[Bug] Darwin: Command 'context' failed to execute properly

[davidhcefx]

GEF+GDB version

GEF: (Standalone)
Blob Hash(/Users/davidhcefx/.gef-2b72f5d0d9f0f218a91cd1ca5148e45923b950d5.py): 8dc57b700e3c1c85822449033a01c94dfae9e4a6
SHA256(/Users/davidhcefx/.gef-2b72f5d0d9f0f218a91cd1ca5148e45923b950d5.py): 63d3e10d38a367c3e4d37de8e0701bcdff2a4e7c9a0a4ec5d83ccb8b2fe6188d
GDB: 12.1
GDB-Python: 3.10

Operating System

Darwin Hus-MacBook-Pro.local 19.6.0 Darwin Kernel Version 19.6.0: Tue Jun 21 21:18:39 PDT 2022; root:xnu-6153.141.66~1/RELEASE_X86_64 x86_64

Describe the issue you encountered

On macOS, context failed to render properly; the registers, stack and code sections are all empty.

$ file a.out
a.out: Mach-O 64-bit executable x86_64
$ gdb a.out
GEF for darwin ready, type `gef' to start, `gef config' to configure
90 commands loaded and 5 functions added for GDB 12.1 in 0.00ms using Python engine 3.10
Reading symbols from a.out...
(No debugging symbols found in a.out)
[*] Not a valid file format: Not a valid ELF file (magic)
gef➤  b main
Breakpoint 1 at 0x100003f24
gef➤  r
Starting program: /Users/davidhcefx/Documents/Code/a.out
[New Thread 0x2403 of process 84270]
[New Thread 0x1c03 of process 84270]
[New Thread 0x1d03 of process 84270]
warning: unhandled dyld version (16)

Thread 3 hit Breakpoint 1, 0x0000000100003f24 in main ()
[ Legend: Modified register | Code | Heap | Stack | String ]
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── registers ────
[!] Command 'registers' failed to execute properly, reason: max() arg is an empty sequence
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── stack ────
[!] Unmapped address: '0x7ffeefbff790'
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────── code:generic: ────
   0x100003f1d                  add    BYTE PTR [rax], al
   0x100003f1f                  add    BYTE PTR [rbp+0x48], dl
   0x100003f22 <main+2>         mov    ebp, esp
[!] Command 'context' failed to execute properly, reason:
gef➤

As there are no OS restrictions in the doc, I assume it should be working on macOS. After some debugging efforts, I found that gef.arch has not been set to a valid architecture (it was Architecture(Generic, None, LITTLE_ENDIAN)). This caused is_conditional_branch to raise an uncaught NotImplementedError, which I think is the reason why the code section stops with an incomplete result.

gef/gef.py

Line 7333 in 1bf74a8

if gef.arch.is_conditional_branch(insn):

Settting it manually by reset_architecture('i386:x86-64') somewhere seems to make it work (register & code rendered correctly, stack still not).

Do you read the docs and look at previously closed issues/PRs for similar cases?

Yes

Architecture impacted

• X86
• X64
• ARM
• ARM64
• MIPS
• MIPS64
• PPC
• PPC64
• RISCV

Describe your issue. Without a proper reproduction step-by-step, your issue will be ignored.

• Install gef on macOS by bash -c "$(curl -fsSL https://gef.blah.cat/sh)".
• Run gdb on a Mach-O binary.
• Type b main and r.

Minimalist test case

No response

Additional context?

No response

[hugsy]

Nope,

MacOS support was a WIP in gef-extras which I don't believe work any longer with the new API. Having no mac device myself, I have no plan to add the support for macos.