Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Port kernel vmmap to aglib #2634

Merged
merged 11 commits into from
Dec 18, 2024
Merged

Port kernel vmmap to aglib #2634

merged 11 commits into from
Dec 18, 2024

Conversation

patryk4815
Copy link
Member

@patryk4815 patryk4815 commented Dec 17, 2024
edited
Loading

Changes:

  • moved kernel_vmmap_via_monitor_info_mem to aglib.kernel.vmmap
  • moved kernel_vmmap_via_page_tables to aglib.kernel.vmmap
  • fix weird response in lldb send_monitor
  • Rewrite pt_gdb to aglib in kernel_vmmap_via_page_tables
  • implement rv64 paging it allows to use kernel_vmmap_via_page_tables

@codecov Codecov
Copy link

codecov bot commented Dec 17, 2024

Codecov Report

Attention: Patch coverage is 27.16763% with 126 lines in your changes missing coverage. Please review.

Project coverage is 5.36%. Comparing base (ea25cb5) to head (0ff1fdd).
Report is 3 commits behind head on dev.

Files with missing lines Patch % Lines
pwndbg/aglib/kernel/vmmap.py 27.51% 101 Missing and 7 partials ⚠️
pwndbg/aglib/kernel/__init__.py 35.29% 9 Missing and 2 partials ⚠️
pwndbg/dbg/lldb/__init__.py 0.00% 5 Missing ⚠️
pwndbg/gdblib/vmmap.py 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff            @@
##              dev   #2634      +/-   ##
=========================================
- Coverage   10.60%   5.36%   -5.25%     
=========================================
  Files         214     218       +4     
  Lines       23904   24115     +211     
  Branches     3617    3652      +35     
=========================================
- Hits         2535    1293    -1242     
- Misses      20917   22633    +1716     
+ Partials      452     189     -263

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

disconnect3d
disconnect3d reviewed Dec 18, 2024
View reviewed changes
pwndbg/aglib/kernel/__init__.py
@@ -649,6 +650,10 @@ def paging_enabled() -> bool:
return x86_64Ops.paging_enabled()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Random note: we should reorder this to x86-64, aarch64, rv64, i386

disconnect3d
disconnect3d reviewed Dec 18, 2024
View reviewed changes
pwndbg/aglib/kernel/__init__.py
elif arch_name == "rv64":
# https://starfivetech.com/uploads/u74_core_complex_manual_21G1.pdf
# page 41, satp.MODE, bits: 60,61,62,63
return int(pwndbg.aglib.regs.satp) & (BIT(60) | BIT(61) | BIT(62) | BIT(63)) != 0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

image

disconnect3d
disconnect3d reviewed Dec 18, 2024
View reviewed changes
pwndbg/aglib/kernel/vmmap.py Outdated
self.pid = QemuMachine.get_qemu_pid()
self.file = None
self.file = os.open(f"/proc/{self.pid}/mem", os.O_RDONLY)
self.mem_size = os.fstat(self.file).st_size
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this make sense?

(.venv) root@pwndbg:~# ls -la /proc/self/mem
-rw------- 1 root root 0 Dec 18 13:00 /proc/self/mem
(.venv) root@pwndbg:~# stat /proc/self/mem
  File: /proc/self/mem
  Size: 0         	Blocks: 0          IO Block: 1024   regular empty file
Device: 0,22	Inode: 29332658    Links: 1
Access: (0600/-rw-------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2024-12-18 13:00:15.561108327 +0000
Modify: 2024-12-18 13:00:15.561108327 +0000
Change: 2024-12-18 13:00:15.561108327 +0000
 Birth: -

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

In [4]: f=os.open('/proc/self/mem', os.O_RDONLY)

In [5]: os.fstat(f).st_size
Out[5]: 0

cc: @martinradev

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

martinradev/gdb-pt-dump#37

disconnect3d
disconnect3d reviewed Dec 18, 2024
View reviewed changes
pwndbg/aglib/kernel/vmmap.py
f"chardev-add file,id={chardev_id},path={tmpf.name}"
)
pid_found = QemuMachine.search_pids_for_file(pids, tmpf.name)
pwndbg.dbg.selected_inferior().send_monitor(f"chardev-remove {chardev_id}")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Lol this is a smart hack to detect the given QEMU process PID.

Maybe we should implement a monitor command to just return QEMU pid? :D

disconnect3d
disconnect3d reviewed Dec 18, 2024
View reviewed changes
pwndbg/aglib/kernel/vmmap.py
# Handle disabled PG
# This will prevent a crash on abstract architectures
if len(lines) == 1 and lines[0] == "PG disabled":
return ()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's PG disabled, is it paging? Is it only on one or all archs?

Any chance we can support physical addresses here too? or should we handle it elsewhere?

@disconnect3d disconnect3d merged commit 9f1753f into pwndbg:dev Dec 18, 2024
19 checks passed
@martinradev
Copy link

Is there an alternative to copy-pasting the gdb-pt-dump code, and potentially something I could assist with?

If the code becomes duplicated, code maintainability for both projects will suffer:

  • fixes and new functionality will not be making it into this downstream, unless one of you decides to copy-paste the code again to freshen it up.
  • potential fixes or new functionality added to this downstream copy may be forgotten to be merged back to the upstream.
  • any error messages, related to the downstream copy of gdb-pt-dump, may be misattributed to the upstream gdb-pt-dump project that will then require me to fix or only copy-paste into the downstream.

What would be required from gdb-pt-dump side to have the code live in a single place, but have things bundled for a release?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@disconnect3d disconnect3d disconnect3d approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@patryk4815 @martinradev @disconnect3d