hugsy
Only CONDITIONAL jumps peek ahead. Make UNconditional peek also
Noticed today that jmp and family don't peek ahead in context_code. I added an option to peek for calls in #144. It'll be a bit more work to add it to unconditional jumps.
Naw I think still this is worth working on.
The trick is in determining the address of the jumps for each arch. We should probably add a method to the arch itself that takes the context and the instruction and returns the jump address, it would probably clean up the conditional jump stuff too.
I think this is for later. One way we could do it, although I am not sure how slow it would be, is to use unicorn to emulate the instruction, step once, and see where it ends up.
That would make unicorn a strict dependency on GEF, that's what pwndbg does and I really don't like it. Unicorn is a nightmare to setup on embedded devices.
Well, it would only make this feature a dependency :) We could fail gracefully.
I don't think we need to go that route, we just need to figure out a nice way to figure out the jump target.
What are the constraints on it exactly?
The way I see the implementation, we can solve it statically, without unicorn because we can only have:
jump $regjump <address>
Which we can know all the time. Do you see any other cases?
Well it's that we have to figure it out for each case for each arch, which means each addressing mode.
I'm totally cool with doing something like the peek_ret: Just unset branch_taken if we can't figure out the address, and that way it just doesn't show a jump target (better than an incorrect one).
This might be an easy enough thing for a new contributor to take a crack at.