GDB for pwn.
cd ~/
git clone https://github.com/scwuaptx/Pwngdb.git
cp ~/Pwngdb/.gdbinit ~/
If you dont want to use gdb-peda , you can modify the gdbinit to remove it.
If you want to use the feature of heapinfo and tracemalloc , you need to install libc debug file (libc6-dbg & libc6-dbg:i386 for debian package)
libc
: Print the base address of libcld
: Print the base address of ldcodebase
: Print the base of code segmentheap
: Print the base of heapgot
: Print the Global Offset Table infomationdyn
: Print the Dynamic section infomationfindcall
: Find some function callbcall
: Set the breakpoint at some function calltls
: Print the thread local storage addressat
: Attach by process namefindsyscall
: Find the syscallfmtarg
: Calculate the index of format string- You need to stop on printf which has vulnerability.
force
: Calculate the nb in the house of force.heapinfo
: Print some infomation of heapchunkinfo
: Print the infomation of chunk- chunkinfo (Address of victim)
chunkptr
: Print the infomation of chunk- chunkptr (Address of user ptr)
mergeinfo
: Print the infomation of merge- mergeinfo (Address of victim)
printfastbin
: Print some infomation of fastbintracemalloc on
: Trace the malloc and free and detect some error .- You need to run the process first than
tracemalloc on
, it will record all of the malloc and free. - You can set the
DEBUG
in pwngdb.py , than it will print all of the malloc and free infomation such as the screeshot.
- You need to run the process first than
parseheap
: Parse heap layout
- Chunkinfo
- Mergeinfo
- Heapinfo
- parseheap
- tracemalloc