The `pwndbg.gdblib.regs.sp` value is cached and its cache is cleared on a next stop, memory write or register write events.
We keep a dictionary of stacks in Pwndbg, that are updated on each stop by the `stack.update` functionality which reused a cached stack pointer (`gdblib.regs.sp`) value.
As a result, if we had more than one threads, the `pwndbg.gdblib.stacks.stacks` reported the same stack address for all threads and then the `canary` command printed the same addresses N times where N is the number of threads that were running.
This commit fixes this bug by clearing up the registers cache when we switch into a different thread in the loop in the `stacks.update` function.
vmmap would try to add the executable to memory pages if the `info auxv`
command contained an address, but the memory maps would be accessed
recursively when trying to lookup the start of the ELF based on the
given address.
Since qemu doesn't provide memory map info, do a leap of faith and try
if the start of the page of the given address contains the ELF magic
header.
Since the program headers are more likely to be on the same page as the
ELF header than the program entrypoint, try both.
* Optimize vis_heap_chunks command
This commit optimizes the vis_heap_chunks command by:
1) precalculating bin labels instead of computing them on demand for each chunk
2) calling pwndbg.gdblib.memory.read once instead of twice in a hot loop
For `vis 2000` command ran when debugging python3 shell, the first change
cut down the execution time from almost 20s to 5s.
Another benchmark, for both 1) and 2) changes showed 19.28s->4.14s timing.
The benchmark done is included in this commit in
profiling/benchmark_vis_heap_chunks/ so that it can be reproduced e.g.
to optimize the function further or to reproduce my results.
* fix: remove minor bugs and complete address translation
* feat: add 5lvl paging
* feat: add address translation tests
* fix: remove unnecessary comments
* fix: add references for magic values
* fix: add X86_FEATURE_LA57 reference
* fix: move x86 specific functions to x86_64Ops
* fix: extend tests and remove faulty code
* fix: only test address translation for lowmem
* fix: adjust arch_ops test to pytest
* fix: add reference for memory models in linux
* fix: do not memoize staticmethods
* Fix and test ctx disasm when disassembly-flavor changes
* New lib/cache.py: make caching great again
This commit fixes bugs with old caching (memoize.py) and makes it more
readable.
See also https://github.com/pwndbg/pwndbg/issues/1453
* Update pwndbg/lib/cache.py
Co-authored-by: Gulshan Singh <gsingh2011@gmail.com>
* lib.cache: address PR comments and add debug mode
* Fix lint
* Remove leftover memoize usages
* Add cache benchmark
* fix lint
---------
Co-authored-by: Gulshan Singh <gsingh2011@gmail.com>
* ai plugin
* ai plugin ready to ship
* ai plugin ready to use
* textwrap on the ai's answer
* linted ai.py
* relaxed openai version requirement
* added pandas to requirements
* removed dependency on openai module, using requests instead
* removed dependency on openai module, using requests instead
* incorporating suggestions on PR
* added types requests and bumped requests version up to the version i'm using here
* lowering version req on requests for ubuntu 18 compat
* removed some 'if True' kludges that i was using to debug things at one point
* better error handling
* more config parameters for ai
* fixed a few config issues
* fixed bug in gdb list command
* now uses chatgpt's gpt-3.5-turbo model, instead of text-davinci-003, and follows a conversational protocol instead of completion.
* added support for anthropic's claude
* linted
* tidied up main function
Technically Arch Linux ARM is a separate distro from the x86_64 Arch Linux, but it uses pcaman and the same package names. So it installs just fine, just needs to be detected properly.
* feature: Add `killthreads` command (closes#1580)
This command allows the user to quickly kill multiple threads by
specyfying their ids as arguments to this command. It also supports
the `--all` flag, which will kill overy thread except the currently
selected one. This is useful for use with the `checkpoint` command.
The killing is done by calling `pthread_exit(0)`.
* fix: try fixing building test binaries by enabling -lpthread
* fix: remove error message check when calling pthread_exit
Removed the message check, because the error messages difffer between
versions of GDB.
* fix: Improve UX of the killthreads command
Add an extended description of the command, some validation on the thread IDs
and suppress GDB output.
* fix: lint
* fix: put the multiline help text in the correct place
* tests: fix test failing due to a race condition when running in parrallel to other tests
Replaced asserts with loops which wait for a cundition to be met, so that the tests doesn't fail due to scheduling issues.
* tests: add more fixes for race conditions in test_killthreads
* fix: lint
* Update pwndbg/commands/killthreads.py
* tests: Wait for exactly three threads
---------
Co-authored-by: Disconnect3d <dominik.b.czarnota@gmail.com>
* Fixed a crash that caused formatting failure in readlink when qemu returns None as the pid.
* Formated code
* Update pwndbg/arguments.py
* Assign a pid prevent repetitive calls.
* Format it
* remove the warning
* add a comment about the senario that PID is None in qemu
---------
Co-authored-by: Disconnect3d <dominik.b.czarnota@gmail.com>
* Add some basic heap heuristics support for riscv and powerpc
Use the relocation section to find the main_arena address if possible
* Refactor the code we used to get the field offset
* Fix linux_ppc(64)_syscall abi
The system call number is specified in r0.
There is a maximum of 6 integer parameters to a syscall, passed in r3-r8.
* Fix ppc syscall revert r9 back
Co-authored-by: Disconnect3d <dominik.b.czarnota@gmail.com>
* Remove r6/x6 from arm/aarch64 syscall
* Update pwndbg/lib/abi.py
---------
Co-authored-by: Disconnect3d <dominik.b.czarnota@gmail.com>
Disconnect3d
peace-maker
theguy147
Gulshan Singh
MinimalEffort07
AlEscher
Olivia Lucca Fraser
dabrd
Albert Koczy
_|+
CptGibbon
Alex Chen
Alan Li
Squirre17
Xeonacid