pwndbg 2019.12.09 releases: Exploit Development and Reverse Engineering with GDB

pwndbg (/poʊndbæg/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.

Pwndbg has a lot of useful features. You can a list of all available commands at any time by typing the pwndbgcommand. Here’s a small subset which is easy to capture in screenshots.

Arguments

All function call sites are annotated with the arguments to those functions. This works best with debugging symbols, but also works in the most common case where an imported function (e.g. libc function via GOT or PLT) is used.

Context

A useful summary of the current execution context is printed every time GDB stops (e.g. breakpoint or single-step), displaying all registers, the stack, call frames, disassembly, and additionally recursively dereferencing all pointers. All memory addresses are color-coded to the type of memory they represent.

Disassembly

Pwndbg uses Capstone Engine to display disassembled instructions, but also leverages its introspection into the instruction to extract memory targets and condition codes.

All absolute jumps are folded away, only displaying relevant instructions.

Additionally, if the current instruction is conditional, Pwndbg displays whether or not it is evaluated with a green check or a red X, and folds away instructions as necessary.

Emulation

Pwndbg leverages Unicorn Engine in order to only show instructions which will actually be emulated. At each debugger stop (e.g. breakpoint or single-step) the next few instructions are silently emulated, and only instructions which will actually be executed are displayed.

This is incredibly useful when stepping through jump tables, PLT entries, and even while ROPping!

Heap Inspection

Pwndbg enables introspection of the glibc allocator, ptmalloc2, via a handful of introspection functions.

IDA Pro Integration

Pwndbg flips traditional IDA Pro integration on its head. Rather than sticking code inside of IDA that you need to interact with, by installing a small XMLRPC server inside of IDA, Pwndbg has full access to everything IDA knows.

This allows extraction of comments, decompiled lines of source, breakpoints, and synchronized debugging (single-steps update the cursor in IDA).

More…

Changelog 2019.12.09

This release brings some bugfixes (also related to IDA Pro sync), enhancements to commands and some other enhancements.

What is new

• Added vmmap QEMU kernel support for x86/x64/risc-v by parsing memory info mem (#685, #687)
• Allowed hexdump by module name, like vmmap (#683)
• Added initial support for ARM Cortex-M baremetal debugging (#264)
• Better support for go binaries (#649, #652)
• The vis_heap_chunk command got improved (#625)
• Added leakfind command (#608, #620)
• Added xuntil command (#604, #648)
• Added option to redirect context output to other tty or files – simply set set context-output /dev/pts/x (#610)
• Enhance remote QEMU targets debugging experience (#603)
• Added ctx alias for the context command (#656)
• Added __read_chk, __fread_chk and __pread_chk to recognized functions (#536)
• Improved UX of dumpargs command (#631)

Fixes

• Fixed #681 (#693)
• Fixed top_chunk and vis_heap_chunks command (#691)
• Fixed install’s apt-get from blocking at setup time (#680)
• Fixed #674 by adding gdb-gdbserver dependency (#676)
• Fixed #532 by clearing internal temp bp on exit (#642)
• Heap commands are now invoked only with libc debug symbols (#635)
• Added mkdocs documentation (#639)
• Fixed source code display (#638)
• Fixed #636 – bug with regs display on other frames (#637)
• Added a workaround for GDB bug described in #632 (#633)
• The pseudocode context display retrieved from IDA Pro Hex-Rays decompilation now shows only the related code (#630)
• Fix the decompile function for IDA Pro 7.2 during IDA Pro sync (#629)
• Fixed a bug when IDA Pro window was activated/focused when jumping during IDA Pro sync (#628)
• Use ArgparsedCommand for everything (#622)
• Fixed #623, a bug where pwndbg.proc.exe returned wrong path (#624)
• Allowed ArgparsedCommand to have aliases (#621)
• Fixed base for got on pie binaries (#618)
• Fixed #609 by updating types on new_objfile event (#616)
• Fixed #538 – breakrva on symlink targets (#539)
• Change StopIteration to return (#613)
• Fixed linetable.line.pc negative address when debug kernel (#605)
• Added install instructions for Manjaro in setup.sh (#606)
• IDA Pro sync RPC will try to auto-connect when ida-enabled parameter is enabled (#597)
• Fixed bug in heap command (#571)
• Fixed syntax hightlighting cache bug (#594)

Installation

git clone https://github.com/pwndbg/pwndbg
cd pwndbg
./setup.sh

Copyright (c) 2015 Zach Riggle

Source: https://github.com/pwndbg/