* Fix plist to support pointer-sized integer fields like size_t
Resolves#3448
The plist command previously rejected fields that were not pointer types,
even if they were pointer-sized integers (like size_t, uintptr_t) used to
store addresses.
Changes:
- Accept integer types with size equal to architecture pointer size
- Handle type validation for pointer-sized integers
- Assume pointer-sized integers point to outer structure type
This allows plist to work with structs like:
struct node {
size_t next; // Previously rejected, now works
size_t prev;
};
* Strip typedefs before checking if field is pointer-sized int
size_t and similar types are TypeCode.TYPEDEF, not TypeCode.INT.
We need to call strip_typedefs() to get the underlying type
(e.g., size_t -> unsigned long) before checking the type code.
Thanks to @jackmisbach for catching this issue!
* Add test cases for plist with size_t fields
- Add test struct with size_t next pointer to linked-lists.c
- Add test_command_plist_size_t_field() to both GDB and DBG test suites
- Tests verify plist correctly handles typedef-wrapped pointer-sized integers
* Fix include placement in linked-lists.c
Move stdint.h include to top of file with other includes
* Set dereference-limit in size_t test cases
Ensure the test runs with a sufficient dereference limit to traverse all 3 nodes
* Use explicit count flag instead of dereference-limit in size_t test
Use -c 3 flag to explicitly request 3 nodes, matching the pattern used in other plist tests
* Simplify size_t test to use -f value flag
Use -f value flag to only display the value field, avoiding issues with
size_t formatting. This matches the pattern in test_command_plist_flat_field
and provides a cleaner, more focused test of the core functionality.
* Update to CapstoneV6 alpha 5
* Add riscv32 test
* Add loongarch64 test to ensure branch targets are resolved correctly
* Makefile cleanup
* Upgrade version of uv
* Add dbg tests to test suite
* Fix 0
* Check for OSError in OpportunisticTerminalControl
* Split tests tasks
* Fix go tests in LLDB
* Update TLS tests to handle LLDB failing to resolve %GS on LLDB
* Disable go-based x86 test for windbg commands on LLDB
* Fix listening to new modules being loaded in LLDB
* Force LLDB tests to run in series
Parallel execution is broken, anyway
* Fix mallocng tests in LLDB
* ptmalloc2: Always cast tcache counts to pointer during try-free
* Catch LLDB_INVALID_ADDRESS in LLDB symbol lookup
* Handle the binary formatting from LLDB in `test_vis_heap_chunks`
* Split GDB and DBG GDB Nix tests, remove DBG LLDB Nix tests
* Replace ParamSpec in type param list with explicit use
* Add mising dependencies in Ubuntu test targets
* Revert "Add mising dependencies in Ubuntu test targets"
This reverts commit bd56a6b9dc.
* Disable -fcf-protection in test binaries
* Disable LLDB tests on Ubuntu 22.04
We don't seem to even officially support it for pwndbg-lldb
* Add even even more tests
* Fix 0
* Fix 1
* Add heap tests
* Fix 0
* Match new module layout
* Fix a couple of tests
* Backport test binary changes to GDB suite
* build the mallocng binary as static and dynamic
* ng-slots and ng-slotu tests
* add musl to apt and pacman dev deps
* lint
* dont test for heap addr since donation is flaky
* add ng-group check
* add ng-meta test
* remove inconsistent check
* add ng-ctx test
* test ng-find
* ng-metaarea test
* make tests debugger agnostic
* buffer1 typo
* fix: make mprotect command truly multi-arch
Added register saving based on reg_sets defined for each processor architecture, additionally shellcraft is used to generate the arch-specific shellcode.
Unfortunately this command is not currently tested on platforms other than x86_64.
* Update pwndbg/commands/mprotect.py
Co-authored-by: Disconnect3d <dominik.b.czarnota@gmail.com>
* mprotect: Add parsing, alignment to the addr argument
This change makes sure that the addr argument is parsed as an gdb expression (so you can use registers for example) and aligns it to the nearest page boundary.
* mprotect: Clean up register saving, print the result
Cleaned up saving of registers and added printing of the results, as per disconnect's sugesstions.
* Simplify the test for mprotect
Simplify the code and remove the useless binary
* Update tests/test_mprotect.py
Co-authored-by: Disconnect3d <dominik.b.czarnota@gmail.com>
* Add reset_on_thread decorator
* Apply reset_on_thread to Heap.multithreaded
* Add multithreaded malloc_chunk tests
* Clarify comment in C source
* Clarify expected thread number with assert in test
This commit adds a test for context disasm showing of file descriptors
file paths in syscalls like read() or close().
It also fixes a small issue when Pwndbg is run with PWNDBG_DISABLE_COLORS=1
This issue was that executing:
```
pi '{a:2}'.format(a=pwndbg.color.context.prefix(pwndbg.config.code_prefix))
```
Failed when Pwndbg was run with disabled colors. It failed because our
generate color functions in pwndbg/color/* ended up not processing the
input argument -- which here is a Pwndbg config Paramater object -- so
that we got a very non obvious exception:
```
Exception occurred: context: unsupported format string passed to Parameter.__format__ (<class 'TypeError'>)
```
This issue could hypothetically also exist if our config value would be
empty I think. So with the fix in this commit, where we do str(x) over
the color funciton argument should fix this issue in all cases.
Turns out the mprotect command didn't ever work, as it was amd64 only, but used x86 syscall numbers to call mprotect. I have refactored the command to use shellcraft to generate the shellcode that calls mprotect. I have also unit-tested this command.
* Improve vmmap on coredump files
With this commit we now recognize coredumps better and also finally have
a simple test for vmmap commands on:
- a running binary
- on a loaded coredump file with loaded binary
- on a loaded coredump file without a loaded binary
We also stop saving vmmaps for `maintenance info sections` sections
which have a start address of 0x0. While there could potentially be a
coredump file from a binary with start=0x0, this should work in most
cases.
We could in theory do a slighty better: we could take the vmmap at 0 and
try to read memory from it. However, I am not sure if it is a good idea
to try such memory read?
* remove unused import
* add missing crash_simple.asm
* fix vmmap coredump test on different ubuntu mem layouts
* use /proc/$pid/maps for vmmap tests
* fix formatting
* fix import
* fix test
* fix test
* fix test
* fix lint
* fix test
* fix test
* fix test
* fix test
* fix lint
* another fixup for ubuntu 22.04
* another fixup for ubuntu 22.04
* lint
* Add a regression test for find_fake_fast
The test program creates a fake chunk size field in its .data section
with a set NON_MAIN_ARENA flag. The Python test runs the find_fake_fast
command on an address succeeding the fake chunk. A gdb.MemoryError
indicates regression - issue #1142
* Make linter happy
This should fix things like:
> tests/test_heap.py::test_try_free_invalid_next_size_fast Dwarf Error: DW_FORM_strx1 found in non-DWO CU [in module /pwndbg/tests/binaries/heap_bugs.out]
* Make ZIGPATH configurable and provide defaults
Mostly fixes docker/docker-compose environment where building zig into
$pwd/.zig doesn't work well because it is later overwritten by mounting
the volume in /pwndbg.
With current approach during the docker build zig is put in /opt/zig
instead, and when you run it without docker it's possible to configure a
different path (with sane defaults)
* remove Makefile
* add ZIGPATH to tests.sh for CI
* move ZIGPATH setting before make in tests
* tools: change zig to install from a tarball
Migrate from using snap, we install from a cheksumed tarball
* fix: add sudo
* fix: install zig to .zig in PWD
Co-authored-by: Albert Koczy <albert.koczy@asseco.pl>
When we moved to argparse command parsing we introduced `gdb_sloppy_parse` which wasn't perfect: e.g. for `gdb.parse_and_eval("__libc_start_main")` would return a `gdb.Value()` whose `.type.name` was `long long`.
As a result when code that used `gdb_sloppy_parse` then casted the result to `int(gdb_value)` it crashed because for some reason GDB errored.
This commit fixes the issues related to it by adding `AddressExpr` and `HexOrAddressExpr` functions.
It also adds tests for some of the windbg compatibility commands and fixes some nifty details here and there.
* Tests launcher: show passed and failed count
* Build nearpc, emulate, u, pdisass test binaries
* Add tests for emulate, nearpc, pdisass, u
* Refactored disasm and emulator
* Fix nearpc following jumps w/o emulation
* Prevent tests from calling start_binary twice
* Add test for emulate_disasm_loop
* Fix isort
* Add nasm to travis install
* Add --eval-command quit to tests invocation
This should prevent travis from staying in gdb/stalled build when something fails in weird way (like a file is missing)
```
[+] Building 'emulate_disasm.o'
make: nasm: Command not found
make: *** [emulate_disasm.o] Error 127
gdbinit.py: No such file or directory.
pytests_collect.py: No such file or directory.
No output has been received in the last 10m0s, this potentially indicates a stalled build or something wrong with the build itself.
Check the details on how to adjust your build configuration on: https://docs.travis-ci.com/user/common-build-problems/#Build-times-out-because-no-output-was-received
```
* Add test binaries
patryk4815
Eshaan Gupta
OBarronCS
Matt.
k4lizen
Jason An
Gulshan Singh
alufers
CptGibbon
Lonny Wong
disconnect3d
Albert Koczy
NT Sleep
Artur Czepiel
cnwangjihe
Daniel Ebert
Israel Alberto RV
Paweł Płatek
StalkR