiled w/o
-lpthread (may not work on glibc's other than 2.27)
* fixes `pwndbg.symbol.address` as it could return offsets instead of
an address
---
Long description below.
This commit fixes tcache: we used the address of &tcache instead of
tcache for dereferencing the struct. This can be observed with:
```
pwndbg> p *tcache
$8 = {
counts = '\000' <repeats 63 times>,
entries = {0x0 <repeats 64 times>}
}
pwndbg> tcache
{
counts = "\020`uUUU\000\000\000\000\000\000\000\000\000\000"...,
entries = {0x0, 0x0, 0x7ffff7fd7740, 0x7ffff7fd80a0, 0x7ffff7fd7740, 0x1, 0x0, 0x7025de0aec8a0300, 0x236a7550e4a6104e, 0x0 <repeats 55 times>}
}
```
It also adds possibility to retrieve tcache information from targets
that are compiled without -lpthread [-pthread].
**NOTE: This is experimental and may not work across different glibc
versions. It was tested on Ubuntu 18.04 on 2.27 glibc.**
This is because we get tcache pointer by making an assumption that it
will lie 0x10 bytes before one of the addresses that points to
&main_arena.
It also fixes `pwndbg.symbol.address`'s `info address` path when it
returned addresses that were out of memory maps due to the fact GDB may
return a string containing an offset instead of an address. E.g.:
```
pwndbg> info address tcache
Symbol "tcache" is a thread-local variable at offset 0x40 in the thread-local storage for `/lib/x86_64-linux-gnu/libc.so.6'.
```
* Fix tcache retrieval heuristic
* Check if override built-in command
* Abort on non-whitelisted command override
* Fixes according to PR discussion
* Check if override built-in command
* Abort on non-whitelisted command override
* Fixes according to PR discussion
* Clearer parsing of gdb output
Co-Authored-By: ZetaTwo <calle.svensson@zeta-two.com>
* Make setup.sh work with Docker on root w/o sudo
* setup.sh: fallback to apt/dnf
If the OS is not detected/supported, try checking for apt/dnf.
* setup.sh: inform about arch's AUR package
Removes an exception in the tcache/bins command where the exception would be printed as well as an error message.
This is purely a UI fix as described in Issue #535 (https://github.com/pwndbg/pwndbg/issues/535)
* Added the installation script for each distros.
This commit adds the installation script for each distros in setup.sh.
Also, the content of the script was changed to install all the required packages for pwndbg in each distros.
Fixed : #296
Signed-off-by: Claudia J. Kang <claudiajkang@gmail.com>
* Fedora installation: add make to dnf install
Disconnect3d
Stefan Ilic
NyaMisty
jebjerg
Stuart Nevans Locke
Jan Mazur
Stuart Nevans Locke
Carlo Maragno
Andrej Zieger
Blueke Zhou
Alisson Bezerra
Tommaso Fontana
Matrix
Yechan Bae
Andrew Righter
Sudhakar Verma
Zach Riggle
Gyorgy Miru
skysider
Yuekai Jia
Paweł Płatek
Calle Svensson
Adam Tanana
0x6861636b6572
Claudia J.Kang