Routines to enumerate mapped memory, and attempt to associate address ranges with various ELF files and permissions.
The reason that we need robustness is that not every operating system has /proc/$$/maps, which backs 'info proc mapping'.
Functions:
-
is_corefile–For example output use:
-
get_known_maps–Similar to
vmmap.get(), except only returns maps in cases where -
coredump_maps–Parses
info proc mappingsandmaintenance info sections -
parse_info_proc_mappings_line–Parse a line from
info proc mappingsand return a pwndbg.lib.memory.Page -
info_proc_maps–Parse the result of info proc mappings.
-
proc_tid_maps–Parse the contents of /proc/$TID/maps on the server.
-
info_sharedlibrary–Parses the output of
info sharedlibrary. -
info_files– -
info_auxv–Extracts the name of the executable from the output of the command
For example output use
gdb ./tests/binaries/crash_simple.out -ex run -ex 'generate-core-file ./core' -ex 'quit'
And then use
gdb ./tests/binaries/crash_simple.out -core ./core -ex 'info target'
And: gdb -core ./core
As the two differ in output slighty.
get_known_maps() -> tuple[Page, ...] | None
Similar to vmmap.get(), except only returns maps in cases where the mappings are known, like if it's a coredump, or if process mappings are available.
coredump_maps() -> tuple[Page, ...]
Parses info proc mappings and maintenance info sections and tries to make sense out of the result :)
parse_info_proc_mappings_line(
line: str, perms_available: bool, parse_flags: bool
) -> Page | None
Parse a line from info proc mappings and return a pwndbg.lib.memory.Page object if the line is valid.
Example lines
0x4c3000 0x4c5000 0x2000 0xc2000 rw-p /root/hello_world/main 0x4c5000 0x4cb000 0x6000 0x0 rw-p
The objfile column might be empty, and the permissions column is only present in GDB versions >= 12.1 bminor/binutils-gdb@29ef4c0
Parameters:
-
line(str) –A line from
info proc mappings.
Returns:
-
Page | None–A pwndbg.lib.memory.Page object or None.
info_proc_maps(parse_flags=True) -> tuple[Page, ...]
Parse the result of info proc mappings.
Example output:
Start Addr End Addr Size Offset Perms objfile
0x400000 0x401000 0x1000 0x0 r--p /root/hello_world/main
0x401000 0x497000 0x96000 0x1000 r-xp /root/hello_world/main
0x497000 0x4be000 0x27000 0x97000 r--p /root/hello_world/main
0x4be000 0x4c3000 0x5000 0xbd000 r--p /root/hello_world/main
0x4c3000 0x4c5000 0x2000 0xc2000 rw-p /root/hello_world/main
0x4c5000 0x4cb000 0x6000 0x0 rw-p
0x4cb000 0x4ed000 0x22000 0x0 rw-p [heap]
0x7ffff7ff9000 0x7ffff7ffd000 0x4000 0x0 r--p [vvar]
0x7ffff7ffd000 0x7ffff7fff000 0x2000 0x0 r-xp [vdso]
0x7ffffffde000 0x7ffffffff000 0x21000 0x0 rw-p [stack]
0xffffffffff600000 0xffffffffff601000 0x1000 0x0 --xp [vsyscall]
Note: this may return no pages due to a bug/behavior of GDB. See https://sourceware.org/bugzilla/show_bug.cgi?id=31207 for more information.
Returns:
-
Page–A tuple of pwndbg.lib.memory.Page objects or an empty tuple if
-
...–info proc mapping is not supported on the target.
proc_tid_maps() -> tuple[Page, ...] | None
Parse the contents of /proc/$TID/maps on the server. (TID == Thread Identifier. We do not use PID since it may not be correct)
Returns:
info_sharedlibrary() -> tuple[Page, ...]
Parses the output of info sharedlibrary.
Specifically, all we really want is any valid pointer into each library, and the path to the library on disk.
With this information, we can use the ELF parser to get all of the page permissions for every mapped page in the ELF.
Returns:
-
tuple[Page, ...]–A list of pwndbg.lib.memory.Page objects.
info_auxv(skip_exe: bool = False) -> tuple[Page, ...]
Extracts the name of the executable from the output of the command "info auxv". Note that if the executable path is a symlink, it is not dereferenced by info auxv and we also don't dereference it.
Parameters:
-
skip_exe(bool, default:False) –Do not return any mappings that belong to the exe.
Returns:
-
tuple[Page, ...]–A list of pwndbg.lib.memory.Page objects.