安装pwndbg遇到的坑

看好多大佬都用pwndbg, 为了提升自己的逼格, 也打算用这个. ida调试确实太麻烦了, 而且灵活性也不够, 逼格也不够高(滑稽), 不过安装的过程中踩了几个坑. 于是记录一下.

电脑的配置信息:

windows10

vmware workstations 12

ubuntu 16.04

第一个坑

从github上克隆之后, 运行setup.sh, 报错了, 如下:

+ hash gdb
+ git submodule update --init --recursive
++ gdb -batch -q --nx -ex 'pi import platform; print(".".join(platform.python_version_tuple()[:2]))'
+ PYVER=3.5
++ gdb -batch -q --nx -ex 'pi import sys; print(sys.executable)'
+ PYTHON+=/usr/bin/python
+ PYTHON+=3.5
+ linux
+ grep -i Linux
+ uname
+ '[' -z '' ']'
++ gdb -batch -q --nx -ex 'pi import site; print(site.getsitepackages()[0])'
+ SITE_PACKAGES=/usr/local/lib/python3.5/dist-packages
+ INSTALLFLAGS='--target /usr/local/lib/python3.5/dist-packages'
+ sudo /usr/bin/python3.5 -m pip -V
pip 9.0.3 from /usr/local/lib/python3.5/dist-packages (python 3.5)
+ sudo /usr/bin/python3.5 -m pip install --target /usr/local/lib/python3.5/dist-packages --upgrade pip
The directory '/home/pullp/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
The directory '/home/pullp/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
Collecting pip
  Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5d2bc47390>: Failed to establish a new connection: [Errno 101] 网络不可达',)': /simple/pip/
  Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5d2bc474a8>: Failed to establish a new connection: [Errno 101] 网络不可达',)': /simple/pip/
  Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5d2bc47550>: Failed to establish a new connection: [Errno 101] 网络不可达',)': /simple/pip/
  Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5d2bc47668>: Failed to establish a new connection: [Errno 101] 网络不可达',)': /simple/pip/
  Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError('<pip._vendor.urllib3.connection.VerifiedHTTPSConnection object at 0x7f5d2bc47780>: Failed to establish a new connection: [Errno 101] 网络不可达',)': /simple/pip/
  Could not find a version that satisfies the requirement pip (from versions: )
No matching distribution found for pip

观察发现其使用的python版本为python3.5, 然而我的系统里面只有python2.7python3.6(我使用了pyenv对于多个同时有多个python的情况推荐使用, 非常省心). 不报错才怪呢. 那么我让它用python3.6不就完了嘛. 打开setup.sh, 发现其中有一个变量PYVER, 其是通过如下表达式赋值的PYVER=$(gdb -batch -q --nx -ex 'pi import platform; print(".".join(platform.python_version_tuple()[:2]))'), 我试着运行了一下, 返回的果然是3.5, 可能我发现了一个bug..... 于是就修改之

- PYVER=$(gdb -batch -q --nx -ex 'pi import platform; print(".".join(platform.python_version_tuple()[:2]))')
+ PYVER="3.6"

然后就踩到了第二坑

第二个坑

修改setup.sh中的PYVER之后重新运行脚本, 得到如下错误

  Running setup.py install for psutil ... error
    Complete output from command /usr/bin/python3.6 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-5cj9ba2c/psutil/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-tavsp4c_-record/install-record.txt --single-version-externally-managed --compile --home=/tmp/tmpcm70x103:
    running install
    running build
    running build_py
    creating build
    creating build/lib.linux-x86_64-3.6
    creating build/lib.linux-x86_64-3.6/psutil
    copying psutil/_exceptions.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_psaix.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_compat.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_psposix.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_pslinux.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_pssunos.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_pswindows.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_common.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_psbsd.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/_psosx.py -> build/lib.linux-x86_64-3.6/psutil
    copying psutil/__init__.py -> build/lib.linux-x86_64-3.6/psutil
    creating build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_linux.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_sunos.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_unicode.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/__main__.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_memory_leaks.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_bsd.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_misc.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_contracts.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_aix.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_process.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_osx.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_posix.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_connections.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/__init__.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_windows.py -> build/lib.linux-x86_64-3.6/psutil/tests
    copying psutil/tests/test_system.py -> build/lib.linux-x86_64-3.6/psutil/tests
    running build_ext
    building 'psutil._psutil_linux' extension
    creating build/temp.linux-x86_64-3.6
    creating build/temp.linux-x86_64-3.6/psutil
    x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DPSUTIL_POSIX=1 -DPSUTIL_VERSION=543 -DPSUTIL_LINUX=1 -I/usr/include/python3.6m -c psutil/_psutil_common.c -o build/temp.linux-x86_64-3.6/psutil/_psutil_common.o
    psutil/_psutil_common.c:9:20: fatal error: Python.h: 没有那个文件或目录
    compilation terminated.
    error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
    
    ----------------------------------------
Command "/usr/bin/python3.6 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-5cj9ba2c/psutil/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-tavsp4c_-record/install-record.txt --single-version-externally-managed --compile --home=/tmp/tmpcm70x103" failed with error code 1 in /tmp/pip-build-5cj9ba2c/psutil/
You are using pip version 8.1.1, however version 9.0.3 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.

网上发现有人遇见过类似问题, 可以通过sudo apt-get install python-dev解决. 但是我考虑到我用pwndbg的时候一般都要和pwntools一起使用, 而pwntools只支持python2所以我就将setup.sh里的PYVER修改为:

- PYVER="3.6"
+ PYVER="2.7"

重新运行, 成功安装. 没想到又报错了......

坑三

运行gdb, 报错如下错误:

 pullp@pullp-virtual-machine  ~  gdb
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
Traceback (most recent call last):
  File "/home/pullp/codes/pwn/pwndbg/gdbinit.py", line 36, in <module>
    import pwndbg # isort:skip
  File "/home/pullp/codes/pwn/pwndbg/pwndbg/__init__.py", line 12, in <module>
    import pwndbg.android
  File "/home/pullp/codes/pwn/pwndbg/pwndbg/android.py", line 12, in <module>
    import pwndbg.file
  File "/home/pullp/codes/pwn/pwndbg/pwndbg/file.py", line 21, in <module>
    import pwndbg.qemu
  File "/home/pullp/codes/pwn/pwndbg/pwndbg/qemu.py", line 14, in <module>
    import psutil
  File "/usr/local/lib/python3.5/dist-packages/psutil/__init__.py", line 100, in <module>
    from . import _pslinux as _psplatform
  File "/usr/local/lib/python3.5/dist-packages/psutil/_pslinux.py", line 26, in <module>
    from . import _psutil_linux as cext
ImportError: /usr/local/lib/python3.5/dist-packages/psutil/_psutil_linux.so: undefined symbol: _Py_ZeroStruct
(gdb) 

python2运行的程序为什么会import python3.5的库.........mdzz

在网上查了查, 找到了一些相关的问题. 貌似是这样的.gdb在build的时候就与某个确定的版本的python关联了, 可以用这个命令readelf -d $(which gdb) | grep python参考来源, 或者这个命令ldd $(which gdb) | grep python参考来源 来看看gdb用的是哪个版本的python.
而我的gdb用的是python3.5, 参考上面命令的输出:
0x0000000000000001 (NEEDED) 共享库:[libpython3.5m.so.1.0]
, 最难受的是我的这个系统里面原来自带的python3.5不知道怎么就不见了...........这也是我踩到第一个坑的原因......脚本需要的就是gdb对应的python版本, 然而我自作多情地给了个python2.....mdzz.......至于为啥python3.5不见了..可能当时手贱给删了, 现在只好尝试再使用pyenv安装个python3.5........难受.....

成功安装

安装好python3.5之后重新运行脚本(注意将PYVER改回原来的样子), 终于成功了!

pwndbg: loaded 165 commands. Type pwndbg [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
pwndbg> 

总结:

起始如果踩第一个坑的时候就选择安装一个python3.5, 而不是魔改源码.....也就不会有后面的这些坑了........大概多花了我3个小时的时间. 关键还是懂的太少, 没看懂这个命令的意思
PYVER=$(gdb -batch -q --nx -ex 'pi import platform; print(".".join(platform.python_version_tuple()[:2]))')
,进而导致后续一系列滑稽的措施. 现在分析一下这个命令的执行过程:
首先看一看这儿用到的gdb相关命令的信息:

This is the GNU debugger.  Usage:
    gdb [options] [executable-file [core-file or process-id]]
    gdb [options] --args executable-file [inferior-arguments ...]

Initial commands and command files:
  --eval-command=COMMAND, -ex
                     Execute a single GDB command.
                     May be used multiple times and in conjunction
                     with --command.
  --nx               Do not read any .gdbinit files in any directory.

Output and user interface control:
  -q, --quiet, --silent
                     Do not print version number on startup.

Operating modes:
  --batch            Exit after processing options.

Remote debugging options:

  -b BAUDRATE        Set serial port baud rate used for remote debugging.
  -l TIMEOUT         Set timeout in seconds for remote debugging.

可知, 这条命令就相当于在gdb里面打开python, 然后将python的版本赋值给PYVER. 要的就是gdb 在build的时候使用的python版本