Skip to content

Bugfix gdb.debug: exe parameter now respected #2227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 7 commits into from
Closed

Bugfix gdb.debug: exe parameter now respected #2227

wants to merge 7 commits into from

Conversation

goreil
Copy link
Contributor

@goreil goreil commented Jul 12, 2023

This commit now properly supports the exe parameter in pwnlib/gdb.py:debug(), allowing a different argv[0] than the executable. (See Issue #1273 )

It achieves this by leveraging the gdbsever--wrapper argument with a python script that calls execve with the specified args.
For remote connections ssh.process(run=False) already creates a python script that we can use.

Details

  1. We create a python script, that calls execve with our arguments
    /tmp/pwn-XXXXXX.py
#!<local python version>
import ctypes
...
ctypes.CDLL(None).execve(exe, argv, env)
  1. gdbserver has no native support for argv[0]

Therefore we leverage the --wrapper flag, which allows us to execute an arbitrary command. gdbserver will attach to the first unforked execve system call.

The command will then be
gdbserver --wrapper /tmp/pwn-XXXXXX.py -- <other gdbserver args>

goreil and others added 6 commits July 12, 2023 14:37
@goreil
Bugfix gdb.debug: exe parameter now respected
b586784 
This commit now properly supports the exe parameter in
`pwnlib/gdb.py:debug()`, allowing a different argv[0] than the
executable.

It achieves this by leveraging the gdbsever`--wrapper` argument
with a python script that calls execve with the specified args.
@goreil
Merge branch 'dev' into stable-gdb-exe
2aea417
@goreil
Backintegration for python2
0638284
@goreil
Update Changelog.md
77b6601
@goreil
pwnlib gdb.py, try to pass these tests...
c8563a0
@goreil
Encode script in ssh.process(run=False) for tests
12e782b
@goreil
Copy link
Contributor Author

goreil commented Jul 13, 2023

How does a libcdb.rst test fail? I only changed ssh.py and gdb.py and Changelog.md

Document: libcdb
----------------
**********************************************************************
File "libcdb.rst", line ?, in default
Failed example:
    'main_arena' in ELF(filename).symbols
Expected:
    True
Got:
    False
**********************************************************************

@peace-maker
Copy link
Member

The libcdb tests are flakey since they rely on external services unfortunately. You can ignore them.

@goreil goreil marked this pull request as ready for review July 14, 2023 15:01
@goreil
Copy link
Contributor Author

goreil commented Jul 14, 2023

There is an argument to be made to rename exe to executable, since that is the name of the parameter in tubes.process or ssh.process.

But since that might break something I recon we do that in a seperate Pull request.

@goreil
Copy link
Contributor Author

goreil commented Jul 19, 2023

Closing and opening new pull request, since coveralls seems broken when changing target branch.

@goreil goreil closed this Jul 19, 2023
@goreil goreil mentioned this pull request Jul 19, 2023
Merged
@peace-maker
Copy link
Member

We don't look at coveralls output right now, so no need to worry about it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@goreil @peace-maker