pwngdb+pwngef+peda三合一+pwngdb+pwndbg联合使用

pwn调试工具安装

最近一直奇怪安装peda有些好用的工具突然用不了,比如fmtrag、heapinfo等命令,重新装了peda还是没有。经过一番查找,终于知道,pwngdb和pwndbg还不一样,有些是pwngdb的命令,有些是pwndbg的命令,所以找到一个他们几个联合使用的方法,记录一下。

下载pwngdb

cd ~/
git clone https://github.com/scwuaptx/Pwngdb.git 
cp ~/Pwngdb/.gdbinit ~/

它支持的命令如下:

libc : Print the base address of libc
ld : Print the base address of ld
codebase : Print the base of code segment
heap : Print the base of heap
got : Print the Global Offset Table infomation
dyn : Print the Dynamic section infomation
findcall : Find some function call
bcall : Set the breakpoint at some function call
tls : Print the thread local storage address
at : Attach by process name
findsyscall : Find the syscall
fmtarg : Calculate the index of format string
You need to stop on printf which has vulnerability.
force : Calculate the nb in the house of force.
heapinfo : Print some infomation of heap
heapinfo (Address of arena)
default is the arena of current thread
If tcache is enable, it would show infomation of tcache entry
heapinfoall : Print some infomation of heap (all threads)
arenainfo : Print some infomation of all arena
chunkinfo: Print the infomation of chunk
chunkinfo (Address of victim)
chunkptr : Print the infomation of chunk
chunkptr (Address of user ptr)
mergeinfo : Print the infomation of merge
mergeinfo (Address of victim)
printfastbin : Print some infomation of fastbin
tracemalloc on : Trace the malloc and free and detect some error .
You need to run the process first than tracemalloc on, it will record all of the malloc and free.
You can set the DEBUG in pwngdb.py , than it will print all of the malloc and free infomation such as the screeshot.
parseheap : Parse heap layout
magic : Print useful variable and function in glibc
fp : show FILE structure
fp (Address of FILE)
fpchain: show linked list of FILE
orange : Test house of orange condition in the _IO_flush_lockp
orange (Address of FILE)
glibc version <= 2.23

安装pwndbg

git clone https://github.com/pwndbg/pwndbg
cd pwndbg
./setup.sh

联合使用

gedit ~/.gdbinit
然后在第一行peda下面写入
source ~/pwndbg/gdbinit.py

如:
source ~/peda/peda.py
source ~/pwndbg/gdbinit.py
source ~/Pwngdb/pwngdb.py
source ~/Pwngdb/angelheap/gdbinit.py

define hook-run
python
import angelheap
angelheap.init_angelheap()
end
end
source /root/pwndbg/gdbinit.py

然后就可以愉快的使用这些插件的命令了。

再分享一个pwngdb+gef+peda三合一大法:
首先安装三个插件:

peda:

git clone https://github.com/longld/peda.git ~/peda 
echo "source ~/peda/peda.py" >> ~/.gdbinit

gef:

wget -q -O ~/.gdbinit-gef.py https://github.com/hugsy/gef/raw/master/gef.py
echo source ~/.gdbinit-gef.py >> ~/.gdbinit

pwndbg:

git clone https://github.com/pwndbg/pwndbg
cd pwndbg
./setup.sh

接下来:echo "source ~/pwndbg/gdbinit.py" > ~/.gdbinit_pwndbg 新建一个自己的gdbinit文件。
随后将.gdbinit文件清空,将下列命令复制进去:

define init-peda
source ~/peda/peda.py
source ~/Pwngdb/pwngdb.py
source ~/Pwngdb/angelheap/gdbinit.py
end
document init-peda
Initializes the PEDA (Python Exploit Development Assistant for GDB) framework
end

define init-pwndbg
source ~/.gdbinit_pwndbg
source ~/Pwngdb/pwngdb.py
source ~/Pwngdb/angelheap/gdbinit.py
end
document init-pwndbg
Initializes PwnDBG
end

define init-gef
source ~/.gdbinit-gef.py
source ~/Pwngdb/pwngdb.py
source ~/Pwngdb/angelheap/gdbinit.py
end
document init-gef
Initializes GEF (GDB Enhanced Features)
end

然后在/usr/bin目录下建立三个文件,gdb-peda、gdb-pwndbg、gdb-gef
分别写入:

#!/bin/sh
exec gdb -q -ex init-peda "$@"

#!/bin/sh
exec gdb -q -ex init-pwndbg "$@"

#!/bin/sh
exec gdb -q -ex init-gef "$@"

最后给每个文件加上可执行权限chmod +x /usr/bin/gdb-*,直接输入gdb-peda、gdb-pwndbg、gdb-gef即可运行。

错误:

我安装完peda运行正常,gef、pwngdb均显示python相关的语法错误,通过邮件和pwngdb开发者联系发现是python版本的问题,因为我本机有python2.7和python3.5,原因就在我编译gdb的时候没有指定python版本,其默认的是python2,可以进入gdb界面运行pi import sys; print(sys.version)查看gdb编译的python版本。
尝试再次编译:

mkdir build
cd build
../configure  --with-python=/usr/bin/python3.5 --enable-targets=all
make -j7

--enable-targets=all支持各种架构,建议选上,成功编译后,发现gef、pwngdb使用正常。

➜ ~$ gdb-peda      
gdb-peda$ q
➜ ~$ gdb-gef      
GEF for linux ready, type `gef' to start, `gef config' to configure
91 commands loaded for GDB 10.2 using Python engine 3.5
[*] 1 command could not be loaded, run `gef missing` to know why.
gef➤  q
➜ ~$ gdb-pwngdb      
pwndbg: loaded 196 commands. Type pwndbg [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
pwndbg> q

这也解决了我之前调试mips架构gdb老出问题的原因,原来是gdb版本老(7.11)升级后为10.2,还有就是python版本问题,记得当机器上有两种版本python时,make的时候记得指定python3版本,更何况ubuntu20.04预装的只有python3,python2已经停止维护了,现在我就可以愉快的调试各种架构了。
注意:编译gdb时一定要带–with-python,不然使用时会报以下错误,插件无法工作:

GNU gdb (GDB) 10.2
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
https://www.gnu.org/software/gdb/bugs/.
Find the GDB manual and other documentation resources online at:
http://www.gnu.org/software/gdb/documentation/.

For help, type "help".
Type "apropos word" to search for commands related to "word".
/home/yrl/.gdbinit:1: Error in sourced command file:
~/peda/peda.py:8: Error in sourced command file:
Undefined command: "from". Try "help".
(gdb) pi import sys;print(sys.version)
Python scripting is not supported in this copy of GDB.
(gdb)

来喽来喽:我整理了以下gdb插件四合一:请移步github使用偶,记得小星星^ ^

你可能感兴趣的:(pwn,pwn,pwngdb)