peda icon indicating copy to clipboard operation
peda copied to clipboard

Published 20 hours ago verified publisher icon longld

added the got command to show fastly the state of the GOT table

Open degrigis opened this issue 8 years ago • 3 comments

Added the command "got" used to retrieve fastly the state of the GOT table. It works for 32 and 64 binaries and also for PIE programs.

Example 64 bit - PIE OFF : image

Example 64 bit - PIE ON: image

Example 32 bit: image

degrigis avatar Jun 05 '16 10:06 degrigis

This looks awesome, I did some tests and looks cool... just noticed a small detail: under certain binaries i don't get any symbols printed for the GOT entries. for example with my version of nmap i don't get any symbols explaining the pointers:

gdb-peda$ got
[...]
0x768570:   0x0042c386  0x00000000

however when i run readelf:

> readelf -r /usr/bin/nmap|grep 768570  
000000768570  00a600000007 R_X86_64_JUMP_SLO 0000000000000000 sleep@GLIBC_2.2.5 + 0

What do you think about not just relying on gdb and therefor purely relying on the x/wx command issued in line 4521: https://github.com/longld/peda/pull/79/commits/ea2d69558e0449f9be53752b4a8b725f5f4b6f01#diff-c1c917467ee788f52846b75c797b9eb0R4521 or 4516: https://github.com/longld/peda/pull/79/commits/ea2d69558e0449f9be53752b4a8b725f5f4b6f01#diff-c1c917467ee788f52846b75c797b9eb0R4516 but also propagate the readelf value contained in the f_line variable from line 4512: https://github.com/longld/peda/pull/79/commits/ea2d69558e0449f9be53752b4a8b725f5f4b6f01#diff-c1c917467ee788f52846b75c797b9eb0R4512. This way we could always output some useful information about the got/plt entry even when gdb does not provide anything for the x/wx command.

This would always be rock solid when we don't get useful additions by GDB and could look somewhat like:

gdb-peda$ got
[...]
0x768570:   0x0042c386  0x00000000  sleep@GLIBC_2.2.5

anthraxx avatar Jun 05 '16 23:06 anthraxx

It would be cool if you can apply this patch in addition to yours to achieve the previous mentioned printing of the name: https://github.com/anthraxx/peda/commit/aa63d4fa076036e8e735079a6bc8bb89cbd6ae06

Additionally there is a warning_msg function from the utils file to print warnings, please also update the pull request by changing those two warnings like:

https://github.com/anthraxx/peda/commit/7fb48563826724c0a896db34b72bf14ecaea31e5

anthraxx avatar Jun 05 '16 23:06 anthraxx

Ok, I've got time to improve a little bit the output of the commands following your advice @anthraxx.

The situation now is the following: image

image

I've re-used the information inside the f_line for the name and filtered a little bit the output from x/wx for both 32 and 64 bits to extract the addresses.

degrigis avatar Jun 06 '16 20:06 degrigis