GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → NeatMonster → slabdbg

NeatMonster / slabdbg

Licence: other
GDB plug-in that helps exploiting the Linux kernel's SLUB allocator

Programming Languages

python
139335 projects - #7 most used programming language

Labels

androidpluginlinuxdebuggingkernelgdballocatorslub

Projects that are alternatives of or similar to slabdbg

gdbstub
An ergonomic and easy-to-integrate implementation of the GDB Remote Serial Protocol in Rust, with full no_std support.
Stars: ✭ 158 (+187.27%)
Mutual labels:  debugging, gdb
Pplkiller
Protected Processes Light Killer
Stars: ✭ 453 (+723.64%)
Mutual labels:  debugging, kernel
Pwndbg
Exploit Development and Reverse Engineering with GDB Made Easy
Stars: ✭ 4,178 (+7496.36%)
Mutual labels:  debugging, gdb
m3forth
m3forth is a forth cross-compiler for cortex-m3 ARM microcontrollers
Stars: ✭ 16 (-70.91%)
Mutual labels:  debugging, gdb
gdbundle
Minimalist plugin manager for GDB and LLDB
Stars: ✭ 72 (+30.91%)
Mutual labels:  debugging, gdb
madbomber
Backtrace-on-throw C++ exception logger
Stars: ✭ 17 (-69.09%)
Mutual labels:  debugging, gdb
Hyperpwn
A hyper plugin to provide a flexible GDB GUI with the help of GEF, pwndbg or peda
Stars: ✭ 387 (+603.64%)
Mutual labels:  debugging, gdb
OpenImageDebugger
An advanced in-memory image visualization plugin for GDB and LLDB on Linux, MacOS and Windows (experimental). Previously known as gdb-imagewatch.
Stars: ✭ 115 (+109.09%)
Mutual labels:  debugging, gdb
Pyrasite
Inject code into running Python processes
Stars: ✭ 2,586 (+4601.82%)
Mutual labels:  debugging, gdb
Gdb Frontend
☕ GDBFrontend is an easy, flexible and extensionable gui debugger.
Stars: ✭ 2,104 (+3725.45%)
Mutual labels:  debugging, gdb
Docker Eyeos
Run iPhone (xnu-arm64) in a Docker container! Supports KVM + iOS kernel debugging (GDB)! Run xnu-qemu-arm64 in Docker! Works on ANY device.
Stars: ✭ 256 (+365.45%)
Mutual labels:  kernel, gdb
windbgtree
A command tree based on commands and extensions for Windows Kernel Debugging.
Stars: ✭ 94 (+70.91%)
Mutual labels:  debugging, kernel
Gef
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢
Stars: ✭ 4,197 (+7530.91%)
Mutual labels:  debugging, gdb
Bsodsurvivor
This project aims to facilitate debugging a kernel driver in windows by adding support for a code change on the fly without reboot/unload, and more!
Stars: ✭ 122 (+121.82%)
Mutual labels:  debugging, kernel
stack-inspector
A gdb command to inspect the size of objects on the stack
Stars: ✭ 57 (+3.64%)
Mutual labels:  debugging, gdb
gdb 2 root
This python script adds some usefull command to stripped vmlinux image
Stars: ✭ 20 (-63.64%)
Mutual labels:  kernel, gdb
flower
A learning OS
Stars: ✭ 50 (-9.09%)
Mutual labels:  kernel
debug.cr
Debug macro for Crystal
Stars: ✭ 86 (+56.36%)
Mutual labels:  debugging
MemoryAllocator.KanameShiki
Fast multi-threaded memory allocator
Stars: ✭ 73 (+32.73%)
Mutual labels:  allocator
r2lldb
radare2-lldb integration
Stars: ✭ 54 (-1.82%)
Mutual labels:  debugging
View All Similar Projects ➔

SlabDbg

GDB plug-in that makes it easier to develop Linux kernel exploits targeting the SLUB allocator. It displays the content of slab caches and allows to set breakpoints on allocation/free operations.

Installation

No installation, simply typing source slabdbg.py should be enough to get you started.

Usage

Usage:
  slab list - Display simple information about all slab caches
  slab info <name> - Display extended information about a slab cache
  slab trace <name> - Start/stop tracing allocations for a slab cache
  slab break <name> - Start/stop breaking on allocation for a slab cache
  slab watch <name> - Start/stop watching full-slabs for a slab cache
  slab print <slab> - Print the objects contained in a slab

Examples

List all slab caches

(gdb) slab list
name                    objs inuse slabs size obj_size objs_per_slab pages_per_slab
ext4_groupinfo_4k         28    28     1  144      144            28              1
ip6_dst_cache             10     1     1  384      384            10              1
UDPLITEv6                  0     0     0 1088     1072            -1             -1
UDPv6                     15     0     1 1088     1072            15              4
tw_sock_TCPv6              0     0     0  272      264            -1             -1
request_sock_TCPv6         0     0     0  328      320            -1             -1
TCPv6                      0     0     0 2048     2032            -1             -1
nf_conntrack_1             0     0     0  320      312            -1             -1
ashmem_area_cache         13     3     1  312      312            13              1
---Type <return> to continue, or q <return> to quit---q

Print info about a slab cache

(gdb) slab info kmalloc-8192
Slab Cache @ 0xffffffc03a801800:
    Name: kmalloc-8192
    Flags: (none)
    Offset: 0
    Size: 8192
    Object Size: 8192
    Per-CPU Data @ 0xffffffc03ffe0020:
        Freelist: 0xffffffc01b12a000
        Page: Slab @ 0xffffffbdc06c4a00:
            Objects: 4
            In-Use: 4
            Frozen: 1
            Freelist: 0x0
            Page @ 0xffffffc01b128000:
                 - Object (inuse) @ 0xffffffc01b128000
                 - Object (free) @ 0xffffffc01b12a000
                 - Object (inuse) @ 0xffffffc01b12c000
                 - Object (inuse) @ 0xffffffc01b12e000
        Partial List:
            - Slab @ 0xffffffbdc0e18800:
                  Objects: 4
                  In-Use: 0
                  Frozen: 1
                  Freelist: 0xffffffc038622000
                  Page @ 0xffffffc038620000:
                       - Object (inuse) @ 0xffffffc038620000
                       - Object (inuse) @ 0xffffffc038622000
                       - Object (inuse) @ 0xffffffc038624000
                       - Object (inuse) @ 0xffffffc038626000
            - Slab @ 0xffffffbdc0e3a800:
                  Objects: 4
                  In-Use: 2
                  Frozen: 1
                  Freelist: 0xffffffc038ea2000
                  Page @ 0xffffffc038ea0000:
                       - Object (inuse) @ 0xffffffc038ea0000
                       - Object (inuse) @ 0xffffffc038ea2000
                       - Object (inuse) @ 0xffffffc038ea4000
                       - Object (inuse) @ 0xffffffc038ea6000
            - Slab @ 0xffffffbdc0e3ca00:
                  Objects: 4
                  In-Use: 2
                  Frozen: 1
                  Freelist: 0xffffffc038f2e000
                  Page @ 0xffffffc038f28000:
                       - Object (inuse) @ 0xffffffc038f28000
                       - Object (inuse) @ 0xffffffc038f2a000
                       - Object (inuse) @ 0xffffffc038f2c000
                       - Object (inuse) @ 0xffffffc038f2e000
    Per-Node Data @ 0xffffffc03a800c80:
        Partial List: (none)
        Full List: (none)

Trace alloc/free for a slab cache

(gdb) slab trace kmalloc-128
Started tracing slab cache
(gdb) c
Continuing.
Object 0xffffffc038503c00 allocated in kmalloc-128
Object 0xffffffc01d5c7d00 allocated in kmalloc-128
Object 0xffffffc01d5c7280 allocated in kmalloc-128
Object 0xffffffc038fee780 freed in kmalloc-128
Object 0xffffffc038fee700 freed in kmalloc-128
Object 0xffffffc038fee000 freed in kmalloc-128
Object 0xffffffc03853f000 allocated in kmalloc-128
Object 0xffffffc01d5c7c80 allocated in kmalloc-128
Object 0xffffffc038117200 allocated in kmalloc-128

Break on alloc/free for a slab cache

(gdb) slab break kmalloc-128
Started breaking on slab cache
(gdb) c
Continuing.

Breakpoint -2, kmem_cache_free (s=0xffffffc03a801e00, x=0xffffffc038503c00) at mm/slub.c:2877
2877	{

Print the content of a slab

(gdb) slab print 0xffffffbdc0e3ca00
Slab @ 0xffffffbdc0e3ca00:
    Objects: 4
    In-Use: 2
    Frozen: 1
    Freelist: 0xffffffc038f2e000
    Page @ 0xffffffc038f28000:
         - Object (inuse) @ 0xffffffc038f28000
         - Object (inuse) @ 0xffffffc038f2a000
         - Object (free) @ 0xffffffc038f2c000
         - Object (free) @ 0xffffffc038f2e000

Watch the full slabs of a slab cache

(gdb) slab watch kmalloc-8192
Started watching slab cache 'kmalloc-8192'
(gdb) c
Continuing.
(gdb) slab info kmalloc-8192
Slab Cache @ 0xffffffc03a801800:
    Name: kmalloc-8192
    Flags: (none)
    Offset: 0
    Size: 8192
    Object Size: 8192
    Per-CPU Data @ 0xffffffc03ffe0020:
        Freelist: 0xffffffc038d0a000
        Page: Slab @ 0xffffffbdc0e34200:
            Objects: 4
            In-Use: 4
            Frozen: 1
            Freelist: 0x0
            Page @ 0xffffffc038d08000:
                 - Object (inuse) @ 0xffffffc038d08000
                 - Object (free) @ 0xffffffc038d0a000
                 - Object (free) @ 0xffffffc038d0c000
                 - Object (free) @ 0xffffffc038d0e000
        Partial List: (none)
    Per-Node Data @ 0xffffffc03a800c80:
        Partial List: (none)
        Full List:
            - Slab @ 0xffffffbdc0e6d000:
                  Objects: 4
                  In-Use: 4
                  Frozen: 0
                  Freelist: 0x0
                  Page @ 0xffffffc039b40000:
                       - Object (inuse) @ 0xffffffc039b40000
                       - Object (inuse) @ 0xffffffc039b42000
                       - Object (inuse) @ 0xffffffc039b44000
                       - Object (inuse) @ 0xffffffc039b46000
---Type <return> to continue, or q <return> to quit---q

Disclaimer

I have only tested it on the official Android emulator running an arm64 system image and a manually compiled kernel.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].