Comments (9)
hugsy
commented on May 8, 2024
I'll try to reproduce.
Thanks!
from gef.
hugsy
commented on May 8, 2024
Hi @lieanu
Can you provide more details? I cannot reproduce the bug :
gef➤ cs greetz
0x00000000004005e0 push rbp
0x00000000004005e1 mov rbp, rsp
0x00000000004005e4 sub rsp, 0x50
0x00000000004005e8 mov rax, qword ptr fs:[0x28]
0x00000000004005f1 mov qword ptr [rbp - 8], rax
0x00000000004005f5 mov qword ptr [rbp - 0x28], rdi
0x00000000004005f9 lea rax, qword ptr [rbp - 0x20]
[...]
gef➤ trace-run 0x40066a
[+] Tracing from 0x4005e0 to 0x40066a (max depth=1)
Hello fooo
[+] Done, logfile stored as './gef-trace-0x4005e0-0x40066a.txt'
[+] Hint: import logfile with `ida_color_gdb_trace.py` script in IDA to visualize path
gef➤ !cat ./gef-trace-0x4005e0-0x40066a.txt
#
# Execution tracing of /home/hugsy/labs/vuln-x64-canary
# Start address: 0x00000000004005e0
# End address: 0x000000000040066a
# Recursion level: 1
# automatically generated by gef.py
#
0x00000000004005e1 in greetz ()
0x00000000004005e4 in greetz ()
0x00000000004005e8 in greetz ()
0x00000000004005f1 in greetz ()
[...]
0x0000000000400669 in greetz ()
0x000000000040066a in greetz ()
from gef.
lieanu
commented on May 8, 2024
Binary:https://github.com/ctfs/write-ups-2015/tree/master/32c3-ctf-2015/pwn/readme-200
0x4007eb push rbx
0x4007ec sub rsp,0x118 <- $pc
0x4007f3 mov rax,QWORD PTR fs 0x28
0x4007fc mov QWORD PTR [rsp+0x108],rax
0x400804 xor eax,eax
0x400806 call 0x4006b0 <__printf_chk@plt>
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------[trace]--
#0 0x00000000004007ec in ?? ()
#1 0x0000000000000000 in ?? ()
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
gef> i-search)`trace-ru': trace-run 0x000000000040088A
[+] Tracing from 0x4007ec to 0x40088a (max depth=1)
Hello!
What's your name? a
Nice to meet you, a.
Please overwrite the flag: a
Thank you, bye!
[+] Done, logfile stored as './gef-trace-0x4007ec-0x40088a.txt'
[+] Hint: import logfile with `ida_color_gdb_trace.py` script in IDA to visualize path
gef> !cat gef-trace-0x4007ec-0x40088a.txt
#
# Execution tracing of /mnt/hgfs/lieanu/ctf/32c3/pwn/readme/readme.bin
# Start address: 0x00000000004007ec
# End address: 0x000000000040088a
# Recursion level: 1
# automatically generated by gef.py
#
0x00000000004007f3 in ?? ()
[Inferior 1 (process 28713) exited normally]
[*] No debugging session active
#
# Execution interrupted at address 0x00000000004007f3
# Exception: The program has no registers now.
#
gef>
from gef.
hugsy
commented on May 8, 2024
On Debian x64, I still cannot reproduce. I get this:
Breakpoint 1, 0x00000000004007eb in ?? ()
gef➤ trace-run 0x000000000040088A
[+] Tracing from 0x4007eb to 0x40088a (max depth=1)
Hello!
What's your name? foo
Nice to meet you, foo.
Please overwrite the flag: foo
Thank you, bye!
[+] Done, logfile stored as './gef-trace-0x4007eb-0x40088a.txt'
[+] Hint: import logfile with `ida_color_gdb_trace.py` script in IDA to visualize path
gef➤ !cat ./gef-trace-0x4007eb-0x40088a.txt
#
# Execution tracing of /home/hugsy/labs/readme/readme.bin
# Start address: 0x00000000004007eb
# End address: 0x000000000040088a
# Recursion level: 1
# automatically generated by gef.py
#
0x00000000004007ec in ?? ()
0x00000000004007f3 in ?? ()
0x00000000004007fc in ?? ()
0x0000000000400804 in ?? ()
0x0000000000400806 in ?? ()
0x00000000004006b0 in __printf_chk@plt ()
0x000000000040080b in ?? ()
0x000000000040080e in ?? ()
0x00000000004006c0 in _IO_gets@plt ()
0x0000000000400813 in ?? ()
[...]
If you do not see any exception message in your output file, it means that the command was successful. Does it work when you stepi on this instruction?
On my side, I will try on a different distro when I have a chance.
from gef.
lieanu
commented on May 8, 2024
@hugsy stepi works on this instr, it's a weird bug 😭
Ubuntu 14.04 x64
Distributor ID: Ubuntu
Description: Ubuntu 14.04.3 LTS
Release: 14.04
Codename: trusty
Linux ubuntu 3.19.0-39-generic #44~14.04.1-Ubuntu SMP Wed Dec 2 10:00:35 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
from gef.
hugsy
commented on May 8, 2024
What is your version of gdb and Python ?
I cannot reproduce on latest Centos either, will try Ubuntu next.
from gef.
lieanu
commented on May 8, 2024
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
python 2.7 and 3.4 both failed.
from gef.
hugsy
commented on May 8, 2024
Ok so this is nuts, using exactly your setup (ubuntu 14.04, gdb 7.7.1-0ubuntu5~14.04.2 and python 3.4), I can reproduce it.
But no problem on 14.10 and 15.04...
Anyway, I can investigate but not sure I'll come up with a clean solution.
from gef.
hugsy
commented on May 8, 2024
I spent wayyy too long looking for a rational explanation for it not to work in vain. The problem comes from gdb Python API, not gef.
I would recommend that either you start tracing after the 04007F3 mov rax, fs:28h or even better upgrade your gdb & gdb-python.
If you can come up with a clean workaround, re-open and post it here. I'll be happy to integrate it.
Cheers
from gef.
Related Issues (20)
- gef invoked oom-killer for core file from a mem-leak process HOT 7
- how to use gef-remote command when debuging by gdb-multiarch, and target is localhost:1234 HOT 1
- Permission Error while loading gef in GDB HOT 1
- display ascii char with x/c command HOT 2
- how to show filename:lineNumber in trace view ? HOT 4
- [Bug] vmmap command not showing memory regions of QEMU emulated x86-64 binary HOT 2
- any possible to add vmmap to show kernel memory in qemu? HOT 6
- bp_prefix not set on breakpoints declared with function name instead of hex_address ( HOT 5
- [Bug] Weird memory mapping with rr replay HOT 3
- [Bug] pyenv site_packages_dir assertion fails when setting multiple python versions in pyenv HOT 5
- [Bug] GEF installation error with GDB 8.2 with Python3.6 bindings HOT 3
- [Bug] read_cstring length can be set so that it reads into an unmapped region HOT 1
- [Bug] Missing update of local `/proc/{pid}/maps` in remote session when new shared library is loaded HOT 5
- [Bug] cant open under ubuntu 16.0.4 python 3.6 HOT 2
- Question about pyenv HOT 5
- [Docs] Add `pre-commit` documentation
- sth. about function and UI HOT 1
- gef for windows HOT 1
- The Gef Frame Is small HOT 1
- [Bug] AssertionError HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gef.