def str_chunk_size_flag(self):
msg = []
msg.append("PREV_INUSE flag: {}".format(
Color.greenify("On") if self.has_p_bit() else Color.redify("Off")))
msg.append("IS_MMAPPED flag: {}".format(
Color.greenify("On") if self.has_m_bit() else Color.redify("Off")))
msg.append("NON_MAIN_ARENA flag: {}".format(
Color.greenify("On") if self.has_n_bit() else Color.redify("Off")))
return "\n".join(msg)
def __init__(self,
alias,
command,
completer_class=gdb.COMPLETE_NONE,
command_class=gdb.COMMAND_NONE):
p = command.split()
if not p:
return None
if list(filter(lambda x: x._alias == alias, __aliases__)):
return None
self._command = command
self._alias = alias
c = command.split()[0]
r = self.lookup_command(c)
self.__doc__ = "Alias for '{}'".format(Color.greenify(command))
if r is not None:
_instance = r[2]
self.__doc__ += ": {}".format(_instance.__doc__)
if hasattr(_instance, "complete"):
self.complete = _instance.complete
super(SelfAlias, self).__init__(alias,
command_class,
completer_class=completer_class)
sys.modules[__name__].__aliases__.append(self)
return None
def load(self, initial=False):
"""Load all the commands and functions defined by PWNGEF into GDB."""
nb_missing = 0
self.commands = [(x._cmdline_, x)
for x in pwngef.commands.__commands__]
# load all of the functions
for function_class_name in pwngef.functions.__functions__:
self.loaded_functions.append(function_class_name())
def is_loaded(x):
return any(filter(lambda u: x == u[0], self.loaded_commands))
for cmd, class_name in self.commands:
if is_loaded(cmd):
continue
try:
self.loaded_commands.append((cmd, class_name, class_name()))
if hasattr(class_name, "_aliases_"):
aliases = getattr(class_name, "_aliases_")
for alias in aliases:
SelfAlias(alias, cmd)
except Exception as reason:
self.missing_commands[cmd] = reason
nb_missing += 1
# sort by command name
self.loaded_commands = sorted(self.loaded_commands,
key=lambda x: x[1]._cmdline_)
if initial:
print(
"{:s} for {:s} ready, type `{:s}' to start, `{:s}' to configure"
.format(Color.greenify("PWNGEF"), get_os(),
Color.colorify("self", "underline yellow"),
Color.colorify("self config", "underline pink")))
ver = "{:d}.{:d}".format(sys.version_info.major,
sys.version_info.minor)
nb_cmds = len(self.loaded_commands)
print("{:s} commands loaded for GDB {:s} using Python engine {:s}".
format(Color.colorify(nb_cmds, "bold green"),
Color.colorify(gdb.VERSION, "bold yellow"),
Color.colorify(ver, "bold red")))
if nb_missing:
message.warn(
"{:s} command{} could not be loaded, run `{:s}` to know why."
.format(Color.colorify(nb_missing, "bold red"),
"s" if nb_missing > 1 else "",
Color.colorify("self missing", "underline pink")))
return None
def context_trace(self):
self.context_title("trace")
nb_backtrace = self.get_setting("nb_lines_backtrace")
if nb_backtrace <= 0:
return None
orig_frame = current_frame = gdb.selected_frame()
i = 0
# backward compat for gdb (gdb < 7.10)
if not hasattr(gdb, "FrameDecorator"):
gdb.execute("backtrace {:d}".format(nb_backtrace))
return None
while current_frame:
current_frame.select()
if not current_frame.is_valid():
continue
pc = current_frame.pc()
name = current_frame.name()
items = []
items.append("{:#x}".format(pc))
if name:
frame_args = gdb.FrameDecorator.FrameDecorator(
current_frame).frame_args() or []
m = "{}({})".format(
Color.greenify(name), ", ".join([
"{}={!s}".format(Color.yellowify(x.sym),
x.sym.value(current_frame))
for x in frame_args
]))
items.append(m)
else:
try:
insn = next(disass.gef_disassemble(pc, 1))
except gdb.MemoryError:
break
items.append(
Color.redify("{} {}".format(insn.mnemonic,
", ".join(insn.operands))))
print("[{}] {}".format(
Color.colorify("#{}".format(i), "bold pink"),
config_arrow_right.join(items)))
current_frame = current_frame.older()
i += 1
nb_backtrace -= 1
if nb_backtrace == 0:
break
orig_frame.select()
return None
def do_invoke(self, argv):
if not argv:
# heap_section = [x for x in get_process_maps() if x.path == "[heap]"]
heap_section = None
if not heap_section:
message.error("No heap section")
return None
heap_section = heap_section[0].page_start
else:
heap_section = int(argv[0], 0)
class arena:
pass
# arena = get_main_arena()
# if arena is None:
# message.error("No valid arena")
# return None
arena.top = 0xFFFFFFFF
nb = self.get_setting("peek_nb_byte")
current_chunk = GlibcChunk(heap_section, from_base=True)
chain_arrow_left = pwngef.config.get('chain_arrow_left')
while True:
if current_chunk.chunk_base_address == arena.top:
print("{} {} {}".format(str(current_chunk), chain_arrow_left,
Color.greenify("top chunk")))
break
if current_chunk.chunk_base_address > arena.top:
break
if current_chunk.size == 0:
# EOF
break
line = str(current_chunk)
if nb:
hex_data = pwngef.memory.read(current_chunk.address,
nb,
partial=True)
for ln in pwngef.hexdump.hexdump(
hex_data, address=current_chunk.address):
line += '\n [%s]' % ln
print(line)
next_chunk = current_chunk.get_next_chunk()
if next_chunk is None:
break
next_chunk_addr = pwngef.memory.peek(next_chunk.address)
if next_chunk_addr is None:
# corrupted
break
current_chunk = next_chunk
return None
def add_command_to_doc(self, command):
"""Add command to PWNGEF documentation."""
cmd, class_name, _ = command
if " " in cmd:
# do not print subcommands in gef help
return None
doc = getattr(class_name, "__doc__", "").lstrip()
doc = "\n ".join(doc.split("\n"))
aliases = " (alias: {:s})".format(", ".join(
class_name._aliases_)) if hasattr(class_name, "_aliases_") else ""
msg = "{cmd:<25s} -- {help:s}{aliases:s}".format(
cmd=cmd, help=Color.greenify(doc), aliases=aliases)
self.docs.append(msg)
return None
