def _breakpoint_function_starts_and_calls( bv: BinaryView, dbg: DebugAdapter) -> Tuple[dict, dict]: """Breakpoint functions and callsites, return mappings of addr to func_name.""" call_breakpoints: Dict[str, str] = {} # map callsite addrs to function name function_breakpoints: Dict[str, str] = { } # map function start addrs to function name for func in bv.functions: cur_func = func.name func_start = func.start if func_start in function_breakpoints: old_func = function_breakpoints[func_start] raise Exception('[!] Address 0x%x for %s already start for %s' % (func_start, cur_func, old_func)) function_breakpoints[func_start] = cur_func dbg.breakpoint_set(func_start) for site in func.call_sites: call_addr = site.address if call_addr in call_breakpoints: old_func = call_breakpoints[call_addr] raise Exception( '[!] Address 0x%x in "%s" already found in "%s"' % (call_addr, cur_func, old_func)) call_breakpoints[call_addr] = cur_func if call_addr not in function_breakpoints: dbg.breakpoint_set(call_addr) return function_breakpoints, call_breakpoints
def thread_task(): adapter = DebugAdapter.get_adapter_for_current_system() adapter.setup() adapter.exec(fpath, ['segfault']) # set initial breakpoint entry = confirm_initial_module(adapter) adapter.breakpoint_set(entry) # go to breakpoint (reason, extra) = go_initial(adapter) assert_equality(reason, DebugAdapter.STOP_REASON.BREAKPOINT) # clear, single step a few times adapter.breakpoint_clear(entry) (reason, extra) = adapter.step_into() expect_single_step(reason) (reason, extra) = adapter.step_into() expect_single_step(reason) (reason, extra) = adapter.step_into() expect_single_step(reason) # go until executing done (reason, extra) = adapter.go() assert_equality(reason, DebugAdapter.STOP_REASON.PROCESS_EXITED) adapter.quit() adapter.teardown() adapter = None
def _rebase_if_needed(dbg: DebugAdapter, addr: int) -> int: """Attempt "blind rebase": guessing that if we can't read it, try a rebase.""" try: _ = dbg.mem_read(addr, 1) except DebugAdapter.GeneralError: current_base = dbg.target_base() new_addr = addr + current_base try: _ = dbg.mem_read(new_addr, 1) except DebugAdapter.GeneralError: dbg.quit() raise Exception( '[!] Couldn\'t read or rebase address 0x%x (current base: 0x%x)' % (addr, current_base)) print('[*] Couldn\'t read 0x%x, rebased to 0x%x' % (addr, new_addr)) addr = new_addr return addr
def test_prologue(prog, testtype): fpath = test_prog_to_fpath(prog) print('----------------------------------------------------------------') print('%s test on %s' % (testtype.upper(), fpath)) print('----------------------------------------------------------------') (load_addr, entry_offs) = parse_image(fpath) entry = load_addr + entry_offs print('(file) load addr: 0x%X' % load_addr) print('(file) entry offset: 0x%X' % entry_offs) print('launching') adapter = DebugAdapter.get_adapter_for_current_system() adapter.exec(fpath, '') # learn load address, entrypoint # module2addr = adapter.mem_modules() if not fpath in module2addr: print('module2addr: ', module2addr) print('fpath: ', fpath) assert fpath in module2addr if '_pie' in prog: load_addr = module2addr[fpath] print('pie module, file load 0x%X overridden with 0x%X, new entry 0x%X' % (load_addr, module2addr[fpath], module2addr[fpath]+entry_offs)) entry = load_addr + entry_offs else: print('non-pie module should hold file\'s specified load and entry') print('load_addr: 0x%X' % load_addr) print('module2addr[fpath]: 0x%X' % module2addr[fpath]) assert module2addr[fpath] == load_addr return (adapter, entry)
if not sys.argv[1:]: raise Exception('specify target on command line') arg1 = sys.argv[1] # does it look like <server>:<port> ? if re.match(r'^.*:\d+$', arg1): (host, port) = arg1.split(':') adapter = gdblike.connect_sense(host, int(port)) # otherwise treat as a path else: if '~' in arg1: arg1 = os.expanduser(arg1) arg1 = os.path.abspath(arg1) if not os.path.exists(arg1): raise Exception('file not found: %s' % arg1) adapter = DebugAdapter.get_adapter_for_current_system() adapter.setup() target = arg1 target_args = [''] if '--terminal' in sys.argv[2:]: adapter.exec(arg1, target_args, terminal=True) else: adapter.exec(arg1, target_args) arch = adapter.target_arch() user_goal = 'debug' while user_goal == 'debug': try: text = input('BINJADBG>')
def _get_debug_adapter() -> DebugAdapter.DebugAdapter: """Helper to define type and encapsulate this in case of changes.""" return DebugAdapter.get_adapter_for_current_system()