cd ~/ git clone https://github.com/scwuaptx/Pwngdb.git cp ~/Pwngdb/.gdbinit ~/
功能
+ `libc` : Print the base address of libc + `ld` : Print the base address of ld + `codebase` : Print the base of code segment + `heap` : Print the base of heap + `got` : Print the Global Offset Table infomation + `dyn` : Print the Dynamic section infomation + `findcall` : Find some function call + `bcall` : Set the breakpoint at some function call + `tls` : Print the thread local storage address + `at` : Attach by process name + `findsyscall` : Find the syscall + `fmtarg` : Calculate the index of format string + You need to stop on printf which has vulnerability. + `force` : Calculate the nb in the house of force. + `heapinfo` : Print some infomation of heap + heapinfo (Address of arena) + default is the arena of current thread + If tcache is enable, it would show infomation of tcache entry + `heapinfoall` : Print some infomation of heap (all threads) + `arenainfo` : Print some infomation of all arena + `chunkinfo`: Print the infomation of chunk + chunkinfo (Address of victim) + `chunkptr` : Print the infomation of chunk + chunkptr (Address of user ptr) + `mergeinfo` : Print the infomation of merge + mergeinfo (Address of victim) + `printfastbin` : Print some infomation of fastbin + `tracemalloc on` : Trace the malloc and free and detect some error . + You need to run the process first than `tracemalloc on`, it will record all of the malloc and free. + You can set the `DEBUG` in pwngdb.py , than it will print all of the malloc and free infomation such as the screeshot. + `parseheap` : Parse heap layout + `magic` : Print useful variable and function in glibc + `fp` : show FILE structure + fp (Address of FILE) + `fpchain`: show linked list of FILE + `orange` : Test `house of orange` condition in the `_IO_flush_lockp` + orange (Address of FILE) + glibc version <= 2.23
