看好多大佬都用pwndbg, 为了提升自己的逼格, 也打算用这个. ida调试确实太麻烦了, 而且灵活性也不够, 逼格也不够高(滑稽), 不过安装的过程中踩了几个坑. 于是记录一下.
电脑的配置信息:
windows10
vmware workstations 12
ubuntu 16.04
第一个坑
从github上克隆之后, 运行setup.sh
, 报错了, 如下:
+ hash gdb
+ git submodule update --init --recursive
++ gdb -batch -q --nx -ex 'pi import platform; print(".".join(platform.python_version_tuple()[:2]))'
+ PYVER=3.5
++ gdb -batch -q --nx -ex 'pi import sys; print(sys.executable)'
+ PYTHON+=/usr/bin/python
+ PYTHON+=3.5
+ linux
+ grep -i Linux
+ uname
+ '[' -z '' ']'
++ gdb -batch -q --nx -ex 'pi import site; print(site.getsitepackages()[0])'
+ SITE_PACKAGES=/usr/local/lib/python3.5/dist-packages
+ INSTALLFLAGS='--target /usr/local/lib/python3.5/dist-packages'
+ sudo /usr/bin/python3.5 -m pip -V
pip 9.0.3 from /usr/local/lib/python3.5/dist-packages (python 3.5)
+ sudo /usr/bin/python3.5 -m pip install --target /usr/local/lib/python3.5/dist-packages --upgrade pip
The directory '/home/pullp/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
The directory '/home/pullp/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
Collecting pip
Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5d2bc47390>: Failed to establish a new connection: [Errno 101] 网络不可达',)': /simple/pip/
Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5d2bc474a8>: Failed to establish a new connection: [Errno 101] 网络不可达',)': /simple/pip/
Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5d2bc47550>: Failed to establish a new connection: [Errno 101] 网络不可达',)': /simple/pip/
Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5d2bc47668>: Failed to establish a new connection: [Errno 101] 网络不可达',)': /simple/pip/
Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5d2bc47780>: Failed to establish a new connection: [Errno 101] 网络不可达',)': /simple/pip/
Could not find a version that satisfies the requirement pip (from versions: )
No matching distribution found for pip
观察发现其使用的python
版本为python3.5
, 然而我的系统里面只有python2.7
和python3.6
(我使用了pyenv
对于多个同时有多个python
的情况推荐使用, 非常省心). 不报错才怪呢. 那么我让它用python3.6
不就完了嘛. 打开setup.sh
, 发现其中有一个变量PYVER
, 其是通过如下表达式赋值的PYVER=$(gdb -batch -q --nx -ex 'pi import platform; print(".".join(platform.python_version_tuple()[:2]))')
, 我试着运行了一下, 返回的果然是3.5, 可能我发现了一个bug..... 于是就修改之
- PYVER=$(gdb -batch -q --nx -ex 'pi import platform; print(".".join(platform.python_version_tuple()[:2]))')
+ PYVER="3.6"
然后就踩到了第二坑
第二个坑
修改setup.sh
中的PYVER
之后重新运行脚本, 得到如下错误
Running setup.py install for psutil ... error
Complete output from command /usr/bin/python3.6 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-5cj9ba2c/psutil/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-tavsp4c_-record/install-record.txt --single-version-externally-managed --compile --home=/tmp/tmpcm70x103:
running install
running build
running build_py
creating build
creating build/lib.linux-x86_64-3.6
creating build/lib.linux-x86_64-3.6/psutil
copying psutil/_exceptions.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_psaix.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_compat.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_psposix.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_pslinux.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_pssunos.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_pswindows.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_common.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_psbsd.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/_psosx.py -> build/lib.linux-x86_64-3.6/psutil
copying psutil/__init__.py -> build/lib.linux-x86_64-3.6/psutil
creating build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_linux.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_sunos.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_unicode.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/__main__.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_memory_leaks.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_bsd.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_misc.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_contracts.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_aix.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_process.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_osx.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_posix.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_connections.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/__init__.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_windows.py -> build/lib.linux-x86_64-3.6/psutil/tests
copying psutil/tests/test_system.py -> build/lib.linux-x86_64-3.6/psutil/tests
running build_ext
building 'psutil._psutil_linux' extension
creating build/temp.linux-x86_64-3.6
creating build/temp.linux-x86_64-3.6/psutil
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DPSUTIL_POSIX=1 -DPSUTIL_VERSION=543 -DPSUTIL_LINUX=1 -I/usr/include/python3.6m -c psutil/_psutil_common.c -o build/temp.linux-x86_64-3.6/psutil/_psutil_common.o
psutil/_psutil_common.c:9:20: fatal error: Python.h: 没有那个文件或目录
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
----------------------------------------
Command "/usr/bin/python3.6 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-5cj9ba2c/psutil/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-tavsp4c_-record/install-record.txt --single-version-externally-managed --compile --home=/tmp/tmpcm70x103" failed with error code 1 in /tmp/pip-build-5cj9ba2c/psutil/
You are using pip version 8.1.1, however version 9.0.3 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
网上发现有人遇见过类似问题, 可以通过sudo apt-get install python-dev
解决. 但是我考虑到我用pwndbg
的时候一般都要和pwntools
一起使用, 而pwntools
只支持python2
所以我就将setup.sh
里的PYVER
修改为:
- PYVER="3.6"
+ PYVER="2.7"
重新运行, 成功安装. 没想到又报错了......
坑三
运行gdb
, 报错如下错误:
pullp@pullp-virtual-machine ~ gdb
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
Traceback (most recent call last):
File "/home/pullp/codes/pwn/pwndbg/gdbinit.py", line 36, in <module>
import pwndbg # isort:skip
File "/home/pullp/codes/pwn/pwndbg/pwndbg/__init__.py", line 12, in <module>
import pwndbg.android
File "/home/pullp/codes/pwn/pwndbg/pwndbg/android.py", line 12, in <module>
import pwndbg.file
File "/home/pullp/codes/pwn/pwndbg/pwndbg/file.py", line 21, in <module>
import pwndbg.qemu
File "/home/pullp/codes/pwn/pwndbg/pwndbg/qemu.py", line 14, in <module>
import psutil
File "/usr/local/lib/python3.5/dist-packages/psutil/__init__.py", line 100, in <module>
from . import _pslinux as _psplatform
File "/usr/local/lib/python3.5/dist-packages/psutil/_pslinux.py", line 26, in <module>
from . import _psutil_linux as cext
ImportError: /usr/local/lib/python3.5/dist-packages/psutil/_psutil_linux.so: undefined symbol: _Py_ZeroStruct
(gdb)
用python2
运行的程序为什么会import python3.5
的库.........mdzz
在网上查了查, 找到了一些相关的问题. 貌似是这样的.gdb
在build的时候就与某个确定的版本的python关联了, 可以用这个命令readelf -d $(which gdb) | grep python
参考来源, 或者这个命令ldd $(which gdb) | grep python
参考来源 来看看gdb
用的是哪个版本的python
.
而我的gdb
用的是python3.5
, 参考上面命令的输出:
0x0000000000000001 (NEEDED) 共享库:[libpython3.5m.so.1.0]
, 最难受的是我的这个系统里面原来自带的python3.5
不知道怎么就不见了...........这也是我踩到第一个坑的原因......脚本需要的就是gdb
对应的python
版本, 然而我自作多情地给了个python2
.....mdzz.......至于为啥python3.5
不见了..可能当时手贱给删了, 现在只好尝试再使用pyenv
安装个python3.5
........难受.....
成功安装
安装好python3.5
之后重新运行脚本(注意将PYVER
改回原来的样子), 终于成功了!
pwndbg: loaded 165 commands. Type pwndbg [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
pwndbg>
总结:
起始如果踩第一个坑的时候就选择安装一个python3.5
, 而不是魔改源码.....也就不会有后面的这些坑了........大概多花了我3个小时的时间. 关键还是懂的太少, 没看懂这个命令的意思
PYVER=$(gdb -batch -q --nx -ex 'pi import platform; print(".".join(platform.python_version_tuple()[:2]))')
,进而导致后续一系列滑稽的措施. 现在分析一下这个命令的执行过程:
首先看一看这儿用到的gdb
相关命令的信息:
This is the GNU debugger. Usage:
gdb [options] [executable-file [core-file or process-id]]
gdb [options] --args executable-file [inferior-arguments ...]
Initial commands and command files:
--eval-command=COMMAND, -ex
Execute a single GDB command.
May be used multiple times and in conjunction
with --command.
--nx Do not read any .gdbinit files in any directory.
Output and user interface control:
-q, --quiet, --silent
Do not print version number on startup.
Operating modes:
--batch Exit after processing options.
Remote debugging options:
-b BAUDRATE Set serial port baud rate used for remote debugging.
-l TIMEOUT Set timeout in seconds for remote debugging.
可知, 这条命令就相当于在gdb
里面打开python
, 然后将python
的版本赋值给PYVER
. 要的就是gdb
在build的时候使用的python
版本