Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gdb.error: Remote 'g' packet reply is too long on system call #1754

Open
SamiKalliomaki opened this issue May 29, 2023 · 5 comments
Open

gdb.error: Remote 'g' packet reply is too long on system call #1754

SamiKalliomaki opened this issue May 29, 2023 · 5 comments
Labels
bug

Comments

@SamiKalliomaki
Copy link

Description

pwndbg crashes on successful exploitation of a binary. This does not seem specific to ret2win but it is used as a simple example.

Steps to reproduce

  1. Download x86-64 version of ret2win from https://ropemporium.com/challenge/ret2win.html
  2. Run this Python code
from pwn import *

context.arch = 'amd64'
context.word_size = 64

io = gdb.debug('./ret2win', gdbscript='''
set exception-verbose on
set exception-debugger on
c
''')
io.send(flat({
    40: [0x00400755, 0x00400756]
}) + b'\n')
io.interactive()
  1. Observe gdb error
[Attaching after Thread 23747.23747 vfork to child Thread 23809.23809]                                                                                     
[New inferior 2 (process 23809)]
Reading /usr/lib/debug/.build-id/8f/0bef1909d4329e0773d0ccc5f6decdfe5f4504.debug from remote target...
[Detaching vfork parent process 23747 after child exec]                                                                                                    
[Inferior 1 (process 23747) detached]
process 23809 is executing new program: /usr/bin/bash
Reading /usr/bin/bash from remote target...
Reading /usr/bin/bash from remote target...
Reading /usr/lib/debug/.build-id/94/83da49f2e17070c1df9a75d509e09211e96769.debug from remote target...
Downloading separate debug info for target:/usr/bin/bash
Traceback (most recent call last):                                                                                                                         
  File "/home/user/code/pwndbg/pwndbg/gdblib/events.py", line 156, in caller
    func()
  File "/home/user/code/pwndbg/pwndbg/gdblib/abi.py", line 56, in caller
    return func(*args, **kwargs)
  File "/home/user/code/pwndbg/pwndbg/gdblib/argv.py", line 30, in update
    pwndbg.gdblib.arch_mod.update()  # :-(
  File "/home/user/code/pwndbg/pwndbg/gdblib/arch.py", line 57, in update
    arch_name, ptrsize, endian = _get_arch(typeinfo.ptrsize)
  File "/home/user/code/pwndbg/pwndbg/gdblib/arch.py", line 31, in _get_arch
    if "little" in gdb.execute("show endian", to_string=True).lower():
gdb.error: Remote 'g' packet reply is too long (expected 560 bytes, got 896 bytes): daffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000208ec3a0ff7f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d0ee3a02957f000000020000330000002b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007f03000000000000ffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000801f00003b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

My setup

Gdb:      13.1
Python:   3.10.10 (main, Mar  5 2023, 22:26:53) [GCC 12.2.1 20230201]
Pwndbg:   2023.03.19 build: 1d635f0
Capstone: 5.0.1280
Unicorn:  2.0.1
  • Pwndbg commit: 1d635f0860417fdec49f0317c0567418d1061c10

Notes

I tried commenting out pwndbg.gdblib.arch_mod.update() # :-(. This just resulted in an another crash.

Traceback (most recent call last):                                                                                                                         
  File "/home/user/code/pwndbg/pwndbg/gdblib/events.py", line 156, in caller
    func()
  File "/home/user/code/pwndbg/pwndbg/gdblib/hooks.py", line 17, in update_typeinfo
    pwndbg.gdblib.typeinfo.update()
  File "/home/user/code/pwndbg/pwndbg/gdblib/typeinfo.py", line 29, in update
    lang = gdb.execute("show language", to_string=True)
gdb.error: Remote 'g' packet reply is too long (expected 560 bytes, got 896 bytes): daffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070b6448ffc7f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d0ee2f35547f000000020000330000002b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007f03000000000000ffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000801f00003b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
@SamiKalliomaki
Copy link
Author

Here's the log with event debug enabled.

Connecting _start_newobjfile <gdb.EventRegistry object at 0x7f9044b51390>
Connecting _start_exit <gdb.EventRegistry object at 0x7f9044b51330>
Connecting _start_stop <gdb.EventRegistry object at 0x7f9044b51310>
Connecting _reset_objfiles <gdb.EventRegistry object at 0x7f9044b51330>
Connecting root <pwndbg.gdblib.events.StartEvent object at 0x7f9010324e50>
Connecting sysroot <pwndbg.gdblib.events.StartEvent object at 0x7f9010324e50>
Connecting update_last <gdb.EventRegistry object at 0x7f9044b51310>
Connecting update_last <gdb.EventRegistry object at 0x7f9044b51350>
Connecting update <gdb.EventRegistry object at 0x7f9044b51310>
Connecting clear <gdb.EventRegistry object at 0x7f9044b51330>
Connecting is_executable <gdb.EventRegistry object at 0x7f9044b51310>
Connecting update <gdb.EventRegistry object at 0x7f9044b51390>
Connecting update <pwndbg.gdblib.events.StartEvent object at 0x7f9010324e50>
Connecting update <gdb.EventRegistry object at 0x7f9044b51390>
Connecting update <pwndbg.gdblib.events.StartEvent object at 0x7f9010324e50>
Connecting UpdateBreakpoints <gdb.EventRegistry object at 0x7f9044b51310>
Connecting UpdateBreakpoints <gdb.EventRegistry object at 0x7f9044b51350>
Connecting Auto_Color_PC <gdb.EventRegistry object at 0x7f9044b51310>
Connecting Auto_UnColor_PC <gdb.EventRegistry object at 0x7f9044b51350>
Connecting update <pwndbg.gdblib.events.StartEvent object at 0x7f9010324e50>
Connecting reset <gdb.EventRegistry object at 0x7f9044b51330>
Connecting update <pwndbg.gdblib.events.StartEvent object at 0x7f9010324e50>
Connecting j <gdb.EventRegistry object at 0x7f9044b51310>
Connecting on_start <pwndbg.gdblib.events.StartEvent object at 0x7f9010324e50>
Connecting update_typeinfo <gdb.EventRegistry object at 0x7f9044b51310>
Connecting update_typeinfo <pwndbg.gdblib.events.StartEvent object at 0x7f9010324e50>
Connecting update_typeinfo <gdb.EventRegistry object at 0x7f9044b51390>
Connecting update_arch <gdb.EventRegistry object at 0x7f9044b51390>
Connecting update_arch <gdb.EventRegistry object at 0x7f9044b51310>
Connecting update_arch <pwndbg.gdblib.events.StartEvent object at 0x7f9010324e50>
Connecting reset_config <gdb.EventRegistry object at 0x7f9044b51390>
Connecting on_start <pwndbg.gdblib.events.StartEvent object at 0x7f9010324e50>
Connecting on_exit <gdb.EventRegistry object at 0x7f9044b51330>
Connecting on_stop <gdb.EventRegistry object at 0x7f9044b51310>
Connecting clear <gdb.EventRegistry object at 0x7f9044b51310>
Connecting clear <gdb.EventRegistry object at 0x7f9044b514b0>
Connecting clear <gdb.EventRegistry object at 0x7f9044b514d0>
Connecting clear <gdb.EventRegistry object at 0x7f9044b51330>
Connecting clear <gdb.EventRegistry object at 0x7f9044b51390>
Connecting clear <pwndbg.gdblib.events.StartEvent object at 0x7f9010324e50>
Connecting clear <gdb.EventRegistry object at 0x7f9044b51350>
Connecting clear <gdb.EventRegistry object at 0x7f9044b51470>
Connecting clear <pwndbg.gdblib.events.EventWrapper object at 0x7f9010218310>
pwndbg: loaded 141 pwndbg commands and 46 shell commands. Type pwndbg [--shell | --all] [filter] for a list.
pwndbg: created $rebase, $ida GDB functions (can be used with print/break)
Connecting reset_context_shown <gdb.EventRegistry object at 0x7f9044b51350>
Reading symbols from ./ret2win...
(No debugging symbols found in ./ret2win)                                                                                                                  
objfile: '/home/user/code/ropemp/ret2win/ret2win'
No shared libraries loaded at this time.
'obj' pwndbg.gdblib.events._start_newobjfile (<gdb.NewObjFileEvent object at 0x7f9044b523f0>,)
'obj' pwndbg.gdblib.ctypes.update (<gdb.NewObjFileEvent object at 0x7f9044b523f0>,)
'obj' pwndbg.gdblib.elf.update (<gdb.NewObjFileEvent object at 0x7f9044b523f0>,)
'obj' pwndbg.gdblib.hooks.update_typeinfo (<gdb.NewObjFileEvent object at 0x7f9044b523f0>,)
'obj' pwndbg.gdblib.hooks.update_arch (<gdb.NewObjFileEvent object at 0x7f9044b523f0>,)
'obj' pwndbg.gdblib.hooks.reset_config (<gdb.NewObjFileEvent object at 0x7f9044b523f0>,)
'obj' pwndbg.lib.cache.clear (<gdb.NewObjFileEvent object at 0x7f9044b523f0>,)
'thread' pwndbg.lib.cache.clear (<gdb.NewThreadEvent object at 0x7f90084e7cd0>,)
Reading /lib64/ld-linux-x86-64.so.2 from remote target...
warning: File transfers from remote targets can be slow. Use "set sysroot" to access files locally instead.
Reading /lib64/ld-linux-x86-64.so.2 from remote target...
Reading /usr/lib/debug/.build-id/99/0e684775b66507dd913951554d83d689684408.debug from remote target...
Reading /lib64/ld-linux-x86-64.so.2.debug from remote target...
Reading /lib64/.debug/ld-linux-x86-64.so.2.debug from remote target...
Reading /usr/lib/debug//lib64/ld-linux-x86-64.so.2.debug from remote target...
Reading /usr/lib/debug/lib64//ld-linux-x86-64.so.2.debug from remote target...
Reading target:/usr/lib/debug/lib64//ld-linux-x86-64.so.2.debug from remote target...
objfile: 'target:/lib64/ld-linux-x86-64.so.2'                                                                                                              
From                To                  Syms Read   Shared Object Library
0x00007f5c2f5f8000  0x00007f5c2f61d6e5  No          target:/lib64/ld-linux-x86-64.so.2
'obj' pwndbg.gdblib.events._start_newobjfile (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'start' pwndbg.gdblib.qemu.root
'start' pwndbg.gdblib.qemu.root ()
'start' pwndbg.gdblib.android.sysroot
'start' pwndbg.gdblib.android.sysroot ()
'start' pwndbg.gdblib.ctypes.update
'start' pwndbg.gdblib.ctypes.update ()
'start' pwndbg.gdblib.elf.update
'start' pwndbg.gdblib.elf.update ()
'start' pwndbg.heap.update
'start' pwndbg.heap.update ()
'start' pwndbg.gdblib.argv.update
'start' pwndbg.gdblib.argv.update ()
'start' pwndbg.commands.start.on_start
'start' pwndbg.commands.start.on_start ()
'start' pwndbg.gdblib.hooks.update_typeinfo
'start' pwndbg.gdblib.hooks.update_typeinfo ()
'start' pwndbg.gdblib.hooks.update_arch
'start' pwndbg.gdblib.hooks.update_arch ()
'start' pwndbg.gdblib.hooks.on_start
'start' pwndbg.gdblib.hooks.on_start ()
'start' pwndbg.lib.cache.clear
'start' pwndbg.lib.cache.clear ()
'obj' pwndbg.gdblib.ctypes.update (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.gdblib.elf.update (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.gdblib.hooks.update_typeinfo (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.gdblib.hooks.update_arch (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.gdblib.hooks.reset_config (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.lib.cache.clear (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
Reading /usr/lib/debug/.build-id/8f/0bef1909d4329e0773d0ccc5f6decdfe5f4504.debug from remote target...
objfile: 'system-supplied DSO at 0x7fffdcfa3000'                                                                                                           
From                To                  Syms Read   Shared Object Library
0x00007f5c2f5f8000  0x00007f5c2f61d6e5  Yes (*)     target:/lib64/ld-linux-x86-64.so.2
(*): Shared library is missing debugging information.
'obj' pwndbg.gdblib.events._start_newobjfile (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.gdblib.ctypes.update (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.gdblib.elf.update (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.gdblib.hooks.update_typeinfo (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.gdblib.hooks.update_arch (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.gdblib.hooks.reset_config (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.lib.cache.clear (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
0x00007f5c2f611ed0 in ?? () from target:/lib64/ld-linux-x86-64.so.2
'stop' pwndbg.gdblib.events._start_stop (<gdb.StopEvent object at 0x7f90084e7cd0>,)
'stop' pwndbg.gdblib.regs.update_last (<gdb.StopEvent object at 0x7f90084e7cd0>,)
'stop' pwndbg.gdblib.stack.update (<gdb.StopEvent object at 0x7f90084e7cd0>,)
'stop' pwndbg.gdblib.stack.is_executable (<gdb.StopEvent object at 0x7f90084e7cd0>,)
'stop' pwndbg.ida.UpdateBreakpoints (<gdb.StopEvent object at 0x7f90084e7cd0>,)
'stop' pwndbg.ida.Auto_Color_PC (<gdb.StopEvent object at 0x7f90084e7cd0>,)
'stop' pwndbg.commands.ida.j (<gdb.StopEvent object at 0x7f90084e7cd0>,)
'stop' pwndbg.gdblib.hooks.update_typeinfo (<gdb.StopEvent object at 0x7f90084e7cd0>,)
'stop' pwndbg.gdblib.hooks.update_arch (<gdb.StopEvent object at 0x7f90084e7cd0>,)
'stop' pwndbg.gdblib.hooks.on_stop (<gdb.StopEvent object at 0x7f90084e7cd0>,)
'stop' pwndbg.lib.cache.clear (<gdb.StopEvent object at 0x7f90084e7cd0>,)
'cont' pwndbg.gdblib.regs.update_last (<gdb.ContinueEvent object at 0x7f90084e7cd0>,)
'cont' pwndbg.ida.UpdateBreakpoints (<gdb.ContinueEvent object at 0x7f90084e7cd0>,)
'cont' pwndbg.ida.Auto_UnColor_PC (<gdb.ContinueEvent object at 0x7f90084e7cd0>,)
'cont' pwndbg.lib.cache.clear (<gdb.ContinueEvent object at 0x7f90084e7cd0>,)
'cont' pwndbg.gdblib.prompt.reset_context_shown (<gdb.ContinueEvent object at 0x7f90084e7cd0>,)
Reading /usr/lib/libc.so.6 from remote target...
Reading /usr/lib/debug/.build-id/4a/4bec3d95a1804443e852958fe59ed461135ce9.debug from remote target...
Reading /usr/lib/libc.so.6.debug from remote target...
Reading /usr/lib/.debug/libc.so.6.debug from remote target...
Reading /usr/lib/debug//usr/lib/libc.so.6.debug from remote target...
Reading /usr/lib/debug/usr/lib//libc.so.6.debug from remote target...
Reading target:/usr/lib/debug/usr/lib//libc.so.6.debug from remote target...
objfile: 'target:/usr/lib/libc.so.6'                                                                                                                       
From                To                  Syms Read   Shared Object Library
0x00007f5c2f5f8000  0x00007f5c2f61d6e5  Yes (*)     target:/lib64/ld-linux-x86-64.so.2
0x00007f5c2f408440  0x00007f5c2f5605fd  No          target:/usr/lib/libc.so.6
(*): Shared library is missing debugging information.
'obj' pwndbg.gdblib.events._start_newobjfile (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.gdblib.ctypes.update (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.gdblib.elf.update (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.gdblib.hooks.update_typeinfo (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.gdblib.hooks.update_arch (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.gdblib.hooks.reset_config (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
'obj' pwndbg.lib.cache.clear (<gdb.NewObjFileEvent object at 0x7f90084e7cd0>,)
[Attaching after Thread 25958.25958 vfork to child Thread 26020.26020]
[New inferior 2 (process 26020)]
'thread' pwndbg.lib.cache.clear (<gdb.NewThreadEvent object at 0x7f90084e6e30>,)
Reading /usr/lib/debug/.build-id/8f/0bef1909d4329e0773d0ccc5f6decdfe5f4504.debug from remote target...
objfile: 'system-supplied DSO at 0x7fffdcfa3000'                                                                                                           
From                To                  Syms Read   Shared Object Library
0x00007f5c2f5f8000  0x00007f5c2f61d6e5  Yes (*)     target:/lib64/ld-linux-x86-64.so.2
0x00007f5c2f408440  0x00007f5c2f5605fd  Yes (*)     target:/usr/lib/libc.so.6
(*): Shared library is missing debugging information.
'obj' pwndbg.gdblib.events._start_newobjfile (<gdb.NewObjFileEvent object at 0x7f90084e6e30>,)
'obj' pwndbg.gdblib.ctypes.update (<gdb.NewObjFileEvent object at 0x7f90084e6e30>,)
'obj' pwndbg.gdblib.elf.update (<gdb.NewObjFileEvent object at 0x7f90084e6e30>,)
'obj' pwndbg.gdblib.hooks.update_typeinfo (<gdb.NewObjFileEvent object at 0x7f90084e6e30>,)
'obj' pwndbg.gdblib.hooks.update_arch (<gdb.NewObjFileEvent object at 0x7f90084e6e30>,)
'obj' pwndbg.gdblib.hooks.reset_config (<gdb.NewObjFileEvent object at 0x7f90084e6e30>,)
'obj' pwndbg.lib.cache.clear (<gdb.NewObjFileEvent object at 0x7f90084e6e30>,)
'cont' pwndbg.gdblib.regs.update_last (<gdb.ContinueEvent object at 0x7f90084e6e30>,)
'cont' pwndbg.ida.UpdateBreakpoints (<gdb.ContinueEvent object at 0x7f90084e6e30>,)
'cont' pwndbg.ida.Auto_UnColor_PC (<gdb.ContinueEvent object at 0x7f90084e6e30>,)
'cont' pwndbg.lib.cache.clear (<gdb.ContinueEvent object at 0x7f90084e6e30>,)
'cont' pwndbg.gdblib.prompt.reset_context_shown (<gdb.ContinueEvent object at 0x7f90084e6e30>,)
[Detaching vfork parent process 25958 after child exec]
'exit' pwndbg.gdblib.events._start_exit (<gdb.ExitedEvent object at 0x7f90100ceab0>,)
'exit' pwndbg.gdblib.events._reset_objfiles (<gdb.ExitedEvent object at 0x7f90100ceab0>,)
'exit' pwndbg.gdblib.stack.clear (<gdb.ExitedEvent object at 0x7f90100ceab0>,)
'exit' pwndbg.heap.reset (<gdb.ExitedEvent object at 0x7f90100ceab0>,)
'exit' pwndbg.gdblib.hooks.on_exit (<gdb.ExitedEvent object at 0x7f90100ceab0>,)
'exit' pwndbg.lib.cache.clear (<gdb.ExitedEvent object at 0x7f90100ceab0>,)
[Inferior 1 (process 25958) detached]
process 26020 is executing new program: /usr/bin/bash
Reading /usr/bin/bash from remote target...
Reading /usr/bin/bash from remote target...
Reading /usr/lib/debug/.build-id/94/83da49f2e17070c1df9a75d509e09211e96769.debug from remote target...
objfile: 'target:/usr/bin/bash'                                                                                                                            
Reading /usr/lib/libc.so.6 from remote target...
Reading /lib64/ld-linux-x86-64.so.2 from remote target...
From                To                  Syms Read   Shared Object Library
0x00007f5c2f408440  0x00007f5c2f5605fd  No          target:/usr/lib/libc.so.6
0x00007f5c2f5f8000  0x00007f5c2f61d6e5  No          target:/lib64/ld-linux-x86-64.so.2
'obj' pwndbg.gdblib.events._start_newobjfile (<gdb.NewObjFileEvent object at 0x7f90100ceab0>,)
'start' pwndbg.gdblib.qemu.root
'start' pwndbg.gdblib.qemu.root ()
'start' pwndbg.gdblib.android.sysroot
'start' pwndbg.gdblib.android.sysroot ()
'start' pwndbg.gdblib.ctypes.update
'start' pwndbg.gdblib.ctypes.update ()
'start' pwndbg.gdblib.elf.update
'start' pwndbg.gdblib.elf.update ()
'start' pwndbg.heap.update
'start' pwndbg.heap.update ()
'start' pwndbg.gdblib.argv.update
'start' pwndbg.gdblib.argv.update ()
Traceback (most recent call last):
  File "/home/user/code/pwndbg/pwndbg/gdblib/events.py", line 156, in caller
    func()
  File "/home/user/code/pwndbg/pwndbg/gdblib/abi.py", line 56, in caller
    return func(*args, **kwargs)
  File "/home/user/code/pwndbg/pwndbg/gdblib/argv.py", line 30, in update
    pwndbg.gdblib.arch_mod.update()  # :-(
  File "/home/user/code/pwndbg/pwndbg/gdblib/arch.py", line 57, in update
    arch_name, ptrsize, endian = _get_arch(typeinfo.ptrsize)
  File "/home/user/code/pwndbg/pwndbg/gdblib/arch.py", line 31, in _get_arch
    if "little" in gdb.execute("show endian", to_string=True).lower():
gdb.error: Remote 'g' packet reply is too long (expected 560 bytes, got 896 bytes): daffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000203fc948fd7f000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d0ee877f637f000000020000330000002b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007f03000000000000ffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000801f00003b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

@SamiKalliomaki SamiKalliomaki mentioned this issue May 29, 2023
Open
@SamiKalliomaki
Copy link
Author

I tried with this test program

#include <stdlib.h>

int main() {
    system("/bin/cat test.c");
    return 0;
}

Issue does not reproduce if running manually by calling gdb -ex run ./test.

However, when running via pwntools issue is present.

from pwn import *

context.arch = 'amd64'
context.word_size = 64
context.terminal = ['/usr/bin/konsole', '-e']

io = gdb.debug('./test', gdbscript='''
set exception-verbose on
set exception-debugger on
c
''')
print(io.recvall())

@SamiKalliomaki
Copy link
Author

Additionally, it does not seem the issue is present if not using gdb.debug but instead gdb.attach. In this case it is necessary to add scanf to the test program so it does not exit immediately before the debugger has attached.

@disconnect3d
Copy link
Member

This is most likely a GDB + GDBServer and its gdbstub protocol bug, not Pwndbg bug

@disconnect3d
Copy link
Member

I'm not sure if we can do much here on Pwndbg side... maybe better error handling but the question is whether this error is recoverable or not

@xtexChooser xtexChooser mentioned this issue Jun 7, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
2 participants
@SamiKalliomaki @disconnect3d