2

I'm using both pwntools and gdb to explore an ELF program and my question is how can I get the value of a variable like I do with "p <variable_name>" in gdb but in pwntools. I have searched but can't find nothing.

Joao Marono
  • 61
  • 5

1 Answers1

1

I also needed to do this recently and I figured out a solution, hopefully it suits your needs too.

Example C program to extract value from:

#include <stdio.h>

int j = 3;

int main()
{
    int i = 4;

    printf("%d %d\n", i, j);

    return 0;
}

Python script to read the values of i and j (and as an added bonus get the value of the eax register):

from pwnlib import gdb

def parse_unsigned_int(val):
    tmp = int(str(val), 10)
    if (tmp < 0):
        tmp = tmp + (1 << 32)    
    return tmp

def get_register_value(reg):
    reg_gdb = p.gdb.newest_frame().read_register(reg)
    return parse_unsigned_int(reg_gdb)


def get_variable_value(var):
    var_gdb = p.gdb.parse_and_eval(var)
    return parse_unsigned_int(var_gdb)

p = gdb.debug('./otes', '''
    break test.c:9
    cont
''', api=True)

eax = get_register_value('eax')
print(f"{eax:08x}")

i = get_variable_value('i')
print(f"{i:08x}")

j = get_variable_value('j')
print(f"{j:08x}")
Jessica
  • 380
  • 1
  • 7
  • there is no `parse_and_eval` AttributeError: module 'pwnlib.gdb' has no attribute 'parse_and_eval' – mLstudent33 Mar 30 '23 at 11:50
  • @mLstudent33 You might just have on old version. It works fine for me and here's the official documentation https://sourceware.org/gdb/onlinedocs/gdb/Basic-Python.html "Function: gdb.parse_and_eval (expression) Parse expression, which must be a string, as an expression in the current language, evaluate it, and return the result as a gdb.Value. This function can be useful when implementing a new command (see CLI Commands In Python, see GDB/MI Commands In Python), as it provides a way to parse the command’s argument as an expression. It is also useful simply to compute values. " – Jessica Mar 30 '23 at 14:01
  • Actually thinking about it @mLstudent33 , have you tried my example exactly as-is or did you try to adapt it to your own problem right away? I'm just wondering given the error you reported if you called `pwnlib.gdb.parse_and_eval` or if you used the object return from `pwnlib.gdb.debug()` i.e. `p.gdb.parse_and_eval` because I suspect they are different and the former does indeed not have a `parse_and_eval` function. – Jessica Mar 31 '23 at 00:46
  • thanks I did try to adapt it for my own, let me try your suggestion. – mLstudent33 Mar 31 '23 at 05:08
  • I fixed it and now it's saying it can't find my symbol in the context. The symbol I am looking for is declared in a function called in main(), actually it's the only other function. Do the symbols have to be in main? – mLstudent33 Mar 31 '23 at 05:55
  • @mLstudent33 Ah good to hear. The symbols don't have to be in main but they do have to be in the current stack frame (or global) i.e. you have to put the breakpoint inside the function you want to evaluate the symbols for and it has to be at a point where the variable is in scope and has the value you're interested in assigned. – Jessica Mar 31 '23 at 17:34