fix: add capability to glibc heap commands for bruteforcing the main_…

…arena (#932) * fix: add capability to glibc heap commands for bruteforcing the main_arena * fix: remove debugging artifact * fix: display correct chunks for each arena * fix: remove lru_cache for staticmethods * feat: add configs to better find the main_arena * fix: clean up minor issues * feat: add newly added configs to documentation * feat: add newly added configs to documentation (2) * fix: remove unnecessary if's * feat: add 0x60 explanation * try: re-add lru_cache annotations * fix: remove assertion * fix: remove another unnecessary if
hugsy · Mar 21, 2023 · 0cf291d · 0cf291d
1 parent 8e3eba8
commit 0cf291d
Show file tree

Hide file tree

Showing 3 changed files with 245 additions and 89 deletions.
diff --git a/docs/commands/heap.md b/docs/commands/heap.md
@@ -9,6 +9,28 @@ for `malloc` structure information). Syntax to the subcommands is straight forwa
 gef➤ heap <sub_commands>
 ```
 
+## `main_arena` symbol ###
+
+If the linked glibc of the target program does not have debugging symbols it
+might be tricky for GEF to find the address of the `main_arena` which is needed
+for most of the `heap` subcommands. If you know the offset of this symbol from
+the glibc base address you can use GEF's config to provide said value:
+
+```
+gef➤ gef config gef.main_arena_offset <offset>
+```
+
+If you do not know this offset and you want GEF to try and find it via bruteforce
+when executing a `heap` command the next time, you can try this instead:
+
+```
+gef➤ gef config gef.bruteforce_main_arena True
+```
+
+Note that this might take a few seconds to complete. If GEF does find the symbol
+you can then calculate the offset to the libc base address and save it in the config.
+
+
 ### `heap chunks` command ###
 
 Displays all the chunks from the `heap` section of the current arena.