develop my own gdb4pwn
Clone or download
Pull request Compare This branch is 40 commits ahead, 9 commits behind scwuaptx:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
angelheap
pwndbg
.gdbinit
.gitignore Initial commit Feb 26, 2016
LICENSE
README.md
install.sh
pwngdb.py

README.md

Pwngdb

Develop my own GDB for pwn.

Install

$ wget -q -O- https://raw.githubusercontent.com/bash-c/Pwngdb/master/install.sh | sh

install

If you dont want to use gdb-peda , you can modify the gdbinit to remove it.

I prefer pwndbg so I modified the .gdbinit to using pwndbg.

Heapinfo

If you want to use the feature of heapinfo and tracemalloc , you need to install libc debug file (libc6-dbg & libc6-dbg:i386 for debian package)

Features from Pwngdb

  • canary: Print the canary of using function
  • ld : Print the base address of ld
  • at : Attach by process name
  • libcbase : Print the base address of libc
  • codebase : Print the base of code segment
  • heapbase : Print the base of heap
  • dyn : Print the Dynamic section infomation
  • findcall : Find some function call
  • bcall : Set the breakpoint at some function call
  • tls : Print the thread local storage address
  • findsyscall : Find the syscall
  • fmtarg : Calculate the index of format string
    • You need to stop on printf which has vulnerability.
  • force : Calculate the nb in the house of force.
  • heapinfo : Print some infomation of heap
    • heapinfo (Address of arena)
    • default is the arena of current thread
    • If tcache is enable, it would show infomation of tcache entry
  • heapinfoall : Print some infomation of heap (all threads)
  • arenainfo : Print some infomation of all arena
  • chunkinfo: Print the infomation of chunk
    • chunkinfo (Address of victim)
  • chunkptr : Print the infomation of chunk
    • chunkptr (Address of user ptr)
  • mergeinfo : Print the infomation of merge
    • mergeinfo (Address of victim)
  • printfastbin : Print some infomation of fastbin
  • tracemalloc on : Trace the malloc and free and detect some error .
    • You need to run the process first than tracemalloc on, it will record all of the malloc and free.
    • You can set the DEBUG in pwngdb.py , than it will print all of the malloc and free infomation such as the screeshot.
  • parseheap : Parse heap layout
  • magic : Print useful variable and function in glibc
  • fp : show FILE structure
    • fp (Address of FILE)
  • fpchain: show linked list of FILE
  • orange : Test house of orange condition in the _IO_flush_lockp
    • orange (Address of FILE)
    • glibc version <= 2.23

Features from pwndbg

  • got : Print the Global Offset Table infomation
  • fake_fastbin_all : find all the fake fastbin of a given address
  • bpie: set breakpoint when PIE enabled. eg: bpie 0x980

Screenshot

  • Chunkinfo

chunkinfo

  • Mergeinfo

chunkinfo

  • Heapinfo

heapinfo

  • Heapinfoall

heapinfoall

  • parseheap

parseheap

  • tracemalloc

trace

  • magic magic