Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Help: disasm with duplicate visual pointing references

See original GitHub issue

I’m learning about RE and just find out pwndbg.

Using splitmind (saw it in FEATURES readme) with a custom setup of window/pane splitting, I got some “duplicate” visual references pointing to the same instruction in DISASM section.

I don’t know if it’s the right place to ask for help or not, sorry if it’s not the right one

I’m playing aroung with this: https://crackmes.one/crackme/5d22b9d833c5d410dc4d0c9f

Gdb:       10.0.50.20200307-git
Python:    3.8.2 (default, Apr  8 2020, 14:31:25)  [GCC 9.3.0]
Pwndbg:    1.1.0 build: 3cf9b31
Capstone:  4.0.1024
Unicorn:   1.0.1
alacritty: 0.4.2
tmux:      3.1
zsh:       zsh 5.8 (x86_64-pc-linux-gnu)
OS:
DISTRIB_ID=ManjaroLinux
DISTRIB_RELEASE=20.0
DISTRIB_CODENAME=Lysia
DISTRIB_DESCRIPTION="Manjaro Linux"

My .gdbinit

source /home/lucasbertin/Projetos/OSS/pwndbg/gdbinit.py
set context-clear-screen on
set follow-fork-mode parent

source /home/lucasbertin/Projetos/OSS/splitmind/gdbinit.py
python
import splitmind
(splitmind.Mind()
  .tell_splitter(show_titles=True)
  .tell_splitter(set_title="Main")

  .right(display="backtrace", size="25%")

  .above(of="main", display="disasm", banner="top", size="85%")
  .right(of="disasm", display="legend")
  .below(of="legend", display="stack")

  .show("regs", on="legend")
  .below(of="backtrace", cmd='tty; tail -f /dev/null', clearing=False)
  .below(cmd="python3")
).build(nobanner=True)
end

set context-code-lines 30
set context-source-code-lines 30
set context-sections  "regs args code disasm stack backtrace"

Any tips or hints are welcome, thanks!!

Issue Analytics

State:
Created 3 years ago
Comments:16 (12 by maintainers)

Top GitHub Comments

1reaction

disconnect3dcommented, May 4, 2020

Ehh, I think I probably missed the main point here.

Regarding the visual duplicate of the “current instruction”, what I marked on the screen below. This is indeed a small bug which we never worried about much.

We probably enhance current instruction no matter if it is displayed for the first time or any other time, and that’s why we have the arrow there.

1reaction

sudhackarcommented, May 4, 2020

pwndbg will emulate instructions and predict what branches will be taken in the future. Here the jump at _dl_start+196 will be taken, so pwndbg predicts the future instructions to be executed - in this case a loop.

This can be seen here https://github.com/pwndbg/pwndbg/blob/2a09b30649fe590a4f284c0dc9f484304074a829/pwndbg/commands/nearpc.py#L125-L129

So this might not be an issue at all depending on how you see it.

Top Results From Across the Web

Duplicates in Find All References results

The Find References dialog duplicates a reference because it groups it under the class as well as under a method. When changing the...

DisassemblyData - Visual Studio (Windows) | Microsoft Learn

Describes one disassembly instruction for the integrated development environment (IDE) to display. Syntax. C#; C++. C# Copy.

x86 Disassemblers - Decompilers - Wikibooks

x86 DisassemblersEdit. Here we are going to list some commonly available disassembler tools. Notice that there are professional disassemblers (which cost ...

gdb Cheatsheet - Brown CS

If you do not have access to the source code of a function and wish to set a breakpoint on a particular instruction,...

How to view the assembly behind the code using Visual C++?

Note: only applicable to managed assemblies not to disassembly as in assembler, asm. – sean e. Jun 20, 2009 at 0:27. Good point...