lyc
/
pwndbg
mirror of https://github.com/pwndbg/pwndbg.git
1
0
Fork 0
Code Releases Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
286 Commits
8 Branches
26 Tags
285 MiB
 
 
 
 
 
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '969b3c4a39'
${ noResults }
Go to file
Zach Riggle 969b3c4a39
Fix disassembly of calls/jmps and add docs for context 		10 years ago
caps Mo caps 11 years ago
capstone@4d36deb1b6 Update installation instructions 10 years ago
pwndbg Fix disassembly of calls/jmps and add docs for context 10 years ago
unicorn@4b3bbe4759 Update installation instructions 10 years ago
.gitignore lots of WIP stuff 11 years ago
.gitmodules Update installation instructions 10 years ago
.sublime-settings Add sublime-settings [skip ci] 10 years ago
LICENSE.md license 11 years ago
README.md Update installation instructions 10 years ago
gdbinit.py Add print_function to everything 10 years ago
ida_script.py Add print_function to everything 10 years ago
requirements.txt Update requirements 10 years ago
setup.sh Documentation and minor additions for setup.sh 10 years ago

README.md

BETA SOFTWARE

This is barely a beta. There are currently no versioned releases, only master. I push to master with impunity. There are no tests. If anything works at all, consider yourself lucky.

Feature contributions and bugfixes are both very welcome :)

pwndbg

A PEDA replacement. In the spirit of our good friend windbg, pwndbg is pronounced pwnd-bag.

  • Speed
  • Resiliency
  • Clean code

Best supported on Ubuntu 14.04 with default gdb or gdb-multiarch (e.g. with Python3).

Installation

git clone https://github.com/zachriggle/pwndbg
cd pwndbg
./setup.sh

Features

Does most things that PEDA does. Doesn't do things that PEDA does that pwntools or binjitsu (my fork of pwntools) do better.

Also has a basic windbg compat layer for e.g. dd, eb, da, dps. Now you can even eb eip 90!

For most standard function calls, it knows how many arguments there are and can print out the function call args.

Screenshots

Here's a few screenshots of some of the cool things pwndbg does.

e
Function arguments

f
Conditional jump evaluation and jump following

g
More dump following

h
RET following, useful for ROP

Here's a screenshot of pwndbg working on an aarch64 binary running under qemu-user.

a

Here's a screenshot of PEDA. That it's aarch64 doesn't matter -- it chokes in the same way for everything qemu-user.

c

And here's a screenshot of GDB's built-in commands failing horribly. Note that while, yes, it gives output -- the addresses it does give are all wrong, and are just file offsets.

c