* Make chain.get() to check vmmap first in bare metal mode
Make chain.get() limit to de-reference within the known page in
bare metal mode.
Since the address are all valid when mmu is not enable and all
the value are valid physical address. It will be de-referenced
even these addresses are not used and actually, it is data in
the most of case. Ex. 0x1 often means the value 1, not the
address 0x1.
Also, for issue #371, some addresses may be the MMIO registers.
The read operation on these address will break the state.
It is better to limit the de-reference address range. This patch
will also fix it, hopefully.
* Add custom vmmap add/del API in vmmap.py
In some cases, ex. bare metal, the pages information can not be
detected automatically. Also, the most of pwndbg feature rely on
page information such as highlighting.
User may want to create page information manually and maintain it
by himself.
This commit add python APIs to manually add/del page information
and they are isolated.
* Fix stack page detection in bare metal mode
We can not detect the stack page size in bare metal mode by
1. finding the ELF location after the stack page
2. page fault
A simple workaround is returning the current $sp page
and assume it is the stack page.
* Add vmmap control command to add/del customized vmmap
In some cases, ex. bare metal, the pages information can not be
detected automatically. Also, the most of pwndbg feature rely on
page information such as highlighting.
User may want to create page information manually and maintain it
by himself.
I add few commands to make user can add/del pages and load page
information from ELF sections.
* Fix the command amount for auto test to pass CI
* Add warning message
* Fix descriptions
* Fix cache issue and use bisect in insert API
* Keep LinuxOnly in find_elf_magic
* remove XXX
This allows to use args section via the context-sections config
setting (default off).
Additionally introduce a nearpc-show-args config value making it
possible to disable showing it trice while using the args section.
Fixes the problem that can be observed below:
```
pwndbg> py import re; flags = 1 | re.MULTILINE
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python3.6/enum.py", line 798, in __or__
result = self.__class__(self._value_ | self.__class__(other)._value_)
File "/usr/lib/python3.6/enum.py", line 291, in __call__
return cls.__new__(cls, value)
File "/usr/lib/python3.6/enum.py", line 533, in __new__
return cls._missing_(value)
File "/usr/lib/python3.6/enum.py", line 762, in _missing_
new_member = cls._create_pseudo_member_(value)
File "/usr/lib/python3.6/enum.py", line 788, in _create_pseudo_member_
pseudo_member._name_ = None
AttributeError: 'int' object has no attribute '_name_'
```
* theme: make everything themable by avoiding explicite colors
This makes it posssible to theme everything logically grouped by
message types. This will also make it easier for future features
to keep a consistent way of coloring plus make every non-specific
coloring themeable automatically.
Direct explicit usage of colors should be avoided in future commits.
* theme: make banner fully customizable including positions
Since the python2 use `from __future__ import unicode_literals`, so the string literals will be `unicode` type in python2.
Use `six.string_types` in `isinstance()` instead of using `str` type.
* Fixes `u` command `module object is not callable` (#310)
pwndbg> u 0x404030
'u': Starting at the specified address, disassemble
N instructions (default 5).
Traceback (most recent call last):
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 99, in __call__
return self.function(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 191, in _OnlyWhenRunning
return function(*a, **kw)
File "/home/dc/installed/pwndbg/pwndbg/commands/windbg.py", line 292, in u
pwndbg.commands.nearpc(where, n)
TypeError: 'module' object is not callable
* Fix malloc chunk names (#318)
* heap: respect rename of malloc_chunk fields
newer glibc uses different names for the fields of malloc_chunk
* move value_from_type to typeinfo and rename to read_gdbvalue
* add comment about renaming of `[prev_]size`
* Workaround for gdb remote target search bug described in #321 (#322)
* Fixes issue when we try to display context while selected thread is running #299 (#331)
* Fix tag_release (#348)
* Fix "dt" offsets which are sometimes floating-point (#355)
* Fixes#362 - broken entry command (#363)
* Fix upper_stack_boundary not working introduced in 31f468e
The `upper_stack_boundary` we returned wasn't matching the one from `vmmap`.
Previously we determined upper address by having a memory read failure.
Recent changes made it so we got a `None` instead of the address in such situation.
This adds a parameter to `find_elf_magic` which lets us get a result when gdb.MemoryError occurs.
* Small refactor: add missing newlines
Adds `$rebase(offset)` gdbfunction that can be used to set up a breakpoint
over an offset from program image base.
Also changed a bit the pwndbg banner displayed at startup.
* Add dereference-limit and heap-dereference-limit parameters
This allows setting the number of pointers dereferenced during 'telescope'
and in the register context. Separately, the number of heap bins which
are dereferenced can be set.
* Cast LIMIT to an integer, and address off-by-one
This commit adds a `xinfo` command that calculates the offset of a
specified address to other interesting locations within the address
space:
* In the most general case, simply the offset of the pointer into the
current mapping is displayed.
* If the address specified is a stack adress, the offsets to the top and
the bottom of the stack, as well as to the current stack pointer,
frame pointer and stack canary are displayed.
* If the address points into a memory mapped file, the command
additionally shows the offset to the beginning of the file in memory and
on disk.
* Add elf.find_elf_magic() and remove duplicate code
* Add pwndbg.abi.LinuxOnly decorator
* Support bare metal environment
Use @pwndbg.abi.LinuxOnly and pwndbg.abi.linux to disable
several util functions which search the memory to find
the AUXV, the ELF header, or the page bound.
* Fixes `u` command `module object is not callable` (#310)
pwndbg> u 0x404030
'u': Starting at the specified address, disassemble
N instructions (default 5).
Traceback (most recent call last):
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 99, in __call__
return self.function(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 191, in _OnlyWhenRunning
return function(*a, **kw)
File "/home/dc/installed/pwndbg/pwndbg/commands/windbg.py", line 292, in u
pwndbg.commands.nearpc(where, n)
TypeError: 'module' object is not callable
* Fix malloc chunk names (#318)
* heap: respect rename of malloc_chunk fields
newer glibc uses different names for the fields of malloc_chunk
* move value_from_type to typeinfo and rename to read_gdbvalue
* add comment about renaming of `[prev_]size`
* Workaround for gdb remote target search bug described in #321 (#322)
* Fixes issue when we try to display context while selected thread is running #299 (#331)
* Fix tag_release (#348)
* Fix "dt" offsets which are sometimes floating-point (#355)
* Fixes#362 - broken entry command (#363)
This is a simple typo, but the error message that GDB gave was interesting:
Previously, if you stopped on an instruction that does an indirect jump, like
this:
```
jmp [ecx*4 + 0xdeadbeef]
```
then pwndbg would the following exception:
```
gdb.error: evaluation of this expression requires the program to have a function "malloc".
```
The reason is that the code used `memory_sz` and passed that to gdb.Value, thus
creating a string value. When casting the string to a pointer later, GDB tries
to allocate a string in the inferior which failed since malloc is not available.
The fix is, of course, to use the correct function (`memory`) that returns an
int and not a string.
* Fix hard error when something else (not IDA) listens on IDA's port
The default IDA port is 8888 and it can happen that some other program (such as
a jupyter notebook) is listening on that address. This made pwndbg unusable,
because it would crash trying to connect to IDA.
* add timeout to ida connect
* Fix withHexrays decorator not returning wrapper function
* IDA xmlrpc: add cfuncptr_t marshaller & better errors
* IDA xmlrpc server: add shutdown() which can be used for dev
* Small refactor of context.py
* Fix context Hexrays decompiled code display
* Added --all flag to dumpargs command
This gives possibility to dump all register argument even
if we failed to resolve arguments from metadatas.
* Display info when dumpargs not resolved call args
* Dumpargs: changed --all to --force
* Revert telescope changes as it fails when we are not on call instruction.
* Fix isort
* Fix malloc chunk names (#318)
* heap: respect rename of malloc_chunk fields
newer glibc uses different names for the fields of malloc_chunk
* move value_from_type to typeinfo and rename to read_gdbvalue
* add comment about renaming of `[prev_]size`
* Workaround for gdb remote target search bug described in #321 (#322)
Canary command:
* Displays telescope result of places where canaries are located
* Moved to its own file (`pwndbg/commands/canary.py`)
* Moved to `ArgparsedCommand` (as discussed in https://github.com/pwndbg/pwndbg/issues/244)
* added command got to display status of the got table
Signed-off-by: degrigis <degrigis@gmail.com>
* return when checksec is not available and added decorator OnlyWhenRunning
Signed-off-by: degrigis <degrigis@gmail.com>
* removed duplicated code for pie and not pie binaries
Signed-off-by: degrigis <degrigis@gmail.com>
* inserted support function to get checksec output and performed all requirements check initially
Signed-off-by: degrigis <degrigis@gmail.com>
* corrected typo
Signed-off-by: degrigis <degrigis@gmail.com>
* reorganized the command got splitting the code in library routines and moved the checksec internal function in a separate module
Signed-off-by: degrigis <degrigis@gmail.com>
* handled exception directly inside functions and enhanced code
Signed-off-by: degrigis <degrigis@gmail.com>
* extracted only column in readelf output and enhanced exception handling
Signed-off-by: degrigis <degrigis@gmail.com>
* fix exception handling returning subprocess error
Signed-off-by: degrigis <degrigis@gmail.com>
* removed unused import and reordered
Signed-off-by: degrigis <degrigis@gmail.com>
* reordered imports
Signed-off-by: degrigis <degrigis@gmail.com>
* added wrappers module and refactored some code
Signed-off-by: degrigis <degrigis@gmail.com>
* removed not useful comment
Signed-off-by: degrigis <degrigis@gmail.com>
* removed unused import
Signed-off-by: degrigis <degrigis@gmail.com>
* moved comments in docstring
Signed-off-by: degrigis <degrigis@gmail.com>
* refactored code to use partial functions, simplified code
Signed-off-by: degrigis <degrigis@gmail.com>
* simplified a loc
Signed-off-by: degrigis <degrigis@gmail.com>
* capslock char fixed
Signed-off-by: degrigis <degrigis@gmail.com>
* removed unuseful pwndbg.arch.ptrsize check
Signed-off-by: degrigis <degrigis@gmail.com>
* refactored code and added the new module wrapper that contains every new wrapper module
Signed-off-by: degrigis <degrigis@gmail.com>
* used class style decorator for wrapper and improved code style
Signed-off-by: degrigis <degrigis@gmail.com>
* changed return with print for errors
Signed-off-by: degrigis <degrigis@gmail.com>
* removed prints debug and statically linked check moved at the top of the got function
Signed-off-by: degrigis <degrigis@gmail.com>
* refactored OnlyWithCommand decorator
Signed-off-by: degrigis <degrigis@gmail.com>
* wrappers are OnlyWithFile now
Signed-off-by: degrigis <degrigis@gmail.com>
* redirected stderr to stdout in subprocess.check_output and memoized the wrappers for readelf/file/checksec
Signed-off-by: degrigis <degrigis@gmail.com>
* reordered an import
Signed-off-by: degrigis <degrigis@gmail.com>
* removed pdb
Signed-off-by: degrigis <degrigis@gmail.com>
* fixed format string and removed desc from got command
Signed-off-by: degrigis <degrigis@gmail.com>
* consolidated decorators
Signed-off-by: degrigis <degrigis@gmail.com>
* merging
Signed-off-by: degrigis <degrigis@gmail.com>
* reordered import for travis
Signed-off-by: degrigis <degrigis@gmail.com>
* refactored some code
Signed-off-by: degrigis <degrigis@gmail.com>
* resolve travis complains
Signed-off-by: degrigis <degrigis@gmail.com>
* docstring for _extract_jumps
Signed-off-by: degrigis <degrigis@gmail.com>
* fixed isort
Signed-off-by: degrigis <degrigis@gmail.com>
* f*** isort
Signed-off-by: degrigis <degrigis@gmail.com>
pwndbg> u 0x404030
'u': Starting at the specified address, disassemble
N instructions (default 5).
Traceback (most recent call last):
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 99, in __call__
return self.function(*args, **kwargs)
File "/home/dc/installed/pwndbg/pwndbg/commands/__init__.py", line 191, in _OnlyWhenRunning
return function(*a, **kw)
File "/home/dc/installed/pwndbg/pwndbg/commands/windbg.py", line 292, in u
pwndbg.commands.nearpc(where, n)
TypeError: 'module' object is not callable
Meng-Huan Yu
Levente Polyak
Disconnect3d
Alexandro Sanchez
Bjoern Kerler
Zach Riggle
Julian Kirsch
Devin Neal
Zach Riggle
KillPinguin
Benno Fünfstück
Jonny Balls
Aaron Sedlacek
degrigis