Pwngdb
GDB for pwn.
Install
install
cd ~/
git clone https://github.com/scwuaptx/Pwngdb.git
cp ~/Pwngdb/.gdbinit ~/
If you dont want to use gdb-peda , you can modify the gdbinit to remove it.
Heapinfo
If you want to use the feature of heapinfo and tracemalloc , you need to modify some val of pwngdb.py
- heapinfo
main_arena_off
: The offset ofmain_arena
in glibcmain_arena_off_32
: The offset ofmain_arena
in glibc32
- tracemalloc
main_arena_off
: The offset ofmain_arena
in glibcmain_arena_off_32
: The offset ofmain_arena
in glibc32_int_malloc_off
: The offset of_int_malloc_off
in glibc_int_malloc_off_32
; The offset of_int_malloc_off
in glibc32_int_free_off
: The offset of_int_free_off
in glibc_int_free_off_32
:The offset of_int_free_off
in glibc32malloc_off
: The offset ofmalloc
in glibcfree_off
: The offset offree
in glibc
Features
libc
: Print the base address of libcld
: Print the base address of ldcodebase
: Print the base of code segmentheap
: Print the base of heapgot
: Print the Global Offset Table infomationdyn
: Print the Dynamic section infomationfindcall
: Find some function callbcall
: Set the breakpoint at some function calltls
: Print the thread local storage addressat
: Attach by process namefindsyscall
: Find the syscallfmtarg
: Calculate the index of format string- You need to stop on printf which has vulnerability.
force
: Calculate the nb in the house of force.heapinfo
: Print some infomation of heapchunkinfo
: Print the infomation of chunk- chunkinfo (Address of victim)
chunkptr
: Print the infomation of chunk- chunkptr (Address of user ptr)
mergeinfo
: Print the infomation of merge- mergeinfo (Address of victim)
printfastbin
: Print some infomation of fastbintracemalloc on
: Trace the malloc and free and detect some error .- You need to run the process first than
tracemalloc on
, it will record all of the malloc and free. - You can set the
DEBUG
in pwngdb.py , than it will print all of the malloc and free infomation such as the screeshot.
- You need to run the process first than
parseheap
: Parse heap layout
Screenshot
- Chunkinfo
- Mergeinfo
- Heapinfo
- tracemalloc