Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nextcall is broken on ARM #1419

Closed
gsingh93 opened this issue Dec 7, 2022 · 4 comments
Closed

nextcall is broken on ARM #1419

gsingh93 opened this issue Dec 7, 2022 · 4 comments
Labels
ARM bug good first issue help wanted
Milestone
2024.01

Comments

@gsingh93
Copy link
Member

gsingh93 commented Dec 7, 2022

nextcall/stepcall don't work on ARM. In break_next_call in pwndbg/gdblib/next.py, we check for calls like this:

        if capstone.CS_GRP_CALL not in ins.groups:
            continue

Unfortunately, the bl instruction is only classified as branch_relative and jump, but not call. We should probably report this upstream to Capstone, though I have a feeling this intentional.

In any case, we'll have to directly check the mnemonic matches 'bl' on ARM.
@gsingh93 gsingh93 added this to the March 2023 milestone Dec 10, 2022
@gsingh93 gsingh93 added the ARM label Jan 30, 2023
@gsingh93 gsingh93 mentioned this issue Jan 30, 2023
Closed
@gsingh93 gsingh93 modified the milestones: March 2023, Future Feb 16, 2023
@gsingh93 gsingh93 modified the milestones: 2023.06, Future Jun 12, 2023
mbrla0 added a commit to mbrla0/pwndbg that referenced this issue Jul 10, 2023
@mbrla0
Work around Capstone not classifying bl as CS_GRP_CALL
022eaa6 
This change fixes both pwndbg#1419 and pwndbg#1554 by adding a special case that checks for
the `bl` mnemonic in both `ARM` and `ARM64` targets. This workaround is needed
because, even though Capstone doesn't mark `bl` instructions as belonging to
`CS_GRP_CALL`, we'd still like to handle them as as call instructions for the
purposes of displaying function arguments and `nextcall`.
@mbrla0 mbrla0 mentioned this issue Jul 13, 2023
Closed
disconnect3d added a commit that referenced this issue Jul 18, 2023
@disconnect3d
Update capstone to 5.0.0.post1: fixes #1554, #1419
b841a4f
@disconnect3d disconnect3d mentioned this issue Jul 18, 2023
Merged
disconnect3d added a commit that referenced this issue Jul 18, 2023
@disconnect3d
Update capstone to 5.0.0.post1: fixes #1554, #1419 (#1808)
9254cea
@gsingh93
Copy link
Member Author

I think this should be fixed, but would be good if someone could confirm (@DarkRyu550?)

@gsingh93
Copy link
Member Author

Also, maybe we should add a test for this before closing?

@disconnect3d
Copy link
Member

Double checked that and it works.

However, there is some quirk/gotcha: if u try to execute nextcall right away after connecting to a target, without a break main; continue it will not work. Not sure why, but this isn't a memoize/caching issue.

@disconnect3d
Copy link
Member

Closing this for now. We may implement a test in the future but idk if we will

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ARM bug good first issue help wanted
Milestone
2024.01
Development

Successfully merging a pull request may close this issue.

Stop using CS_GRP_CALL directly to determine what's a call mbrla0/pwndbg
2 participants
@gsingh93 @disconnect3d