2024.02.14 Release
Here is the 2024.02.14 release. Thanks to everyone who contributed!
Among others, this release brings GOT tracking mechanism, more step/break commands, mmap/mprotect syscalls, printing of linked lists, displaying of threads in context for multithreaded programs, lots and lots of fixes and more!
The release files can be used to install Pwndbg as self-contained (along with GDB, Python and all deps) package on many distros and x86-64 and arm64/aarch64 architectures. The *-portable.tar.gz
archives can be just unpacked and run.
Below is a summary of changes, while the full changelog can be found further on.
Note: this release requires Python >= 3.8 (which means Ubuntu 18.04 or Debian 10 are not supported anymore).
Summary of changes
General changes:
- Added portable Pwndbg archive to release as well as nix, rpm, deb, arch and alpine packages
- Added
$base(objfile_name)
function to compute base address of given memory page, e.g.print $base(libc)+0x123
will return base of libc + 0x123 - Context will now display threads information for multi-threaded programs
- this is limited by
context-max-threads
parameter (useset context-max-threads <N>
to change)
- this is limited by
- Added glibc heap exploitation support for libc 2.12+ (#1823)
- Added support for FreeBSD (#1832)
- The
gdb-pt-dump
git submodule was moved to a python dependency (#1929)
New commands:
track-got {enable,disable,info,query} ...
can be used to track (#1971)stepuntilasm <asm>
will step through program instructions until a matching part of instruction string is found (#1798)break-if-taken <loc>
andbreak-if-not-taken <loc>
will setup a breakpoint on given location of a branch instruction which will stop the program if the branch was taken or not (#1799)plist ...
can be used to print linked lists (#1795, #1817)mmap ...
andmprotect ...
commands will invoke themmap
ormprotect
syscalls with given arguments in the debugged program- note: this works by assembling a shellcode for the syscall call, placing the code on current PC/IP address, executing the syscall and reverting back the register and memory changes made
thread
command to display threads informationhi
command to check if an address belongs to a glibc heap chunk (#1938)tips
to display tips about Pwndbg usagesigreturn <address>
to print sigreturn x86-64 frame (#1940)
Changed commands:
- Added
telescope --frame
to display stack frame information (requires BP and SP to point to the same memory region) (#1855) - Glibc heap commands now also print real chunk size (#1748)
- Added
spray --only-funcptrs | -x
flag to spray only the memory addresses where values point to executable memory pages (#1809) - Added
-A <N>
and-B <N>
flags tovmmap
to display N entries after/before the filtered page (#1810) - The linux kernel memory pages figured out by gdb-pt-dump can now be filtered in
vmmap
(they have unique names) (#1837) - Added new arguments/options to the
search
memory command (#1867) telescope
output can now show frame pointer offsets (#1925)distance <single-address>
now prints offset from memory page start address (#1926)- Added
stack -i | --inverse
to show stack in reverse order (#1978) - Added new positional argument to
cyclic
command to save its output to file (so it can later be used, e.g. asrun < input
) (#2009)
Detailed changelog (from git log)
- Print real size in heap command #1748 by @ntsleep in #1781
- Add
stepuntilasm
command by @mbrla0 in #1798 - Adds
break-if-taken
andbreak-if-not-taken
by @mbrla0 in #1799 - Fix #1805: clear stop caches on gdblib.bpoint.Breakpoint by @disconnect3d in #1806
- Update capstone to 5.0.0.post1: fixes #1554, #1419 by @disconnect3d in #1808
- Fix #1803: break_next_call: fix regex compilation by @disconnect3d in #1807
- Added
--only-funcptrs
feature to spray comand by @bog2n in #1809 - Add a
plist
command to print linked lists by @mbrla0 in #1795 - Fix glibc-fastbin-bug option of find_fake_fast by @SlidyBat in #1774
- Implement
-B
and-A
invmmap
by @feelfreelinux in #1810 - Remove support for Debian 10 by @disconnect3d in #1812
- Run CI lint only on Ubuntu 22.04 by @disconnect3d in #1813
- Fix tests status in README by triggering CI on push to dev branch by @disconnect3d in #1811
- Remove support for Ubuntu 18.04 by @disconnect3d in #1814
- requirements.txt: remove Python <= 3.7 support by @disconnect3d in #1816
- Rename chain command to plist (print list) by @disconnect3d in #1817
- review fixes for spray command + OnlyWhenRunning by @disconnect3d in #1819
- Fix golang check in dev-setup.sh by @bog2n in #1825
- config: change 'Def' to 'Default' by @disconnect3d in #1827
- heap_config: validate glibc version when 'glibc' param is set by @disconnect3d in #1826
- get_one_instruction: clear "cont" cache on mem/reg changed by @disconnect3d in #1828
- Added thread section to context by @bog2n in #1829
vmmap -A / -B
improvements by @feelfreelinux in #1830- add libc 2.12+ functionality for structs.py by @shenhavmor10 in #1823
- Add support for FreeBSD by @RHL120 in #1832
- vmmap: make linux kernel pages searchable via name by @disconnect3d in #1837
- gdblib.memory.write: revert cache-clear since its already fired by @disconnect3d in #1838
- emu/emulator.py: small code cleanup by @disconnect3d in #1839
- Update code to Python >= 3.8 by @disconnect3d in #1840
- code cleanup: use lexer.py from pwntools by @disconnect3d in #1842
- pacman: only install not-installed deps by @Xeonacid in #1845
- Enable thread context by default by @bog2n in #1844
- enhance decompiler compatible problem with rizin and radare2 by @Squirre17 in #1846
- Added more tips by @bog2n in #1852
- Fixed null thread name by @bog2n in #1850
- Drop support for gdb lt 9.2 #1854 by @dmur1 in #1856
- Warn user about unmet dependencies (#1791) by @kamil-s-solecki in #1853
- Add tips command (#1833) by @kowtom in #1851
- tips command: add -a alias for --all by @disconnect3d in #1857
- Add
telescope --frame
command #1195 by @ntsleep in #1855 - add portable pwndbg + package in: nix, rpm, deb, arch, alpine by @patryk4815 in #1843
- Bump cryptography from 41.0.2 to 41.0.3 by @dependabot in #1859
- lint.sh: use tools from .venv by @disconnect3d in #1860
- Fix nix release build by @disconnect3d in #1861
- flake.nix: use poetry2nix from nix-community by @disconnect3d in #1862
- avoid breaking pacman.conf if entries already exist by @fidgetingbits in #1869
- add try except around search memory by @fidgetingbits in #1868
- Fixes #1870 by @FalcoGer in #1872
- switch to an editable environment by @fidgetingbits in #1877
- show cmdline and cwd in procinfo by @dmur1 in #1879
- remove check_dependencies #1865 by @dmur1 in #1880
- Fix issues with pr 1856 by @dmur1 in #1881
- move
attachp
to be shown under "Start Commands". by @joshvarg in #1883 - Update to latest gdb-pt-dump by @PandaWill in #1882
- procinfo: fix embedded null byte in cmdline args by @disconnect3d in #1885
- patch_list: compact the from/to assembly display by @disconnect3d in #1884
- remove event wrapper class by @piotrzarycki in #1888
- Add new search arguments by @fidgetingbits in #1867
- add cachyos by @qrxnz in #1891
- fix infinite recursion and fail to read proc maps when set debug remo… by @fidgetingbits in #1893
- Fix lint issues in prompt.py by @disconnect3d in #1894
- Remove pacman partial upgrades by @danielepintore in #1895
- Fix duplicate pages in vmmap by @bog2n in #1896
- Partially address #1759 by @fidgetingbits in #1901
- Prevent exception occasionally seen when running reload by @fidgetingbits in #1903
- Update tests to gracefully handle multiple qemu processess running by @fidgetingbits in #1900
- Update pwntools by @disconnect3d in #1905
- Improve patch ux by @disconnect3d in #1906
- flake.nix: fix syntax error by @patryk4815 in #1907
- Fix #1878: skip frame err in symbol fetching by @disconnect3d in #1908
- Fix Arch Linux on CI by @disconnect3d in #1909
- refactor symbol.py skipped exceptions by @alfister in #1912
- Enhance thread context by @CptGibbon in #1914
- Bump urllib3 from 2.0.4 to 2.0.6 by @dependabot in #1913
- Bump cryptography from 41.0.3 to 41.0.4 by @dependabot in #1902
- Always show selected thread in thread context by @CptGibbon in #1919
- Add
threads
command by @CptGibbon in #1920 - Bump urllib3 from 2.0.6 to 2.0.7 by @dependabot in #1921
- Implement info proc mapping backed vmmap in supported QEMU versions. by @feelfreelinux in #1910
- Telescope output - print offset to framepointer by @OBarronCS in #1925
- Distance command can now print the offset to the addresses's page base by @OBarronCS in #1926
- Remove gdb-pt-dump submodule + minor changes by @patryk4815 in #1929
- Added consistency checks for pyproject.toml with poetry.lock and flake.nix with flake.lock by @patryk4815 in #1930
- pyproject.toml: use upstream gdb-pt-dump by @patryk4815 in #1936
- fix: Issue 1874 - Colorize checksec output by @CristhianMotoche in #1923
- fix: allow site installation without enforcing a venv by @anthraxx in #1942
- README.md: add portable installation info by @patryk4815 in #1941
- Sigreturn command to print Sigreturn frame in x86_64 by @OBarronCS in #1940
- releases.yml: add support for aarch64 packaging by @patryk4815 in #1943
- [heap]
hi
command -- feature to check if an address belongs to a chunk. by @kotee4ko in #1938 - Bump cryptography from 41.0.5 to 41.0.6 by @dependabot in #1945
- Port gdb-tests from bash to python by @intrigus-lgtm in #1916
- Add mmap command that executes the mmap syscall in the inferior by @mbrla0 in #1952
- mmap command: update return value message by @disconnect3d in #1954
- fix missing cryptography 41.0.6 dependency in "nix" + add "release" workflow on pull_requests by @patryk4815 in #1955
- Implement a way to resolve multiple process in attachp by @key-moon in #1956
- Fetch stacks from vmmap if they exist (also stacks.update -> stacks.get) by @disconnect3d in #1959
- Bump paramiko from 3.3.1 to 3.4.0 by @dependabot in #1961
- Update LICENSE.md by @disconnect3d in #1963
- arch.py: fix arch detection for riscv by @patryk4815 in #1962
- Update DevContainer Configuration for Enhanced Development Experience by @hacksysteam in #1964
- FIX: pwndbg.gdblib.regs.frame is None by @hacksysteam in #1966
- Update README.md by @nikoshell in #1969
- cymbol: fix cymbol show and remove run and arch restrictions by @disconnect3d in #1974
- README: Add cheatsheet link by @disconnect3d in #1975
- [Docs] Fix vmmap docstring. by @nikoshell in #1981
- Try repo-oss-debug if repo-debug is not present by @xtexChooser in #1977
- [Docs] Add Docs to GH workflows by @nikoshell in #1980
- Add -i flag to stack command. by @suhassuhas in #1978
- Fixes #1976 - vmmap read /proc/$tid/maps instead of $pid/maps by @disconnect3d in #1982
- Typing fixes by @disconnect3d in #1970
- Optimize pwndbg.exception import time by @disconnect3d in #1983
- Optimize pwndbg.commands.ai import time by @disconnect3d in #1984
- ida.py: remove duplicated line by @disconnect3d in #1985
- Update year in README to 2024 by @megascrapper in #1986
- New pwndbg banner. by @nikoshell in #1987
- Create FUNDING.yml by @disconnect3d in #1988
- Fix docs missing requirements. by @nikoshell in #1989
- Remove docs and md files from workflows. by @nikoshell in #1990
- fixes issue #930: add support for iwmmxt architecture by @s1vona in #1993
- Add a command that tracks function calls through the Global Offset Table by @mbrla0 in #1971
- exception.py: fix bug when printing exceptions by @disconnect3d in #1994
- Fix for workflow paths ignore by @nikoshell in #1995
- Fix linter types issues by @nikoshell in #1996
- Attempt to enable repo-oss-debug first by @xtexChooser in #1997
- Add new docs theme with commands documentation. by @nikoshell in #1999
- Banner update. by @nikoshell in #2000
- Fix exceptions during reverse execution in btrace by @interruptinuse in #1998
- New pages added to docs main navigation. by @nikoshell in #2002
- Update contact section on main page in docs. by @nikoshell in #2003
- Add $base function by @chivay in #2005
- Fix Pwndbg on Py3.12 and Fedora: add setuptools as dependency by @disconnect3d in #2008
- [Docs] Move Start section to the top, update commands. by @nikoshell in #2006
- Update poetry.lock by @disconnect3d in #2010
- cyclic: add argument to save output to file (fixes #2007) by @disconnect3d in #2009
- Fix the limit in the search command by @rivit98 in #2012
- Fix flake.lock for Cryptography==42.0.2 by @disconnect3d in #2015
- Fix the bug when showing the state of i386 GOT by @lebr0nli in #2017
- Add ".." to the list of local path prefixes in
get_file()
by @magnified103 in #2013
New Contributors
- @mbrla0 made their first contribution in #1798
- @SlidyBat made their first contribution in #1774
- @feelfreelinux made their first contribution in #1810
- @shenhavmor10 made their first contribution in #1823
- @RHL120 made their first contribution in #1832
- @kamil-s-solecki made their first contribution in #1853
- @kowtom made their first contribution in #1851
- @patryk4815 made their first contribution in #1843
- @dependabot made their first contribution in #1859
- @fidgetingbits made their first contribution in #1869
- @FalcoGer made their first contribution in #1872
- @joshvarg made their first contribution in #1883
- @PandaWill made their first contribution in #1882
- @piotrzarycki made their first contribution in #1888
- @qrxnz made their first contribution in #1891
- @danielepintore made their first contribution in #1895
- @alfister made their first contribution in #1912
- @OBarronCS made their first contribution in #1925
- @CristhianMotoche made their first contribution in #1923
- @kotee4ko made their first contribution in #1938
- @key-moon made their first contribution in #1956
- @hacksysteam made their first contribution in #1964
- @nikoshell made their first contribution in #1969
- @xtexChooser made their first contribution in #1977
- @suhassuhas made their first contribution in #1978
- @megascrapper made their first contribution in #1986
- @s1vona made their first contribution in #1993
- @interruptinuse made their first contribution in #1998
- @chivay made their first contribution in #2005
- @magnified103 made their first contribution in #2013
Full Changelog: 2023.07.17...2024.02.14