Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Borrow Features from pwngdb #886

Closed
zachriggle opened this issue Feb 2, 2021 · 2 comments
Closed

Borrow Features from pwngdb #886

zachriggle opened this issue Feb 2, 2021 · 2 comments
Labels
feature For new features

Comments

@zachriggle
Copy link
Contributor

zachriggle commented Feb 2, 2021
edited
Loading

It looks like pwngdb is yet-another-gdbinit-for-reversing-and-exploit development. They've got a lot of features that we should borrow, which would make good starting points for first-time contributors.

NOTE: pwngdb does not have a MIT-compatible license, so these would need to be clean-room implementations.

Here's a list of the features they claim, some of which we might already have but could implement as aliases:

  • libc : Print the base address of libc
  • ld : Print the base address of ld
  • codebase : Print the base of code segment
  • heap : Print the base of heap
  • got : Print the Global Offset Table infomation
  • dyn : Print the Dynamic section infomation
  • findcall : Find some function call
  • bcall : Set the breakpoint at some function call
  • tls : Print the thread local storage address
  • at : Attach by process name
  • findsyscall : Find the syscall
  • fmtarg : Calculate the index of format string
    • You need to stop on printf which has vulnerability.
  • force : Calculate the nb in the house of force.
  • heapinfo : Print some infomation of heap
    • heapinfo (Address of arena)
    • default is the arena of current thread
    • If tcache is enable, it would show infomation of tcache entry
  • heapinfoall : Print some infomation of heap (all threads)
  • arenainfo : Print some infomation of all arena
  • chunkinfo: Print the infomation of chunk
    • chunkinfo (Address of victim)
  • chunkptr : Print the infomation of chunk
    • chunkptr (Address of user ptr)
  • mergeinfo : Print the infomation of merge
    • mergeinfo (Address of victim)
  • printfastbin : Print some infomation of fastbin
  • tracemalloc on : Trace the malloc and free and detect some error .
    • You need to run the process first than tracemalloc on, it will record all of the malloc and free.
    • You can set the DEBUG in pwngdb.py , than it will print all of the malloc and free infomation such as the screeshot.
  • parseheap : Parse heap layout
  • magic : Print useful variable and function in glibc
  • fp : show FILE structure
    • fp (Address of FILE)
  • fpchain: show linked list of FILE
  • orange : Test house of orange condition in the _IO_flush_lockp
    • orange (Address of FILE)
    • glibc version <= 2.23
@zachriggle zachriggle added the feature For new features label Feb 2, 2021
@gsingh93
Copy link
Member

gsingh93 commented Oct 3, 2022

pwngdb is actually using pwndbg under the hood. I've invited the author to upstream this functionality to pwndbg: scwuaptx/Pwngdb#47

@gsingh93
Copy link
Member

gsingh93 commented Oct 3, 2022

Seems like this issue is a dup of #259

@gsingh93 gsingh93 closed this as completed Oct 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature For new features
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zachriggle @gsingh93