dnrops
/
pwndbg
mirror of https://github.com/pwndbg/pwndbg
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
179 Commits 7 Branches 19 Tags 43 MiB
Python 97.2%
Shell 1.1%
C 0.9%
Nix 0.4%
Makefile 0.2%
Other 0.1%
Go to file
Zach Riggle 78d5148777 Add sublime-settings [skip ci] 2015-10-25 16:51:45 -04:00
caps Mo caps 2015-05-17 11:12:18 -04:00
pwndbg Handle new versions of GDB giving negative values for registers 2015-08-02 16:52:42 -04:00
.gitignore lots of WIP stuff 2015-05-09 15:25:24 -04:00
.sublime-settings Add sublime-settings [skip ci] 2015-10-25 16:51:45 -04:00
LICENSE.md license 2015-03-11 03:29:11 -07:00
README.md Update README.md 2015-06-05 14:20:51 -04:00
gdbinit.py Sort imports 2015-04-13 16:22:08 -04:00
ida_script.py Lots of changes for automatically showing various function arguments etc. 2015-05-11 20:28:35 -04:00
requirements.txt Fix missing exe (start==vma) and update requirements 2015-07-20 18:12:21 -04:00

README.md

BETA SOFTWARE

This is barely a beta. There are currently no versioned releases, only master. I push to master with impunity. There are no tests. If anything works at all, consider yourself lucky.

Feature contributions and bugfixes are both very welcome :)

pwndbg

A PEDA replacement. In the spirit of our good friend windbg, pwndbg is pronounced pwnd-bag.

  • Speed
  • Resiliency
  • Clean code

Best supported on Ubuntu 14.04 with default gdb or gdb-multiarch (e.g. with Python3).

Installation

git clone https://github.com/zachriggle/pwndbg
echo "source $PWD/pwndbg/gdbinit.py" >> ~/.gdbinit

Prerequisites

Capstone 4.0

Currently this is only available via a source build.

git clone https://github.com/aquynh/capstone
cd capstone
git checkout -t origin/next
sudo ./make.sh install
cd bindings/python
sudo python2 setup.py install # Ubuntu 12.04, GDB uses Python2
sudo python3 setup.py install # Ubuntu 14.04+, GDB uses Python3

pycparser

pip install pycparser # Use pip3 for Python3

Features

Does most things that PEDA does. Doesn't do things that PEDA does that pwntools or binjitsu (my fork of pwntools) do better.

Also has a basic windbg compat layer for e.g. dd, eb, da, dps. Now you can even eb eip 90!

For most standard function calls, it knows how many arguments there are and can print out the function call args.

Screenshots

Here's a few screenshots of some of the cool things pwndbg does.

e
Function arguments

f
Conditional jump evaluation and jump following

g
More dump following

h
RET following, useful for ROP

Here's a screenshot of pwndbg working on an aarch64 binary running under qemu-user.

a

Here's a screenshot of PEDA. That it's aarch64 doesn't matter -- it chokes in the same way for everything qemu-user.

c

And here's a screenshot of GDB's built-in commands failing horribly. Note that while, yes, it gives output -- the addresses it does give are all wrong, and are just file offsets.

c