This is barely a beta. There are currently no versioned releases, only master. I push to master with impunity. There are no tests. If anything works at all, consider yourself lucky.
Feature contributions and bugfixes are both very welcome :)
A PEDA replacement. In the spirit of our good friend windbg, pwndbg is pronounced pwnd-bag.
- Speed
- Resiliency
- Clean code
Best supported on Ubuntu 14.04 with default gdb or gdb-multiarch (e.g. with Python3).
git clone https://github.com/zachriggle/pwndbg
echo "source $PWD/pwndbg/gdbinit.py" >> ~/.gdbinitThese will be needed to build other Python modules below.
sudo apt-get install python-dev python3-dev python-pip python3-pip Currently this is only available via a source build. Be sure to install to the system Python; GDB will completely ignore your virtualenv / pyenv.
git clone https://github.com/aquynh/capstone
cd capstone
git checkout -t origin/next
sudo ./make.sh install
cd bindings/python
sudo python2 setup.py install # Ubuntu 12.04, GDB uses Python2
sudo python3 setup.py install # Ubuntu 14.04+, GDB uses Python3Currently this is only available via a source build. Be sure to install to the system Python; GDB will completely ignore your virtualenv / pyenv.
sudo apt-get install libglib2.0-dev
git clone https://github.com/unicorn-engine/unicorn
cd unicorn
sudo ./make.sh install
cd bindings/python
sudo python2 setup.py install # Ubuntu 12.04, GDB uses Python2
sudo python3 setup.py install # Ubuntu 14.04+, GDB uses Python3There are some other Python requirements which are easier to install.
pip install -Ur requirements.txtDoes most things that PEDA does. Doesn't do things that PEDA does that pwntools or binjitsu (my fork of pwntools) do better.
Also has a basic windbg compat layer for e.g. dd, eb, da, dps. Now you can even eb eip 90!
For most standard function calls, it knows how many arguments there are and can print out the function call args.
Here's a few screenshots of some of the cool things pwndbg does.
Function arguments
Conditional jump evaluation and jump following
More dump following
RET following, useful for ROP
Here's a screenshot of pwndbg working on an aarch64 binary running under qemu-user.
Here's a screenshot of PEDA. That it's aarch64 doesn't matter -- it chokes in the same way for everything qemu-user.
And here's a screenshot of GDB's built-in commands failing horribly. Note that while, yes, it gives output -- the addresses it does give are all wrong, and are just file offsets.
