Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

pwndbg fails to work with 64bit kernel in qemu

See original GitHub issue

Description

pwndbg raises when debugging a 64bit stripped kernel. the error message looks like this:

pwndbg: loaded 196 commands. Type pwndbg [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
Reading symbols from ./vmlinux...(no debugging symbols found)...done.
pwndbg> target remote :1234
Remote debugging using :1234
Exception occurred: Error: Cannot access memory at address 0xf81802ff0 (<class 'gdb.MemoryError'>)
For more info invoke `set exception-verbose on` and rerun the command
or debug it by yourself with `set exception-debugger on`
Exception occurred: Error: Cannot access memory at address 0xf81802ff0 (<class 'gdb.MemoryError'>)
For more info invoke `set exception-verbose on` and rerun the command
or debug it by yourself with `set exception-debugger on`
Python Exception <class 'gdb.MemoryError'> Cannot access memory at address 0xf81802ff0: 
^CPython Exception <class 'KeyboardInterrupt'> : 
^CPython Exception <class 'KeyboardInterrupt'> Quit: 
^CPython Exception <class 'KeyboardInterrupt'> Quit: 
0xffffffff8111c398 in ?? ()
^CPython Exception <class 'KeyboardInterrupt'> Quit: 
pwndbg> vmmap
^CPython Exception <class 'KeyboardInterrupt'> Quit: 
Error occurred in Python command: Quit
^CPython Exception <class 'KeyboardInterrupt'> Quit:

Steps to reproduce

  1. download the kernel/initfs from https://github.com/mephi42/ctf/blob/master/2021.04.09-Midnight_Sun_CTF_2021_Quals/brohammer/brohammer.tar.gz
  2. launch the kernel with command
qemu-system-x86_64 \
    -m 1024M \
    -kernel ./vmlinuz \
    -initrd ./rootfs.img \
    -nographic \
    -monitor /dev/null \
    -append "nokaslr root=/dev/ram rw console=ttyS0 oops=panic paneic=1 quiet" \
    -s
  1. extract the vmlinuz to vmlinux
  2. run gdb with pwndbg and execute target remote :1234

My setup

I’m using commit 87da998fcefe8cba85f51dba0056b923483c6c1c, which is the latest commit rn. gdb version:

pwndbg> show version
GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
pwndbg> py import sys; print(sys.version)
3.6.9 (default, Jan 26 2021, 15:33:00) 
[GCC 8.4.0]

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:8 (7 by maintainers)

github_iconTop GitHub Comments

1reaction
Kyle-Kylecommented, Apr 26, 2021

Sounds like there was not enough support for kernel debugging. Ok. Challenge accepted.

0reactions
Kyle-Kylecommented, Sep 6, 2021

with a little fix. I think pwndbg works on Linux kernel now.

Read more comments on GitHub >

github_iconTop Results From Across the Web

pwndbg fails to work with 64bit kernel in qemu - - Bountysource
pwndbg raises when debugging a 64bit stripped kernel. the error message looks like this: pwndbg: loaded 196 commands. Type pwndbg [filter] for a...
Read more >
OSDev.org • View topic - GDB and QEMU on Win64
My host is snow leopard, my kernel runs in 64-bit mode. I tried cross gdb and qemu to debug, but failed with same...
Read more >
Cross debugging for ARM / MIPS ELF with QEMU/toolchain
In particular, info proc maps doesn't work. You may want to take a look at my pwndbg project, which works around some of...
Read more >
Segfault in qemu user emulation of Android binary
Probably the Android binary is trying to use a kernel feature QEMU doesn't implement, or else it is doing something unexpected -- mostly ......
Read more >
ROP Emporium ~ Pwning MIPS - Code:Catoctin
Given that most folks are going to be working from an ... such as qemu-user not supporting ASLR and tools like pwndbg not...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Heap inspection without libc debug symbols

Next page

`start` raises exception `context: (<class 'StopIteration'>)`