pwntools icon indicating copy to clipboard operation
pwntools copied to clipboard

Published 20 hours ago verified publisher icon Gallopsled

stuck waiting for debugger

Open siskobrown opened this issue 3 years ago • 4 comments

Thanks for contributing to Pwntools!

Update Pwntools First

When reporting an issue, be sure that you are running the latest released version of pwntools (pip install --upgrade pwntools).

Debug Output

Having the extra debug output really helps us, and might help you diagnose the problem yourself.

When submitting an issue that has output from Pwntools, make sure to run your script as shown below, to enable the extra debugging data.

$ python exploit.py DEBUG LOG_FILE=log.txt

You should see [DEBUG] statements that show what's happening behind the scenes:

[+] Starting local process '/bin/sh' argv=['sh'] : pid 16823
[DEBUG] Sent 0x7 bytes:
    'whoami\n'
[DEBUG] Sent 0x5 bytes:
    'exit\n'
[+] Receiving all data: Done (11B)
[DEBUG] Received 0xb bytes:
    'crashheap\n'
[*] Process '/bin/sh' stopped with exit code 0 (pid 16823)

Verify on Ubuntu

If possible, please verify that your issue occurs on 64-bit Ubuntu 18.04. We provide a Dockerfile based on Ubuntu 18.04 via docker.io to make this super simple, no VM required!

# Download the Docker image
$ docker pull pwntools/pwntools:stable

# Boot the image
$ docker run -it pwntools/pwntools:stable

pwntools@7dc3ef409476:~$ python
>>> from pwn import *
>>> # Test your code here

siskobrown avatar Dec 10 '21 09:12 siskobrown

I was getting stuck waiting for debugger. Installed pwntools a couple of days ago. Running through some examples and they were not working. Would get stuck at waiting for debugger. started tracing through the libraries and found in misc.py at line 347 i found os.chmod(tmp.name, 0o700) assuming this is supposed to be a file mode I changed it to os.chmod(tmp.name, 0x700) and it worked perfectly.

siskobrown avatar Dec 10 '21 09:12 siskobrown

That could not have helped, since file modes are traditionally represented as octals. You must have done something else as well. Try to revert this particular change and see if it still works.

Arusekk avatar Dec 10 '21 09:12 Arusekk

Ah yes, I reverted that change and it stopped working. So I looked deeper... found in util/proc.py it was getting stuck in an infinite loop

with t.countdown(timeout=15):
    with log.waitfor('Waiting for debugger') as l:
        while debugger_pid:
            debugger = psutil.Process(debugger_pid)
            log.debug("In while debugger_pid loop\n");
            while t.timeout and tracer(pid) is None:
                try:
                    debugger.wait(0.01)
                except psutil.TimeoutExpired:
                    pass
                else:
                    debugger_pid = 0
                    break
        else:
            while t.timeout and tracer(pid) is None:
                time.sleep(0.01)

I added some extra debugging log statements and found that it was getting stuck in while debugger_pid after it had found a tracer(pid) changed the while to an if statement cause that made more sense and it worked.

siskobrown avatar Dec 10 '21 11:12 siskobrown

Actually, this bug has been fixed in this commit,maybe you can replace the function manually.

RoderickChan avatar Dec 11 '21 08:12 RoderickChan