dereference: add option to use reference address for offset calculati…

…on (#676)
hugsy · Jul 22, 2021 · 57d8450 · 57d8450
1 parent 1e52006
commit 57d8450
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 10 deletions.
diff --git a/docs/commands/dereference.md b/docs/commands/dereference.md
@@ -7,9 +7,10 @@ actually points to.
 It is a useful convienence function to spare to process of manually tracking
 values with successive `x/x` in GDB.
 
-`dereference` takes two optional arguments, an address (or symbol or register, etc)
-to dereference (by default, `$sp`) and the number of consecutive addresses to
-dereference (by default, `10`):
+`dereference` takes three optional arguments, a start address (or symbol or
+register, etc) to dereference (by default, `$sp`), the number of consecutive
+addresses to dereference (by default, `10`) and the base location for offset
+calculation (by default the same as the start address):
 
 ```
 gef➤  dereference
@@ -55,3 +56,17 @@ gef➤  dereference 5
 0x00007fffffffe188│+0x0018: 0x1
 0x00007fffffffe190│+0x0020: 0x0000000000400690  →  push r15        ← $rbp
 ```
+
+It is possible to change the offset calculation to use a different address than
+the start address:
+
+```
+gef➤  dereference $sp l7 r$rbp
+0x00007ffe6ddaa3e0│-0x0030: 0x0000000000000000    ← $rsp
+0x00007ffe6ddaa3e8│-0x0028: 0x0000000000400970  →  <__libc_csu_init+0> push r15
+0x00007ffe6ddaa3f0│-0x0020: 0x0000000000000000
+0x00007ffe6ddaa3f8│-0x0018: 0x00000000004006e0  →  <_start+0> xor ebp, ebp
+0x00007ffe6ddaa400│-0x0010: 0x00007ffe6ddaa500  →  0x0000000000000001
+0x00007ffe6ddaa408│-0x0008: 0xa42456b3ee465800
+0x00007ffe6ddaa410│+0x0000: 0x0000000000000000    ← $rbp
+```
diff --git a/gef.py b/gef.py
@@ -8788,30 +8788,30 @@ class DereferenceCommand(GenericCommand):
     command."""
 
     _cmdline_ = "dereference"
-    _syntax_  = "{:s} [LOCATION] [l[NB]]".format(_cmdline_)
+    _syntax_  = "{:s} [LOCATION] [[l]NB] [rLOCATION]".format(_cmdline_)
     _aliases_ = ["telescope", ]
-    _example_ = "{:s} $sp l20".format(_cmdline_)
+    _example_ = "{:s} $sp l20 r$sp+0x10".format(_cmdline_)
 
     def __init__(self):
         super().__init__(complete=gdb.COMPLETE_LOCATION)
         self.add_setting("max_recursion", 7, "Maximum level of pointer recursion")
         return
 
     @staticmethod
-    def pprint_dereferenced(addr, off):
+    def pprint_dereferenced(addr, idx, base_offset=0):
         base_address_color = get_gef_setting("theme.dereference_base_address")
         registers_color = get_gef_setting("theme.dereference_register_value")
 
         sep = " {:s} ".format(RIGHT_ARROW)
         memalign = current_arch.ptrsize
 
-        offset = off * memalign
+        offset = idx * memalign
         current_address = align_address(addr + offset)
         addrs = dereference_from(current_address)
         l = ""
         addr_l = format_address(int(addrs[0], 16))
-        l += "{:s}{:s}+{:#06x}: {:{ma}s}".format(Color.colorify(addr_l, base_address_color),
-                                                 VERTICAL_LINE, offset,
+        l += "{:s}{:s}{:+#07x}: {:{ma}s}".format(Color.colorify(addr_l, base_address_color),
+                                                 VERTICAL_LINE, base_offset+offset,
                                                  sep.join(addrs[1:]), ma=(memalign*2 + 2))
 
         register_hints = []
@@ -8831,16 +8831,22 @@ def pprint_dereferenced(addr, off):
     @only_if_gdb_running
     def do_invoke(self, argv):
         target = "$sp"
+        reference = ""
         nb = 10
 
         for arg in argv:
             if arg.isdigit():
                 nb = int(arg)
             elif arg[0] in ("l", "L") and arg[1:].isdigit():
                 nb = int(arg[1:])
+            elif arg[0] in ("r", "R") and len(arg) > 1:
+                reference = arg[1:]
             else:
                 target = arg
 
+        if reference == "":
+            reference = target
+
         addr = safe_parse_and_eval(target)
         if addr is None:
             err("Invalid address")
@@ -8851,6 +8857,16 @@ def do_invoke(self, argv):
             err("Unmapped address")
             return
 
+        ref_addr = safe_parse_and_eval(reference)
+        if ref_addr is None:
+            err("Invalid address: '{}'".format(reference))
+            return
+
+        ref_addr = int(ref_addr)
+        if process_lookup_address(ref_addr) is None:
+            err("Unmapped address: '{}'".format(reference))
+            return
+
         if get_gef_setting("context.grow_stack_down") is True:
             from_insnum = nb * (self.repeat_count + 1) - 1
             to_insnum = self.repeat_count * nb - 1
@@ -8861,9 +8877,10 @@ def do_invoke(self, argv):
             insnum_step = 1
 
         start_address = align_address(addr)
+        base_offset = start_address - align_address(ref_addr)
 
         for i in range(from_insnum, to_insnum, insnum_step):
-            gef_print(DereferenceCommand.pprint_dereferenced(start_address, i))
+            gef_print(DereferenceCommand.pprint_dereferenced(start_address, i, base_offset))
 
         return