You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be nice to have a way to telescope memory so that it would recognize and dereference pointers with switched endianess.
I hacked such feature around with the code below, but it should probably be an --endian flag, it should probably switch the endianess from current one to the other one.
Or maybe it should try dereferencing with both endianess and mark the other endianess somehow? Like 0x1234< or 0x1234>?
diff --git a/pwndbg/chain.py b/pwndbg/chain.py
index 88d67d37..a7ff8f7f 100755
--- a/pwndbg/chain.py+++ b/pwndbg/chain.py@@ -35,7 +35,7 @@ def get(
hard_stop=None,
hard_end=0,
include_start=True,
- safe_linking=False,+ safe_linking=False, endian=0
):
"""
Recursively dereferences an address. For bare metal, it will stop when the address is not in any of vmmap pages to avoid redundant dereference.
@@ -75,7 +75,7 @@ def get(
if not pwndbg.gdblib.abi.linux and not pwndbg.gdblib.vmmap.find(address):
break
- next_address = int(pwndbg.gdblib.memory.poi(pwndbg.gdblib.typeinfo.ppvoid, address))+ next_address = int(pwndbg.gdblib.memory.poi(pwndbg.gdblib.typeinfo.ppvoid, address, endian=endian))
address = next_address ^ ((address >> 12) if safe_linking else 0)
address &= pwndbg.gdblib.arch.ptrmask
result.append(address)
@@ -96,7 +96,7 @@ config_contiguous = theme.add_param(
)
-def format(value, limit=LIMIT, code=True, offset=0, hard_stop=None, hard_end=0, safe_linking=False):+def format(value, limit=LIMIT, code=True, offset=0, hard_stop=None, hard_end=0, safe_linking=False, endian=0):
"""
Recursively dereferences an address into string representation, or convert the list representation
of address dereferences into string representation.
@@ -123,7 +123,7 @@ def format(value, limit=LIMIT, code=True, offset=0, hard_stop=None, hard_end=0,
if isinstance(value, list):
chain = value
else:
- chain = get(value, limit, offset, hard_stop, hard_end, safe_linking=safe_linking)+ chain = get(value, limit, offset, hard_stop, hard_end, safe_linking=safe_linking, endian=endian)
arrow_left = c.arrow(f" {config_arrow_left} ")
arrow_right = c.arrow(f" {config_arrow_right} ")
diff --git a/pwndbg/commands/telescope.py b/pwndbg/commands/telescope.py
index a3235199..92413dc8 100644
--- a/pwndbg/commands/telescope.py+++ b/pwndbg/commands/telescope.py@@ -240,7 +240,7 @@ def telescope(
) + " ".join(
(
regs_or_frame_offset(addr, bp, regs, longest_regs),
- pwndbg.chain.format(addr),+ pwndbg.chain.format(addr, endian=1),
)
)
diff --git a/pwndbg/gdblib/memory.py b/pwndbg/gdblib/memory.py
index b8ec005f..3493715d 100644
--- a/pwndbg/gdblib/memory.py+++ b/pwndbg/gdblib/memory.py@@ -299,12 +299,17 @@ def s64(addr: int) -> int:
# TODO: `readtype` is just `int(poi(type, addr))`
-def poi(type: gdb.Type, addr: int | gdb.Value) -> gdb.Value:+def poi(type: gdb.Type, addr: int | gdb.Value, endian=0) -> gdb.Value:
"""poi(addr) -> gdb.Value
Read one ``gdb.Type`` object at the specified address.
"""
- return gdb.Value(addr).cast(type.pointer()).dereference()+ v = gdb.Value(addr).cast(type.pointer()).dereference()+ if not endian:+ return v+ from pwn import u64, p64+ return u64(p64(int(v)),endian='big')+
@pwndbg.lib.cache.cache_until("stop")
The text was updated successfully, but these errors were encountered:
It would be nice to have a way to
telescopememory so that it would recognize and dereference pointers with switched endianess.I hacked such feature around with the code below, but it should probably be an
--endianflag, it should probably switch the endianess from current one to the other one.Or maybe it should try dereferencing with both endianess and mark the other endianess somehow? Like
0x1234<or0x1234>?The text was updated successfully, but these errors were encountered: