本文整理汇总了Python中gdb.execute方法的典型用法代码示例。如果您正苦于以下问题:Python gdb.execute方法的具体用法?Python gdb.execute怎么用?Python gdb.execute使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类gdb的用法示例。
在下文中一共展示了gdb.execute方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_modules
# 需要导入模块: import gdb [as 别名]
# 或者: from gdb import execute [as 别名]
def get_modules():
mods = []
# Get the binary currently being debugged
inferiors_output = gdb.execute("info inferiors", False, True)
mobjs = re.findall('\*?\s*(\w+)\s+(\w+ \d+)\s+([^\s]+)', inferiors_output)
for m in mobjs:
mods.append(m[2])
# Get the sharedlibrarys
sharedlibrary_output = gdb.execute("info sharedlibrary", False, True)
#mobjs = re.findall("(0x[a-zA-Z0-9]+)\s+(0x[a-zA-Z0-9]+)\s+(\w+)(\s+\(\*\))?\s+([^\s]+)", sharedlibrary_output)
mobjs = re.findall("(\/.*)", sharedlibrary_output)
for m in mobjs:
mods.append(m)
return mods 示例2: Detach
# 需要导入模块: import gdb [as 别名]
# 或者: from gdb import execute [as 别名]
def Detach(self):
"""Detaches from the inferior. If not attached, this is a no-op."""
# We have to work around the python APIs weirdness :\
if not self.IsAttached():
return None
# Gdb doesn't drain any pending SIGINTs it may have sent to the inferior
# when it simply detaches. We can do this by letting the inferior continue,
# and gdb will intercept any SIGINT that's still to-be-delivered; as soon as
# we do so however, we may lose control of gdb (if we're running in
# synchronous mode). So we queue an interruption and continue gdb right
# afterwards, it will waitpid() for its inferior and collect all signals
# that may have been queued.
pid = gdb.selected_inferior().pid
self.Interrupt([pid, None, None])
self.Continue([pid, None, None])
result = gdb.execute('detach', to_string=True)
if not result:
return None
return result 示例3: at
# 需要导入模块: import gdb [as 别名]
# 或者: from gdb import execute [as 别名]
def at(*arg):
"""Automatically attach process by filename."""
processname = arg[0] if len(arg) > 0 else pwndbg.proc.exe
try :
pidlist = map(int, subprocess.check_output('pidof $(basename {})'.format(processname), shell=True).decode('utf8').split())
for pid in pidlist:
if pid == pwndbg.proc.pid:
continue
print('attaching to {} ...'.format(processname))
gdb.execute("attach {}".format(pid))
getheapbase()
libcbase()
codeaddr()
ldbase()
return
print("already attached on {}".format(pwndbg.proc.pid))
except:
print("no such process") 示例4: findsyscall
# 需要导入模块: import gdb [as 别名]
# 或者: from gdb import execute [as 别名]
def findsyscall(*arg):
""" ind the syscall gadget"""
vmmap = arg[0] if len(arg) > 0 else pwndbg.proc.exe
arch = pwndbg.arch.current
start, end = codeaddr()
if arch == "x86-64" :
gdb.execute("search -e -x 0f05 {}".format(vmmap))
elif arch == "i386":
gdb.execute("search -e -x cd80 {}".format(vmmap))
elif arch == "arm":
gdb.execute("search -e -x 00df80bc {}".format(vmmap))
elif arch == "aarch64":
gdb.execute("search -e -x 010000d4 {}".format(vmmap))
else :
print("arch not support") 示例5: magic
# 需要导入模块: import gdb [as 别名]
# 或者: from gdb import execute [as 别名]
def magic(self):
""" Print usefual variables or function in glibc """
getarch()
try :
print("========== function ==========")
for f in magic_function :
print("\033[34m" + f + ":" + "\033[33m" +hex(getoff(f)))
print("\033[00m========== variables ==========")
for v in magic_variable :
cmd = "x/" + word + "&" +v
content = gdb.execute(cmd,to_string=True).split(":")[1].strip()
offset = hex(getoff("&"+ v))
pad = 36 - len(v) - len(offset) - 2
print("\033[34m%s\033[33m(%s)\033[37m%s: \033[37m%s" % (v, offset, ' ' *pad, content))
except :
print("You need run the program first") 示例6: at
# 需要导入模块: import gdb [as 别名]
# 或者: from gdb import execute [as 别名]
def at(self,*arg):
""" Attach by processname """
(processname,) = normalize_argv(arg,1)
if not processname :
processname = getprocname(relative=True)
if not processname :
print("Attaching program: ")
print("No executable file specified.")
print("Use the \"file\" or \"exec-file\" command.")
return
try :
print("Attaching to %s ..." % processname)
pidlist = subprocess.check_output("pidof " + processname,shell=True).decode('utf8').split()
gdb.execute("attach " + pidlist[0])
getheapbase()
libcbase()
codeaddr()
ldbase()
except :
print( "No such process" ) 示例7: bcall
# 需要导入模块: import gdb [as 别名]
# 或者: from gdb import execute [as 别名]
def bcall(self,*arg):
""" Set the breakpoint at some function call """
(sym,)= normalize_argv(arg,1)
call = searchcall(sym)
if "not found" in call :
print("symbol not found")
else :
if ispie():
codebaseaddr,codeend = codeaddr()
for callbase in call.split('\n')[:-1]:
addr = int(callbase.split(':')[0],16) + codebaseaddr
cmd = "b*" + hex(addr)
print(gdb.execute(cmd,to_string=True))
else:
for callbase in call.split('\n')[:-1]:
addr = int(callbase.split(':')[0],16)
cmd = "b*" + hex(addr)
print(gdb.execute(cmd,to_string=True)) 示例8: getoff
# 需要导入模块: import gdb [as 别名]
# 或者: from gdb import execute [as 别名]
def getoff(sym):
libc = libcbase()
if type(sym) is int :
return sym-libc
else :
try :
data = gdb.execute("x/x " + sym ,to_string=True)
if "No symbol" in data:
return 0
else :
data = re.search("0x.*[0-9a-f] ",data)
data = data.group()
symaddr = int(data[:-1] ,16)
return symaddr-libc
except :
return 0 示例9: showfpchain
# 需要导入模块: import gdb [as 别名]
# 或者: from gdb import execute [as 别名]
def showfpchain():
getarch()
cmd = "x/" + word + "&_IO_list_all"
head = int(gdb.execute(cmd,to_string=True).split(":")[1].strip(),16)
print("\033[32mfpchain:\033[1;37m ",end = "")
chain = head
print("0x%x" % chain,end = "")
try :
while chain != 0 :
print(" --> ",end = "")
cmd = "x/" + word + "&((struct _IO_FILE_plus *)" + hex(chain) +").file._chain"
chain = int(gdb.execute(cmd,to_string=True).split(":")[1].strip(),16)
print("0x%x" % chain,end = "")
print("")
except :
print("Chain is corrupted") 示例10: testfsop
# 需要导入模块: import gdb [as 别名]
# 或者: from gdb import execute [as 别名]
def testfsop(addr=None):
getarch()
if addr :
cmd = "x/" + word + hex(addr)
else :
cmd = "x/" + word + "&_IO_list_all"
head = int(gdb.execute(cmd,to_string=True).split(":")[1].strip(),16)
chain = head
print("---------- fp : 0x%x ----------" % chain)
testorange(chain)
try :
while chain != 0 :
cmd = "x/" + word + "&((struct _IO_FILE_plus *)" + hex(chain) +").file._chain"
chain = int(gdb.execute(cmd,to_string=True).split(":")[1].strip(),16)
if chain != 0 :
print("---------- fp : 0x%x ----------" % chain)
testorange(chain)
except :
print("Chain is corrupted") 示例11: procmap
# 需要导入模块: import gdb [as 别名]
# 或者: from gdb import execute [as 别名]
def procmap():
data = gdb.execute('info proc exe',to_string = True)
pid = re.search('process.*',data)
if pid :
pid = pid.group()
pid = pid.split()[1]
fpath = "/proc/" + pid + "/maps"
if os.path.isfile(fpath): # if file exist, read memory mapping directly from file
maps = open(fpath)
infomap = maps.read()
maps.close()
return infomap
else: # if file doesn't exist, use 'info proc map' to get the memory mapping
return infoprocmap()
else :
return "error" 示例12: get_smallbin
# 需要导入模块: import gdb [as 别名]
# 或者: from gdb import execute [as 别名]
def get_smallbin(arena=None):
global smallbin
if not arena :
arena = main_arena
smallbin = {}
if capsize == 0 :
arch = getarch()
max_smallbin_size = 512*int(capsize/4)
cmd = "x/" + word + "&((struct malloc_state *)" + hex(arena) + ").bins"
bins_addr = int(gdb.execute(cmd,to_string=True).split(":")[0].split()[0].strip(),16)
for size in range(capsize*4,max_smallbin_size,capsize*2):
chunkhead = {}
idx = int((size/(capsize*2)))-1
cmd = "x/" + word + hex(bins_addr + idx*capsize*2) # calc the smallbin index
chunkhead["addr"] = int(gdb.execute(cmd,to_string=True).split(":")[1].strip(),16)
try :
bins = trace_normal_bin(chunkhead,arena)
except:
corruptbin = True
bins = None
if bins and len(bins) > 0 :
smallbin[hex(size)] = copy.deepcopy(bins) 示例13: get_largebin
# 需要导入模块: import gdb [as 别名]
# 或者: from gdb import execute [as 别名]
def get_largebin(arena=None):
global largebin
global corruptbin
if not arena :
arena = main_arena
largebin = {}
if capsize == 0 :
arch = getarch()
min_largebin = 512*int(capsize/4)
cmd = "x/" + word + "&((struct malloc_state *)" + hex(arena) + ").bins"
bins_addr = int(gdb.execute(cmd,to_string=True).split(":")[0].split()[0].strip(),16)
for idx in range(64,128):
chunkhead = {}
cmd = "x/" + word + hex(bins_addr + idx*capsize*2 - 2*capsize) # calc the largbin index
chunkhead["addr"] = int(gdb.execute(cmd,to_string=True).split(":")[1].strip(),16)
try :
bins = trace_normal_bin(chunkhead,arena)
except :
corruptbin = True
bins = None
if bins and len(bins) > 0 :
largebin[idx] = copy.deepcopy(bins) 示例14: putarenainfo
# 需要导入模块: import gdb [as 别名]
# 或者: from gdb import execute [as 别名]
def putarenainfo():
set_main_arena()
if capsize == 0 :
arch = getarch()
cur_arena = 0
if main_arena :
try :
if capsize == 4 :
nextoff = 0x10d*capsize + 0xc
else :
nextoff = 0x10d*capsize
count = 0
print(" Main Arena ".center(50,"="))
putheapinfo(main_arena)
cur_arena = int(gdb.execute("x/" + word + hex(main_arena+nextoff),to_string=True).split(":")[1].strip(),16)
while cur_arena != main_arena :
count +=1
print((" Arena " + str(count) + " ").center(50,"="))
putheapinfo(cur_arena)
cur_arena = int(gdb.execute("x/" + word + hex(cur_arena+nextoff),to_string=True).split(":")[1].strip(),16)
except :
print("Memory Error (heap)")
else :
print("Can't find heap info ") 示例15: get_fake_fast
# 需要导入模块: import gdb [as 别名]
# 或者: from gdb import execute [as 别名]
def get_fake_fast(addr,size = None):
if capsize == 0 :
arch = getarch()
fast_max = int(gdb.execute("x/" + word + "&global_max_fast",to_string=True).split(":")[1].strip(),16)
if not fast_max :
fast_max = capsize*0x10
if size :
chunk_list = fake_fast(addr,size)
for fakechunk in chunk_list :
if len(chunk_list) > 0 :
print("\033[1;33mfake chunk : \033[1;0m0x{:<12x}\033[1;33m padding :\033[1;0m {:<8d}".format(fakechunk[0],fakechunk[1]))
else :
for i in range(int(fast_max/(capsize*2)-1)):
size = capsize*2*2 + i*capsize*2
chunk_list = fake_fast(addr,size)
if len(chunk_list) > 0 :
print("-- size : %s --" % hex(size))
for fakechunk in chunk_list :
print("\033[1;33mfake chunk :\033[1;0m 0x{:<12x}\033[1;33m padding :\033[1;0m {:<8d}".format(fakechunk[0],fakechunk[1]))