Cross-OS IDA Pro integration

[roman-soft]

My scenario:

• IDA 6.8 running on Windows host. Xmlrpc (ida_script.py) running on (win) 127.0.0.1:8888
• Gdb w/ pwndbg running on Linux (Kali) host. Xmlrpc socket at (linux) 127.0.0.1:8888 (ssh-forwarded from Windows machine).

Just copied Linux's /bin/cat to a directory on Windows machine and started ida-64 session on "cat" executable.

Then started gdb/pwndbg in Linux but it gets stuck at this point:

roman@int3pids:/tmp$ gdb /bin/cat
GNU gdb (Debian 7.12-6) 7.12.0.20161007-git
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Pwndbg successfully connected to Ida Pro xmlrpc: http://127.0.0.1:8888
_<<stuck here;  no pwndbg prompt>>_

Going to windows machine I can see the following attached error:

Clicking ok in Win messagebox, led me to the following stack trace on Linux machine:

Traceback (most recent call last):
  File "/home/roman/exploiting/pwndbg/pwndbg/commands/__init__.py", line 57, in __call__
    return self.function(*args, **kwargs)
  File "/home/roman/exploiting/pwndbg/pwndbg/commands/ida.py", line 106, in save_ida
    data = open(full_path, 'rb').read()
FileNotFoundError: [Errno 2] No existe el fichero o el directorio: 'ida-backup/C_\\Users\\roman\\Desktop\\pwndbg-test\\cat-2017-04-16T19_57_48.590368.i64'

Loaded 108 commands.  Type pwndbg [filter] for a list.
Reading symbols from /bin/cat...(no debugging symbols found)...done.
pwndbg>

Since many users prefer to use IDA on Windows (or simply don't have a license for Linux), it would be nice to have this integration working.

Thank you. -r

[disconnect3d]

@roman-soft Are you using the latest pwndbg version?

I had the same setup as you few months ago and had similar issue which I have reported here: https://github.com/pwndbg/pwndbg/issues/132#issuecomment-264697778 - and then fixed it.

[roman-soft]

Yes, only few days ago version (Apr 11th). And if you check my snapshot, you can see included replaced chars (your fix from ~5 months ago).

roman@int3pids:/exploiting/pwndbg$ ls -l total 56 drwxr-xr-x 2 roman roman 4096 abr 11 14:30 caps drwxr-xr-x 4 roman roman 4096 abr 11 14:30 docs -rw-r--r-- 1 roman roman 6053 abr 11 14:30 FEATURES.md -rw-r--r-- 1 roman roman 1049 abr 11 14:30 gdbinit.py -rw-r--r-- 1 roman roman 2114 abr 11 14:30 ida_script.py -rw-r--r-- 1 roman roman 1078 abr 11 14:30 LICENSE.md drwxr-xr-x 10 roman roman 4096 abr 11 14:38 pwndbg -rw-r--r-- 1 roman roman 2598 abr 11 14:30 README.md -rw-r--r-- 1 roman roman 180 abr 11 14:30 requirements.txt -rw-r--r-- 1 roman roman 145 abr 11 14:30 setup.cfg -rwxr-xr-x 1 roman roman 1624 abr 11 14:30 setup.sh -rwxr-xr-x 1 roman roman 188 abr 11 14:30 tag_release.sh drwxr-xr-x 3 roman roman 4096 abr 11 14:30 tests roman@int3pids:~/exploiting/pwndbg$

So maybe it's still broken or may be I'm missing some config?

Please, note I didn't config anything at pwndbg side (used defaults), because I thought only rpc url could be configurable. If there are other settings ("path mapping" exists????), I should check, please, tell me (I didn't find any info at docs and I didn't have time for checking code directly).

PS: I'm sorry I'm currently very busy. Otherwise, I could have a look by myself and try to help here :-(

Cheers, -r

[disconnect3d]

Just as an information: if you have installed pwndbg through cloning git repository you can show your commit id to show us your version (git show).

I have checked the case once again and now I can see the problem lies in saving backup which is invoked from pwndbg side.

This seems to be working only if you are using wine... We are not supporting (yet?) Windows <-> Linux fully, so as a workaround just make this function: https://github.com/pwndbg/pwndbg/blob/master/pwndbg/commands/ida.py#L76-L113 pass or return None.

Alternative workaround would be to comment out this line: https://github.com/pwndbg/pwndbg/blob/master/pwndbg/commands/ida.py#L115 However I am not sure if this isn't invoked in any other place (can't check atm).

[roman-soft]

So you're disabling backups, right? If they are not really needed for pwndbg to work, it may be sufficient (but not a very cute solution).

Why does pwndbg currently need ida-backup dir both in pwndbg side and IDA side? I mean, is it used for other functions apart from a mere backup?

In case pwndbg needs to have one "common" file both at pwndbg&ida side (which I still don't know if it's really needed), I suggest to define two config settings like "IDA_LOCAL_BASE_PATH" and "IDA_REMOTE_BASE_PATH" (and then use relative pathname), so the user can adjust by him/herself.

In my case, I have a (vmware) shared folder between both machines (linux-win), so it would be only a matter of adjusting base paths. I've seen similar solutions, for instance, using a python editor like pycharm, and having it run the program remotely (but editing locally).

[disconnect3d]

Why does pwndbg currently need ida-backup dir both in pwndbg side and IDA side? I mean, is it used for other functions apart from a mere backup?

I don't think so we need backups on both sides. Honestly I would rather try not to introduce local and remote config paths. If those are really needed, they can probably be figured out automatically.