search

martinradev / gdb-pt-dump

MIT License
138 stars 26 forks source link

Add 5-Level Paging Support #31

Closed chrf01 closed 6 months ago

chrf01 commented 6 months ago

We need to implement 5-level paging support because the corresponding tests in pwndbg are failing.

https://github.com/pwndbg/pwndbg/pull/2097#discussion_r1544467864

martinradev commented 6 months ago

I can add the support on Monday. It looks simple enough.

chrf01 commented 6 months ago

I can add the support on Monday. It looks simple enough.

Great! 😊

martinradev commented 6 months ago

@chrf01 Would you like to try the functionality locally with the pwndbg integration?

Here are the patches - https://github.com/martinradev/gdb-pt-dump/pull/32

Locally with QEMU + la57 enabled:

pwndbg> pt
Address : Length | Permissions
0xff3f3cffc0000000 : 0x98000 | W:1 X:0 S:1 UC:0 WB:1 0xff3f3cffc0098000 : 0x1000 | W:0 X:0 S:1 UC:0 WB:1 0xff3f3cffc0099000 : 0x2000 | W:0 X:1 S:1 UC:0 WB:1 0xff3f3cffc009b000 : 0x3602000 | W:1 X:0 S:1 UC:0 WB:1 0xff3f3cffc369d000 : 0x1000 | W:0 X:0 S:1 UC:0 WB:1 0xff3f3cffc369e000 : 0xc51000 | W:1 X:0 S:1 UC:0 WB:1 0xff3f3cffc42ef000 : 0x1000 | W:0 X:0 S:1 UC:0 WB:1 0xff3f3cffc42f0000 : 0x10000 | W:1 X:0 S:1 UC:0 WB:1 0xff3f3cffc4300000 : 0x100000 | W:0 X:0 S:1 UC:0 WB:1 0xff3f3cffc4400000 : 0x400000 | W:1 X:0 S:1 UC:0 WB:1 0xff3f3cffc4800000 : 0xff000 | W:0 X:0 S:1 UC:0 WB:1 0xff3f3cffc48ff000 : 0x36e1000 | W:1 X:0 S:1 UC:0 WB:1 0xff801782c0000000 : 0x4000 | W:1 X:0 S:1 UC:0 WB:1 0xff801782c0005000 : 0x1000 | W:1 X:0 S:1 UC:0 WB:1 0xff801782c0008000 : 0x2000 | W:1 X:0 S:1 UC:0 WB:1 0xff801782c000b000 : 0x1000 | W:1 X:0 S:1 UC:1 WB:1 ...

pwndbg> pt -kaslr Found virtual image base: Virt: 0xffffffff82c00000 : 0x1200000 | W:0 X:1 S:1 UC:0 WB:1 Phys: 0x1000000 Found phys map base: Virt: 0xff4132a4c0000000 in 0xff4132a4c0000000 : 0x98000 | W:1 X:0 S:1 UC:0 WB:1

I think there may be a bug in the physmap search but I would need to double check.

pwndbg> pt -walk 0xffffffff82c00000 Page table walk for VA = 0xffffffff82c00000

CR3 = 0x5ff0000 PML5[511] = 0x2e14000 | Flags 0x067 PML4[511] = 0x2e15000 | Flags 0x067 PDP[510] = 0x2e16000 | Flags 0x063 PD[22] = 0x1000000 | Flags 0x1e1

pwndbg> pt -ss "Linux" -filter x s Found at 0xffffffff83215bad in 0xffffffff82c00000 : 0x1200000 | W:0 X:1 S:1 UC:0 WB:1 pwndbg> x /s 0xffffffff83215bad 0xffffffff83215bad: "LinuxI\307Å€\323\347\203E1\344H\211B\bL\213\vI\215A\bH\211\003H\213C\bH\203\350\bH\211C\bD\213\277@\002"

chrf01 commented 6 months ago

@chrf01 Would you like to try the functionality locally with the pwndbg integration?

yes, it works; thanks

martinradev commented 6 months ago

Tests pass locally. Closing.