foundryzero / llef Goto Github PK

View Code? Open in Web Editor NEW

278.0 7.0 14.0 159 KB

LLEF is a plugin for LLDB to make it more useful for RE and VR

License: MIT License

Python 96.70% Shell 3.30%

lldb reverse-engineering vulnerability-research

llef's People

Contributors

Stargazers

Watchers

Forkers

gmh5225 losenineai xtiankisutsa amirulandalib exiahan nrabulinski oub3ll4 5l1v3r1 ouguochong xploitbengineer xyxdaily npc2000 verd1c crackercat

llef's Issues

Very slow to render output on break.

Very slow when rendering the registers / stack / code / threads / trace (takes around 5 seconds on break)

bash-3.2$ uname -a
Darwin SMARTFRIDGE.local 22.5.0 Darwin Kernel Version 22.5.0: Thu Jun  8 22:22:22 PDT 2023; root:xnu-8796.121.3~7/RELEASE_X86_64 x86_64
bash-3.2$ neofetch
                    'c.          [email protected]
                 ,xNMM.          -----------------------
               .OMMMMo           OS: macOS 13.4.1 22F82 x86_64
               OMMM0,            Host: MacBookPro15,1
     .;loddo:' loolloddol;.      Kernel: 22.5.0
   cKMMMMMMMMMMNWMMMMMMMMMM0:    Uptime: 1 day, 56 mins
 .KMMMMMMMMMMMMMMMMMMMMMMMWd.    Packages: 34 (brew)
 XMMMMMMMMMMMMMMMMMMMMMMMX.      Shell: bash 3.2.57
;MMMMMMMMMMMMMMMMMMMMMMMM:       DE: Aqua
:MMMMMMMMMMMMMMMMMMMMMMMM:       WM: Amethyst
.MMMMMMMMMMMMMMMMMMMMMMMMX.      Terminal: tmux
 kMMMMMMMMMMMMMMMMMMMMMMMMWd.    CPU: Intel i7-9750H (12) @ 2.60GHz
 .XMMMMMMMMMMMMMMMMMMMMMMMMMMk   GPU: Intel UHD Graphics 630, Radeon Pro 555X
  .XMMMMMMMMMMMMMMMMMMMMMMMMK.   Memory: 9545MiB / 16384MiB
    kMMMMMMMMMMMMMMMMMMMMMMd
     ;KMMMMMMMWXXWMMMMMMMk.
       .cooc,.    .,coo:.




bash-3.2$ sudo lldb ./hello
Password:
Stop hook #1 added.
(lldb) target create "./hello"
Current executable set to '/Users/username/EXP-312/AMFI/hello' (x86_64).
(lldb) b dyld`amfi_check_dyld_policy_self
Breakpoint 1: where = dyld`amfi_check_dyld_policy_self, address = 0x00007ff8000fb908
(lldb) b main
Breakpoint 2: where = hello`main, address = 0x0000000100003f70
(lldb) run
Process 6926 launched: '/Users/username/EXP-312/AMFI/hello' (x86_64)



[ Legend: Modified register | Code | Heap | Stack | String ]
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq registers qqqq
rax    : 0x10000d910
rbx    : 0x100003f70     _  <main+0>
rcx    : 0x7ff7bfeffa60
rdx    : 0x7ff7bfeff9c0
rdi    : 0x1
rsi    : 0x7ff7bfeff9b0
rbp    : 0x7ff7bfeff990
rsp    : 0x7ff7bfeff708
r8     : 0x1000003c0     _  <_mh_execute_header+960>  _  ("("?)
r9     : 0x0
r10    : 0x4000
r11    : 0x40000
r12    : 0x7ff7bfeff8c8
r13    : 0x7ff7bfeff900
r14    : 0x7ff7bfeff910
r15    : 0x7ff7bfeff790
rip    : 0x100003f70     _  <main+0>
rflags : [zero carry parity adjust sign trap INTERRUPT direction overflow resume virtualx86 identification]
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq stack qqqq
0x7ff7bfeff708x+0000: 0x0007ff81122741f  _  <start+1903>  _ $rsp
0x7ff7bfeff710x+0008: 0x000000000000000
0x7ff7bfeff718x+0010: 0x000000000000000
0x7ff7bfeff720x+0018: 0x000000000000000
0x7ff7bfeff728x+0020: 0x000000000000000
0x7ff7bfeff730x+0028: 0x0000001000b1de0
0x7ff7bfeff738x+0030: 0x000000042000000
0x7ff7bfeff740x+0038: 0x000000100012493
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq code qqqq
hello`main:
00003f70 <+0>:  pushq  %rbp
00003f71 <+1>:  movq   %rsp, %rbp
00003f74 <+4>:  subq   $0x10, %rsp
00003f78 <+8>:  movl   $0x0, -0x4(%rbp)
00003f7f <+15>: leaq   0x16(%rip), %rdi          ; "Hello, World!\n"
00003f86 <+22>: movb   $0x0, %al
00003f88 <+24>: callq  0x100003f96               ; symbol stub for: printf
00003f8d <+29>: xorl   %eax, %eax
00003f8f <+31>: addq   $0x10, %rsp
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq threads qqqq
thread #1: tid = 0x4b2a3, 0x0000000100003f70 hello`main, queue = 'com.apple.main-thread', stop reason = breakpoint 2.1
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq trace qqqq
[#0] 0x100003f70   _  main()
qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq
Process 6926 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 2.1
    frame #0: 0x0000000100003f70 hello`main
Target 0: (hello) stopped.
(lldb) exit
Not sure if this 

bash-3.2$ lldb --version
lldb-1403.0.17.67
Apple Swift version 5.8.1 (swiftlang-5.8.0.124.5 clang-1403.0.22.11.100)

Other than the slowness this will be extremely useful if it gets faster !

x29 and x30 registers not displayed because they are named fp and lr

Hi, here is a small patch proposal to fix the display of x29 and x39 in llef:

diff --git a/arch/aarch64.py b/arch/aarch64.py
index bc6d220..e629fbf 100644
--- a/arch/aarch64.py
+++ b/arch/aarch64.py
@@ -40,8 +40,8 @@ class Aarch64(BaseArch):
         "x26",
         "x27",
         "x28",
-        "x29",
-        "x30",
+        "fp",
+        "lr",
         "sp",
         "pc",
     ]

Here is my LLDM version:

lldb-1500.0.22.8
Apple Swift version 5.9 (swiftlang-5.9.0.128.108 clang-1500.0.40.1)

Thanks for this great project!

NoneType object has

LLDB Version: 18.1.1
Platform: x64 Windows 11
Python: Python 3.13.0a5

It seems that on Windows 11 the flag register becomes None at some point before printing

MacOS Support Issue

Awesome tool!

I have it installed on my Mac Mini running latest MacOS and seem to be getting an error with the pattern commands on Python3.8. I've added a few debugging statements to llef.py and get the following:

[!] Add command from commands list
invalid command command container.
[!] Add command from commands list
error: command script add requires one argument
[!] Add command from commands list
error: command script add requires one argument
[*] next stage
[*] Add handler from handlers
Stop hook #1 added.
(lldb)

llef.py looks like the following (truncated):

def __lldb_init_module(debugger: SBDebugger, _: Dict[Any, Any]) -> None:
    commands: List[Union[Type[BaseCommand], Type[BaseContainer]]] = [
        PatternContainer,
        PatternCreateCommand,
        PatternSearchCommand,
    ]

    handlers = [StopHookHandler]

    for command in commands:
        print("[!] Add command from commands list")
        command.lldb_self_register(debugger, "llef")

    print("[*] next stage")
    for handler in handlers:
        print("[*] Add handler from handlers")
        handler.lldb_self_register(debugger, "llef")

While the pattern commands do not work everything else seems to work perfect on MacOS.

Happy to take some direction and attempt a fix myself tomorrow; thanks!

Doesn't work on macOS

lldb -v
lldb-1316.0.9.41
Apple Swift version 5.6 (swiftlang-5.6.0.323.62 clang-1316.0.20.8)

install.sh
chose Auto

./lldb.sh
invalid command 'command container'.
error: 'command script add' requires one argument
error: 'command script add' requires one argument
Stop hook #1 added.
Traceback (most recent call last):
  File "/Users/user/Documents/source/tools/llef/handlers/stop_hook.py", line 314, in handle_stop
    self.arch = get_arch(self.target)
  File "/Users/user/Documents/source/tools/llef/arch/__init__.py", line 22, in get_arch
    raise TypeError("Unknown target architecture")
TypeError: Unknown target architecture
(lldb) occurred handling stop-hook.

The coffee mug next to the dragon logo vaguely resembles a cup but is pretty weird. The handle is a very strange curve and seems to layer behind the dragon's foot even though the cup's shadow seems to be in front of the foot. The cup also bends in a strange way and doesn't stand up straight.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs

Jooble