This issue can be reproduced with the following command:
```
sudo docker run --privileged --rm -it --net host ubuntu bash -c 'apt update && apt install gdbserver && umount /proc && gdbserver 127.0.0.1:1234 /bin/ls'
```
And then attaching to the gdbserver via:
```
gdb --quiet --ex 'target remote :1234'
```
This results in the following errors:
```
pwndbg> set exception-verbose on
Set whether to print a full stacktrace for exceptions raised in Pwndbg commands to True
Traceback (most recent call last):
File "/root/pwndbg/pwndbg/gdblib/events.py", line 164, in caller
func()
File "/root/pwndbg/pwndbg/lib/memoize.py", line 51, in __call__
value = self.func(*args, **kwargs)
File "/root/pwndbg/pwndbg/stack.py", line 78, in update
start, stop - start, 6 if not is_executable() else 7, 0, "[stack]"
File "/root/pwndbg/pwndbg/lib/memoize.py", line 51, in __call__
value = self.func(*args, **kwargs)
File "/root/pwndbg/pwndbg/stack.py", line 127, in is_executable
ehdr = pwndbg.elf.exe()
File "/root/pwndbg/pwndbg/proc.py", line 78, in wrapper
return func(*a, **kw)
File "/root/pwndbg/pwndbg/lib/memoize.py", line 51, in __call__
value = self.func(*args, **kwargs)
File "/root/pwndbg/pwndbg/elf.py", line 181, in exe
e = entry()
File "/root/pwndbg/pwndbg/proc.py", line 78, in wrapper
return func(*a, **kw)
File "/root/pwndbg/pwndbg/lib/memoize.py", line 51, in __call__
value = self.func(*args, **kwargs)
File "/root/pwndbg/pwndbg/elf.py", line 192, in entry
entry = pwndbg.auxv.get().AT_ENTRY
File "/root/pwndbg/pwndbg/lib/memoize.py", line 51, in __call__
value = self.func(*args, **kwargs)
File "/root/pwndbg/pwndbg/auxv.py", line 103, in get
return use_info_auxv() or walk_stack() or AUXV()
File "/root/pwndbg/pwndbg/auxv.py", line 154, in walk_stack
auxv = walk_stack2(0)
File "/root/pwndbg/pwndbg/auxv.py", line 206, in walk_stack2
while p.dereference() != 0 or (p + 1).dereference() != 0:
gdb.MemoryError: Cannot access memory at address 0xffffdff8
```
* Fix plt and gotplt commands
* Add plt gotplt commands tests
* Fix got and plt commands and test them
* Revert accidental change
* Extend system path
* Hopefully fix PATH problems once and for all?
* fix import
* remove redundant part
Rizin is a fork of Radare2 with almost near perfect command compatibility with r2. Any r2 related plugins need to be replaced with their rz counter parts. Solves #1566
Before this fix, when we compiled a 32-bit prgoram a 'Bad register' bug
would show up on `fsbase` and `gsbase` commands.
Also, those commands weren't protected to not be executed on another
archs, which this commit fixes.
Additionally, this commit introduces 4 tests:
```
test_commands_segments[gsbase-gosample.x64] PASSED
test_commands_segments[gsbase-gosample.x86] PASSED
test_commands_segments[fsbase-gosample.x64] PASSED
test_commands_segments[fsbase-gosample.x86] PASSED
```
Two of those tests, the ones with x86 binaries, applied without other changes would fail.
* gdbinit.py: fix message when locales are wrong
Apparently the suggested solution is not great:
```
nix@33843c903468:~$ locale -a
C
C.UTF-8
POSIX
en_US.utf8
nix@33843c903468:~$ LC_ALL=en_US.UTF-8 PYTHONIOENCODING=UTF-8 pwndbg
/nix/store/qqa28hmysc23yy081d178jfd9a1yk8aw-bash-5.2-p15/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
******
Your encoding (ANSI_X3.4-1968) is different than UTF-8. pwndbg might not work properly.
You might try launching gdb with:
LC_ALL=en_US.UTF-8 PYTHONIOENCODING=UTF-8 gdb
Make sure that en_US.UTF-8 is activated in /etc/locale.gen and you called locale-gen
******
pwndbg: loaded 164 pwndbg commands and 42 shell commands. Type pwndbg [--shell | --all] [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
Traceback (most recent call last):
File "/nix/store/x2yncb885vd33dgigwfwc6qamjxs4d7h-pwndbg-2022.12.19/share/pwndbg/gdbinit.py", line 84, in <module>
import pwndbg # noqa: F401
File "/nix/store/x2yncb885vd33dgigwfwc6qamjxs4d7h-pwndbg-2022.12.19/share/pwndbg/pwndbg/__init__.py", line 113, in <module>
config_mod.init_params()
File "/nix/store/x2yncb885vd33dgigwfwc6qamjxs4d7h-pwndbg-2022.12.19/share/pwndbg/pwndbg/gdblib/config.py", line 114, in init_params
Parameter(p)
File "/nix/store/x2yncb885vd33dgigwfwc6qamjxs4d7h-pwndbg-2022.12.19/share/pwndbg/pwndbg/gdblib/config.py", line 46, in __init__
self.value = param.value
UnicodeEncodeError: 'ascii' codec can't encode characters in position 0-1: ordinal not in range(128)
------- tip of the day (disable with set show-tips off) -------
Use the procinfo command for better process introspection (than the GDB's info proc command)
pwndbg>
quit
nix@33843c903468:~$ LC_ALL=C.UTF-8 PYTHONIOENCODING=UTF-8 pwndbg
pwndbg: loaded 164 pwndbg commands and 42 shell commands. Type pwndbg [--shell | --all] [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
------- tip of the day (disable with set show-tips off) -------
Want to display each context panel in a separate tmux window? See https://github.com/pwndbg/pwndbg/blob/dev/FEATURES.md#splitting--layouting-context
pwndbg>
quit
nix@33843c903468:~$ LC_ALL=C.UTF-8 pwndbg
pwndbg: loaded 164 pwndbg commands and 42 shell commands. Type pwndbg [--shell | --all] [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
------- tip of the day (disable with set show-tips off) -------
Use the telescope command to dereference a given address/pointer multiple times (if the dereferenced value is a valid ptr; see config telescope to configure its behavior)
pwndbg>
quit
```
* fix lint
* Enhance the checks before accessing the memory
- Use `pwndbg.gdblib.memory.peek()` instead of `pwndbg.gdblib.vmmap.find()` to check if the address is valid
- Directly access the memory when searching the `main_arena` in memory and catch the exception
* Make finding `main_arena` in memory more efficient and reliable
We only try the address that is aligned to `pwndbg.gdblib.arch.ptrsize`
* Avoid unnecessary memory accessing if possible
- Before we used `pwndbg.gdblib.memory.peek()` to check if an address is readable for GDB, we used `pwndbg.gdblib.vmmap.find()` to make sure that this address is in one of the pages, since accessing memory for embedded targets might be slow and expensive
- Create a new function: `is_readable_address` for `pwndbg.gdblib.memory`
* Fix wrong test for `main_arena`
The heap object should be reset before testing the multi-threaded condition
* Add the test to make sure the heap heuristics won't be affected by the vmmap result
Previously, we used `pwndbg.gdblib.vmmap.find()` to check whether the address is valid or not, but this might be a false positive for the address in the `[vsyscall]` page or in the page with a range from 0~0xffffffffffffffff (e.g. qemu-user).
This commit aims to include this scenario during the tests, to make sure the heap heuristics won't be affected by this.
* Use `gdb.MemoryError` instead of `Exception`
* Fix#1534: disable emulation if mmap(1G,RWX) fails
TL:DR: Unicorn Engine aborts if mmap(1G, RWX) fails, so we are doing a
best effort check if we can do such allocation before using it for the
first time and if we can't, we disable it.
* add mmap.close() call
* Fix vermin lint
* Update pwndbg/commands/context.py
* Refactor TLS module
- Replace unreliable `__errno_location()` trick with `pthread_self()` to acquire TLS address
- Consolidate heap heuristics checks about TLS within the `pwndbg.gdblib.tls` module for better organization
* Bug fix for the `errno` command
Calling `__errno_location()` without locking the scheduler can cause another thread to inadvertently continue execution
* Refactor code about heap heuristics of thread-local variables
- Replace some checks with some functions in `pwndbg.gdblib.tls`
- Try to find tcache with `mp_.sbrk_base + 0x10` if the target is single-threaded
* Add tests for heap heuristics with multi-threaded
* Refacotr scheduler-locking related functions
- Move these functions into `pwndbg.gdblib.scheduler`
- Fetch the parameter value once (https://github.com/pwndbg/pwndbg/pull/1536#discussion_r1082549746)
* Avoid bug caused by GLIBC_TUNABLES
See https://github.com/pwndbg/pwndbg/pull/1536#discussion_r1083202815
* Add note about `set scheduler-locking on`
* Add comment for `lock_scheduler`
Co-authored-by: Disconnect3d <dominik.b.czarnota@gmail.com>
* Update DEVELOPING.md
Co-authored-by: Disconnect3d <dominik.b.czarnota@gmail.com>
Disconnect3d
lebr0nli
Maria
Gulshan Singh