Python gdb.parse_and_eval() Examples
The following are 18
code examples of gdb.parse_and_eval().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
gdb
, or try the search function
.
.
Example #1
| Source File: chuckgetcopyptr.py From ROPMEMU with GNU Lesser General Public License v2.1 | 7 votes |
|
def stop(self):
rcx_val_raw = gdb.parse_and_eval('$rcx').cast(self.long_int)
rcx_val = int(rcx_val_raw) & 0xffffffffffffffff
fix = 2**64
if rcx_val == self.sysenter_esp:
print("[+] Reading RAX...")
rax_val_raw = gdb.parse_and_eval('$rax').cast(self.long_int)
rax_val = int(rax_val_raw) & 0xffffffffffffffff
print("[+] Copy Chain initial ptr: %x " % rax_val)
rax_val_str = "0x%x" % rax_val
print("-----")
memory_raw = gdb.execute("x/10g %s" % rax_val_str, to_string = True)
content = memory_raw.split('\n')
for row in content:
if row:
data = row.split('\t')
print("%s\t%s\t%s" % (data[0], hex(int(data[1]) + fix), hex(int(data[2]) + fix)))
print("-----")
return True
return False
Example #2
| Source File: gdb_service.py From pyringe with Apache License 2.0 | 6 votes |
|
def Refresh():
"""looks up symbols within the inferior and caches their names / values.
If debugging information is only partial, this method does its best to
find as much information as it can, validation can be done using
IsSymbolFileSane.
"""
try:
GdbCache.DICT = gdb.lookup_type('PyDictObject').pointer()
GdbCache.TYPE = gdb.lookup_type('PyTypeObject').pointer()
except gdb.error as err:
# The symbol file we're using doesn't seem to provide type information.
pass
interp_head_name = GdbCache.FuzzySymbolLookup('interp_head')
if interp_head_name:
GdbCache.INTERP_HEAD = gdb.parse_and_eval(interp_head_name)
else:
# As a last resort, ask the inferior about it.
GdbCache.INTERP_HEAD = gdb.parse_and_eval('PyInterpreterState_Head()')
GdbCache.PENDINGBUSY = GdbCache.FuzzySymbolLookup('pendingbusy')
GdbCache.PENDINGCALLS_TO_DO = GdbCache.FuzzySymbolLookup('pendingcalls_to_do')
Example #3
| Source File: debugger.py From angrgdb with BSD 2-Clause "Simplified" License | 6 votes |
|
def get_reg(self, name):
if name == "efl" or name == "eflags":
value = 0
for f in self.efl_map:
if f in str(gdb.parse_and_eval("$eflags")):
value |= self.efl_map[f]
return value
else:
reg_val = gdb.parse_and_eval("$" + name)
if reg_val.type.code == gdb.TYPE_CODE_UNION: #SSE
value = 0
for i in range(8):
try:
v = int(reg_val["v8_int32"][i].cast(self.long_type)) << i * 32
except gdb.error:
break
value |= v
return value
else:
return int(reg_val.cast(self.long_type))
Example #4
| Source File: pae.py From gxf with MIT License | 6 votes |
|
def run(self, args):
if not args.asm:
try:
print(gdb.parse_and_eval(args.what))
except gxf.GdbError as e:
exit(e)
return
fakei = "test %s" % args.what
disass = gxf.disassembly.DisassemblyBlock(fakei)
expression = disass.lines[0].get_expression()
print(expression.format())
try:
print(expression.eval())
except gxf.GdbError as e:
exit(e)
Example #5
| Source File: gdb_service.py From pyringe with Apache License 2.0 | 6 votes |
|
def Call(self, position, function_call):
"""Perform a function call in the inferior.
WARNING: Since Gdb's concept of threads can't be directly identified with
python threads, the function call will be made from what has to be assumed
is an arbitrary thread. This *will* interrupt the inferior. Continuing it
after the call is the responsibility of the caller.
Args:
position: the context of the inferior to call the function from.
function_call: A string corresponding to a function call. Format:
'foo(0,0)'
Returns:
Thre return value of the called function.
"""
self.EnsureGdbPosition(position[0], None, None)
if not gdb.selected_thread().is_stopped():
self.Interrupt(position)
result_value = gdb.parse_and_eval(function_call)
return self._UnpackGdbVal(result_value)
Example #6
| Source File: gdb_service.py From pyringe with Apache License 2.0 | 5 votes |
|
def _Inject(self, position, call):
"""Injects evaluation of 'call' in a safe location in the inferior.
Due to the way these injected function calls work, gdb must not be killed
until the call has returned. If that happens, the inferior will be sent
SIGTRAP upon attempting to return from the dummy frame gdb constructs for
us, and will most probably crash.
Args:
position: array of pid, tid, framedepth specifying the requested position.
call: Any expression gdb can evaluate. Usually a function call.
Raises:
RuntimeError: if gdb is not being run in synchronous exec mode.
"""
self.EnsureGdbPosition(position[0], position[1], None)
self.ClearBreakpoints()
self._AddThreadSpecificBreakpoint(position)
gdb.parse_and_eval('%s = 1' % GdbCache.PENDINGCALLS_TO_DO)
gdb.parse_and_eval('%s = 1' % GdbCache.PENDINGBUSY)
try:
# We're "armed", risk the blocking call to Continue
self.Continue(position)
# Breakpoint was hit!
if not gdb.selected_thread().is_stopped():
# This should not happen. Depending on how gdb is being used, the
# semantics of self.Continue change, so I'd rather leave this check in
# here, in case we ever *do* end up changing to async mode.
raise RuntimeError('Gdb is not acting as expected, is it being run in '
'async mode?')
finally:
gdb.parse_and_eval('%s = 0' % GdbCache.PENDINGBUSY)
self.Call(position, call)
Example #7
| Source File: commands.py From gxf with MIT License | 5 votes |
|
def __call__(self, arg):
try:
value = gdb.parse_and_eval(arg)
except Exception as e:
raise argparse.ArgumentTypeError(e)
if value.address is not None:
value = value.address
return value
Example #8
| Source File: commands.py From gxf with MIT License | 5 votes |
|
def __call__(self, arg):
try:
value = gdb.parse_and_eval(arg)
except Exception as e:
raise argparse.ArgumentTypeError(e)
if value.address is not None:
value = value.address
return value
Example #9
| Source File: basics.py From gxf with MIT License | 5 votes |
|
def parse_and_eval(*args, **kwargs):
if debug:
print("[debug] pae: %s %s" % (args, kwargs))
try:
return gdb.parse_and_eval(*args, **kwargs)
except gdb.MemoryError as e:
raise gxf.MemoryError(e)
Example #10
| Source File: basics.py From gxf with MIT License | 5 votes |
|
def eval(self):
return parse_and_eval(self.text)
Example #11
| Source File: pwngdb.py From Pwngdb with GNU General Public License v3.0 | 5 votes |
|
def try_eval(self, expr):
try:
return gdb.parse_and_eval(expr)
except:
#print("Unable to parse expression: {}".format(expr))
return expr
Example #12
| Source File: command_wrapper.py From Pwngdb with GNU General Public License v3.0 | 5 votes |
|
def try_eval(self, expr):
try:
return gdb.parse_and_eval(expr)
except:
#print("Unable to parse expression: {}".format(expr))
return expr
Example #13
| Source File: gdb_service.py From pyringe with Apache License 2.0 | 5 votes |
|
def FuzzySymbolLookup(symbol_name):
try:
gdb.parse_and_eval(symbol_name)
return symbol_name
except gdb.error as err:
# No symbol in current context. We might be dealing with static symbol
# disambiguation employed by compilers. For example, on debian's current
# python build, the 'interp_head' symbol (which we need) has been renamed
# to 'interp_head.42174'. This mangling is of course compiler-specific.
# We try to get around it by using gdb's built-in regex support when
# looking up variables
# Format:
# All variables matching regular expression "<symbol_name>":
#
# File <source_file>:
# <Type><real_symbol_name>;
#
# Non-debugging symbols:
# 0x<address> <real_symbol_name>
# We're only interested in <real_symbol_name>. The latter part
# ('Non-debugging symbols') is only relevant if debugging info is partial.
listing = gdb.execute('info variables %s' % symbol_name, to_string=True)
# sigh... We want whatever was in front of ;, but barring any *s.
# If you are a compiler dev who mangles symbols using ';' and '*',
# you deserve this breakage.
mangled_name = (re.search(r'\**(\S+);$', listing, re.MULTILINE)
or re.search(r'^0x[0-9a-fA-F]+\s+(\S+)$', listing, re.MULTILINE))
if not mangled_name:
raise err
try:
gdb.parse_and_eval('\'%s\'' % mangled_name.group(1))
return '\'%s\'' % mangled_name.group(1)
except gdb.error:
# We could raise this, but the original exception will likely describe
# the problem better
raise err
Example #14
| Source File: spmonitor.py From ROPMEMU with GNU Lesser General Public License v2.1 | 5 votes |
|
def get_sp(self):
rsp_raw = gdb.parse_and_eval('$rsp').cast(self.long_int)
return int(rsp_raw) & 0xffffffffffffffff
Example #15
| Source File: spmonitor.py From ROPMEMU with GNU Lesser General Public License v2.1 | 5 votes |
|
def get_ip(self):
rip_val_raw = gdb.parse_and_eval('$rip').cast(self.long_int)
return int(rip_val_raw) & 0xffffffffffffffff
Example #16
| Source File: commands.py From angrgdb with BSD 2-Clause "Simplified" License | 5 votes |
|
def _to_int(x):
try:
return int(gdb.parse_and_eval(x).cast(gdb.lookup_type("long")))
except BaseException as e:
print (e)
return None
Example #17
| Source File: boundary.py From ROPMEMU with GNU Lesser General Public License v2.1 | 4 votes |
|
def boundary(self, symbols):
'''
Usage:
a) run chuckgetcopyptr
b) set a breakpoint on POP RSP: 0xffffffff81423f82
c) once the breakpoint is triggered run this script
'''
print("[+] Chasing the dispatcher chain...")
finish = 0
x = 0
rsp_val_raw = gdb.parse_and_eval('$rsp').cast(self.long_int)
rsp_val = int(rsp_val_raw) & 0xffffffffffffffff
rsp_val_str = "0x%x" % rsp_val
last_sp = rsp_val_str
try:
while True:
# stack pointer check
x += 1
rsp_val_raw = gdb.parse_and_eval('$rsp').cast(self.long_int)
rsp_val = int(rsp_val_raw) & 0xffffffffffffffff
rsp_val_str = "0x%x" % rsp_val
print("%d) %s - %s" % (x, rsp_val_str, last_sp))
if rsp_val - int(last_sp, 16) > self.THRESHOLD:
print("[+] last_sp: %s - current_sp: %s" % (last_sp, rsp_val_str))
print("[+] %d instructions executed!" % x)
break
# we do not want to step into in a function call.
rip_val_raw = gdb.parse_and_eval('$rip').cast(self.long_int)
rip_val = int(rip_val_raw) & 0xffffffffffffffff
rip_val_str = "0x%x" % rip_val
if hex(rip_val).strip("L")[2:] in symbols.keys():
print(">>> %s:%s" % (rip_val_str, symbols[hex(rip_val).strip("L")[2:]]))
print(">>> instr %d invoking 'finish'" % x)
gdb.execute('finish')
continue
last_sp = rsp_val_str
gdb.execute('si')
except Exception as why:
print("[--- Exception ---]")
print(why)
print("[--- Exception ---]")
return
Example #18
| Source File: cysignals-CSI-helper.py From cysignals with GNU Lesser General Public License v3.0 | 4 votes |
|
def print_stackframe(self, frame, index, is_c=False):
if not is_c and self.is_python_function(frame):
pyframe = libpython.Frame(frame).get_pyop()
if pyframe is None or pyframe.is_optimized_out():
# print this python function as a C function
return self.print_stackframe(frame, index, is_c=True)
func_name = pyframe.co_name
func_cname = 'PyEval_EvalFrameEx'
func_args = []
elif self.is_cython_function(frame):
cyfunc = self.get_cython_function(frame)
func_name = cyfunc.name
func_cname = cyfunc.cname
func_args = []
else:
func_name = frame.name()
func_cname = func_name
func_args = []
try:
gdb_value = gdb.parse_and_eval(func_cname)
except (RuntimeError, TypeError):
func_address = 0
else:
func_address = int(str(gdb_value.address).split()[0], 0)
out = '#%-2d 0x%016x' % (index, func_address)
try:
a = ', '.join('%s=%s' % (name, val) for name, val in func_args)
out += ' in %s (%s)' % (func_name or "??", a)
source_desc, lineno = self.get_source_desc(frame)
if source_desc.filename is not None:
out += ' at %s:%s' % (source_desc.filename, lineno)
except Exception:
return
finally:
print(out)
try:
source = source_desc.get_source(lineno - 5, lineno + 5,
mark_line=lineno, lex_entire=True)
print(source)
except gdb.GdbError:
pass
