hugsy / gef-extras Goto Github PK
View Code? Open in Web Editor NEWExtra goodies for GEF to (try to) make GDB suck even less
Home Page: https://hugsy.github.io/gef-extras
License: MIT License
Extra goodies for GEF to (try to) make GDB suck even less
Home Page: https://hugsy.github.io/gef-extras
License: MIT License
dev
branch?gdb -nx
version
in GEF.gef➤ version
GEF: (Standalone)
Blob Hash(/home/kali/.gef-2b72f5d0d9f0f218a91cd1ca5148e45923b950d5.py): 8dc57b700e3c1c85822449033a01c94dfae9e4a6
SHA256(/home/kali/.gef-2b72f5d0d9f0f218a91cd1ca5148e45923b950d5.py): 63d3e10d38a367c3e4d37de8e0701bcdff2a4e7c9a0a4ec5d83ccb8b2fe6188d
GDB: 12.1
GDB-Python: 3.10
Running gef after installing gef-extras leaves me with this:
GNU gdb (Debian 12.1-3) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
GEF for linux ready, type `gef' to start, `gef config' to configure
90 commands loaded and 5 functions added for GDB 12.1 in 0.00ms using Python engine 3.10
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/libc_function_args/__init__.py", line 139, in <module>
register_external_context_pane(
TypeError: register_external_context_pane() got an unexpected keyword argument 'condition'
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/syscall_args/__init__.py", line 138, in <module>
register_external_context_pane(
TypeError: register_external_context_pane() got an unexpected keyword argument 'condition'
[+] 41 extra commands added from '/home/kali/.config/gef-extras/scripts' in 0.40 seconds
Reading symbols from myapp...
(No debugging symbols found in myapp)
[*] Not a valid file format: Config `context.libc_args_path` set but it's not a directory
dev
branch?gdb -nx
version
command gives the hash for my dotfiles repo since I have that cloned in ~)I tried to run unicorn-emulate
with a program compiled for ARM64 but ran into a syntax error in a generated file.
For a minimal test case I used this program compiled with aarch64-linux-gnu-gcc
.
int main(){ return 0; }
I then ran aarch64-linux-gnu-gdb a.out
followed by target sim
, load
, starti
and emu
.
Running emu
gave me this error:
gef➤ emu
[+] Starting emulation: 0x0 → 0x4
[!] Command 'unicorn-emulate' failed to execute properly, reason: Command '[PosixPath('/usr/bin/python3'), '/tmp/gef-uc-4hoxcpjm.py']' returned non-zero exit status 1.
I then tried running the generated file outside gdb and got this error message:
% python3 /tmp/gef-uc-815xbo0q.py
File "/tmp/gef-uc-815xbo0q.py", line 18
cs = capstone.Cs(capstone.CS_ARCH_ARM64, capstone.0|capstone.CS_MODE_LITTLE_ENDIAN)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
SyntaxError: invalid syntax. Perhaps you forgot a comma?
I noticed that the 0 comes from gef_to_cs_arch
returning "0"
as the mode in the case of ARM64. Should this perhaps be "CS_MODE_ARM"
instead.
dev
branch?gdb -nx
version
in GEF.The decompile -a
command does not appear to handle the path to the binary well
This "canary" binary is located at: "/home/khaotic/labs/Linux Exploit Development/Test_Linux_Program/"
I use p/x commands a lot to show dec/hex/etc. values, but after including gef-extras
those don't work anymore, since p
is aliased by windbg to nexti
Original gdb
(gdb) p/x 1000
$1 = 0x3e8
(gdb) p/d 0xdead
$2 = 57005
Gef with gef-extras
gef➤ p/x 1000
Python Exception <class 'gdb.error'> The program is not being run.:
Error occurred in Python: The program is not being run.
gef➤ p/d 0xdead
Python Exception <class 'gdb.error'> The program is not being run.:
Error occurred in Python: The program is not being run.
dev
branch?gdb -nx
version
in GEF.GEF: (Standalone)
Blob Hash(/home/kali/.gef-283690ae9bfcecbb3deb80cd275d327c46b276b5.py): 83861546049c4c1130503dd0acb802fc8383aa45
SHA256(/home/kali/.gef-283690ae9bfcecbb3deb80cd275d327c46b276b5.py): a6b9698cdb06eefeb0a2b6ce9d31e706e75e151b4006be8d90cdcaf7f9afa1f1
GDB: 12.1
GDB-Python: 3.10
wget -q -O- https://github.com/hugsy/gef/raw/main/scripts/gef-extras.sh | sh
gdb
No need for anything, just run gdb
* What happened? This could be a description, log output, etc.
GNU gdb (Debian 12.1-4) 12.1
Copyright (C) 2022 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
GEF for linux ready, type `gef' to start, `gef config' to configure
96 commands loaded for GDB 12.1 using Python engine 3.10
[+] Configuration from '/home/kali/.gef.rc' restored
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/assemble.py", line 37, in <module>
@register
NameError: name 'register' is not defined
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/stack.py", line 11, in <module>
@register
NameError: name 'register' is not defined
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/retdec.py", line 14, in <module>
@register
NameError: name 'register' is not defined
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/ropper.py", line 11, in <module>
@register
NameError: name 'register' is not defined
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/xref-telescope.py", line 10, in <module>
@register
NameError: name 'register' is not defined
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/skel.py", line 52, in <module>
@register
NameError: name 'register' is not defined
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/ida_interact.py", line 103, in <module>
@register
NameError: name 'register' is not defined
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/bincompare.py", line 27, in <module>
@register
NameError: name 'register' is not defined
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/bytearray.py", line 18, in <module>
@register
NameError: name 'register' is not defined
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/v8-dereference.py", line 61, in <module>
@register
NameError: name 'register' is not defined
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/windbg.py", line 40, in <module>
@register
NameError: name 'register' is not defined
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/ftrace.py", line 72, in <module>
@register
NameError: name 'register' is not defined
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/peekpointers.py", line 13, in <module>
@register
NameError: name 'register' is not defined
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/remote.py", line 51, in <module>
@register
NameError: name 'register' is not defined
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/visualize_heap.py", line 144, in <module>
@register
NameError: name 'register' is not defined
Traceback (most recent call last):
File "/home/kali/.config/gef-extras/scripts/capstone.py", line 94, in <module>
@register
NameError: name 'register' is not defined
No error
dev
branch?gdb -nx
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
GEF: (Standalone)
Blob Hash(/root/.gef-2b72f5d0d9f0f218a91cd1ca5148e45923b950d5.py): 8dc57b700e3c1c85822449033a01c94dfae9e4a6
SHA256(/root/.gef-2b72f5d0d9f0f218a91cd1ca5148e45923b950d5.py): 63d3e10d38a367c3e4d37de8e0701bcdff2a4e7c9a0a4ec5d83ccb8b2fe6188d
GDB: 8.2.1
GDB-Python: 3.7
ropper.py breaks tab completion
solved #73
Repro: Uninstall the retdec-python
module, start gdb with extra_plugins_dir
set.
What'll happen is retdec will __import__("retdec")
which'll import itself, because the plugin path has been added to sys.path
. This'll cause a failure because GenericCommand
doesn't exist in this context.
I installed gef-extras via install script but when I want to use vis
command Command 'visualize-libc-heap-chunks' failed to execute properly, reason: type object 'GlibcArena' has no attribute 'TCACHE_MAX_BINS'
error occurs. Is there any suggestions?
Reported by @theguly on Discord.
The support for Binary Ninja in ida-interact
got broken during the migration to rpyc
.
So after installing gef-extras, how am I supposed to know it worked?
There is no difference in gef. Just the same as before. Also is gef-extras supposed to colorize ASM source?
Hi, please add the option for color syntax highlighting using pygmentize, for example, to highlight source code output (list command) and disassembly output (disas command).
None
No response
Can we add stack
command like pwndbg, which can show more stack.
pwndbg> stack 50
00:0000│ rsp 0x7ffd0042e6a8 —▸ 0x4015d2 (vuln+72) ◂— mov dword ptr [rbp - 0x118], eax
01:0008│ 0x7ffd0042e6b0 ◂— 0x0
... ↓ 20 skipped
16:00b0│ 0x7ffd0042e758 —▸ 0x7fc5e6d7b5c0 (_IO_2_1_stderr_) ◂— 0xfbad2087
17:00b8│ 0x7ffd0042e760 ◂— 0x0
18:00c0│ 0x7ffd0042e768 —▸ 0x7fc5e6c20525 ◂— cmp eax, -1
19:00c8│ 0x7ffd0042e770 ◂— 0x0
1a:00d0│ 0x7ffd0042e778 —▸ 0x7fc5e6d7b5c0 (_IO_2_1_stderr_) ◂— 0xfbad2087
1b:00d8│ 0x7ffd0042e780 ◂— 0x0
1c:00e0│ 0x7ffd0042e788 ◂— 0x0
.
No response
No response
GEF: rev:295cbf7afa5fd59a88c066e478bd3ef22760a6de (Git - clean)
GDB: 12.1
GDB-Python: 3.10
Ubuntu
No Stack and Code segment
I use openocd to debug my STM32 chip.
openocd command:
openocd -f /usr/share/openocd/scripts/interface/stlink.cfg -f /usr/share/openocd/scripts/target/stm32f1x.cfg
gdb-multiarch command:
file <xxx> # my ELF file
b * loop
gef-remote localhost 3333
I can see there is no Code or Stack segment.
I can see stack value and code only when i type the command like
x/10x $sp
disass $pc
dev
branch?gdb -nx
version
in GEF:gef> version
GEF: (Standalone)
Blob Hash(/home/raven/.gef-430d9d3f7efab6e55215c07bd1694c3a4c4cb6cd.py): 606f6ec058080de59f01192f5860eb5d7a51ea94
SHA256(/home/raven/.gef-430d9d3f7efab6e55215c07bd1694c3a4c4cb6cd.py): 2033abfc7e77d9a08de39b38bfee868808a7fb2d04ac6d39a0972959b06f403b
GDB: 12.1
GDB-Python: 3.10
Running gef after installing gef-extras leaves me with this:
> gdb
GEF for linux ready, type `gef' to start, `gef config' to configure
90 commands loaded and 5 functions added for GDB 12.1 in 1.38ms using Python engine 3.10
Traceback (most recent call last):
File "/home/raven/.config/gef-extras/scripts/assemble.py", line 9, in <module>
import keystone
ModuleNotFoundError: No module named 'keystone'
Traceback (most recent call last):
File "/home/raven/.config/gef-extras/scripts/ropper.py", line 9, in <module>
import ropper
File "/home/raven/.config/gef-extras/scripts/ropper.py", line 12, in <module>
@register
NameError: name 'register' is not defined
[+] 36 extra commands added from '/home/raven/.config/gef-extras/scripts' in 0.11 seconds
Cause:
The installation script for the extras (https://raw.githubusercontent.com/hugsy/gef/main/scripts/gef-extras.sh) currently only installs the requirements.txt
from /docs
, which is incomplete. The other requirements.txt
in the root of this repo seems to be ignored (even though it's having way more requirements listed).
Probably makes sense to unify those two files: #69 (nice)
Hi, I'm new to gef-extras.
I found this repo while finding source code syntax highlighting for gef.
So, I installed it and successfully ran gef without any error.
But the output source code seems same (not syntax highlighted).
I used the dev branch since I had an issue with ABC, and I just followed all the instructions.
Is there any thing I did wrong? or did I misunderstand this repository?
I'm writing a GEF extension to execute a number of instructions (specified via arguments) and perform some profiling on the binary during that time based on the instruction pointer, register values, location within the binary, and etc. Everything is working well, except for after executing a number of nexti or stepi instructions via gdb.execute("nexti",to_string=False) the GEF context repaints itself a number of times equal to the number of instructions that were executed. This makes it difficult to view the results of my custom profiling command. I temporarily disabled all the context windows I could with set_gef_setting("context.layout",...) but there are still blank lines produced for each instruction that executes. This is surely because of an attempted repaint that is triggered after nexti/stepi. If I execute a large number of instructions (say over 100) then retrieving my profiling results is a major pain. I could write to another file but I'd prefer to show results within the primary context window itself. Any suggestions?
When running a generated exploit skeleton using skel.py from within gef, the resulting temp file cannot run and gives the following output:
[DEBUG] '/home/user/Downloads/start' is statically linked, skipping GOT/PLT symbols
[*] '/home/user/Downloads/start'
Arch: i386-32-little
RELRO: No RELRO
Stack: No canary found
NX: NX disabled
PIE: No PIE (0x8048000)
[+] Starting local process '/home/user/Downloads/start': pid 17445
Traceback (most recent call last):
File "/home/user/Downloads/./getem.py", line 36, in <module>
exploit(r)
File "/home/user/Downloads/./getem.py", line 24, in exploit
attach(r)
File "/home/user/Downloads/./getem.py", line 20, in attach
gdb.attach(r, '\n'.join(["break *{:#x}".format(x) for x in bkps] + cmds))
File "/home/user/Downloads/./getem.py", line 20, in <listcomp>
gdb.attach(r, '\n'.join(["break *{:#x}".format(x) for x in bkps] + cmds))
ValueError: Unknown format code 'x' for object of type 'str'
[*] Stopped process '/home/user/Downloads/start' (pid 17445)
Windbg's x conflicts with gdb's x for examining memory. This may cause confusion for people that install gef-extras without knowing that exists.
When use skel it warns about deprecated usage
'is_big_endian' is deprecated and will be removed in a feature release. Prefer `gef.arch.endianness == Endianness.BIG_ENDIAN`
Line 78 in aa4c995
gdb -nx
version
in GEF.gef➤ version
GEF: rev:5cd33a98519ee730abb39a37890f54d6b89874d4 (Git - dirty)
SHA256(/home/arch/Documents/CTFs/lib/gef/gef.py): 106d0b99438049dfbdb42bf33844d45cc228eaa129d884d3ef168e5f4a3d59e9
GDB: 13.2
GDB-Python: 3.11
libc_function_args does not respect context.libc_args
and the error message is misleading saying that it does. The path is hardcoded and it uses __file__
but that doesn't work for me, I've added prints, and there are the values of the variables used:
GLIBC_FUNCTION_ARGS_CURRENT_FILE = PosixPath('/home/arch/Documents/CTFs/lib/gef/gef.py')
GLIBC_FUNCTION_ARGS_CURRENT_DIRECTORY = PosixPath('/home/arch/Documents/CTFs/lib/gef')
This refers to gef installation, which is a wrong path.
Hi, I'm using the latest version of GEF and GEF-Extras on x86-64 Arch Linux (WSL). The first Issue I'm having is that GEF-Extras is looking for a retdec-decompiler.py
file inside the retdec/bin
directory but in the latest release of retdec, the decompiler file is not a Python file, but an ELF binary simply called retdec-decompiler
. It was easy to circumvent though. I just renamed the file from retdec-decompiler
to retdec-decompiler.py
but then an other issue occurred. When I ran retdec -a
inside an active debug session, I got the following output:
gef➤ retdec -a
[*] retdec.py:L52 'is_big_endian' is deprecated and will be removed in a feature release. Prefer `gef.arch.endianness == Endianness.BIG_ENDIAN`
[+] Saved as '/tmp/gef/test.c'
[!] Command 'retdec' failed to execute properly, reason: [Errno 2] No such file or directory: '/tmp/gef/test.c'
I checked the log file saved in /tmp/gef/test.log
which looked like this:
/home/hakur/RetDec/bin/retdec-decompiler.py:
Mandatory arguments:
INPUT_FILE File to decompile.
General arguments:
[-o|--output FILE] Output file (default: INPUT_FILE.c if OUTPUT_FORMAT is plain, INPUT_FILE.c.json if OUTPUT_FORMAT is json|json-human).
[-s|--silent] Turns off informative output of the decompilation.
[-f|--output-format OUTPUT_FORMAT] Output format [plain|json|json-human] (default: plain).
[-m|--mode MODE] Force the type of decompilation mode [bin|raw] (default: bin).
[-p|--pdb FILE] File with PDB debug information.
[-k|--keep-unreachable-funcs] Keep functions that are unreachable from the main function.
[--cleanup] Removes temporary files created during the decompilation.
[--config] Specify JSON decompilation configuration file.
[--disable-static-code-detection] Prevents detection of statically linked code.
Selective decompilation arguments:
[--select-ranges RANGES] Specify a comma separated list of ranges to decompile (example: 0x100-0x200,0x300-0x400,0x500-0x600).
[--select-functions FUNCS] Specify a comma separated list of functions to decompile (example: fnc1,fnc2,fnc3).
[--select-decode-only] Decode only selected parts (functions/ranges). Faster decompilation, but worse results.
Raw or Intel HEX decompilation arguments:
[-a|--arch ARCH] Specify target architecture [mips|pic32|arm|thumb|arm64|powerpc|x86|x86-64].
Required if it cannot be autodetected from the input (e.g. raw mode, Intel HEX).
[-e|--endian ENDIAN] Specify target endianness [little|big].
Required if it cannot be autodetected from the input (e.g. raw mode, Intel HEX).
[-b|--bit-size SIZE] Specify target bit size [16|32|64] (default: 32).
Required if it cannot be autodetected from the input (e.g. raw mode).
[--raw-section-vma ADDRESS] Virtual address where section created from the raw binary will be placed.
[--raw-entry-point ADDRESS] Entry point address used for raw binary (default: architecture dependent).
Archive decompilation arguments:
[--ar-index INDEX] Pick file from archive for decompilation by its zero-based index.
[--ar-name NAME] Pick file from archive for decompilation by its name.
[--static-code-sigfile FILE] Adds additional signature file for static code detection.
Backend arguments:
[--backend-disabled-opts LIST] Prevents the optimizations from the given comma-separated list of optimizations to be run.
[--backend-enabled-opts LIST] Runs only the optimizations from the given comma-separated list of optimizations.
[--backend-call-info-obtainer NAME] Name of the obtainer of information about function calls [optim|pessim] (Default: optim).
[--backend-var-renamer STYLE] Used renamer of variables [address|hungarian|readable|simple|unified] (Default: readable).
[--backend-no-opts] Disables backend optimizations.
[--backend-emit-cfg] Emits a CFG for each function in the backend IR (in the .dot format).
[--backend-emit-cg] Emits a CG for the decompiled module in the backend IR (in the .dot format).
[--backend-keep-all-brackets] Keeps all brackets in the generated code.
[--backend-keep-library-funcs] Keep functions from standard libraries.
[--backend-no-time-varying-info] Do not emit time-varying information, like dates.
[--backend-no-var-renaming] Disables renaming of variables in the backend.
[--backend-no-compound-operators] Do not emit compound operators (like +=) instead of assignments.
[--backend-no-symbolic-names] Disables the conversion of constant arguments to their symbolic names.
Decompilation process arguments:
[--timeout SECONDS]
[--max-memory MAX_MEMORY] Limits the maximal memory used by the given number of bytes.
[--no-memory-limit] Disables the default memory limit (half of system RAM).
LLVM IR debug arguments:
[--print-after-all] Dump LLVM IR to stderr after every LLVM pass.
[--print-before-all] Dump LLVM IR to stderr before every LLVM pass.
Other arguments:
[-h|--help] Show this help.
[--version] Show RetDec version.
The log doesn't seem to help a lot. Though, it does seem like the decompiler is missing some mandatory command-line arguments or something along those lines.
Follow-up on hugsy/gef#854 to address the bugs specific to visualize-heap
.
Depends on:
Also cc @0xricksanchez
As discussed on Discord:
Import structures from IDB file (https://github.com/williballenthin/python-idb)
Maybe Binja BNDB too (??)
Hi, I have installed the gef-extras using the install script way, and the script finished successfully. But when I invoke the syscall-args
function,
I am using the python3.9 environment. I have already googled all over the internet, but found nothing really useful tips. Is this a compatible issue due to my py environtment?
─────────────────────────────────────────────────────────────────────────────────────────────── source:malloc_playground.c+10 ────
5 {
6
7
8 char *p = malloc(0x800);
9 int *d = p;
// p=0x00007ffffffedf20 → [...] → 0x0000000000000000
→ 10 free(p);
11 printf("%p\n",d);
12 }
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "malloc", stopped 0x80011b2 in main (), reason: SINGLE STEP
─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x80011b2 → main(argc=0x1, argv=0x7ffffffee028)
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
gef➤ visualize-libc-heap-chunks
[!] Command 'visualize-libc-heap-chunks' failed to execute properly, reason: 'GlibcChunk' object has no attribute 'base_address'
It seems that it fails since the GlibcChunk class seems to have changed since this plugin was written.
By changing some of the ```visualize_heap.py`` lines just to test if there's a misconfig on my end it seems to work (partially at least...)
115 colors = [ "cyan", "red", "yellow", "blue", "green" ]
116 cur = GlibcChunk(base, from_base=True)
117 gef_print("{}".format(cur.__dict__))
118 idx = 0
119
120 known_ranges = collect_known_ranges()
121 known_values = collect_known_values()
122
123 while True:
124 base = cur.chunk_base_address
gef➤ visualize-libc-heap-chunks
gef➤ visualize-libc-heap-chunks
{'ptrsize': 8, 'chunk_base_address': 134238208, 'address': 134238224, 'size_addr': 134238216, 'prev_size_addr': 134238208}
0x0000000008005000 0x0000000000000000 ........ Chunk[0]
0x0000000008005008 0x0000000000000291 ........ 656|PREV_INUSE
0x0000000008005010 0x0000000000000000 ........
↓
[...]
↓
0x0000000008005288 0x0000000000000000 ........
[!] Command 'visualize-libc-heap-chunks' failed to execute properly, reason: 'GlibcChunk' object has no attribute 'data_address'
I am using pwndbg in addition to GEF and I really like the "vis_heap_chunks" feature of pwndbg to visualize the heap. (https://browserpwndbg.readthedocs.io/en/docs/commands/heap/vis_heap_chunks/)
The color printout with ASCII-art arrows that annotate the various heap chunks is very helpful in my opinion.
I'd love to see that kind of display in GEF as well :-D
Thanks for considering!
Upon running retdec -a
, it outputs some rather ugly, un-indented code that is all crammed together, making it extremely hard to read. Especially for more complicated programs.
However, I noticed that despite the ugly output, it actually saves a nice pretty version of the indented code with useful comments to /tmp/gef/binary.c.
Perhaps we could modify it a little to print nicer code so there is no need for the user to struggle to read the whole chunk of crammed code or take the extra step to read from the binary.c file that the prettified code was saved to.
I may make a PR on this if no one else does when I have the time :)
new command plt
idea : dump PLT address + values
section can be filtered via args[1] like plt libc
Reading symbols from start...
(No debugging symbols found in start)
GEF for linux ready, type `gef' to start, `gef config' to configure
93 commands loaded for GDB 9.2 using Python engine 3.8
[*] 3 commands could not be loaded, run `gef missing` to know why.
[+] Configuration from '/home/k/.gef.rc' restored
Traceback (most recent call last):
File "/home/k/git/dev/gef-extras/scripts/error.py", line 8, in <module>
class ErrorCommand(GenericCommand):
File "~/git/dev/gef/gef.py", line 4552, in register_external_command
File "~/git/dev/gef/gef.py", line 10584, in load
File "~/git/dev/gef/gef.py", line 10584, in <listcomp>
AttributeError: type object 'ABCMeta' has no attribute '_cmdline_'
Traceback (most recent call last):
File "/home/k/git/dev/gef-extras/scripts/xref-telescope.py", line 3, in <module>
class XRefTelescopeCommand(SearchPatternCommand):
File "~/git/dev/gef/gef.py", line 4552, in register_external_command
File "~/git/dev/gef/gef.py", line 10584, in load
File "~/git/dev/gef/gef.py", line 10584, in <listcomp>
AttributeError: type object 'ABCMeta' has no attribute '_cmdline_'
Traceback (most recent call last):
File "/home/k/git/dev/gef-extras/scripts/stack.py", line 6, in <module>
class CurrentFrameStack(GenericCommand):
File "~/git/dev/gef/gef.py", line 4552, in register_external_command
File "~/git/dev/gef/gef.py", line 10584, in load
File "~/git/dev/gef/gef.py", line 10584, in <listcomp>
AttributeError: type object 'ABCMeta' has no attribute '_cmdline_'
Traceback (most recent call last):
File "/home/k/git/dev/gef-extras/scripts/ida_interact.py", line 364, in <module>
register_external_command(cmd)
File "~/git/dev/gef/gef.py", line 4552, in register_external_command
File "~/git/dev/gef/gef.py", line 10584, in load
File "~/git/dev/gef/gef.py", line 10584, in <listcomp>
AttributeError: type object 'ABCMeta' has no attribute '_cmdline_'
Traceback (most recent call last):
File "/home/k/git/dev/gef-extras/scripts/peekpointers.py", line 2, in <module>
class PeekPointers(GenericCommand):
File "~/git/dev/gef/gef.py", line 4552, in register_external_command
File "~/git/dev/gef/gef.py", line 10584, in load
File "~/git/dev/gef/gef.py", line 10584, in <listcomp>
AttributeError: type object 'ABCMeta' has no attribute '_cmdline_'
Traceback (most recent call last):
File "/home/k/git/dev/gef-extras/scripts/ftrace.py", line 57, in <module>
class FtraceCommand(GenericCommand):
File "~/git/dev/gef/gef.py", line 4552, in register_external_command
File "~/git/dev/gef/gef.py", line 10584, in load
File "~/git/dev/gef/gef.py", line 10584, in <listcomp>
AttributeError: type object 'ABCMeta' has no attribute '_cmdline_'
Traceback (most recent call last):
File "/home/k/git/dev/gef-extras/scripts/skel.py", line 48, in <module>
class ExploitTemplateCommand(GenericCommand):
File "~/git/dev/gef/gef.py", line 4552, in register_external_command
File "~/git/dev/gef/gef.py", line 10584, in load
File "~/git/dev/gef/gef.py", line 10584, in <listcomp>
AttributeError: type object 'ABCMeta' has no attribute '_cmdline_'
Traceback (most recent call last):
File "/home/k/git/dev/gef-extras/scripts/v8-dereference.py", line 40, in <module>
class V8DereferenceCommand(GenericCommand):
File "~/git/dev/gef/gef.py", line 4552, in register_external_command
File "~/git/dev/gef/gef.py", line 10584, in load
File "~/git/dev/gef/gef.py", line 10584, in <listcomp>
AttributeError: type object 'ABCMeta' has no attribute '_cmdline_'
Traceback (most recent call last):
File "/home/k/git/dev/gef-extras/scripts/bincompare.py", line 19, in <module>
class BincompareCommand(GenericCommand):
File "~/git/dev/gef/gef.py", line 4552, in register_external_command
File "~/git/dev/gef/gef.py", line 10584, in load
File "~/git/dev/gef/gef.py", line 10584, in <listcomp>
AttributeError: type object 'ABCMeta' has no attribute '_cmdline_'
Traceback (most recent call last):
File "/home/k/git/dev/gef-extras/scripts/visualize_heap.py", line 92, in <module>
class VisualizeHeapChunksCommand(GenericCommand):
File "~/git/dev/gef/gef.py", line 4552, in register_external_command
File "~/git/dev/gef/gef.py", line 10584, in load
File "~/git/dev/gef/gef.py", line 10584, in <listcomp>
gdb -nx
version
in GEF.Automatic installation of gef-extra
fails, because the latest_tag
defaults to a version where libc.txt.gz
doesn't exist in the repository.
gef
with bash -c "$(curl -fsSL https://gef.blah.cat/sh)"
and gef-extras
with wget -q -O- https://github.com/hugsy/gef/raw/main/scripts/gef-extras.sh | sh
@CuckooEXE ➜ ~ $ wget -q -O- https://github.com/hugsy/gef/raw/main/scripts/gef-extras.sh | sh
Cloning into '/home/codespace/.config/gef-extras'...
remote: Enumerating objects: 1302, done.
remote: Counting objects: 100% (367/367), done.
remote: Compressing objects: 100% (134/134), done.
remote: Total 1302 (delta 272), reused 238 (delta 229), pack-reused 935
Receiving objects: 100% (1302/1302), 1.80 MiB | 22.71 MiB/s, done.
Resolving deltas: 100% (707/707), done.
Note: switching to 'a669c30255a98a101e6c6883a8a071d3d5286a22'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by switching back to a branch.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -c with the switch command. Example:
git switch -c <new-branch-name>
Or undo this operation with:
git switch -
Turn off this advice by setting config variable advice.detachedHead to false
Requirement already up-to-date: retdec-python in ./.local/lib/python3.8/site-packages (from -r /home/codespace/.config/gef-extras/requirements.txt (line 1)) (0.5.2)
Requirement already up-to-date: pygments in ./.local/lib/python3.8/site-packages (from -r /home/codespace/.config/gef-extras/requirements.txt (line 2)) (2.17.2)
Requirement already up-to-date: rpyc in ./.local/lib/python3.8/site-packages (from -r /home/codespace/.config/gef-extras/requirements.txt (line 3)) (5.3.1)
Requirement already up-to-date: keystone-engine in ./.local/lib/python3.8/site-packages (from -r /home/codespace/.config/gef-extras/requirements.txt (line 4)) (0.9.2)
Requirement already up-to-date: capstone in ./.local/lib/python3.8/site-packages (from -r /home/codespace/.config/gef-extras/requirements.txt (line 5)) (5.0.1)
Requirement already up-to-date: unicorn in ./.local/lib/python3.8/site-packages (from -r /home/codespace/.config/gef-extras/requirements.txt (line 6)) (2.0.1.post1)
Requirement already up-to-date: ropper in ./.local/lib/python3.8/site-packages (from -r /home/codespace/.config/gef-extras/requirements.txt (line 7)) (1.13.8)
Requirement already satisfied, skipping upgrade: requests in /usr/lib/python3/dist-packages (from retdec-python->-r /home/codespace/.config/gef-extras/requirements.txt (line 1)) (2.22.0)
Requirement already satisfied, skipping upgrade: plumbum in ./.local/lib/python3.8/site-packages (from rpyc->-r /home/codespace/.config/gef-extras/requirements.txt (line 3)) (1.8.2)
Requirement already satisfied, skipping upgrade: filebytes>=0.10.0 in ./.local/lib/python3.8/site-packages (from ropper->-r /home/codespace/.config/gef-extras/requirements.txt (line 7)) (0.10.2)
GEF for linux ready, type `gef' to start, `gef config' to configure
88 commands loaded and 5 functions added for GDB 9.2 in 0.00ms using Python engine 3.8
file libc.txt.gz cannot be found. download it from https://www.gnu.org/software/libc/manual/text/libc.txt.gz
Traceback (most recent call last):
File "/home/codespace/.config/gef-extras/scripts/libc_function_args/tables/generate_glibc_args_json.py", line 56, in <module>
fh = gzip.open(file_name, "r")
File "/usr/lib/python3.8/gzip.py", line 58, in open
binary_file = GzipFile(filename, gz_mode, compresslevel)
File "/usr/lib/python3.8/gzip.py", line 173, in __init__
fileobj = self.myfileobj = builtins.open(filename, mode or 'rb')
FileNotFoundError: [Errno 2] No such file or directory: 'libc.txt.gz'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/codespace/.config/gef-extras/scripts/libc_function_args/tables/generate_glibc_args_json.py", line 63, in <module>
sys.exit(-1)
File "~/.gef-.py", line 446, in FakeExit
RuntimeWarning
[+] 42 extra commands added in 0.32 seconds
[+] Configuration saved to '/home/codespace/.gef.rc'
@CuckooEXE ➜ ~ $ gdb
GNU gdb (Ubuntu 9.2-0ubuntu1~20.04.1) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
GEF for linux ready, type `gef' to start, `gef config' to configure
88 commands loaded and 5 functions added for GDB 9.2 in 0.00ms using Python engine 3.8
file libc.txt.gz cannot be found. download it from https://www.gnu.org/software/libc/manual/text/libc.txt.gz
Traceback (most recent call last):
File "/home/codespace/.config/gef-extras/scripts/libc_function_args/tables/generate_glibc_args_json.py", line 56, in <module>
fh = gzip.open(file_name, "r")
File "/usr/lib/python3.8/gzip.py", line 58, in open
binary_file = GzipFile(filename, gz_mode, compresslevel)
File "/usr/lib/python3.8/gzip.py", line 173, in __init__
fileobj = self.myfileobj = builtins.open(filename, mode or 'rb')
FileNotFoundError: [Errno 2] No such file or directory: 'libc.txt.gz'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/codespace/.config/gef-extras/scripts/libc_function_args/tables/generate_glibc_args_json.py", line 63, in <module>
sys.exit(-1)
File "~/.gef-.py", line 446, in FakeExit
RuntimeWarning
[+] 42 extra commands added in 0.34 seconds
gef➤ quit
N/A
gef-extras
not installed properlygef-extras
should installed properlyAnyway, I think you just need to bump up the latest release tag so it installs properly
Hi,
When submitting the command skeleton local or remote i get the following error:
[!] Command 'exploit-template' failed to execute properly, reason: tuple index out of range
I'm having a small issue when willing to display the stack being in the main method.
It would seem that this condition is executed when main
's stackframe is selected:
Lines 18 to 22 in 3d83535
Which does not make sense to me, because when I execute info frame
, it clearly shows that the frame has a calling frame (thus frame.older()
should not return None
)
Stack level 0, frame at 0xffffce20:
eip = 0x804863e in simple_echo; saved eip = 0x8048700
called by frame at 0xffffcff0
Arglist at 0xffffce18, args:
Locals at 0xffffce18, Previous frame's sp is 0xffffce20
Saved registers:
ebp at 0xffffce18, eip at 0xffffce1c
Edit: After a bit more investigation, I have found a way to fix it and proposed a PR (#67), the spoiler below contains the former content of the issue
# Could something like this exist?
stack_hi = align_address(int(frame.read_register("bp")))
If someone has the code to find the HI address of the frame, I'm open to make a PR.
Is your feature request related to a problem? Please describe.
Im always frustrated when I have to download https://www.gnu.org/software/libc/manual/text/libc.txt.gz everytime I work on a new project/switch to a different dir. I hope there can be a way to read the extracted json from a fixed path in env var.
Describe the solution you'd like
Use the path defined in context.libc_args_path
in gef config
.
file libc.txt.gz cannot be found. download it from https://www.gnu.org/software/libc/manual/text/libc.txt.gz
Traceback (most recent call last):
File "/root/.config/gef-extras/scripts/libc_function_args/tables/generate_glibc_args_json.py", line 56, in <module>
fh = gzip.open(file_name, "r")
File "/usr/lib/python3.10/gzip.py", line 58, in open
binary_file = GzipFile(filename, gz_mode, compresslevel)
File "/usr/lib/python3.10/gzip.py", line 174, in __init__
fileobj = self.myfileobj = builtins.open(filename, mode or 'rb')
FileNotFoundError: [Errno 2] No such file or directory: 'libc.txt.gz'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/root/.config/gef-extras/scripts/libc_function_args/tables/generate_glibc_args_json.py", line 63, in <module>
sys.exit(-1)
File "/root/.gef-2024.01.py", line 446, in FakeExit
raise RuntimeWarning
RuntimeWarning
After installing GEF extras I am no longer able to use GEF. When I try to run a file, I just get [*] No debugging session active
.
[michael@thinkpad ~/Code]$ gdb ./a
GEF for linux ready, type `gef' to start, `gef config' to configure
92 commands loaded for GDB 10.1 using Python engine 3.9
[+] Configuration from '/home/michael/.gef.rc' restored
[+] 31 extra commands added from '/home/michael/.config/gef-extras/scripts'
Reading symbols from a...
(No debugging symbols found in a)
gef➤ b main
Breakpoint 1 at 0x113d
gef➤ r
[*] No debugging session active
gef➤ r
[*] No debugging session active
The binary "a" is just a basic hello world, and my .gef.rc
is here (it is just the default). Removing ~/.gef.rc
makes GEF work fine.
[michael@thinkpad ~]$ gdb ./Code/a
GEF for linux ready, type `gef' to start, `gef config' to configure
92 commands loaded for GDB 10.1 using Python engine 3.9
Reading symbols from ./Code/a...
(No debugging symbols found in ./Code/a)
gef➤ b main
Breakpoint 1 at 0x113d
gef➤ r
Starting program: /home/michael/Code/a
Breakpoint 1, 0x000055555555513d in main ()
$ gdb /bin/ls
GEF for linux ready, type gef' to start,
gef config' to configure
80 commands loaded for GDB 10.1 using Python engine 3.9
[+] Configuration from '/home/kali/.gef.rc' restored
:228: RuntimeWarning: greenlet.greenlet size changed, may indicate binary incompatibility. Expected 144 from C header, got 152 from PyObject
:228: RuntimeWarning: greenlet.greenlet size changed, may indicate binary incompatibility. Expected 144 from C header, got 152 from PyObject
:228: RuntimeWarning: greenlet.greenlet size changed, may indicate binary incompatibility. Expected 144 from C header, got 152 from PyObject
:228: RuntimeWarning: greenlet.greenlet size changed, may indicate binary incompatibility. Expected 144 from C header, got 152 from PyObject
[+] 29 extra commands added from '/home/kali/gef-extras/scripts'
Reading symbols from /bin/ls...
(No debugging symbols found in /bin/ls)
$ uname -a
Linux kali 5.9.0-kali1-amd64 #1 SMP Debian 5.9.1-1kali2 (2020-10-29) x86_64 GNU/Linux
Download the last Kali-Linux-2020.4-vmware-amd64
$ sudo apt-get update
$ sudo apt install git cmake gcc g++ pkg-config libglib2.0-dev python3-pip build-essential python3 python3-dev gdb libcapstone3 libcapstone-dev cmake
The last kali use python3.9 in GDB (GDB 10.1 using Python engine 3.9) then:
$ sudo python3.9 -m pip install unicorn capstone filebytes keystone-engine ropper rpyc retdec-python
$ sh -c "$(wget http://gef.blah.cat/sh -O -)"
$ wget -q -O- https://github.com/hugsy/gef/raw/master/scripts/gef-extras.sh | sh
Now use: $ gdb /bin/ls
If I remove ida_interact.py I dont see this warning
TypeError: 'NoneType' object is not iterable
───────────────────────────── Detailed stacktrace ──────────────────────────────
↳ File "/home/b0x41s/gef-extras/scripts/skel.py", line 68, in do_invoke()
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.6 LTS
Release: 16.04
Codename: xenial
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.