def context(subcontext=None):
"""
Print out the current register, instruction, and stack context.
Accepts subcommands 'reg', 'disasm', 'code', 'stack', 'backtrace', and 'args'.
"""
if subcontext is None:
subcontext = []
args = subcontext
if len(args) == 0:
args = config_context_sections.split()
args = [a[0] for a in args]
result = [M.legend()] if args else []
for arg in args:
func = context_sections.get(arg, None)
if func:
result.extend(func())
if len(result) > 0:
result.append(pwndbg.ui.banner(""))
result.extend(context_signal())
with output() as out:
if config_clear_screen:
clear_screen(out)
for line in result:
out.write(line + '\n')
out.flush()
def context(*args):
"""
Print out the current register, instruction, and stack context.
Accepts subcommands 'reg', 'code', 'stack', 'backtrace', and 'args'.
"""
if len(args) == 0:
args = ['reg','code','stack','backtrace','args']
args = [a[0] for a in args]
result = []
result.append(M.legend())
if 'r' in args: result.extend(context_regs())
if 'c' in args: result.extend(context_code())
if 'c' in args: result.extend(context_source())
if 'a' in args: result.extend(context_args())
if 's' in args: result.extend(context_stack())
if 'b' in args: result.extend(context_backtrace())
result.extend(context_signal())
for line in result:
sys.stdout.write(line + '\n')
sys.stdout.flush()
def context(*args):
"""
Print out the current register, instruction, and stack context.
Accepts subcommands 'reg', 'disasm', 'code', 'stack', 'backtrace', and 'args'.
"""
if len(args) == 0:
args = config_context_sections.split()
args = [a[0] for a in args]
result = [M.legend()] if args else []
for arg in args:
func = context_sections.get(arg, None)
if func:
result.extend(func())
result.extend(context_signal())
if config_clear_screen:
clear_screen()
for line in result:
sys.stdout.write(line + '\n')
sys.stdout.flush()
def vmmap(gdbval_or_str=None, writable=False, executable=False):
pages = pwndbg.vmmap.get()
if gdbval_or_str:
pages = list(filter(pages_filter(gdbval_or_str), pages))
if not pages:
print("There are no mappings for specified address or module.")
return
print(M.legend())
if len(pages) == 1 and isinstance(gdbval_or_str, integer_types):
page = pages[0]
print(
M.get(page.vaddr,
text=str(page) + " +0x%x" %
(int(gdbval_or_str) - page.vaddr)))
else:
for page in pages:
if (executable and not page.execute) or (writable
and not page.write):
continue
print(M.get(page.vaddr, text=str(page)))
if pwndbg.qemu.is_qemu():
print(
"\n[QEMU target detected - vmmap result might not be accurate; see `help vmmap`]"
)
def context(*args):
"""
Print out the current register, instruction, and stack context.
Accepts subcommands 'reg', 'disasm', 'code', 'stack', 'backtrace', and 'args'.
"""
if len(args) == 0:
args = config_context_sections.split()
args = [a[0] for a in args]
result = [M.legend()] if args else []
for arg in args:
func = context_sections.get(arg, None)
if func:
result.extend(func())
result.extend(context_signal())
if config_clear_screen:
clear_screen()
for line in result:
sys.stdout.write(line + '\n')
sys.stdout.flush()
def probeleak(address=None, count=0x40, max_distance=0x0):
address = int(address)
address &= pwndbg.arch.ptrmask
ptrsize = pwndbg.arch.ptrsize
count = max(int(count), ptrsize)
off_zeros = int(math.ceil(math.log(count, 2) / 4))
if count > address > 0x10000: # in case someone puts in an end address and not a count (smh)
print(
message.warn(
"Warning: you gave an end address, not a count. Substracting 0x%x from the count."
% (address)))
count -= address
try:
data = pwndbg.memory.read(address, count, partial=True)
except gdb.error as e:
print(message.error(str(e)))
return
if not data:
print(
message.error(
"Couldn't read memory at 0x%x. See 'probeleak -h' for the usage."
% (address, )))
return
found = False
for i in range(0, len(data) - ptrsize + 1):
p = pwndbg.arch.unpack(data[i:i + ptrsize])
page = find_module(p, max_distance)
if page:
if not found:
print(M.legend())
found = True
mod_name = page.objfile
if not mod_name:
mod_name = '[anon]'
if p >= page.end:
right_text = '(%s) %s + 0x%x + 0x%x (outside of the page)' % (
page.permstr, mod_name, page.memsz, p - page.end)
elif p < page.start:
right_text = '(%s) %s - 0x%x (outside of the page)' % (
page.permstr, mod_name, page.start - p)
else:
right_text = '(%s) %s + 0x%x' % (page.permstr, mod_name,
p - page.start)
offset_text = '0x%0*x' % (off_zeros, i)
p_text = '0x%0*x' % (int(ptrsize * 2), p)
print('%s: %s = %s' % (offset_text, M.get(
p, text=p_text), M.get(p, text=right_text)))
if not found:
print(
message.hint('No leaks found at 0x%x-0x%x :(' %
(address, address + count)))
def vmmap(pages_filter=None):
pages = list(filter(pages_filter, pwndbg.vmmap.get()))
if not pages:
print('There are no mappings for specified address or module.')
return
print(M.legend())
for page in pages:
print(M.get(page.vaddr, text=str(page)))
def minfo(address=None):
pages = pwndbg.vmmap.get()
prev_end = 0
print(M.legend())
for page in pages:
if prev_end < page.vaddr:
print(short_page_str(pwndbg.memory.Page(prev_end, page.vaddr - prev_end, 0, 0, '(empty)')))
prev_end = page.vaddr + page.memsz
print(M.get(page.vaddr, text=short_page_str(page)))
def context(subcontext=None):
"""
Print out the current register, instruction, and stack context.
Accepts subcommands 'reg', 'disasm', 'code', 'stack', 'backtrace', and 'args'.
"""
if subcontext is None:
subcontext = []
args = subcontext
if len(args) == 0:
args = config_context_sections.split()
args = [a[0] for a in args]
splited_config_outputs = {
'r' : config_output_regs,
'd' : config_output_disasm,
'a' : config_output_args,
'c' : config_output_code,
's' : config_output_stack,
'b' : config_output_backtrace
}
splited_output_queue = {}
tmp_args = args.copy()
for tmp_arg in tmp_args:
if splited_config_outputs[tmp_arg] != 'nosplit':
func = context_sections.get(tmp_arg, None)
if func:
tty_key = str(splited_config_outputs[tmp_arg])
if tty_key not in splited_output_queue:
splited_output_queue[tty_key] = []
splited_output_queue[tty_key].extend(func())
args.remove(tmp_arg)
result = [M.legend()] if args else []
for arg in args:
func = context_sections.get(arg, None)
if func:
result.extend(func())
current_tty = os.ttyname(1)
if current_tty in splited_output_queue:
result.extend(splited_output_queue[current_tty])
del splited_output_queue[current_tty]
if len(result) > 0:
result.append(pwndbg.ui.banner(""))
result.extend(context_signal())
show_context(config_output, result)
for tty, content in splited_output_queue.items():
show_context(tty, content)
def probeleak(address=None, count=0x40, max_distance=0x0):
address = int(address)
address &= pwndbg.arch.ptrmask
ptrsize = pwndbg.arch.ptrsize
count = max(int(count), ptrsize)
off_zeros = int(math.ceil(math.log(count,2)/4))
if count > address > 0x10000: # in case someone puts in an end address and not a count (smh)
print(message.warn("Warning: you gave an end address, not a count. Substracting 0x%x from the count." % (address)))
count -= address
try:
data = pwndbg.memory.read(address, count, partial=True)
except gdb.error as e:
print(message.error(str(e)))
return
if not data:
print(message.error("Couldn't read memory at 0x%x. See 'probeleak -h' for the usage." % (address,)))
return
found = False
for i in range(0, len(data) - ptrsize + 1):
p = pwndbg.arch.unpack(data[i:i+ptrsize])
page = find_module(p, max_distance)
if page:
if not found:
print(M.legend())
found = True
mod_name = page.objfile
if not mod_name:
mod_name = '[anon]'
if p >= page.end:
right_text = '(%s) %s + 0x%x + 0x%x (outside of the page)' % (page.permstr, mod_name, page.memsz, p - page.end)
elif p < page.start:
right_text = '(%s) %s - 0x%x (outside of the page)' % (page.permstr, mod_name, page.start - p)
else:
right_text = '(%s) %s + 0x%x' % (page.permstr, mod_name, p - page.start)
offset_text = '0x%0*x' % (off_zeros, i)
p_text = '0x%0*x' % (int(ptrsize*2), p)
text = '%s: %s = %s' % (offset_text, M.get(p, text=p_text), M.get(p, text=right_text))
symbol = pwndbg.symbol.get(p)
if symbol:
text += ' (%s)' % symbol
print(text)
if not found:
print(message.hint('No leaks found at 0x%x-0x%x :(' % (address, address+count)))
def context(subcontext=None):
"""
Print out the current register, instruction, and stack context.
Accepts subcommands 'reg', 'disasm', 'code', 'stack', 'backtrace', and 'args'.
"""
if subcontext is None:
subcontext = []
args = subcontext
# print('########debug##############')
# print(args)
if len(args) == 0:
args = config_context_sections.split()
sections = [("legend",
lambda target=None, **kwargs: [M.legend()])] if args else []
sections += [(arg, context_sections.get(arg[0], None)) for arg in args]
# print(sections)
result = defaultdict(list)
result_settings = defaultdict(dict)
for section, func in sections:
if func:
target = output(section)
# Last section of an output decides about output settings
settings = output_settings.get(section, {})
result_settings[target].update(settings)
with target as out:
result[target].extend(
func(target=out,
width=settings.get("width", None),
with_banner=settings.get("banner_top", True)))
for target, res in result.items():
settings = result_settings[target]
if len(res) > 0 and settings.get("banner_bottom", True):
with target as out:
res.append(
pwndbg.ui.banner("",
target=out,
width=settings.get("width", None)))
for target, lines in result.items():
with target as out:
if result_settings[target].get("clearing",
config_clear_screen) and lines:
clear_screen(out)
out.write("\n".join(lines))
if out is sys.stdout:
out.write('\n')
out.flush()
def vmmap(pages_filter=None):
pages = list(filter(pages_filter, pwndbg.vmmap.get()))
if not pages:
print('There are no mappings for specified address or module.')
return
print(M.legend())
for page in pages:
print(M.get(page.vaddr, text=str(page)))
if pwndbg.qemu.is_qemu():
print("\n[QEMU target detected - vmmap result might not be accurate; see `help vmmap`]")
def locate(address=0x0):
if address == 0x0:
print("Invalid argument provided. Please give a valid address such as 0x")
return
pages = list(filter(None, pwndbg.vmmap.get()))
print(M.legend())
for page in pages:
if address >= page.vaddr and address <= page.vaddr + page.memsz:
texta = str(page) + " + " + hex(int(address-page.vaddr))
print(M.get(page.vaddr, text=texta))
if pwndbg.qemu.is_qemu():
print("\n[QEMU target detected - locate result might not be accurate; see `help vmmap`]")
def probeleak(address=None, count=0x40):
address = int(address)
address &= pwndbg.arch.ptrmask
count = max(int(count), 0)
ptrsize = pwndbg.arch.ptrsize
off_zeros = int(math.ceil(math.log(count,2)/4))
if count > address > 0x10000: # in case someone puts in an end address and not a count (smh)
count -= address
if count % ptrsize > 0:
newcount = count - (count % ptrsize)
print(message.warning("Warning: count 0x%x is not a multiple of 0x%x; truncating to 0x%x." % (count, ptrsize, newcount)))
count = newcount
try:
data = pwndbg.memory.read(address, count, partial=True)
except gdb.error as e:
print(message.error(str(e)))
return
if not data:
print(message.error("Couldn't read memory at 0x%x" % (address,)))
return
found = False
for i in range(0, count, ptrsize):
p = pwndbg.arch.unpack(data[i:i+ptrsize])
page = find_module(p)
if page:
if not found:
print(M.legend())
found = True
mod_name = page.objfile
if not mod_name:
mod_name = '[anon]'
fmt = '+0x{offset:0{n1}x}: 0x{ptr:0{n2}x} = {page}'
right_text = ('(%s) %s + 0x%x') % (page.permstr, mod_name, p - page.vaddr + page.offset)
print(fmt.format(n1=off_zeros, n2=ptrsize*2, offset=i, ptr=p, page=M.get(p, text=right_text)))
if not found:
print(message.hint('No leaks found at 0x{:x}-0x{:x} :('.format(address, address+count)))
def vmmap(map=None):
"""
Print the virtal memory map, or the specific mapping for the
provided address / module name.
"""
int_map = None
str_map = None
if isinstance(map, six.string_types):
str_map = map
elif isinstance(map, six.integer_types + (gdb.Value, )):
int_map = int(map)
print(M.legend())
for page in pwndbg.vmmap.get():
if str_map and str_map not in page.objfile:
continue
if int_map and int_map not in page:
continue
print(M.get(page.vaddr, text=str(page)))
def vmmap(map=None):
"""
Print the virtal memory map, or the specific mapping for the
provided address / module name.
"""
int_map = None
str_map = None
if isinstance(map, six.string_types):
str_map = map
elif isinstance(map, six.integer_types + (gdb.Value,)):
int_map = int(map)
print(M.legend())
for page in pwndbg.vmmap.get():
if str_map and str_map not in page.objfile:
continue
if int_map and int_map not in page:
continue
print(M.get(page.vaddr, text=str(page)))
