* Add support for breaking on UAF
* Small fixes and documentation
* Add a command to enable and disable tracking, better diagnostics
* Add initial support for calloc and realloc
* Better safeguard against matching ld.so malloc
* Small fixes
* Better interface for managing the heap tracker. More terse and information dense diagnostics
* Add warning and fix lints
* Update poetry lock
* add missing install dep for shfmt
* if we're given an ubuntu version and its not 20.04.. then install shfmt
* fix broken check for if no argument was passed to install_apt
This commit adds a `[filename]` argument to the `cyclic` command.
This makes it possible to do things like `cyclic 100 input` and `run < input` which was a feature Peda users used in the past.
Here is the full new help for cyclic command:
```
pwndbg> help cyclic
usage: cyclic [-h] [-a charset] [-n length] [-l lookup_value | count] [filename]
Cyclic pattern creator/finder.
positional arguments:
count Number of characters to print from the sequence (default: print the
entire sequence) (default: 100)
filename Name (path) of the file to save the cyclic pattern to (default: )
options:
-h, --help show this help message and exit
-a charset, --alphabet charset
The alphabet to use in the cyclic pattern (default:
abcdefghijklmnopqrstuvwxyz)
-n length, --length length
Size of the unique subsequences (defaults to the pointer size for the
current arch)
-l lookup_value, -o lookup_value, --offset lookup_value, --lookup lookup_value
Do a lookup instead of printing the sequence (accepts constant values
as well as expressions)
```
It turned out that in some cases - e.g. when installing Pwndbg on Fedora 39 which uses Python 3.12, Pwndbg does not work failing with:
```
Traceback (most recent call last):
File "/home/hhlp/.pwndbg/gdbinit.py", line 74, in <module>
import pwndbg # noqa: F401
^^^^^^^^^^^^^
File "/home/hhlp/.pwndbg/pwndbg/__init__.py", line 9, in <module>
import pwndbg.commands
File "/home/hhlp/.pwndbg/pwndbg/commands/__init__.py", line 24, in <module>
from pwndbg.heap.ptmalloc import DebugSymsHeap
File "/home/hhlp/.pwndbg/pwndbg/heap/ptmalloc.py", line 18, in <module>
import pwndbg.disasm
File "/home/hhlp/.pwndbg/pwndbg/disasm/__init__.py", line 14, in <module>
import capstone
File "/home/hhlp/.pwndbg/.venv/lib/python3.12/site-packages/capstone/__init__.py", line 326, in <module>
import distutils.sysconfig
ModuleNotFoundError: No module named 'distutils'
(gdb)
```
It turns out that `distutils` package was removed in Python 3.12 and it is now provided by the `setuptools` module.
This commit fixes this issue by adding `setuptools` as a direct Pwndbg dependency.
* Add initial implementation of Link Map parsing and draft Dynamic Segment parsing based on it
* Before changing into a better way to determine NN for ElfNN_Sym.
* Add support for reading relocation entries from the DYNAMIC segment
* Add initial infrastructure to implement the GOT tracker
* Non-coalesced watchpoints
* Finish initial draft implementation
* Update __init__.py
* Better diagnostics and move back to gdb.Breakpoint.stop() for most things
* Fixed the disabling procedure, and a bunch of cosmetics:
- Calling shellcode functions no longer force the context to show
- Better command to access the GOT tracker
* Disable broken r_brk hooks, for now.
* Mixed up the two columns
* Update pwndbg/commands/got_tracking.py
Co-authored-by: Disconnect3d <dominik.b.czarnota@gmail.com>
---------
Co-authored-by: Disconnect3d <dominik.b.czarnota@gmail.com>
It turns out that GDB's `info proc mappings` reads $PID instead of $TID and there are cases where the /proc/$pid/maps file renders no content, for example when the main thread of a process exitted.
This then causes us to fail to render memory mappings and falling back to memory maps exploration which is actually bugged.
This was found out by a flaky test which I reported initially as broken Arch Linux CI build: https://github.com/pwndbg/pwndbg/issues/1976 but it turned out it is two bugs:
1) us not taking `/proc/$tid/maps` into account instead of `$pid`
2) vmmap exploration having a recursion error
This commit fixes the former and the latter is still unfixed.
I also reported this GDB behavior to their bugzilla in https://sourceware.org/bugzilla/show_bug.cgi?id=31207 - not sure if this is going to be considered a bug or a "correct behavior" but lets see.
This commit reverts a previous commit that removed check against the frame register.
* FIX: revert c37030633a as pwndbg.gdblib.regs.frame can be None
The reason for that is that when you debug Chrome on arm64 using a gdbserver, we may end up with a "Unknown register type: None" message printed out due to lack of this check.
The stacktrace for this message can be found below:
```
Unknown register type: None
Traceback (most recent call last):
File "/home/pwndbg/pwndbg/commands/__init__.py", line 181, in __call__
return self.function(*args, **kwargs)
File "/home/pwndbg/pwndbg/commands/__init__.py", line 328, in _OnlyWhenRunning
return function(*a, **kw)
File "/home/pwndbg/pwndbg/commands/telescope.py", line 197, in telescope
bp = pwndbg.gdblib.regs[pwndbg.gdblib.regs.frame]
File "/home/pwndbg/pwndbg/lib/cache.py", line 138, in decorator
value = func(*a, **kw)
File "/home/pwndbg/pwndbg/gdblib/regs.py", line 66, in __getitem__
```
---------
Co-authored-by: Disconnect3d <dominik.b.czarnota@gmail.com>
* FIX: Upgraded devcontainer image to bookworm and added some useful extensions
* FIX: use ubuntu jammy image and add .gdbinit file in docker container user home folder not root
* FIX: Switch to root users as other tests are failing with permission denied
* FIX: update devcontainer file to remove unnecessary extensions, and unused dot files as we removed the extensions
* FIX: only add the .gdbinit file if it does not exists
* FIX: minor change
* Update Dockerfile
* Update .devcontainer/devcontainer.json
---------
Co-authored-by: Disconnect3d <dominik.b.czarnota@gmail.com>
Disconnect3d
Gulshan Singh
Matt
smiley
Nguyen Viet Dung
Alan Li
Albert Gierlach
Niko
Hubert Jasudowicz
∂ω∂
Niko
xtex
ev1ger
Akbar Fadiansyah
suhassuhas
HackSys Team
patryk4815