Debugging cleanups

qingbinzeng · Jul 29, 2018 · 9cf6a16 · 9cf6a16
1 parent 4be6393
commit 9cf6a16
Show file tree

Hide file tree

Showing 8 changed files with 410 additions and 406 deletions.
diff --git a/debugger/getting_started.md b/debugger/getting_started.md
@@ -14,15 +14,15 @@
 
 * `dr`: Show registers state
 
-* `drr`: Show registers references (telescoping) (like peda)  
+* `drr`: Show registers references (telescoping) (like peda)
 
 * `ds`: Step into instruction
 
 * `dso`: Step over instruction
 
 * `dbt`: Display backtrace
 
-* `dm`: Show memory maps 
+* `dm`: Show memory maps
 
 * `dk <signal>`: Send KILL signal to child
 

diff --git a/debugger/heap.md b/debugger/heap.md
@@ -1,57 +1,57 @@
 # Heap
 
 radare2's `dm` subcommands can also display a map of the heap which is useful for those who are interesting in inspecting the heap and its content. Simply execute `dmh` to show a map of the heap:
-
-    [0x7fae46236ca6]> dmh
-      Malloc chunk @ 0x55a7ecbce250 [size: 0x411][allocated]
-      Top chunk @ 0x55a7ecbce660 - [brk_start: 0x55a7ecbce000, brk_end: 0x55a7ecbef000]
-
+```
+[0x7fae46236ca6]> dmh
+  Malloc chunk @ 0x55a7ecbce250 [size: 0x411][allocated]
+  Top chunk @ 0x55a7ecbce660 - [brk_start: 0x55a7ecbce000, brk_end: 0x55a7ecbef000]
+```
 You can also see a graph layout of the heap:
-
-    [0x7fae46236ca6]> dmhg
-    Heap Layout
-            ╭────────────────────────────────────╮
-            │    Malloc chunk @ 0x55a7ecbce000   │
-            │ size: 0x251                        │
-            │  fd: 0x0, bk: 0x0                  │
-            ╰────────────────────────────────────╯
-                │
-            ╭───╯
-            │
-            │
-        ╭─────────────────────────────────────────────╮
-        │    Malloc chunk @ 0x55a7ecbce250            │
-        │ size: 0x411                                 │
-        │  fd: 0x57202c6f6c6c6548, bk: 0xa21646c726f  │
-        ╰─────────────────────────────────────────────╯
-            │
-        ╭───╯
-        │
-        │
-    ╭────────────────────────────────────────────────────╮
-    │  Top chunk @ 0x55a7ecbce660                        │
-    │ [brk_start:0x55a7ecbce000, brk_end:0x55a7ecbef000] │
-    ╰────────────────────────────────────────────────────╯
-
+```
+[0x7fae46236ca6]> dmhg
+Heap Layout
+		╭────────────────────────────────────╮
+		│    Malloc chunk @ 0x55a7ecbce000   │
+		│ size: 0x251                        │
+		│  fd: 0x0, bk: 0x0                  │
+		╰────────────────────────────────────╯
+			│
+		╭───╯
+		│
+		│
+	╭─────────────────────────────────────────────╮
+	│    Malloc chunk @ 0x55a7ecbce250            │
+	│ size: 0x411                                 │
+	│  fd: 0x57202c6f6c6c6548, bk: 0xa21646c726f  │
+	╰─────────────────────────────────────────────╯
+		│
+	╭───╯
+	│
+	│
+╭────────────────────────────────────────────────────╮
+│  Top chunk @ 0x55a7ecbce660                        │
+│ [brk_start:0x55a7ecbce000, brk_end:0x55a7ecbef000] │
+╰────────────────────────────────────────────────────╯
+```
 Another heap commands can be found under `dmh`, check `dmh?` for the full list.
+```
+[0x00000000]> dmh?
+|Usage:  dmh # Memory map heap
+| dmh                                          List chunks in heap segment
+| dmh [malloc_state]                           List heap chunks of a particular arena
+| dmha                                         List all malloc_state instances in application
+| dmhb                                         Display all parsed Double linked list of main_arena's bins instance
+| dmhb [bin_num|bin_num:malloc_state]          Display parsed double linked list of bins instance from a particular arena
+| dmhbg [bin_num]                              Display double linked list graph of main_arena's bin [Under developemnt]
+| dmhc @[chunk_addr]                           Display malloc_chunk struct for a given malloc chunk
+| dmhf                                         Display all parsed fastbins of main_arena's fastbinY instance
+| dmhf [fastbin_num|fastbin_num:malloc_state]  Display parsed single linked list in fastbinY instance from a particular arena
+| dmhg                                         Display heap graph of heap segment
+| dmhg [malloc_state]                          Display heap graph of a particular arena
+| dmhi @[malloc_state]                         Display heap_info structure/structures for a given arena
+| dmhm                                         List all elements of struct malloc_state of main thread (main_arena)
+| dmhm [malloc_state]                          List all malloc_state instance of a particular arena
+| dmht                                         Display all parsed thead cache bins of main_arena's tcache instance
+| dmh?                                         Show map heap help
+```
 
-    [0x00000000]> dmh?
-    |Usage:  dmh # Memory map heap
-    | dmh                                          List chunks in heap segment
-    | dmh [malloc_state]                           List heap chunks of a particular arena
-    | dmha                                         List all malloc_state instances in application
-    | dmhb                                         Display all parsed Double linked list of main_arena's bins instance
-    | dmhb [bin_num|bin_num:malloc_state]          Display parsed double linked list of bins instance from a particular arena
-    | dmhbg [bin_num]                              Display double linked list graph of main_arena's bin [Under developemnt]
-    | dmhc @[chunk_addr]                           Display malloc_chunk struct for a given malloc chunk
-    | dmhf                                         Display all parsed fastbins of main_arena's fastbinY instance
-    | dmhf [fastbin_num|fastbin_num:malloc_state]  Display parsed single linked list in fastbinY instance from a particular arena
-    | dmhg                                         Display heap graph of heap segment
-    | dmhg [malloc_state]                          Display heap graph of a particular arena
-    | dmhi @[malloc_state]                         Display heap_info structure/structures for a given arena
-    | dmhm                                         List all elements of struct malloc_state of main thread (main_arena)
-    | dmhm [malloc_state]                          List all malloc_state instance of a particular arena
-    | dmht                                         Display all parsed thead cache bins of main_arena's tcache instance
-    | dmh?                                         Show map heap help
-
-
diff --git a/debugger/intro.md b/debugger/intro.md
@@ -1,51 +1,52 @@
 # Debugger
 
 Debuggers are implemented as IO plugins. Therefore, radare can handle different URI types for spawning, attaching and controlling processes. The complete list of IO plugins can be viewed with `r2 -L`. Those that have "d" in the first column ("rwd") support debugging. For example:
-
-    r_d  debug       Debug a program or pid. dbg:///bin/ls, dbg://1388 (LGPL3)
-    rwd  gdb         Attach to gdbserver, 'qemu -s', gdb://localhost:1234 (LGPL3)
-
+```
+r_d  debug       Debug a program or pid. dbg:///bin/ls, dbg://1388 (LGPL3)
+rwd  gdb         Attach to gdbserver, 'qemu -s', gdb://localhost:1234 (LGPL3)
+```
 There are different backends for many target architectures and operating systems, e.g., GNU/Linux, Windows, MacOS X, (Net,Free,Open)BSD and Solaris.
 
 Process memory is treated as a plain file. All mapped memory pages of a debugged program and its libraries can be read and interpreted as code, data structures etc.
 
 Communication between radare and the debugger IO layer is wrapped into `system()` calls, which accept a string as an argument, and executes it as a command. An answer is then buffered in the output console, its contents can be additionally processed by a script. Access to the IO system is achieved with `=!`. Most IO plugins provide help with `=!?` or `=!help`. For example:
-
-    $ r2 -d /bin/ls
-    ...
-    [0x7fc15afa3cc0]> =!help
-    Usage: =!cmd args
-     =!ptrace   - use ptrace io
-     =!mem      - use /proc/pid/mem io if possible
-     =!pid      - show targeted pid
-     =!pid <#>  - select new pid
-
+```
+$ r2 -d /bin/ls
+...
+[0x7fc15afa3cc0]> =!help
+Usage: =!cmd args
+ =!ptrace   - use ptrace io
+ =!mem      - use /proc/pid/mem io if possible
+ =!pid      - show targeted pid
+ =!pid <#>  - select new pid
+```
 In general, debugger commands are portable between architectures and operating systems. Still, as radare tries to support the same functionality for all target architectures and operating systems, certain things have to be handled separately. They include injecting shellcodes and handling exceptions. For example, in MIPS targets there is no hardware-supported single-stepping feature. In this case, radare2 provides its own implementation for single-step by using a mix of code analysis and software breakpoints.
 
 To get basic help for the debugger, type 'd?':
-
-    Usage: d # Debug commands
-    db[?]                   Breakpoints commands
-    dbt[?]                  Display backtrace based on dbg.btdepth and dbg.btalgo
-    dc[?]                   Continue execution
-    dd[?]                   File descriptors (!fd in r1)
-    de[-sc] [rwx] [rm] [e]  Debug with ESIL (see de?)
-    dg <file>               Generate a core-file (WIP)
-    dH [handler]            Transplant process to a new handler
-    di[?]                   Show debugger backend information (See dh)
-    dk[?]                   List, send, get, set, signal handlers of child
-    dL [handler]            List or set debugger handler
-    dm[?]                   Show memory maps
-    do[?]                   Open process (reload, alias for 'oo')
-    doo[args]               Reopen in debugger mode with args (alias for 'ood')
-    dp[?]                   List, attach to process or thread id
-    dr[?]                   Cpu registers
-    ds[?]                   Step, over, source line
-    dt[?]                   Display instruction traces (dtr=reset)
-    dw <pid>                Block prompt until pid dies
-    dx[?]                   Inject and run code on target process (See gs)
-
+```
+Usage: d # Debug commands
+db[?]                   Breakpoints commands
+dbt[?]                  Display backtrace based on dbg.btdepth and dbg.btalgo
+dc[?]                   Continue execution
+dd[?]                   File descriptors (!fd in r1)
+de[-sc] [rwx] [rm] [e]  Debug with ESIL (see de?)
+dg <file>               Generate a core-file (WIP)
+dH [handler]            Transplant process to a new handler
+di[?]                   Show debugger backend information (See dh)
+dk[?]                   List, send, get, set, signal handlers of child
+dL [handler]            List or set debugger handler
+dm[?]                   Show memory maps
+do[?]                   Open process (reload, alias for 'oo')
+doo[args]               Reopen in debugger mode with args (alias for 'ood')
+dp[?]                   List, attach to process or thread id
+dr[?]                   Cpu registers
+ds[?]                   Step, over, source line
+dt[?]                   Display instruction traces (dtr=reset)
+dw <pid>                Block prompt until pid dies
+dx[?]                   Inject and run code on target process (See gs)
+```
 To restart your debugging session, you can type `oo` or `oo+`, depending on desired behavior.
-
-    oo                 reopen current file (kill+fork in debugger)
-    oo+                reopen current file in read-write
+```
+oo                 reopen current file (kill+fork in debugger)
+oo+                reopen current file in read-write
+```