future development

[wapiflapi]

This is a question and discussion, not a bug or anything urgent.

I'dd like to start a debate about the future of Peda. It is a great project and has helped me, and I assume others, a lot. The community seems to like it and there are pull-request pretty often.

@longld mentions peda2 from time to time when talking about certain feature requests or code changes and this is perfectly normal otherwise the project would only become more complex and unmaintainable. However I think the need for Python3 by default on modern Linux distributions such as Ubuntu offers a good excuse to start working on this. Since the beginning of this project the folks over at gdb have also done some nice work on the Python API from which we could profit.

Before starting to work on this and think about how we could do it, I'dd like to hear from @longld what he thinks about the project, which parts would require the most work and what he would have done differently if given the opportunity.

Some things I can think of:

• python 3
• use of events
• reorganize/regroup commands (ropsearch, ropgadget, dumprop for example)

In short, what's the plan? What can we do to help?

[danghvu]

I have been working on Peda2 for a while, although since I am recently busy couldn't make further progress to publish. The main things I'm aiming for:

• Modularize peda: right now everything is packed into a few files which is not very convenient for testing and adding features, many function (name) is replicated between PEDA PEDACMD etc.. for the sake of easy hooking them in different things. Even the interface can be made a module so people can change and use their own layout. This part has been partly done, however very little testing effort.
• Making it (more) cross platform i.e. Python 3 vs. Python 2, Linux, Mac, ARM.. handling different situation like in -tui mode or newer version of GDB etc.. This part is still 0 progress due to the fact that a huge effort is needed to make it work for both Python 3 and 2.
• Optimize rop search and ropgadget and other segment for exploitation, the current version is very naive, building and searching rop on the fly which can be certainly slow. Using a cross-platform API like capstone can be helpful too. Still 0 progress.

I discussed with @longld sometimes ago and he thought the plan was good, but so far execution has been delayed by my schedule. Whether or not to make this public and ask for people's help I leave it to @longld to decide.

[wapiflapi]

Thanks for the feedback @danghvu, good to know someone is working on this. I'dd certainly like to take a look / help if its published somewhere. So lets wait for @longld 's thoughts on this.

[hatRiot]

If you're comfortable @danghvu, perhaps you could publish your core framework and the community could help bolt in modules around it? I've got a few things I'd like to publish (mainly features taken from mona that I use regularly), but would prefer to publish them into a more modularized framework.

Hopefully @longld drops by.

[degrigis]

Hi guys, I'm bringing this discussion up because I would really like to see a peda2 in the near future.

I really like this project and I have a lot of ideas in mind ( as @hatRiot or @wapiflapi ) to enhance it that includes commands to analyze the heap ( why not the integration of https://github.com/cloudburst/libheap or https://github.com/nixerr/gdbheap ), to a more visual and interactive interface ( f.i. https://github.com/snare/voltron or why not browser based? ) to the integration of a more complex time machine engine ( more advanced than the snapshot command ).

Different projects have been developed inspired from peda, as https://github.com/pwndbg/pwndbg or https://github.com/hugsy/gef, and in particular, I think the former is going in the right direction. ( re-organization of the commands, modularization of the whole project, integration of modern disassembly engine and many other features ).

Wouldn't be great to unify the effort in order to build a next generation debugger assistant that includes the best from all of these projects and launch finally the new peda2?

If yes, how we can organize this? I mean: first of all we need the authors of these big works as @longld, @zachriggle and @hugsy to find the best organization of the project ( f.i.: are we going to keep the object oriented structure of peda or the modularized one of pwndbg? ), after that we can start with the extension and the developing of the tool by the community.

I think the final work would be awesome and it has the potential to take the exploit development or in general the debugging of programs to a completely new level.

What do you think? Do you believe that it is possible? :-)

[anthraxx]

just want to raise here that there are still a big part of the user base who like peda (v1) like it is right now, an extension for the CLI based gdb. To be clear: Feel free do move on to other projects or do new browser based approach or whatever you or people believe in or want to have, also feel free to cal it peda2.... but please don't kill peda v1 as there are a set of users who like it exactly the way it is. We just need a bit more love maintaining this project, the issues and pull requests... so it does not die on a long term :smile: Just want to make you aware that there are users loving this exactly the way it is, and I'm f.e. one of them :smile_cat:

[degrigis]

Thanks @anthraxx for this comment, this feedback is very important for this community since that means it is worth to continue spending time to expand and improve this version of peda.

However, I think that at least a small re-organization of the class and the commands in a more structured and organized way ( as f.i. the pwndbg of @zachriggle ) is a good thing for the health of the project, don't you agree? I absolutely don't want to criticize the work done until now, but 6000+ rows of python in a single file, with constant add-ons, will become early difficult to maintain.

Feedbacks from @longld and @danghvu would be really appreciated in order to understand the future of this project since as you point out "we just need a bit more love maintaining this" :-)

[anthraxx]

@degrigis fair enough that's also totally something I see... I would love if we spend more time and make this (even more) beautiful :heart: I'm also totally willing in spending much time into this project as I still believe in it... maybe one day I classify as co-maintainer of this project :smile_cat: That's at least my current goal and the reason I'm currently reviewing all pull-requests and give feedback everywhere I could :smile:

[zachriggle]

Just contribute to Pwndbg and call it a day? ^_^ On Mon, Jun 6, 2016 at 12:02 PM Levente Polyak notifications@github.com wrote:

@degrigis https://github.com/degrigis fair enough that's also totally something I see... I would love if we spend more time and make this (even more) beautiful ❤️ I'm also totally willing in spending much time into this project as I still believe in it... maybe one day I classify as co-maintainer of this project 😸 That's at least my current goal and the reason I'm currently reviewing all pull-requests and give feedback everywhere I could 😄

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/longld/peda/issues/27#issuecomment-224038398, or mute the thread https://github.com/notifications/unsubscribe/AAG0GAN40-zxLGdqj_FPfr2wqRWEhDKJks5qJGC6gaJpZM4Bxy9z .

[degrigis]

Hey @zachriggle! well, that is an option. My point here was to unify the effort to build something cool together, avoiding to have the developing spread over many different projects with many different micro-communities. :-)

[zachriggle]

Well, let's unify on pwndbg then! ❤️

Seriously -- why re-implement PEDA to look architecturally like Pwndbg, when the end result would be... Pwndbg? On Mon, Jun 6, 2016 at 2:38 PM degrigis notifications@github.com wrote:

Hey @zachriggle https://github.com/zachriggle! well, that is an option. My point here was to unify the effort to build something cool together, avoiding to have the developing spread over many different projects with many different micro-communities. :-)

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/longld/peda/issues/27#issuecomment-224080731, or mute the thread https://github.com/notifications/unsubscribe/AAG0GPaogZtM_mHcpsIyCbaMU2x2TaNVks5qJIVOgaJpZM4Bxy9z .

[degrigis]

For me would be perfect, the mission here would be to unify the two communities if possible, but I think that it is a very hard job :-)

[zachriggle]

I think the way to unify the community does not involve forking PEDA yet another time. I also do not think there's much of a "community" around any of the projects, just inertia. PEDA has existed a long time, and works sufficiently well for most use-cases, that there is no need to switch.

If there are features that PEDA implements, but pwndbg (or GEF) do not, create pull requests for them. Advocate to PEDA users to use that alternative instead.

Lots of people are happy with PEDA. That's OK.

• If you want to work on something better, work on or with one of the existing projects.
• If you want PEDA users to use something-not-PEDA-v1 based on technical merits, then advocate for the alternative.
• If you want to fork or reimplement PEDA an Nth time, I recommend you reconsider what that would achieve that one of the existing projects currently does not, or could not, already do

[hugsy]

On Mon, Jun 06, 2016 at 03:38:12PM -0700, Zach Riggle wrote:

Lots of people are happy with PEDA. That's OK.

• If you want to work on something better, work on or with one of the existing projects.
• If you want PEDA users to use something-not-PEDA-v1 based on technical merits, then advocate for the alternative.
• If you want to fork or reimplement PEDA an Nth time, I recommend you reconsider what that would achieve that one of the existing projects currently does not, or could not, already do

I could not agree more with @zachriggle. I've created GEF because I was playing with non X86 architectures and PEDA is way too X86 specific to be even patched (and also the fact that at the time PEDA was simply not working on Python3, don't know now).

I think that if there are different projects, it means that there are different needs, and everyone is free to choose what best for him/her.

And we shall call this, democracy :)

hugsy

"Computer science is no more about computers than astronomy is about telescopes." - E. Dijkstra

[Bretley]

Will we ever hear or see peda2 @danghvu ? If you think you've got something good up and running please share it

[danghvu]

@bert88sta we have restarted that project a month ago and it's in development is what I can say. Hopefully there will be some updates soon :)

[Bretley]

@danghvu I'm looking forward to seeing it and hopefully contributing in the future :D

[Bretley]

@danghvu : Is this repo dead?

[longld]

@bert88sta There is progress but very slow, stay tuned.