Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[cmd] Add support for flags specifying filters type in vmmap, and allow multiple filters #1120

Merged
merged 20 commits into from
Oct 24, 2024
Merged
Show file tree
Hide file tree
Changes from 15 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 15 additions & 5 deletions docs/commands/vmmap.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,23 @@ differs from one architecture to another (this is one of the main reasons I star
place). For example, you can learn that ELF running on SPARC architectures always have their `.data`
and `heap` sections set as Read/Write/Execute.

`vmmap` accepts one argument, either a pattern to match again mapping names, or an address to
determine which section it belongs to.
`vmmap` can accept multiple arguments, either patterns to match again mapping names, or addresses
to determine which section it belongs to:

![vmmap-grep](https://i.imgur.com/ZFF4QVf.png)
1. `-a` / `--addr`:
- filter by address -> parses the next argument as an integer or asks gdb to interpret the value
2. `-n` / `--name`:
- filter based on section name
3. If nothing is specified, it prints a warning and guesses the type

![vmmap-address](https://i.imgur.com/hfcs1jH.png)
![vmmap-grep](https://github.com/hugsy/gef/assets/11377623/a3dbaa3e-88b0-407f-a0dd-07e65c4a3f73)

![vmmap-address](https://github.com/hugsy/gef/assets/11377623/4dffe491-f927-4f03-b842-4d941140e66c)

The address can be also be given in the form of a register or variable.

![vmmap-register](https://i.imgur.com/RlZA6NU.png)
![vmmap-register](https://github.com/hugsy/gef/assets/11377623/aed7ecdc-7ad9-4ba5-ae03-329e66432731)

And you can do all of them in one command 🙂

![vmmap-all-in-one](https://github.com/hugsy/gef/assets/11377623/b043f61b-48b3-4316-9f84-eb83822149ac)
56 changes: 44 additions & 12 deletions gef.py
Original file line number Diff line number Diff line change
Expand Up @@ -8893,12 +8893,35 @@ class VMMapCommand(GenericCommand):
_example_ = f"{_cmdline_} libc"

@only_if_gdb_running
def do_invoke(self, argv: List[str]) -> None:
@parse_arguments({"unknown_types": [""]}, {("--addr", "-a"): [""], ("--name", "-n"): [""]})
def do_invoke(self, _: List[str], **kwargs: Any) -> None:
args : argparse.Namespace = kwargs["arguments"]
vmmap = gef.memory.maps
if not vmmap:
err("No address mapping information found")
return

addrs: Dict[str, int] = {x: parse_address(x) for x in args.addr}
ValekoZ marked this conversation as resolved.
Show resolved Hide resolved
names: List[str] = [x for x in args.name]

for arg in args.unknown_types:
if not arg:
ValekoZ marked this conversation as resolved.
Show resolved Hide resolved
continue

if self.is_integer(arg):
addr = int(arg, 0)
else:
addr = safe_parse_and_eval(arg)

if addr is None:
names.append(arg)
warn(f"`{arg}` has no type specified. We guessed it was a name filter.")
else:
addrs[arg] = int(addr)
warn(f"`{arg}` has no type specified. We guessed it was an address filter.")
warn("You can use --name or --addr before the filter value for specifying its type manually.")
gef_print()
Grazfather marked this conversation as resolved.
Show resolved Hide resolved

if not gef.config["gef.disable_color"]:
self.show_legend()

Expand All @@ -8907,22 +8930,31 @@ def do_invoke(self, argv: List[str]) -> None:
headers = ["Start", "End", "Offset", "Perm", "Path"]
gef_print(Color.colorify("{:<{w}s}{:<{w}s}{:<{w}s}{:<4s} {:s}".format(*headers, w=gef.arch.ptrsize*2+3), color))

last_printed_filter = None

for entry in vmmap:
if not argv:
names_filter = [f"name = '{x}'" for x in names if x in entry.path]
addrs_filter = [f"addr = {self.format_addr_filter(arg, addr)}" for arg, addr in addrs.items()
if entry.page_start <= addr < entry.page_end]
filters = names_filter + addrs_filter
filter_content = f"[{' & '.join(filters)}]"
ValekoZ marked this conversation as resolved.
Show resolved Hide resolved

if len(names) + len(addrs) == 0:
self.print_entry(entry)
ValekoZ marked this conversation as resolved.
Show resolved Hide resolved
continue
if argv[0] in entry.path:

elif any(filters):
if filter_content != last_printed_filter:
gef_print() # skip a line between different filters
gef_print(Color.greenify(filter_content))
last_printed_filter = filter_content
self.print_entry(entry)
elif self.is_integer(argv[0]):
addr = int(argv[0], 0)
if addr >= entry.page_start and addr < entry.page_end:
self.print_entry(entry)
else:
addr = safe_parse_and_eval(argv[0])
if addr is not None and addr >= entry.page_start and addr < entry.page_end:
self.print_entry(entry)

gef_print()
return

def format_addr_filter(self, arg: str, addr: int):
return f"`{arg}`" if self.is_integer(arg) else f"`{arg}` ({addr:#x})"

def print_entry(self, entry: Section) -> None:
line_color = ""
if entry.path == "[stack]":
Expand Down
30 changes: 27 additions & 3 deletions tests/commands/vmmap.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,34 @@ def test_cmd_vmmap(self):
)
gdb.execute("start")
res = gdb.execute("vmmap", to_string=True)
self.assertGreater(len(res.splitlines()), 1)
self.assertEqual(len(res.splitlines()), 23)

res = gdb.execute("vmmap stack", to_string=True)
self.assertGreater(len(res.splitlines()), 1)
assert "`stack` has no type specified. We guessed it was a name filter." in res
self.assertEqual(len(res.splitlines()), 9)

res = gdb.execute("vmmap $pc", to_string=True)
self.assertEqual(len(res.splitlines()), 2)
assert "`$pc` has no type specified. We guessed it was an address filter." in res
self.assertEqual(len(res.splitlines()), 8)
ValekoZ marked this conversation as resolved.
Show resolved Hide resolved

def test_cmd_vmmap_addr(self):
gef, gdb = self._gef, self._gdb
gdb.execute("start")

pc = gef.arch.register("pc")

res = gdb.execute(f"vmmap -a {pc:#x}", to_string=True)
self.assertEqual(len(res.splitlines()), 5)

res = gdb.execute("vmmap --addr $pc", to_string=True)
self.assertEqual(len(res.splitlines()), 5)

def test_cmd_vmmap_name(self):
gdb = self._gdb
gdb.execute("start")

res = gdb.execute("vmmap -n stack", to_string=True)
self.assertEqual(len(res.splitlines()), 5)

res = gdb.execute("vmmap --name stack", to_string=True)
self.assertEqual(len(res.splitlines()), 5)
Loading