howdays

JIN's Lab

Development

gdb thread attach 기능 추가

~/Pwngdb/pwngdb.py 수정 https://github.com/scwuaptx/Pwngdb

 def at(self,*arg):
        """ Attach by processname """
        (processname,) = normalize_argv(arg,1)
        if not processname :
            processname = getprocname(relative=True)
            if not processname :
                print("Attaching program: ")
                print("No executable file specified.")
                print("Use the \"file\" or \"exec-file\" command.")
                return
        try :
            print("Attaching to %s ..." % processname)
            currentpidlist = subprocess.check_output("pidof " + processname,shell=True).decode('utf8').split()

            resultpidlist = {}

            for pid in currentpidlist :
                k = subprocess.check_output("ps -p {0} -T".format(pid),shell=True).decode('utf8').split("\n")[2:-1]
                if path.isdir("/proc/"+pid+"/cwd") :
                    resultpidlist.update({pid:[]})
                    for tmp in k:
                        resultpidlist[pid].append(tmp.split()[1])

            if len(resultpidlist.keys()) == 1 and len(resultpidlist[list(resultpidlist.keys())[0]]) == 0 :
                resultpid = list(resultpidlist.keys())[0]

            else :
                for paridx ,parpid in enumerate(resultpidlist.keys()) : 
                    print(str(paridx) + " : " + parpid)
                    for curidx , curpid in enumerate(resultpidlist[parpid]) : 
                        print("\t" + str(paridx) + "-" + str(curidx) + " : " + curpid)

                select = input("select > ").split("-")
                if len(select) == 1 :
                    resultpid = list(resultpidlist.keys())[int(select[0])]
                elif len(select) == 2 :
                    par = int(select[0])
                    cur = int(select[1])
                    resultpid =  resultpidlist[list(resultpidlist.keys())[par]][cur]
                    


            gdb.execute("attach " + resultpid)
            getheapbase()
            libcbase()
            codeaddr()
            ldbase()
        except Exception as e:
            print(e)
            print( "No such process" )

Leave a Reply