Pwndbg

The 2021 release, which contains many fixes & some enhancements.

Thanks to all contributors!

TL;DR git log since last release:

a79c85b (HEAD -> dev, tag: 2021.06.22, origin/dev, origin/HEAD) Update links to use Discord
668e53f Fix xinfo used with symbols that are function pointers
8db8f4d fix: update_length() raise exception in some cases
30d6745 Make brva alias accept same args as breakrva
aa25aac fix(disasm,emulate): support mips32r6
44471df fix(emulate): refix emulate, let it works correct on unicorn-1.0.2rc1 ~ unicorn-1.0.2
99a5ef3 fix exception raised by cs.syntax when debugging mips binary
5389eb6 fix(emulate): let `emulate` works on unicorn-1.0.2rc1 ~ unicorn-1.0.2
87da998 fix(telescope): also unroll buffer if last line is skipped
05036de fix(telescope): avoid superfluous whitespace after register column
75b4249 feature(telescope): reduce cognitive load by adding skip count label
baf3fe7 feature(telescope): option to set min repeating values before skipping
14325af chore: clean up unused imports
a8c2fb5 fix(ui): fix display of addrsz to be hex formated
a5c9738 feature(radare2): add r2pipe command to execute stateful radare2 cmds
5d0441b feature(shell): put 'pwn' into allow list for pwntools
56d1fac chore(profile): extend test binary so unicorn engine shows more code flow
f1aa0c8 feature(profile): use a simple module based approach to define profiles
fbfd47f fix(profile): accept any valid location for pyprof2calltree
87bf6ac chore(ghidra): simplify logic and clean up code flow
707fe12 chore(ghidra): use memoize feature to cache r2pipe handle
44770fd fix(ghidra): handle PIE base address when opening the r2pipe
71ca721 feature(ghidra): use configurable code prefix marker for line indicator
a100d87 fix(ghidra): make if-no-source condition work as expected
6354fdc fix(ghidra): avoid crash if we try to decompile a faulty addr/func
e8b5124 chore(ghidra): modularize ghidra functions into utils and commands
b036575 feature(radare2): add argument to set base when loading for PIE (897)
cd3cbf3 Update README to show more modern supported Linux versions (885)
00c9740 use_info_auxv() : change regex (894)
96df189 Changed register list to use precomputed tuples (866)
cd0cd82 Fixed bug when the GDB is debuggin an architecture arm-eabi (disassembly-flavor). (889)
4d213a1 Fix 881 (883)
ae6f25a Fix 858 (877)
26a18f1 Remove quotes from command option interpolation (876)
bf49bf8 Unit test fix (868)
5639589 Remove unimplemented dlmalloc (874)
c31c720 docs: fix simple typo, divison -> division (870)
f74aa34 The disassembly flavor is hard-coded. It does not change from Intel to AT&T (860)
304bf26 Improved the number of Runs/Layers in the container. Upgraded Ubuntu and install GoLand to run the tests. (862)
cc92959 Added comment command (857)
812278b Allow return offsets and use it for 'start' method. (864)
bde3637 added fix for i386 libc6-dbg package. (859)
29f962c ropgadget: fix path export. (854)
cfe93ab fix for ubuntu 20.04 (850)
979d330 Fixes 841
30c816b Moved filename to the end of the command (842)
ea11f86 Add basic i8086 support (835)
f096be7 Compact, [big-endian] hexdump (839)
779634a fix prev chunk size check (837)
9250cc5 Compact register list for context view (830)
7690b60 Fixed bug: bins gets the wrong pointer offset (832)
d626db1 add config context-backtrace-lines (831)
b209c2b Added installation configuration for Gentoo (820)
a9c43ed In setup.sh, remove installation of python2 for apt (828)
487caa1 Fix 814: better aslr output (818)
301012a Py3k (817)
ccd8f76 Remove travis (816)
ce2266e Add GitHub Actions support (809)
15b11c7 Add Dockerfile for easier dev (815)
96716ce Fix mprotect failing on py2

This release brings a lot of fixes and improvements and a new `mprotect` command that injects/calls the corresponding syscall (x64/x86 only for now).

Thanks to all contributors!

Detailed commit log
* fa326d3 - Fix disasm call target display when symbol is known (801)
* 9c60b62 - arch.py: remove unused instruction (800)
* 21319d3 - Add repeat mode dX commands (791) (799)
* 79140e3 - Fix dqs windbg command (798)
* d088019 - Update .travis.yml: trusty->bionic (796)
* b5775f7 - Fix typo in exception-verbose parameter
* 64f75c9 - vmmap command: fixes 795 - usage w/o argument
* f543205 - vmmap command: show offset for single addresses (795)
* 8c601c4 - Fix typos (787)
* 5efff78 - return only valid arenas (784)
* af0b065 - 2*ptrsize mismatch (783)
* 970ac22 - Delete dead code in regs.py (779)
* 7bad305 - Determine register sizes dynamically, do not assume ptrdiff width (775)
* a1b2b03 - Fixes 777 - missing pyelftools program header name (782)
* 606eae0 - Update regs.py (780)
* 744aa22 - Fixes 770 - broken vmmap aliases (778)
* 1cd9874 - Use qemu.root() instead of a hardcoded path (774)
* 5b9a42a - Fix find_fake_fast error on older gdb version (760)
* b361bda - 664 mark changed registers (756)
* 016326f - Update issue templates (776)
* 677dfa2 - Changes in dependencies needed for Ubuntu, starting from scratch. (763)
* 609284c - support for xbps install (753)
* f90db72 - chunk printing to malloc_chunk cmd (751)
* 5062e4a - Fixes 749 - stop showing pc marker in disasm loops (750)
* ac7fb64 - mprotect command injecting mprotect syscall. (740)
* d3ec217 - fix for ubuntu 20.04 (748)
* 2a09b30 - Fixes 726 (747)
* e3b910c - Try heap (744)
* 4281583 - Update heap implementation (728)
* fbd2bb3 - Fixed alignment bug in vis_heap_chunks command (739)
* 3cf9b31 - Added suppor fot opensuse (734)
* 0cdcd6f - Fixed misprint 'distibuted' --> 'distributed' (733)
* d4a6ff4 - Fix command description format (727)
* b1beacf - fixes 660, can not get correct arm64 context (724)
* 5849d27 - [WIP] Feature: show ghidra decompiled code in context (715)
* ab1e091 - rename ctx-watch -> ctx-unwatch (725)
* 5c67072 - Enhance find_fake_fast (721)
* 798bcb6 - Fix inaccuracies in vis_heap_chunks() (708)
* a18e751 - [WIP] Context watches expressions (711)
* 80e3959 - Don't use top chunk heuristics (712)
* c8a846e - Replace malloc initialization heuristics (713)
* 08a78ad - Remove temp files and dir when exit (720)
* 64ca9a6 - Fix decompile error (716)
* c46417f - Remove useless cat from setup (717)
* d2fc367 - Happy new year 2020 (718)
* f2c0efc - Per section context output (697)
* 9aef04b - Add line indicator in decompile result (714)
* cc0c90a - Fix vmmap crash when PG is disabled (709)
* ca649da - Fix switching to remote debug caching bug 707
* 8cbb863 - Update __init__.py (703)
* 355c09e - command: support alternatives including sub command wrapper like pwn (701)
* ecae891 - fix spelling errors (699)
* 829f36a - Improve probeleak command (698)
* b2f7f90 - split inode_objfile at most once to fix 695 (696)
* e650f92 - adding support for clear linux (694)

This release brings some bugfixes (also related to IDA Pro sync), enhancements to commands and some other enhancements.

Changelog

What is new
* Added vmmap QEMU kernel support for x86/x64/risc-v by parsing `memory info mem` (685, 687)
* Allowed hexdump by module name, like vmmap (683)
* Added initial support for ARM Cortex-M baremetal debugging (264)
* Better support for go binaries (649, 652)
* The `vis_heap_chunk` command got improved (625)
* Added `leakfind` command (608, 620)
* Added `xuntil` command (604, 648)
* Added option to redirect context output to other tty or files - simply set `set context-output /dev/pts/x` (610)
* Enhance remote QEMU targets debugging experience (603)
* Added `ctx` alias for the `context` command (656)
* Added `__read_chk`, `__fread_chk` and `__pread_chk` to recognized functions (536)
* Improved UX of dumpargs command (631)

Fixes
* Fixed 681 (693)
* Fixed top_chunk and vis_heap_chunks command (691)
* Fixed install's apt-get from blocking at setup time (680)
* Fixed 674 by adding gdb-gdbserver dependency (676)
* Fixed 532 by clearing internal temp bp on exit (642)
* Heap commands are now invoked only with libc debug symbols (635)
* Added mkdocs documentation (639)
* Fixed source code display (638)
* Fixed 636 - bug with regs display on other frames (637)
* Added a workaround for GDB bug described in 632 (633)
* The pseudocode context display retrieved from IDA Pro Hex-Rays decompilation now shows only the related code (630)
* Fix the decompile function for IDA Pro 7.2 during IDA Pro sync (629)
* Fixed a bug when IDA Pro window was activated/focused when jumping during IDA Pro sync (628)
* Use ArgparsedCommand for everything (622)
* Fixed 623, a bug where `pwndbg.proc.exe` returned wrong path (624)
* Allowed `ArgparsedCommand` to have aliases (621)
* Fixed base for got on pie binaries (618)
* Fixed 609 by updating types on `new_objfile` event (616)
* Fixed 538 - breakrva on symlink targets (539)
* Change StopIteration to return (613)
* Fixed linetable.line.pc negative address when debug kernel (605)
* Added install instructions for Manjaro in setup.sh (606)
* IDA Pro sync RPC will try to auto-connect when `ida-enabled` parameter is enabled (597)
* Fixed bug in heap command (571)
* Fixed syntax hightlighting cache bug (594)

Thanks to all external contributors:
* alissonbezerra
* korniltsev
* jerdna-regeiz
* theqlabs
* bet4it
* Bluekezhou
* CarloMara
* mzr
* Jinmo
* matrix1001
* NyaMisty
* GrosQuildu
* StalkR
* F3real
* zommiommy
* vesim987
* reyammer
* Qwaz
* Yuuoniy
* geoffbeier
* jaseg
* jebjerg

And our team:
* zachriggle
* stnevans
* anthraxx
* disconnect3d

This release brings a lot of bugfixes, update to Capstone 4.0.1, better r2 sync support and some other enhancements.

Thanks for all external contributors:
* sudhackar
* gymgit
* skysider
* equation314
* matrix1001
* GrosQuildu
* ZetaTwo
* adamtanana
* Dom-1
* ClaudiaJKang

Changes:
* Updated Capstone to 4.0.1 - this adds more instructions that can be disassembled properly and fixes the setup on recent stable version after Capstone got updated
* Fixed SPARC architecture support (573)
* Pwndbg doesn't set a limit on `print elements` anymore (590)
* Added a `bugreport` command (533)
* Added support of PIE binaries for r2 (567)
* Added support for heap tcache on targets w/o -lpthread (552)
* `context code` now displays the source file path (526)
* Better support for Rust binaries: added missing types (559)
* `probeleak` now displays symbols if the address corresponds to one (572)
* Fixed r2 sync trying to get pc when the process wasn't running (584)
* Fixed source code display crashing when it had unicode chars (578)
* Fixed a bug in emulator on non-x86 architectures when the return address was not restored properly (555)
* Fixed a bug when enhancing display of instruction that dereferenced memory (587)
* Fixed a bug with gdb 8.2 (575)
* Fixed a bug that crashed pwndbg when debugging mips binary when run on qemu-mips (569)
* Fixed some bugs related to heap commands (563, 537, 546)
* Fixed setup.sh for some distros (551, 549, 540)
* Pwndbg will now check if added command overrides commands that were registered before launching pwndbg (from other plugins or built-in commands) (543)
* Fixed got command (531)

This release of Pwndbg includes a large number of bug fixes, and the following new or updated commands:
- Heap functionality is greatly increased
- `bins`
- `fastbins`
- `largebins`
- `mp`
- `smallbins`
- `unsortedbin`
- `configfile` and `themefile` will save your settings to a file easily added to `~/.gdbinit`