pwndbg 2022.01.05 releases: Exploit Development and Reverse Engineering with GDB
pwndbg (/poʊndbæg/) is a GDB plug-in that makes debugging with GDB suck less, with a focus on features needed by low-level software developers, hardware hackers, reverse-engineers and exploit developers.
Pwndbg has a lot of useful features. You can a list of all available commands at any time by typing the pwndbg
command. Here’s a small subset which is easy to capture in screenshots.
Arguments
All function call sites are annotated with the arguments to those functions. This works best with debugging symbols, but also works in the most common case where an imported function (e.g. libc function via GOT or PLT) is used.
Context
A useful summary of the current execution context is printed every time GDB stops (e.g. breakpoint or single-step), displaying all registers, the stack, call frames, disassembly, and additionally recursively dereferencing all pointers. All memory addresses are color-coded to the type of memory they represent.
Disassembly
Pwndbg uses Capstone Engine to display disassembled instructions, but also leverages its introspection into the instruction to extract memory targets and condition codes.
All absolute jumps are folded away, only displaying relevant instructions.
Additionally, if the current instruction is conditional, Pwndbg displays whether or not it is evaluated with a green check or a red X, and folds away instructions as necessary.
Emulation
Pwndbg leverages Unicorn Engine in order to only show instructions which will actually be emulated. At each debugger stop (e.g. breakpoint or single-step) the next few instructions are silently emulated, and only instructions which will actually be executed are displayed.
This is incredibly useful when stepping through jump tables, PLT entries, and even while ROPping!
Heap Inspection
Pwndbg enables introspection of the glibc allocator, ptmalloc2, via a handful of introspection functions.
IDA Pro Integration
Pwndbg flips traditional IDA Pro integration on its head. Rather than sticking code inside of IDA that you need to interact with, by installing a small XMLRPC server inside of IDA, Pwndbg has full access to everything IDA knows.
This allows extraction of comments, decompiled lines of source, breakpoints, and synchronized debugging (single-steps update the cursor in IDA).
More…
Changelog 2022.01.05
96d3d5a (HEAD -> dev, tag: 2022.01.05) Set docs version to 2022.01.05
eec6f74 (origin/dev, origin/HEAD) Use `add-symbol-file` correctly.
439b660 added pylintrc file for standarized linting
cddbcb5 Fix search bug in kernel mode
6d2b6c6 .
5a39da7 moved block to source gdbinit
5844257 removed source line
a1c9d09 added little blurb for endeavourOS
0e45524 added command to source gdbinit.py
8b05953 Fixed multiple alignment issues of compact register view
38c38aa Fix typos
2616e70 Updated permissions for Docker container
1cc12ad Added devcontainer configuration for VS Code to directly develop inside Docker container
84e783a Ignore printing vertical tabs in vis_heap_chunks command
d348c74 Update emulator.py
9448cf5 Fix error message on interrupts
5c0627d Update pwndbg/glibc.py
e0e32dc fix ending of chain
bd7c3aa add test for heap bins
94eea64 safe-linking: use __libc_version when debug symbols loaded
09f2cb6 Add safe-linking support
95e3bb0 Fix lint
0ec3180 Hopefully fix windbg commands tests on CI
9636331 CI: show installed packages
1d70e14 Fix #932,#788: fix command parsing
d861d6e Skip attachp tests when cant attach
eee5dbc Remove Py2 class object inheritance
ef86a5c Remove shebang and coding lines
89b2df5 Remove incorrect i386 regs: dil/sil/spl/bpl
9a17798 Speedup emulator by disabling debug formatting when not debugging
270fef3 Remove redundant disasm.is_call function
af41986 Bump capstone to 4.0.2
e239e9c Hopefully fix recursion error
c8c9e3f Add Codecov
9c8df00 Add basic coverage testing
3583b57 fix(tempdir): use safe and unpredictable cachedir location
1c63382 Do not sort auxv, use the implicit order
526b3ea Hopefully fix CI tests
b203d53 SLES/OpenSUSE: enable debugging repo before installing
6fd42dd Add attachp command and tests for it
1e28920 Stop skipping tests
34f9535 Fix isort
4439446 Maintain backward compatibility with Python < 3.10
07b7c75 Migrate to 3.10 compatible abc usage.
b739733 fix typo in dd command
f11afe2 Fix get_highlight_source line splitting
8cc218f Adding p2p command – pointer chain search
a7a554f Add square brackets to vmmap’s anonymous map names
648c7f0 Fix heap unprinted messages
e2c899e Fix isort lint import issues
00e94a9 Fix unprinted ‘Unknown register’ context warning
8975d42 Better pwndbg.commands.OnlyWithFile error for QEMU targets
c294ede pwndbg.file.get_file: better warning message
32cdc10 piebase, breakrva: print error on failures
71291d8 Fix vmmap_load on remote targets
Installation
git clone https://github.com/pwndbg/pwndbg
cd pwndbg
./setup.sh
Copyright (c) 2015 Zach Riggle
Source: https://github.com/pwndbg/