Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def do_gdb(self, t):
with archr.arsenal.GDBServerBow(t).fire_context(port=31337) as gbf:
gc = pygdbmi.gdbcontroller.GdbController()
gc.write("target remote %s:%d" % (t.ipv4_address, 31337))
gc.write("continue")
gc.exit()
return gbf.process
def gdb_do(self, t):
with archr.arsenal.GDBServerBow(t).fire_context(port=31337) as gbf:
gc = pygdbmi.gdbcontroller.GdbController()
gc.write("target remote %s:%d" % (t.ipv4_address, 31337))
gc.write("continue")
gc.exit()
return gbf.process
for eachStr in tmp1:
if eachStr in funcListOut:
leakAddrFunc = eachStr
break;
if leakAddrFunc == "":# perform func search using in-like.
for eachStr in tmp1:
if eachStr in funcListIn:
leakAddrFunc = eachStr
break;
if leakAddrFunc == "":
print "[-] No leak functions can be used. Can not leak the real address."
exit(1)
print "[*] Found a leak function: %s" % leakAddrFunc
gdbmi = GdbController()
response = gdbmi.write('-file-exec-file %s' % (target_program))
response = gdbmi.write('file %s' % (target_program))
response = gdbmi.write('break %s' % (leakAddrFunc))
# print_log(response)
response = gdbmi.write('run')
# print_log(response)
response = gdbmi.write('finish')
# print_log(response)
i=0;
maxi = 10;
badStr = ["<", "?"]
realAddress = ""
def init(self):
self.gdbmi = GdbController()
self.gdbmi.write('-exec-arguments %s %s' % self.prog_args, read_response=False)
self.gdbmi.write('-file-exec-and-symbols %s' % self.binary, read_response=False)
self.gdbmi.write('-break-insert %s' % self.method_name, read_response=False)
self.gdbmi.write('-exec-run', read_response=False)
self.gdbmi.write('-data-list-register-names', read_response=False)
def verify_gdb_exists(gdb_path):
if find_executable(gdb_path) is None:
pygdbmi.printcolor.print_red(
'gdb executable "%s" was not found. Verify the executable exists, or that it is a directory on your $PATH environment variable.'
% gdb_path
)
if USING_WINDOWS:
print(
'Install gdb (package name "mingw32-gdb") using MinGW (https://sourceforge.net/projects/mingw/files/Installer/mingw-get-setup.exe/download), then ensure gdb is on your "Path" environement variable: Control Panel > System Properties > Environment Variables > System Variables > Path'
)
else:
print('try "sudo apt-get install gdb" for Linux or "brew install gdb"')
sys.exit(1)
elif "lldb" in gdb_path.lower() and "lldb-mi" not in app.config["gdb_path"].lower():
pygdbmi.printcolor.print_red(
'gdbgui cannot use the standard lldb executable. You must use an executable with "lldb-mi" in its name.'
)
sys.exit(1)
def verify_gdb_exists(gdb_path):
if find_executable(gdb_path) is None:
pygdbmi.printcolor.print_red(
'gdb executable "%s" was not found. Verify the executable exists, or that it is a directory on your $PATH environment variable.'
% gdb_path
)
if USING_WINDOWS:
print(
'Install gdb (package name "mingw32-gdb") using MinGW (https://sourceforge.net/projects/mingw/files/Installer/mingw-get-setup.exe/download), then ensure gdb is on your "Path" environement variable: Control Panel > System Properties > Environment Variables > System Variables > Path'
)
else:
print('try "sudo apt-get install gdb" for Linux or "brew install gdb"')
sys.exit(1)
elif "lldb" in gdb_path.lower() and "lldb-mi" not in app.config["gdb_path"].lower():
pygdbmi.printcolor.print_red(
'gdbgui cannot use the standard lldb executable. You must use an executable with "lldb-mi" in its name.'
)
sys.exit(1)
def read_mem(self, addr, rec=0):
try:
logging.debug(" [+] gdb.read addr [0x%x]: ... "% (addr))
r = self.gdb.write("x/xw %#x" % addr, timeout_sec=self.internal_timeout)[1].get('payload').split('\\t')[1].replace("\\n","")
logging.debug(" [+] gdb.read addr [0x%x]: %s "% (addr, r))
r = int(r,16)
return r
except (GdbTimeoutError,TypeError,ValueError,NoGdbProcessError,IndexError,AttributeError):
if (rec == 0):
logging.warning("Inconsistente GDB response. (GDB timeout or bad format). New try.")
self.read_mem(addr, rec=1)
else:
logging.warning("Inconsistente GDB response. (GDB timeout or bad format). Quit")
self.stop()
raise Exception("GDB timeout reached. Quit")
def read_and_forward_gdb_output():
"""A task that runs on a different thread, and emits websocket messages
of gdb responses"""
while True:
socketio.sleep(0.05)
controllers_to_remove = []
controller_items = _state.controller_to_client_ids.items()
for controller, client_ids in controller_items:
try:
try:
response = controller.get_gdb_response(
timeout_sec=0, raise_error_on_timeout=False
)
except NoGdbProcessError:
response = None
send_msg_to_clients(
client_ids,
"The underlying gdb process has been killed. This tab will no longer function as expected.",
error=True,
)
controllers_to_remove.append(controller)
if response:
for client_id in client_ids:
logger.info(
"emiting message to websocket client id " + client_id
)
socketio.emit(
"gdb_response",
response,
'M': self.write_memory,
'p': self.read_register,
'P': self.write_register,
'v': self.handle_long_commands,
'X': self.write_memory_bin,
'Z': self.insert_breakpoint,
'z': self.remove_breakpoint,
'?': self.stop_reason,
'!': self.extend_mode,
}
self.active_state = active_state
self.regs = GdbRegSpace(self.active_state)
self.mem = GdbMemSpace(self.active_state)
self.packet_size = PAGESIZE
self.libs = GdbSharedLibrary(self.active_state, self.packet_size)
self.gdb = GdbController()
self.gdb.write("-target-select remote %s" % ptsname)
self.thread = threading.Thread(target=self.run)
self.thread.start()
self.gdb.write("-file-exec-and-symbols %s" % binary)
"p": self.read_register,
"P": self.write_register,
"v": self.handle_long_commands,
"X": self.write_memory_bin,
"Z": self.insert_breakpoint,
"z": self.remove_breakpoint,
"?": self.stop_reason,
"!": self.extend_mode,
}
self.states = states
self.active_state = active_state if active_state else states.get_major(-1)
self.regs = GdbRegSpace(self.active_state)
self.mem = GdbMemSpace(self.active_state, cda)
self.packet_size = PAGESIZE
self.libs = GdbSharedLibrary(self.active_state, self.packet_size)
self.gdb = GdbController(gdb_args=["--quiet", "--nx", "--interpreter=mi2"])
self.gdb.write("-target-select remote %s" % ptsname, timeout_sec=10)
self.thread = threading.Thread(target=self.run)
self.thread.start()
self.gdb.write("-file-exec-and-symbols %s" % binary, timeout_sec=100)
self.gdb.write("set stack-cache off", timeout_sec=100)