pwndbg: Help: disasm with duplicate visual pointing references

I’m learning about RE and just find out pwndbg.

Using splitmind (saw it in FEATURES readme) with a custom setup of window/pane splitting, I got some “duplicate” visual references pointing to the same instruction in DISASM section.

I don’t know if it’s the right place to ask for help or not, sorry if it’s not the right one

I’m playing aroung with this: https://crackmes.one/crackme/5d22b9d833c5d410dc4d0c9f

Gdb:       10.0.50.20200307-git
Python:    3.8.2 (default, Apr  8 2020, 14:31:25)  [GCC 9.3.0]
Pwndbg:    1.1.0 build: 3cf9b31
Capstone:  4.0.1024
Unicorn:   1.0.1
alacritty: 0.4.2
tmux:      3.1
zsh:       zsh 5.8 (x86_64-pc-linux-gnu)
OS:
DISTRIB_ID=ManjaroLinux
DISTRIB_RELEASE=20.0
DISTRIB_CODENAME=Lysia
DISTRIB_DESCRIPTION="Manjaro Linux"

My .gdbinit

source /home/lucasbertin/Projetos/OSS/pwndbg/gdbinit.py
set context-clear-screen on
set follow-fork-mode parent

source /home/lucasbertin/Projetos/OSS/splitmind/gdbinit.py
python
import splitmind
(splitmind.Mind()
  .tell_splitter(show_titles=True)
  .tell_splitter(set_title="Main")

  .right(display="backtrace", size="25%")

  .above(of="main", display="disasm", banner="top", size="85%")
  .right(of="disasm", display="legend")
  .below(of="legend", display="stack")

  .show("regs", on="legend")
  .below(of="backtrace", cmd='tty; tail -f /dev/null', clearing=False)
  .below(cmd="python3")
).build(nobanner=True)
end

set context-code-lines 30
set context-source-code-lines 30
set context-sections  "regs args code disasm stack backtrace"

Any tips or hints are welcome, thanks!!

About this issue

Original URL
State: closed
Created 4 years ago
Comments: 16 (12 by maintainers)

Commits related to this issue

Fixes #749 - stop showing pc marker in disasm loops This commit fixes the issue described in #749. During disasm output, we enhance the display to show additional information of the instructions. Wh... — committed to disconnect3d/pwndbg by disconnect3d 4 years ago

Most upvoted comments

Ehh, I think I probably missed the main point here.

Regarding the visual duplicate of the “current instruction”, what I marked on the screen below. This is indeed a small bug which we never worried about much.

We probably enhance current instruction no matter if it is displayed for the first time or any other time, and that’s why we have the arrow there.

disconnect3d on May 4, 2020

pwndbg will emulate instructions and predict what branches will be taken in the future. Here the jump at _dl_start+196 will be taken, so pwndbg predicts the future instructions to be executed - in this case a loop.

This can be seen here https://github.com/pwndbg/pwndbg/blob/2a09b30649fe590a4f284c0dc9f484304074a829/pwndbg/commands/nearpc.py#L125-L129

So this might not be an issue at all depending on how you see it.

sudhackar on May 4, 2020