冰凌汇编

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
查看: 53|回复: 0
收起左侧

[原创] gdb插件 pwngdb+pwndbg、gef、peda切换脚本

[复制链接]
OscarViolet 发表于 2022-8-10 23:21:52

title: gdb插件配置


参考链接:https://blog.csdn.net/qq_39153421/article/details/115386527

https://blog.csdn.net/weixin_43092232/article/details/105648769

安装pwngdb

cd ~/
git clone https://github.com/scwuaptx/Pwngdb.git 

其支持的命令如下

  • libc : Print the base address of libc
  • ld : Print the base address of ld
  • codebase : Print the base of code segment
  • heap : Print the base of heap
  • got : Print the Global Offset Table infomation
  • dyn : Print the Dynamic section infomation
  • findcall : Find some function call
  • bcall : Set the breakpoint at some function call
  • tls : Print the thread local storage address
  • at : Attach by process name
  • findsyscall : Find the syscall
  • fmtarg: Calculate the index of format string
    • You need to stop on printf which has vulnerability.
  • force : Calculate the nb in the house of force.
  • heapinfo : Print some infomation of heap
    • heapinfo (Address of arena)
    • default is the arena of current thread
    • If tcache is enable, it would show infomation of tcache entry
  • heapinfoall : Print some infomation of heap (all threads)
  • arenainfo : Print some infomation of all arena
  • chunkinfo: Print the infomation of chunk
    • chunkinfo (Address of victim)
  • chunkptr : Print the infomation of chunk
    • chunkptr (Address of user ptr)
  • mergeinfo: Print the infomation of merge
    • mergeinfo (Address of victim)
  • printfastbin : Print some infomation of fastbin
  • tracemalloc on : Trace the malloc and free and detect some error .
    • You need to run the process first than tracemalloc on, it will record all of the malloc and free.
    • You can set the DEBUG in pwngdb.py , than it will print all of the malloc and free infomation such as the screeshot.
  • parseheap : Parse heap layout
  • magic : Print useful variable and function in glibc
  • fp : show FILE structure
    • fp (Address of FILE)
  • fpchain: show linked list of FILE
  • orange : Test house of orangecondition in the _IO_flush_lockp
    • orange (Address of FILE)
    • glibc version <= 2.23

安装pwndbg

git clone https://github.com/pwndbg/pwndbg
cd pwndbg
./setup.sh

安装peda

git clone https://github.com/longld/peda.git

安装gef

git clone https://github.com/hugsy/gef.git

pwngdb与pwndbg的联合使用

在home目录下的.gdbinit文件里面是没有pwndbg信息的(如果安装的时候没写进去的话)

cp ~/Pwngdb/.gdbinit ~/            #将pwngdb中的gdbinit文件复制到根目录处

pwngdb中的原始内容为:

source ~/peda/peda.py
source ~/Pwngdb/pwngdb.py
source ~/Pwngdb/angelheap/gdbinit.py

define hook-run
python
import angelheap
angelheap.init_angelheap()
end
end

pwngdb和pwndbg的联合使用需要将第一行切换为source ~/pwndbg/gdbinit.py

source ~/pwndbg/gdbinit.py
source ~/Pwngdb/pwngdb.py
source ~/Pwngdb/angelheap/gdbinit.py

define hook-run
python
import angelheap
angelheap.init_angelheap()
end
end

gef与pwngdb、peda与pwngdb的使用也类似,仅需更改第一行内容即可(注意source 后面的路径设置为自己的)

切换脚本

由于每次切换插件都需要重新向.gdbinit中写入相关内容,所以我写了一个快速切换的脚本,方便使用

参考链接:https://blog.csdn.net/weixin_48184612/article/details/114577427

#!/bin/bash
read -p $'请选择将要使用的gdb插件.\n[1]pwndbg\n[2]gef\n[3]peda\n[4]pwndbg+pwngdb\n[5]gef+pwngdb\n[6]peda+pwngdb\n' plugin
if ((plugin==1))
then
    echo "source /home/chuwei/tools/pwndbg/gdbinit.py" > ~/.gdbinit
elif ((plugin==2))
then
    echo "source /home/chuwei/tools/gef/gef.py" > ~/.gdbinit
elif ((plugin==3))
then
    echo "source /home/chuwei/tools/peda/peda.py" > ~/.gdbinit
elif ((plugin==4))
then
    echo "source /home/chuwei/tools/pwndbg/gdbinit.py
source /home/chuwei/tools/Pwngdb/pwngdb.py
source /home/chuwei/tools/Pwngdb/angelheap/gdbinit.py

define hook-run
python
import angelheap
angelheap.init_angelheap()
end
end" > ~/.gdbinit
elif ((plugin==5))
then 
    echo "source /home/chuwei/tools/gef/gef.py
source /home/chuwei/tools/Pwngdb/pwngdb.py
source /home/chuwei/tools/Pwngdb/angelheap/gdbinit.py

define hook-run
python
import angelheap
angelheap.init_angelheap()
end
end" > ~/.gdbinit
elif ((plugin==6))
then
    echo "source /home/chuwei/tools/peda/peda.py
source /home/chuwei/tools/Pwngdb/pwngdb.py
source /home/chuwei/tools/Pwngdb/angelheap/gdbinit.py

define hook-run
python
import angelheap
angelheap.init_angelheap()
end
end" > ~/.gdbinit
else
    echo $'WRONG!\n'
fi
冰凌汇编免责声明
以上内容均来自网友转发或原创,如存在侵权请发送到站方邮件9003554@qq.com处理。
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|小黑屋|站点统计|Archiver|小黑屋|RSS|冰凌汇编 ( 滇ICP备2022002049号 滇公网安备 53032102000029号)|网站地图

GMT+8, 2022-10-6 21:10 , Processed in 0.123815 second(s), 8 queries , Redis On.

冰凌汇编 - 建立于2021年12月20日

Powered by Discuz! © 2001-2022 Comsenz Inc.

快速回复 返回顶部 返回列表