* Fix got command when using pwntool
Fixes `got` command by changing `call_program` wrapper to pipe stderr to stdout.
This is because there are two `checksec`s:
* the checksec script
* checksec script from pwntools
The latter prints output into stderr and because of that we couldn't detect proper RELRO status (as ggot command parsed an empty string).
* Fix got command error paths
* Got command _extract_jumps comment
* Add documentation for pwndbg.search
* Filter mappings in search command, provide an error message
* Fix issue when searching for strings
* Fix mapping vs mappings confusion
* added command got to display status of the got table
Signed-off-by: degrigis <degrigis@gmail.com>
* return when checksec is not available and added decorator OnlyWhenRunning
Signed-off-by: degrigis <degrigis@gmail.com>
* removed duplicated code for pie and not pie binaries
Signed-off-by: degrigis <degrigis@gmail.com>
* inserted support function to get checksec output and performed all requirements check initially
Signed-off-by: degrigis <degrigis@gmail.com>
* corrected typo
Signed-off-by: degrigis <degrigis@gmail.com>
* reorganized the command got splitting the code in library routines and moved the checksec internal function in a separate module
Signed-off-by: degrigis <degrigis@gmail.com>
* handled exception directly inside functions and enhanced code
Signed-off-by: degrigis <degrigis@gmail.com>
* extracted only column in readelf output and enhanced exception handling
Signed-off-by: degrigis <degrigis@gmail.com>
* fix exception handling returning subprocess error
Signed-off-by: degrigis <degrigis@gmail.com>
* removed unused import and reordered
Signed-off-by: degrigis <degrigis@gmail.com>
* reordered imports
Signed-off-by: degrigis <degrigis@gmail.com>
* added wrappers module and refactored some code
Signed-off-by: degrigis <degrigis@gmail.com>
* removed not useful comment
Signed-off-by: degrigis <degrigis@gmail.com>
* removed unused import
Signed-off-by: degrigis <degrigis@gmail.com>
* moved comments in docstring
Signed-off-by: degrigis <degrigis@gmail.com>
* refactored code to use partial functions, simplified code
Signed-off-by: degrigis <degrigis@gmail.com>
* simplified a loc
Signed-off-by: degrigis <degrigis@gmail.com>
* capslock char fixed
Signed-off-by: degrigis <degrigis@gmail.com>
* removed unuseful pwndbg.arch.ptrsize check
Signed-off-by: degrigis <degrigis@gmail.com>
* Clean up some unnecessary closures in pwndbg.commands
* A bit of cleanup, and a change to split_args
* Move SystemExit except block
* Actually fix command crashes
* A bit of docs
* Attempt to make exception handling a little bit better
* More better errors
* Fix docs
* Simplify command exception debugging and make stdio work correctly
* Make isort happy
* Reorganize exception handler, add default case
* Fix print statement
* Attempt to use ipdb where available
* Sort requirements and add ipdb
* Only use pwndbg.stdio in the exception handler
* Documentation, hook pdb.set_trace()
* Do not require ipdb
* Remove import loop, fix accidental call, set python print-stack
* Use the correct values for print-stack
* Use pdb.Pdb for better set_trace()
* support for multiple arenas
* move get_bounds to get_region and use Page class
* refactor == to is
* add docstring to `arenas`
* refactor get_region a little bit
* heap: gdb.value doesn't have .get
* heap: give `arenas` some colors
* heap: `Page` expects `int`s
* Fix start, entry commands without file loaded in gdb
Both `entry` and `start` commands fails when there is no file loaded in gdb:
```
$ gdb -q
Loaded 106 commands. Type pwndbg [filter] for a list.
pwndbg> entry
Traceback (most recent call last):
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 57, in __call__
return self.function(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/commands/start.py", line 67, in entry
gdb.execute(run, from_tty=False)
gdb.error: No executable file specified.
Use the "file" or "exec-file" command.
```
The patch fixes those issues by introducing `pwndbg.commands.OnlyWithFile` decorator.
* Use pwndbg.commands.OnlyWithFile in rop* commands
* Use pwndbg.commands.OnlyWithFile in elf*, *plt commands
Also refactored the file a bit.
* Use pwndbg.commands.OnlyWithFile in r2 command
* Use pwndbg.commands.OnlyWithFile in errno command
* Use pwndbg.commands.OnlyWithFile in checksec command
* Remove redundant file check in elf.py
* Make save_ida command available only with ida
When there is no file and ida an excetion is thrown:
```
pwndbg> save_ida
Traceback (most recent call last):
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 57, in init_ida_rpc_client
_ida.here()
File "/usr/lib/python3.6/xmlrpc/client.py", line 1112, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1452, in __request
verbose=self.__verbose
File "/usr/lib/python3.6/xmlrpc/client.py", line 1154, in request
return self.single_request(host, handler, request_body, verbose)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1166, in single_request
http_conn = self.send_request(host, handler, request_body, verbose)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1279, in send_request
self.send_content(connection, request_body)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1309, in send_content
connection.endheaders(request_body)
File "/usr/lib/python3.6/http/client.py", line 1234, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.6/http/client.py", line 1026, in _send_output
self.send(msg)
File "/usr/lib/python3.6/http/client.py", line 964, in send
self.connect()
File "/usr/lib/python3.6/http/client.py", line 936, in connect
(self.host,self.port), self.timeout, self.source_address)
File "/usr/lib/python3.6/socket.py", line 704, in create_connection
for res in getaddrinfo(host, port, 0, SOCK_STREAM):
File "/usr/lib/python3.6/socket.py", line 743, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
OSError: Int or String expected
```
Because of recent changes, the IDA synchronization fails on marshalling a xint instance:
```
$ gdb -q ./babyuse
Pwndbg successfully connected to Ida Pro xmlrpc: http://127.0.0.1:8888
Loaded 108 commands. Type pwndbg [filter] for a list.
Reading symbols from ./babyuse...(no debugging symbols found)...done.
pwndbg> entry
Temporary breakpoint 1 at 0x56555ca0
Exception during func=pwndbg.ida.Auto_Color_PC (<gdb.BreakpointEvent object at 0x7f1648274468>,)
Traceback (most recent call last):
File "/usr/lib/python3.6/xmlrpc/client.py", line 510, in __dump
f = self.dispatch[type(value)]
KeyError: <class 'pwndbg.inthook.xint'>
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/dc/installed/pwndbg/pwndbg/events.py", line 122, in caller
func()
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 74, in __call__
return self.fn(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 253, in Auto_Color_PC
SetColor(colored_pc, 0x7f7fff)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 74, in __call__
return self.fn(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 87, in wrapper
return function(l2r(address), *args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 109, in l2r
result = (addr - int(exe.address) + base()) & pwndbg.arch.ptrmask
File "/home/dc/installed/pwndbg/pwndbg/memoize.py", line 47, in __call__
value = self.func(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 131, in base
base = _ida.get_fileregion_offset(segaddr)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1112, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1446, in __request
allow_none=self.__allow_none).encode(self.__encoding, 'xmlcharrefreplace')
File "/usr/lib/python3.6/xmlrpc/client.py", line 971, in dumps
data = m.dumps(params)
File "/usr/lib/python3.6/xmlrpc/client.py", line 502, in dumps
dump(v, write)
File "/usr/lib/python3.6/xmlrpc/client.py", line 520, in __dump
raise TypeError("cannot marshal %s objects" % type(value))
TypeError: cannot marshal <class 'pwndbg.inthook.xint'> objects
Python Exception <class 'TypeError'> cannot marshal <class 'pwndbg.inthook.xint'> objects:
Temporary breakpoint 1, 0x56555ca0 in ?? ()
Exception during func=pwndbg.ida.Auto_Color_PC ()
Traceback (most recent call last):
File "/usr/lib/python3.6/xmlrpc/client.py", line 510, in __dump
f = self.dispatch[type(value)]
KeyError: <class 'pwndbg.inthook.xint'>
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/dc/installed/pwndbg/pwndbg/events.py", line 122, in caller
func()
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 74, in __call__
return self.fn(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 253, in Auto_Color_PC
SetColor(colored_pc, 0x7f7fff)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 74, in __call__
return self.fn(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 87, in wrapper
return function(l2r(address), *args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 109, in l2r
result = (addr - int(exe.address) + base()) & pwndbg.arch.ptrmask
File "/home/dc/installed/pwndbg/pwndbg/memoize.py", line 47, in __call__
value = self.func(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/ida.py", line 131, in base
base = _ida.get_fileregion_offset(segaddr)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1112, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1446, in __request
allow_none=self.__allow_none).encode(self.__encoding, 'xmlcharrefreplace')
File "/usr/lib/python3.6/xmlrpc/client.py", line 971, in dumps
data = m.dumps(params)
File "/usr/lib/python3.6/xmlrpc/client.py", line 502, in dumps
dump(v, write)
File "/usr/lib/python3.6/xmlrpc/client.py", line 520, in __dump
raise TypeError("cannot marshal %s objects" % type(value))
TypeError: cannot marshal <class 'pwndbg.inthook.xint'> objects
Python Exception <class 'TypeError'> cannot marshal <class 'pwndbg.inthook.xint'> objects:
```
This patch fixes bug introduced in https://github.com/pwndbg/pwndbg/pull/222 (also discussed a bit in https://github.com/pwndbg/pwndbg/pull/221).
The bug can be reproduced using such code:
```
pwndbg> py import re; re.DOTALL | re.MULTILINE
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python3.6/enum.py", line 794, in __or__
result = self.__class__(self._value_ | self.__class__(other)._value_)
File "/usr/lib/python3.6/enum.py", line 291, in __call__
return cls.__new__(cls, value)
File "/usr/lib/python3.6/enum.py", line 533, in __new__
return cls._missing_(value)
File "/usr/lib/python3.6/enum.py", line 760, in _missing_
new_member = cls._create_pseudo_member_(value)
File "/usr/lib/python3.6/enum.py", line 786, in _create_pseudo_member_
pseudo_member._name_ = None
AttributeError: 'int' object has no attribute '_name_'
Error while executing Python code.
```
The fix seems to work with Python 2 as well:
http://asciinema.org/a/czopcwobjwt2dk9vzif0zk49u
* Added alernate typeinfo lookup names for D lang (#213)
Names fetched from: https://dlang.org/ctod.html#types
* Remove unused import from typeinfo.py: six
* Enable customizable context display and ordering
* Resolve ambiguity, shorten default;
* Make function names match the configurations
* Use a dictionary mapping to simplify logic
* Put registry at the end of the file
* Add argumets to documentation
* Fix headings to reflect new names
* Use Pip version of Unicorn
* Remove capstone submodule
* Allow installation to the user site-packages for Darwin, since SIP prevents installation to the system site-packages
* Add helper functions and fix Python calls
* Remove duplicated code (rebase issues?)
* add func to compile and load symbols from a file
* break out add_symbol_file, fix ext splitting
* Looks like for 2.7, file.flush invokes the native routine file_flush
which invokes fflush.
file.close invokes the native routine file_close --> close_the_file -->
PyFileObject->f_close --> close(2). There is no call to any flush
routine.
file.__exit__ just invokes the close method on the file object.
According to StackOverflow, file.close() implies file.flush(), but I
don't see any code for it in the cpython source.
Separately, flush() does not guarantee that the data is actually on
disk. That requires calling fsync() or using O_SYNC.
So it appears that the call to f.flush() is both unnecessary and
incorrect.
* We still need to call fsync to actually ensure the data hits the disk.
However, the file descriptor is closed outside of the with block, and we
can't guarantee the buffers are flushed in the with block without
.flush().
* Install GDB before attempting to install Pwndbg
* Bail if GDB is not found
* Revert "Remove --target from setup.sh"
This reverts commit 62b772a3d6.
* Revert "Remove unused variables from setup.sh"
This reverts commit 9042f5f761.
* Remove unused variables from setup.sh
* Ensure that pip is available via ensurepip
* Upgrade pip itself
* There is no ensurepip for Ubuntu installs
* Fix typo, use correct Python
This brings back the functionality to call disasm.one() without
and target address. As a default value the current regs.pc is
selected.
Fix the disasm.near() call to not pass None to disasm.one() when
the backward cache misses, otherwise it wrongly falls back to
the regs.pc value (which near() is not supposed to do in its
context).
* search: fix --word -2 param and allow --short in reflect to --type short
Search failed when using the --word (-2) parameter as 'word' was
not found in the type lookup. Using 'word' instead of 'short' seems
to be the better option as that matches better in this context.
* search: more robust and graceful error messages for invalid input
This makes error messages for wrong input more graceful instead of
dying and printing an ugly full traceback exception.
* harden hexdump and telescope commands against malformed arguments
* only allow retaddr and canary commands when in running mode
* xor: gracefully complain on invalid memory address
* next: check if proc is alive while continuing to avoid exceptions
If the program terminates while we are still looping/continuing for
the according next command, then an internal gdb.error is thrown as
the program is not being run.
We avoid such situations by adding the proc.alive to the looping
conditions.
* memory: force write_memory to be bytes for python2 gdb
* catch general gdb.error instead of specific gdb.MemoryError
This fixes an issue that too many values are printed when using
the second argument B as an address as it was simply subtracted
but in the context of telescope the count means ptrsize values
as its later (correctly) multiplied with ptrsize.
We also use ceil instead of floor division as its a better user
experience to not silently discard a value if the dest is unaligned
like with $sp $sp+1
On top do not allow count to be negative when B is used as actual
count integer rather then an address. When B is an address the
integer value is converted to an unsigned integer, therefor address
that, in binary, would represent an negative signed integer wont
be clamped by the max(count, 1).
It's quite handy to drop into radare2 in the middle of a deep debugging
session to fire up the visual mode and examine the current location in
gdb using the ascii graph view (or something else) in radare2.
This will result in an internal exception and make pwndbg stop
searching. Just avoid and exit this search block if the current
search length equals zero.
Levente Polyak
Disconnect3d
Zach Riggle
pyllyukko
Zach Riggle
degrigis
Maciej Kotowicz
Roman
cloud
nilch