Awesome
Pwngdb
GDB for pwn.
Install
install
cd ~/
git clone https://github.com/scwuaptx/Pwngdb.git
cp ~/Pwngdb/.gdbinit ~/
If you dont want to use gdb-peda , you can modify the gdbinit to remove it.
pwndbg
If you only want to install with pwndbg, see pwndbg/README.md
Heapinfo
If you want to use the feature of heapinfo and tracemalloc , you need to install libc debug file (libc6-dbg & libc6-dbg:i386 for debian package)
Features
libc: Print the base address of libcld: Print the base address of ldcodebase: Print the base of code segmentheap: Print the base of heapgot: Print the Global Offset Table infomationdyn: Print the Dynamic section infomationfindcall: Find some function callbcall: Set the breakpoint at some function calltls: Print the thread local storage addressat: Attach by process namefindsyscall: Find the syscallfmtarg: Calculate the index of format string- You need to stop on printf which has vulnerability.
force: Calculate the nb in the house of force.heapinfo: Print some infomation of heap- heapinfo (Address of arena)
- default is the arena of current thread
- If tcache is enable, it would show infomation of tcache entry
heapinfoall: Print some infomation of heap (all threads)arenainfo: Print some infomation of all arenachunkinfo: Print the infomation of chunk- chunkinfo (Address of victim)
chunkptr: Print the infomation of chunk- chunkptr (Address of user ptr)
mergeinfo: Print the infomation of merge- mergeinfo (Address of victim)
printfastbin: Print some infomation of fastbintracemalloc on: Trace the malloc and free and detect some error .- You need to run the process first than
tracemalloc on, it will record all of the malloc and free. - You can set the
DEBUGin pwngdb.py , than it will print all of the malloc and free infomation such as the screeshot.
- You need to run the process first than
parseheap: Parse heap layoutmagic: Print useful variable and function in glibcfp: show FILE structure- fp (Address of FILE)
fpchain: show linked list of FILEorange: Testhouse of orangecondition in the_IO_flush_lockp- orange (Address of FILE)
- glibc version <= 2.23
Screenshot
- Chunkinfo
- Mergeinfo
- Heapinfo
- Heapinfoall
- parseheap
- tracemalloc
- magic
