search

pwndbg / pwndbg

Exploit Development and Reverse Engineering with GDB Made Easy
https://pwndbg.re/
MIT License
7.48k stars 878 forks source link

vis_heap_chunks not working during gdb attach session #746

Closed hkrawbytes closed 4 years ago

hkrawbytes commented 4 years ago

Description

Steps to reproduce

Gdb session history: c vis x/xg set exception-verbose on set exception-verbose on vis

My setup

Platform: Linux-5.3.0-40-generic-x86_64-with-Ubuntu-19.10-eoan Gdb: 8.3 Python: 3.7.5 (default, Apr 19 2020, 20:18:17) [GCC 9.2.1 20191008] Pwndbg: 1.1.0 build: 3cf9b31 Capstone: 4.0.1024 Unicorn: 1.0.1 This GDB was configured as follows: configure --host=x86_64-linux-gnu --target=x86_64-linux-gnu --with-auto-load-dir=$debugdir:$datadir/auto-load --with-auto-load-safe-path=$debugdir:$datadir/auto-load --with-expat --with-gdb-datadir=/usr/share/gdb (relocatable) --with-jit-reader-dir=/usr/lib/gdb (relocatable) --without-libunwind-ia64 --with-lzma --with-babeltrace --without-intel-pt --disable-libmcheck --with-mpfr --with-python=/usr (relocatable) --without-guile --disable-source-highlight --with-separate-debug-dir=/usr/lib/debug (relocatable) --with-system-gdbinit=/etc/gdb/gdbinit

("Relocatable" means the directory can be moved with the GDB installation tree, and GDB will still find it.)

disconnect3d commented 4 years ago

Any log?

hkrawbytes commented 4 years ago

No but I already have installed the libcdbg both 32bit and 64 but it doesn't work

hkrawbytes commented 4 years ago

The vis command

disconnect3d commented 4 years ago

After compiling this file and launching it on gdbserver via gcc a.c && gdbserver localhost:1234 ./a.out

void foo() {}
int main() {
    int* x = malloc(100);
    printf("x=%p\n", x);
    foo();
}

and the connecting to it on another instance via gdb -> target remote localhost:1234 I can't get heap right away:

image

However, everything works fine after setting a bp on foo and then showing heap/vis etc:

pwndbg> b foo
Breakpoint 1 at 0x55555555410a (2 locations)
pwndbg> c
Continuing.
Reading /lib/x86_64-linux-gnu/libc.so.6 from remote target...
Reading /lib/x86_64-linux-gnu/libc-2.27.so from remote target...
Reading /lib/x86_64-linux-gnu/.debug/libc-2.27.so from remote target...

Breakpoint 1, 0x000055555555468e in foo ()
LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA
(output truncated)

pwndbg> heap
Allocated chunk
Addr: 0x555555756000
Size: 0x251

Allocated chunk
Addr: 0x555555756250
Size: 0x71

Allocated chunk
Addr: 0x5555557562c0
Size: 0x411

Top chunk
Addr: 0x5555557566d0
Size: 0x20931
pwndbg> vis

0x555555756000  0x0000000000000000  0x0000000000000251  ........Q.......
0x555555756010  0x0000000000000000  0x0000000000000000  ................
0x555555756020  0x0000000000000000  0x0000000000000000  ................
(output truncated)

So it seems that in your case the heap was not initialized yet. This being said I am closing this issue. Next time, please do include proper log so this can be investigated further/easier.