You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It looks like pwngdb is yet-another-gdbinit-for-reversing-and-exploit development. They've got a lot of features that we should borrow, which would make good starting points for first-time contributors.
NOTE: pwngdb does not have a MIT-compatible license, so these would need to be clean-room implementations.
Here's a list of the features they claim, some of which we might already have but could implement as aliases:
libc : Print the base address of libc
ld : Print the base address of ld
codebase : Print the base of code segment
heap : Print the base of heap
got : Print the Global Offset Table infomation
dyn : Print the Dynamic section infomation
findcall : Find some function call
bcall : Set the breakpoint at some function call
tls : Print the thread local storage address
at : Attach by process name
findsyscall : Find the syscall
fmtarg : Calculate the index of format string
You need to stop on printf which has vulnerability.
force : Calculate the nb in the house of force.
heapinfo : Print some infomation of heap
heapinfo (Address of arena)
default is the arena of current thread
If tcache is enable, it would show infomation of tcache entry
heapinfoall : Print some infomation of heap (all threads)
arenainfo : Print some infomation of all arena
chunkinfo: Print the infomation of chunk
chunkinfo (Address of victim)
chunkptr : Print the infomation of chunk
chunkptr (Address of user ptr)
mergeinfo : Print the infomation of merge
mergeinfo (Address of victim)
printfastbin : Print some infomation of fastbin
tracemalloc on : Trace the malloc and free and detect some error .
You need to run the process first than tracemalloc on, it will record all of the malloc and free.
You can set the DEBUG in pwngdb.py , than it will print all of the malloc and free infomation such as the screeshot.
parseheap : Parse heap layout
magic : Print useful variable and function in glibc
fp : show FILE structure
fp (Address of FILE)
fpchain: show linked list of FILE
orange : Test house of orange condition in the _IO_flush_lockp
orange (Address of FILE)
glibc version <= 2.23
The text was updated successfully, but these errors were encountered:
It looks like
pwngdb
is yet-another-gdbinit-for-reversing-and-exploit development. They've got a lot of features that we should borrow, which would make good starting points for first-time contributors.NOTE:
pwngdb
does not have a MIT-compatible license, so these would need to be clean-room implementations.Here's a list of the features they claim, some of which we might already have but could implement as aliases:
libc
: Print the base address of libcld
: Print the base address of ldcodebase
: Print the base of code segmentheap
: Print the base of heapgot
: Print the Global Offset Table infomationdyn
: Print the Dynamic section infomationfindcall
: Find some function callbcall
: Set the breakpoint at some function calltls
: Print the thread local storage addressat
: Attach by process namefindsyscall
: Find the syscallfmtarg
: Calculate the index of format stringforce
: Calculate the nb in the house of force.heapinfo
: Print some infomation of heapheapinfoall
: Print some infomation of heap (all threads)arenainfo
: Print some infomation of all arenachunkinfo
: Print the infomation of chunkchunkptr
: Print the infomation of chunkmergeinfo
: Print the infomation of mergeprintfastbin
: Print some infomation of fastbintracemalloc on
: Trace the malloc and free and detect some error .tracemalloc on
, it will record all of the malloc and free.DEBUG
in pwngdb.py , than it will print all of the malloc and free infomation such as the screeshot.parseheap
: Parse heap layoutmagic
: Print useful variable and function in glibcfp
: show FILE structurefpchain
: show linked list of FILEorange
: Testhouse of orange
condition in the_IO_flush_lockp
The text was updated successfully, but these errors were encountered: