安装pwndbg遇到的坑

看好多大佬都用pwndbg, 为了提升自己的逼格, 也打算用这个. ida调试确实太麻烦了, 而且灵活性也不够, 逼格也不够高(滑稽), 不过安装的过程中踩了几个坑. 于是记录一下.

电脑的配置信息:

windows10

vmware workstations 12

ubuntu 16.04

第一个坑

从github上克隆之后, 运行setup.sh, 报错了, 如下:

+ hash gdb
+ git submodule update --init --recursive
++ gdb -batch -q --nx -ex 'pi import platform; print(".".join(platform.python_version_tuple()[:2]))'
+ PYVER=3.5
++ gdb -batch -q --nx -ex 'pi import sys; print(sys.executable)'
+ PYTHON+=/usr/bin/python
+ PYTHON+=3.5
+ linux
+ grep -i Linux
+ uname
+ '[' -z '' ']'
++ gdb -batch -q --nx -ex 'pi import site; print(site.getsitepackages()[0])'
+ SITE_PACKAGES=/usr/local/lib/python3.5/dist-packages
+ INSTALLFLAGS='--target /usr/local/lib/python3.5/dist-packages'
+ sudo /usr/bin/python3.5 -m pip -V
pip 9.0.3 from /usr/local/lib/python3.5/dist-packages (python 3.5)
+ sudo /usr/bin/python3.5 -m pip install --target /usr/local/lib/python3.5/dist-packages --upgrade pip
The directory '/home/pullp/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
The directory '/home/pullp/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
Collecting pip
  Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5d2bc47390>: Failed to establish a new connection: [Errno 101] 网络不可达',)': /simple/pip/
  Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5d2bc474a8>: Failed to establish a new connection: [Errno 101] 网络不可达',)': /simple/pip/
  Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5d2bc47550>: Failed to establish a new connection: [Errno 101] 网络不可达',)': /simple/pip/
  Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5d2bc47668>: Failed to establish a new connection: [Errno 101] 网络不可达',)': /simple/pip/
  Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5d2bc47780>: Failed to establish a new connection: [Errno 101] 网络不可达',)': /simple/pip/
  Could not find a version that satisfies the requirement pip (from versions: )
No matching distribution found for pip

观察发现其使用的python版本为python3.5, 然而我的系统里面只有python2.7python3.6(我使用了pyenv对于多个同时有多个python的情况推荐使用, 非常省心). 不报错才怪呢. 那么我让它用python3.6不就完了嘛. 打开setup.sh, 发现其中有一个变量PYVER, 其是通过如下表达式赋值的PYVER=$(gdb -batch -q --nx -ex 'pi import platform; print(".".join(platform.python_version_tuple()[:2]))'), 我试着运行了一下, 返回的果然是3.5, 可能我发现了一个bug..... 于是就修改之

- PYVER=$(gdb -batch -q --nx -ex 'pi import platform; print(".".join(platform.python_version_tuple()[:2]))')
+ PYVER="3.6"

然后就踩到了第二坑

第二个坑

修改setup.sh中的PYVER之后重新运行脚本, 得到如下错误

  Running setup.py install for psutil ... error
    Complete output from command /usr/bin/python3.6 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-5cj9ba2c/psutil/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-tavsp4c_-record/install-record.txt --single-version-externally-managed --compile --home=/tmp/tmpcm70x103:
    running install
    running build
    running build_py
    creating build
    creating build/lib.linux-x86_64-3.6
    creating build/lib.linux-x86_64-3.6/psutil
    copying psutil/_exceptions.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_psaix.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_compat.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_psposix.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_pslinux.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_pssunos.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_pswindows.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_common.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_psbsd.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_psosx.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/__init__.py -> build/lib.linux-x86_64-3.6/psutil
    creating build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_linux.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_sunos.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_unicode.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/__main__.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_memory_leaks.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_bsd.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_misc.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_contracts.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_aix.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_process.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_osx.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_posix.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_connections.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/__init__.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_windows.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_system.py -> build/lib.linux-x86_64-3.6/psutil/tests
    running build_ext
    building 'psutil._psutil_linux' extension
    creating build/temp.linux-x86_64-3.6
    creating build/temp.linux-x86_64-3.6/psutil
    x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DPSUTIL_POSIX=1 -DPSUTIL_VERSION=543 -DPSUTIL_LINUX=1 -I/usr/include/python3.6m -c psutil/_psutil_common.c -o build/temp.linux-x86_64-3.6/psutil/_psutil_common.o
    psutil/_psutil_common.c:9:20: fatal error: Python.h: 没有那个文件或目录
    compilation terminated.
    error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
    
    ----------------------------------------
Command "/usr/bin/python3.6 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-5cj9ba2c/psutil/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-tavsp4c_-record/install-record.txt --single-version-externally-managed --compile --home=/tmp/tmpcm70x103" failed with error code 1 in /tmp/pip-build-5cj9ba2c/psutil/
You are using pip version 8.1.1, however version 9.0.3 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

网上发现有人遇见过类似问题, 可以通过sudo apt-get install python-dev解决. 但是我考虑到我用pwndbg的时候一般都要和pwntools一起使用, 而pwntools只支持python2所以我就将setup.sh里的PYVER修改为:

- PYVER="3.6"
+ PYVER="2.7"

重新运行, 成功安装. 没想到又报错了......

坑三

运行gdb, 报错如下错误:

 pullp@pullp-virtual-machine  ~  gdb
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
Traceback (most recent call last):
  File "/home/pullp/codes/pwn/pwndbg/gdbinit.py", line 36, in <module>
    import pwndbg # isort:skip
  File "/home/pullp/codes/pwn/pwndbg/pwndbg/__init__.py", line 12, in <module>
    import pwndbg.android
  File "/home/pullp/codes/pwn/pwndbg/pwndbg/android.py", line 12, in <module>
    import pwndbg.file
  File "/home/pullp/codes/pwn/pwndbg/pwndbg/file.py", line 21, in <module>
    import pwndbg.qemu
  File "/home/pullp/codes/pwn/pwndbg/pwndbg/qemu.py", line 14, in <module>
    import psutil
  File "/usr/local/lib/python3.5/dist-packages/psutil/__init__.py", line 100, in <module>
    from . import _pslinux as _psplatform
  File "/usr/local/lib/python3.5/dist-packages/psutil/_pslinux.py", line 26, in <module>
    from . import _psutil_linux as cext
ImportError: /usr/local/lib/python3.5/dist-packages/psutil/_psutil_linux.so: undefined symbol: _Py_ZeroStruct
(gdb) 

python2运行的程序为什么会import python3.5的库.........mdzz

在网上查了查, 找到了一些相关的问题. 貌似是这样的.gdb在build的时候就与某个确定的版本的python关联了, 可以用这个命令readelf -d $(which gdb) | grep python参考来源, 或者这个命令ldd $(which gdb) | grep python参考来源 来看看gdb用的是哪个版本的python.
而我的gdb用的是python3.5, 参考上面命令的输出:
0x0000000000000001 (NEEDED) 共享库:[libpython3.5m.so.1.0]
, 最难受的是我的这个系统里面原来自带的python3.5不知道怎么就不见了...........这也是我踩到第一个坑的原因......脚本需要的就是gdb对应的python版本, 然而我自作多情地给了个python2.....mdzz.......至于为啥python3.5不见了..可能当时手贱给删了, 现在只好尝试再使用pyenv安装个python3.5........难受.....

成功安装

安装好python3.5之后重新运行脚本(注意将PYVER改回原来的样子), 终于成功了!

pwndbg: loaded 165 commands. Type pwndbg [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
pwndbg> 

总结:

起始如果踩第一个坑的时候就选择安装一个python3.5, 而不是魔改源码.....也就不会有后面的这些坑了........大概多花了我3个小时的时间. 关键还是懂的太少, 没看懂这个命令的意思
PYVER=$(gdb -batch -q --nx -ex 'pi import platform; print(".".join(platform.python_version_tuple()[:2]))')
,进而导致后续一系列滑稽的措施. 现在分析一下这个命令的执行过程:
首先看一看这儿用到的gdb相关命令的信息:

This is the GNU debugger.  Usage:
    gdb [options] [executable-file [core-file or process-id]]
    gdb [options] --args executable-file [inferior-arguments ...]

Initial commands and command files:
  --eval-command=COMMAND, -ex
                     Execute a single GDB command.
                     May be used multiple times and in conjunction
                     with --command.
  --nx               Do not read any .gdbinit files in any directory.

Output and user interface control:
  -q, --quiet, --silent
                     Do not print version number on startup.

Operating modes:
  --batch            Exit after processing options.

Remote debugging options:

  -b BAUDRATE        Set serial port baud rate used for remote debugging.
  -l TIMEOUT         Set timeout in seconds for remote debugging.

可知, 这条命令就相当于在gdb里面打开python, 然后将python的版本赋值给PYVER. 要的就是gdb 在build的时候使用的python版本

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 213,254评论 6 492
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 90,875评论 3 387
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 158,682评论 0 348
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 56,896评论 1 285
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 66,015评论 6 385
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 50,152评论 1 291
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,208评论 3 412
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 37,962评论 0 268
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,388评论 1 304
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 36,700评论 2 327
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 38,867评论 1 341
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 34,551评论 4 335
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 40,186评论 3 317
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 30,901评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,142评论 1 267
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 46,689评论 2 362
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 43,757评论 2 351