You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I recently had a good idea while debugging the kernel.
When there are multiple macro conditions and branches in the kernel, it can be frustrating to find the branch conditions and specific execution paths(especially in function which have multiple rets). One idea is to use dye start to indicate the beginning of dyeing and dye end to indicate the end of dyeing. Then, at the end of the function, we can use pwndbg to highlight the paths we have taken on the source code context (possibly using terminal background colors to highlight certain lines). This way, we can determine which branches we have traversed within the function, simplifying the analysis scope and improving vulnerability reproduction and analysis speed. (Alternatively, real-time rendering of the context could be implemented after executing dye start).
A possible implementation could be setting breakpoints at the assembly beginnings of all lines in the current function and determining if they are reached based on the breakpoints. gdb likely provides mapping between assembly and source code levels. For sure, this is a very rough idea.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I recently had a good idea while debugging the kernel.
When there are multiple macro conditions and branches in the kernel, it can be frustrating to find the branch conditions and specific execution paths(especially in function which have multiple rets). One idea is to use
dye start
to indicate the beginning of dyeing anddye end
to indicate the end of dyeing. Then, at the end of the function, we can use pwndbg to highlight the paths we have taken on the source code context (possibly using terminal background colors to highlight certain lines). This way, we can determine which branches we have traversed within the function, simplifying the analysis scope and improving vulnerability reproduction and analysis speed. (Alternatively, real-time rendering of the context could be implemented after executingdye start
).A possible implementation could be setting breakpoints at the assembly beginnings of all lines in the current function and determining if they are reached based on the breakpoints. gdb likely provides mapping between assembly and source code levels. For sure, this is a very rough idea.
Beta Was this translation helpful? Give feedback.
All reactions