def context(subcontext=None): """ Print out the current register, instruction, and stack context. Accepts subcommands 'reg', 'disasm', 'code', 'stack', 'backtrace', and 'args'. """ if subcontext is None: subcontext = [] args = subcontext if len(args) == 0: args = config_context_sections.split() args = [a[0] for a in args] result = [M.legend()] if args else [] for arg in args: func = context_sections.get(arg, None) if func: result.extend(func()) if len(result) > 0: result.append(pwndbg.ui.banner("")) result.extend(context_signal()) with output() as out: if config_clear_screen: clear_screen(out) for line in result: out.write(line + '\n') out.flush()
def context(*args): """ Print out the current register, instruction, and stack context. Accepts subcommands 'reg', 'code', 'stack', 'backtrace', and 'args'. """ if len(args) == 0: args = ['reg','code','stack','backtrace','args'] args = [a[0] for a in args] result = [] result.append(M.legend()) if 'r' in args: result.extend(context_regs()) if 'c' in args: result.extend(context_code()) if 'c' in args: result.extend(context_source()) if 'a' in args: result.extend(context_args()) if 's' in args: result.extend(context_stack()) if 'b' in args: result.extend(context_backtrace()) result.extend(context_signal()) for line in result: sys.stdout.write(line + '\n') sys.stdout.flush()
def context(*args): """ Print out the current register, instruction, and stack context. Accepts subcommands 'reg', 'disasm', 'code', 'stack', 'backtrace', and 'args'. """ if len(args) == 0: args = config_context_sections.split() args = [a[0] for a in args] result = [M.legend()] if args else [] for arg in args: func = context_sections.get(arg, None) if func: result.extend(func()) result.extend(context_signal()) if config_clear_screen: clear_screen() for line in result: sys.stdout.write(line + '\n') sys.stdout.flush()
def vmmap(gdbval_or_str=None, writable=False, executable=False): pages = pwndbg.vmmap.get() if gdbval_or_str: pages = list(filter(pages_filter(gdbval_or_str), pages)) if not pages: print("There are no mappings for specified address or module.") return print(M.legend()) if len(pages) == 1 and isinstance(gdbval_or_str, integer_types): page = pages[0] print( M.get(page.vaddr, text=str(page) + " +0x%x" % (int(gdbval_or_str) - page.vaddr))) else: for page in pages: if (executable and not page.execute) or (writable and not page.write): continue print(M.get(page.vaddr, text=str(page))) if pwndbg.qemu.is_qemu(): print( "\n[QEMU target detected - vmmap result might not be accurate; see `help vmmap`]" )
def probeleak(address=None, count=0x40, max_distance=0x0): address = int(address) address &= pwndbg.arch.ptrmask ptrsize = pwndbg.arch.ptrsize count = max(int(count), ptrsize) off_zeros = int(math.ceil(math.log(count, 2) / 4)) if count > address > 0x10000: # in case someone puts in an end address and not a count (smh) print( message.warn( "Warning: you gave an end address, not a count. Substracting 0x%x from the count." % (address))) count -= address try: data = pwndbg.memory.read(address, count, partial=True) except gdb.error as e: print(message.error(str(e))) return if not data: print( message.error( "Couldn't read memory at 0x%x. See 'probeleak -h' for the usage." % (address, ))) return found = False for i in range(0, len(data) - ptrsize + 1): p = pwndbg.arch.unpack(data[i:i + ptrsize]) page = find_module(p, max_distance) if page: if not found: print(M.legend()) found = True mod_name = page.objfile if not mod_name: mod_name = '[anon]' if p >= page.end: right_text = '(%s) %s + 0x%x + 0x%x (outside of the page)' % ( page.permstr, mod_name, page.memsz, p - page.end) elif p < page.start: right_text = '(%s) %s - 0x%x (outside of the page)' % ( page.permstr, mod_name, page.start - p) else: right_text = '(%s) %s + 0x%x' % (page.permstr, mod_name, p - page.start) offset_text = '0x%0*x' % (off_zeros, i) p_text = '0x%0*x' % (int(ptrsize * 2), p) print('%s: %s = %s' % (offset_text, M.get( p, text=p_text), M.get(p, text=right_text))) if not found: print( message.hint('No leaks found at 0x%x-0x%x :(' % (address, address + count)))
def vmmap(pages_filter=None): pages = list(filter(pages_filter, pwndbg.vmmap.get())) if not pages: print('There are no mappings for specified address or module.') return print(M.legend()) for page in pages: print(M.get(page.vaddr, text=str(page)))
def minfo(address=None): pages = pwndbg.vmmap.get() prev_end = 0 print(M.legend()) for page in pages: if prev_end < page.vaddr: print(short_page_str(pwndbg.memory.Page(prev_end, page.vaddr - prev_end, 0, 0, '(empty)'))) prev_end = page.vaddr + page.memsz print(M.get(page.vaddr, text=short_page_str(page)))
def context(subcontext=None): """ Print out the current register, instruction, and stack context. Accepts subcommands 'reg', 'disasm', 'code', 'stack', 'backtrace', and 'args'. """ if subcontext is None: subcontext = [] args = subcontext if len(args) == 0: args = config_context_sections.split() args = [a[0] for a in args] splited_config_outputs = { 'r' : config_output_regs, 'd' : config_output_disasm, 'a' : config_output_args, 'c' : config_output_code, 's' : config_output_stack, 'b' : config_output_backtrace } splited_output_queue = {} tmp_args = args.copy() for tmp_arg in tmp_args: if splited_config_outputs[tmp_arg] != 'nosplit': func = context_sections.get(tmp_arg, None) if func: tty_key = str(splited_config_outputs[tmp_arg]) if tty_key not in splited_output_queue: splited_output_queue[tty_key] = [] splited_output_queue[tty_key].extend(func()) args.remove(tmp_arg) result = [M.legend()] if args else [] for arg in args: func = context_sections.get(arg, None) if func: result.extend(func()) current_tty = os.ttyname(1) if current_tty in splited_output_queue: result.extend(splited_output_queue[current_tty]) del splited_output_queue[current_tty] if len(result) > 0: result.append(pwndbg.ui.banner("")) result.extend(context_signal()) show_context(config_output, result) for tty, content in splited_output_queue.items(): show_context(tty, content)
def probeleak(address=None, count=0x40, max_distance=0x0): address = int(address) address &= pwndbg.arch.ptrmask ptrsize = pwndbg.arch.ptrsize count = max(int(count), ptrsize) off_zeros = int(math.ceil(math.log(count,2)/4)) if count > address > 0x10000: # in case someone puts in an end address and not a count (smh) print(message.warn("Warning: you gave an end address, not a count. Substracting 0x%x from the count." % (address))) count -= address try: data = pwndbg.memory.read(address, count, partial=True) except gdb.error as e: print(message.error(str(e))) return if not data: print(message.error("Couldn't read memory at 0x%x. See 'probeleak -h' for the usage." % (address,))) return found = False for i in range(0, len(data) - ptrsize + 1): p = pwndbg.arch.unpack(data[i:i+ptrsize]) page = find_module(p, max_distance) if page: if not found: print(M.legend()) found = True mod_name = page.objfile if not mod_name: mod_name = '[anon]' if p >= page.end: right_text = '(%s) %s + 0x%x + 0x%x (outside of the page)' % (page.permstr, mod_name, page.memsz, p - page.end) elif p < page.start: right_text = '(%s) %s - 0x%x (outside of the page)' % (page.permstr, mod_name, page.start - p) else: right_text = '(%s) %s + 0x%x' % (page.permstr, mod_name, p - page.start) offset_text = '0x%0*x' % (off_zeros, i) p_text = '0x%0*x' % (int(ptrsize*2), p) text = '%s: %s = %s' % (offset_text, M.get(p, text=p_text), M.get(p, text=right_text)) symbol = pwndbg.symbol.get(p) if symbol: text += ' (%s)' % symbol print(text) if not found: print(message.hint('No leaks found at 0x%x-0x%x :(' % (address, address+count)))
def context(subcontext=None): """ Print out the current register, instruction, and stack context. Accepts subcommands 'reg', 'disasm', 'code', 'stack', 'backtrace', and 'args'. """ if subcontext is None: subcontext = [] args = subcontext # print('########debug##############') # print(args) if len(args) == 0: args = config_context_sections.split() sections = [("legend", lambda target=None, **kwargs: [M.legend()])] if args else [] sections += [(arg, context_sections.get(arg[0], None)) for arg in args] # print(sections) result = defaultdict(list) result_settings = defaultdict(dict) for section, func in sections: if func: target = output(section) # Last section of an output decides about output settings settings = output_settings.get(section, {}) result_settings[target].update(settings) with target as out: result[target].extend( func(target=out, width=settings.get("width", None), with_banner=settings.get("banner_top", True))) for target, res in result.items(): settings = result_settings[target] if len(res) > 0 and settings.get("banner_bottom", True): with target as out: res.append( pwndbg.ui.banner("", target=out, width=settings.get("width", None))) for target, lines in result.items(): with target as out: if result_settings[target].get("clearing", config_clear_screen) and lines: clear_screen(out) out.write("\n".join(lines)) if out is sys.stdout: out.write('\n') out.flush()
def vmmap(pages_filter=None): pages = list(filter(pages_filter, pwndbg.vmmap.get())) if not pages: print('There are no mappings for specified address or module.') return print(M.legend()) for page in pages: print(M.get(page.vaddr, text=str(page))) if pwndbg.qemu.is_qemu(): print("\n[QEMU target detected - vmmap result might not be accurate; see `help vmmap`]")
def locate(address=0x0): if address == 0x0: print("Invalid argument provided. Please give a valid address such as 0x") return pages = list(filter(None, pwndbg.vmmap.get())) print(M.legend()) for page in pages: if address >= page.vaddr and address <= page.vaddr + page.memsz: texta = str(page) + " + " + hex(int(address-page.vaddr)) print(M.get(page.vaddr, text=texta)) if pwndbg.qemu.is_qemu(): print("\n[QEMU target detected - locate result might not be accurate; see `help vmmap`]")
def probeleak(address=None, count=0x40): address = int(address) address &= pwndbg.arch.ptrmask count = max(int(count), 0) ptrsize = pwndbg.arch.ptrsize off_zeros = int(math.ceil(math.log(count,2)/4)) if count > address > 0x10000: # in case someone puts in an end address and not a count (smh) count -= address if count % ptrsize > 0: newcount = count - (count % ptrsize) print(message.warning("Warning: count 0x%x is not a multiple of 0x%x; truncating to 0x%x." % (count, ptrsize, newcount))) count = newcount try: data = pwndbg.memory.read(address, count, partial=True) except gdb.error as e: print(message.error(str(e))) return if not data: print(message.error("Couldn't read memory at 0x%x" % (address,))) return found = False for i in range(0, count, ptrsize): p = pwndbg.arch.unpack(data[i:i+ptrsize]) page = find_module(p) if page: if not found: print(M.legend()) found = True mod_name = page.objfile if not mod_name: mod_name = '[anon]' fmt = '+0x{offset:0{n1}x}: 0x{ptr:0{n2}x} = {page}' right_text = ('(%s) %s + 0x%x') % (page.permstr, mod_name, p - page.vaddr + page.offset) print(fmt.format(n1=off_zeros, n2=ptrsize*2, offset=i, ptr=p, page=M.get(p, text=right_text))) if not found: print(message.hint('No leaks found at 0x{:x}-0x{:x} :('.format(address, address+count)))
def vmmap(map=None): """ Print the virtal memory map, or the specific mapping for the provided address / module name. """ int_map = None str_map = None if isinstance(map, six.string_types): str_map = map elif isinstance(map, six.integer_types + (gdb.Value, )): int_map = int(map) print(M.legend()) for page in pwndbg.vmmap.get(): if str_map and str_map not in page.objfile: continue if int_map and int_map not in page: continue print(M.get(page.vaddr, text=str(page)))
def vmmap(map=None): """ Print the virtal memory map, or the specific mapping for the provided address / module name. """ int_map = None str_map = None if isinstance(map, six.string_types): str_map = map elif isinstance(map, six.integer_types + (gdb.Value,)): int_map = int(map) print(M.legend()) for page in pwndbg.vmmap.get(): if str_map and str_map not in page.objfile: continue if int_map and int_map not in page: continue print(M.get(page.vaddr, text=str(page)))