Add depth limit to examine_mem_reference()

2016-06-03 08:51:55 +07:00 · 2016-06-03 08:51:55 +07:00 · b7c7d7aeeb
parent 6710298b16
commit b7c7d7aeeb
1 changed files with 14 additions and 14 deletions
--- a/peda.py
+++ b/peda.py
@ -50,7 +50,7 @@ else:
    from urllib import urlopen
    from urllib import urlencode
    pyversion = 2
-	
+
 REGISTERS = {
    8 : ["al", "ah", "bl", "bh", "cl", "ch", "dl", "dh"],
    16: ["ax", "bx", "cx", "dx"],
@ -1449,7 +1449,7 @@ class PEDA(object):
            if remote: # remote target, not yet supported
                return maps
            else: # local target
-                try:  out = execute_external_command("vmmap -w %s" % self.getpid())
+                try:  out = execute_external_command("/usr/bin/vmmap -w %s" % self.getpid())
                except: error_msg("could not read vmmap of process")

            matches = pattern.findall(out)
@ -2142,7 +2142,7 @@ class PEDA(object):
        return result

    @memoized
-    def examine_mem_reference(self, value):
+    def examine_mem_reference(self, value, depth=5):
        """
        Deeply examine a value in memory for its references

@ -2153,8 +2153,16 @@ class PEDA(object):
            - list of tuple of (value(Int), type(String), next_value(Int))
        """
        result = []
+        if depth <= 0:
+            depth = 0xffffffff
+
        (v, t, vn) = self.examine_mem_value(value)
        while vn is not None:
+            if len(result) > depth:
+                _v, _t, _vn = result[-1]
+                result[-1] = (_v, _t, "--> ...")
+                break
+
            result += [(v, t, vn)]
            if v == vn or to_int(v) == to_int(vn): # point to self
                break
@ -4824,17 +4832,9 @@ class PEDACmd(object):
                for r in REGISTERS[bits]:
                    if r in regs:
                        text += get_reg_text(r, regs[r])
-                        # text += green("%s" % r.upper().ljust(3)) + ": "
-                        # chain = peda.examine_mem_reference(regs[r])
-                        # text += format_reference_chain(chain)
-                        # text += "\n"
            else:
                for (r, v) in sorted(regs.items()):
                    text += get_reg_text(r, v)
-                    # text += green("%s" % r.upper().ljust(3)) + ": "
-                    # chain = peda.examine_mem_reference(v)
-                    # text += format_reference_chain(chain)
-                    # text += "\n"
            if text:
                msg(text.strip())
            if regname is None or "eflags" in regname:
@ -4845,7 +4845,7 @@ class PEDACmd(object):
            warning_msg("not a register nor an address")
        else:
            # Address
-            chain = peda.examine_mem_reference(address)
+            chain = peda.examine_mem_reference(address, depth=0)
            text += format_reference_chain(chain) + "\n"
            vmrange = peda.get_vmrange(address)
            if vmrange:
@ -5678,7 +5678,7 @@ class PEDACmd(object):
            MYNAME generate [arch/]platform type [port] [host]
            MYNAME search keyword (use % for any character wildcard)
            MYNAME display shellcodeId (shellcodeId as appears in search results)
-	    MYNAME zsc [generate customize shellcode] 
+	    MYNAME zsc [generate customize shellcode]

            For generate option:
                default port for bindport shellcode: 16706 (0x4142)
@ -5781,7 +5781,7 @@ class PEDACmd(object):
                        os = input('%s'%blue('os:'))
                    if pyversion is 3:
                        os = input('%s'%blue('os:'))
-                    if os in oslist: #check if os exist 
+                    if os in oslist: #check if os exist
                        break
                    else:
                        warning_msg("Wrong input! Try Again.")