Class 20: Some new tools to prep for heap

pwndbg (pronounced PWNed Bag)

Some of you have been using gdb from previous classes. In fact it's been around since the 80s.

I had used it in completely non-exploitation/revering contexts for release management in my open-source days.

It's a really well loved and extensible tool.

One of the reasons why it might stay relevant longer than r2 even (and I LOVE r2) is that we can add our own commands and things.

I might not cover that today but might when we're farther along.

OK so let's use gdb / pwndbg. Specifically let's look at how the very basics of how the heap works without any prep.

That is, we're doing the reverse engineering method of seeing what we can see to let your brain start to click in during spring break.

Kicking-Off stack leaks via telescope

Ok key gdb commands

gdb ./binary

start (vs run)

n (vs s)

fin (finish a function)

vmmap

ctx

x/... x/Nformat address

set args arg1 arg2 ...

disass main

break *functionname

telescope N

bp bl bd be

Let's do cooler scouting on the "warmup" PCP

Challenge Heap Problem

Just going to visualize

vis

bins

chunks

heap