How could I use the pwndbg without update?

[SoWhereAreYou]

I'm sorry I can't read the english well. I'm a chinese student. The question is that when I use the pwndbg，the glibc will update to the glibc 2.27. So the t-cache of the glibc will open and I can't use the unsorted bin of Linux heap. How could I use the pwndbg without update?My system is Kali with glibc 2.25.I want use pwndbg in a lower version glibc，like 2.23 or 2.25.

[disconnect3d]

Hey,

What is your case?

As you say that:

glibc will reform to the glibc 2.27

And later that your glibc is 2.25.

So is it that you want to debug a binary and use glibc 2.27 under that binary? If so, see GDB's set env command (e.g. this may help: https://stackoverflow.com/questions/10448254/how-to-use-gdb-with-ld-preload ).

[SoWhereAreYou]

Hello,I just want to say I wanna use pwndbg in a more low version glibc, like 2.25 or 2.23 in kali， but when I set up pwndbg，it always update my glibc to 2.27. I' m confused.

[disconnect3d]

@SoWhereAreYou do i understand correctly that setup.sh updates your libc version?

As said before, you can still launch a process with an old version of libc, so... just do it? Or is it that we retrieve glibc version based on the system one and not the one loaded in library?

[SoWhereAreYou]

@disconnect3d Your undertanding is right. Well，I don't know how use a process with certain glibc...Can you teach me that? And It change may system‘s only glibc. But I found a way to deal with it. I set up the Ubuntu 16.04.And the updating don't update my system glibc. So it's seem to the Kali should undertake the obligation？All in all，if setup the pwndbg in Kali，it will change the system glibc. That is strange..It seems to the ’apt-get update‘ and the sentence about set up i386 environment make it.

[disconnect3d]

So the easiest way to launch a process with different glibc is to have a full-system-environment with that glibc. With the existence of docker it is usually super easy to do so by doing:

docker run --rm -it --cap-add=SYS_PTRACE -v `pwd`:/task ubuntu:16.04 bash

This will launch a docker container with the current directory mounted to /task on ubuntu:16.04 (so glibc 2.23). You will be root inside the container with SYS_PTRACE capability, which lets you use ptrace (and so gdb). Then you need to install gdb + pwndbg, and possibly, save your container as image for later use (docker commit <container-name-or-id> <image-tag>). Also note that --rm will remove the container (and its data) after exiting it, so you might not want this flag.

Ofc this requires some knowledge about docker for that...

Another way to debug binary with gdb is to use set env LD_PRELOAD ./your-libc.so as described in https://stackoverflow.com/questions/10448254/how-to-use-gdb-with-ld-preload

This might also be handy https://stackoverflow.com/questions/10000335/how-to-use-debug-version-of-libc if you want to debug glibc too.

Also please note that using LD_PRELOAD to choose different glibc is "dangerous" - you binary might crash (segfault) as it your dynamic loader (ld.so) might not be compatible with given glibc.

I am closing this issue as I feel I answered the question.