Skip to content

Instantly share code, notes, and snippets.

@Cirn09

Cirn09/dxc.py

Last active September 1, 2022 10:06
Show Gist options
  • Save Cirn09/5ece70e042ef465bc6300261ce85b6f0 to your computer and use it in GitHub Desktop.
Save Cirn09/5ece70e042ef465bc6300261ce85b6f0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
dxc.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import argparse
import math
import gdb
import pwndbg.arch
import pwndbg.commands
import pwndbg.memory
from pwndbg.commands.windbg import get_type
parser = argparse.ArgumentParser(description="Starting at the specified address, dump N bytes as code.")
parser.add_argument("address", type=pwndbg.commands.HexOrAddressExpr, help="The address to dump from.")
parser.add_argument("count", type=pwndbg.commands.AddressExpr, default=64, nargs="?", help="The number of bytes to dump.")
@pwndbg.commands.ArgparsedCommand(parser)
@pwndbg.commands.OnlyWhenRunning
def dbc(address, count=64):
"""
Starting at the specified address, dump N bytes
as code(default 64).
"""
return dXc(1, address, count, repeat=dbc.repeat)
parser = argparse.ArgumentParser(description="Starting at the specified address, dump N words as code.")
parser.add_argument("address", type=pwndbg.commands.HexOrAddressExpr, help="The address to dump from.")
parser.add_argument("count", type=pwndbg.commands.AddressExpr, default=64, nargs="?", help="The number of words to dump.")
@pwndbg.commands.ArgparsedCommand(parser)
@pwndbg.commands.OnlyWhenRunning
def dwc(address, count=32):
"""
Starting at the specified address, dump N words
as code(default 32).
"""
return dXc(2, address, count, repeat=dbc.repeat)
parser = argparse.ArgumentParser(description="Starting at the specified address, dump N dwords as code.")
parser.add_argument("address", type=pwndbg.commands.HexOrAddressExpr, help="The address to dump from.")
parser.add_argument("count", type=pwndbg.commands.AddressExpr, default=64, nargs="?", help="The number of dwords to dump.")
@pwndbg.commands.ArgparsedCommand(parser)
@pwndbg.commands.OnlyWhenRunning
def ddc(address, count=16):
"""
Starting at the specified address, dump N dwords
as code(default 16).
"""
return dXc(4, address, count, repeat=dbc.repeat)
parser = argparse.ArgumentParser(description="Starting at the specified address, dump N qwords as code.")
parser.add_argument("address", type=pwndbg.commands.HexOrAddressExpr, help="The address to dump from.")
parser.add_argument("count", type=pwndbg.commands.AddressExpr, default=64, nargs="?", help="The number of qwords to dump.")
@pwndbg.commands.ArgparsedCommand(parser)
@pwndbg.commands.OnlyWhenRunning
def dqc(address, count=8):
"""
Starting at the specified address, dump N qwords
as code(default 8).
"""
return dXc(8, address, count, repeat=dbc.repeat)
def dXc(size, address, count, repeat=False):
values = []
if repeat:
count = dXc.last_count + dXc.step
address = dXc.address
else:
address = int(address) & pwndbg.arch.ptrmask
count = int(count)
type = get_type(size)
for i in range(count):
try:
gval = pwndbg.memory.poi(type, address + i * size)
# print(str(gval))
values.append(int(gval))
except gdb.MemoryError:
break
if not values:
print('Could not access the provided address')
return
n_rows = int(math.ceil(count * size / float(16)))
row_sz = int(16 / size)
rows = [values[i*row_sz:(i+1)*row_sz] for i in range(n_rows)]
lines = []
# sys.stdout.write(repr(rows) + '\n')
for i, row in enumerate(rows):
if not row:
continue
line = []
for value in row:
line.append(tohex(size, value))
lines.append(', '.join(line))
print(',\n'.join(lines))
dXc.last_count = count
dXc.step = count
dXc.address = address
return lines
def tohex(size, value):
value = value & pwndbg.arch.ptrmask
return f'0x{value:0{size*2}x}'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment