Add support for gef-remote in gdb.attach

[ValekoZ]

It would be a nice feature to be able to use gef-remote when using gef instead of the traditional target remote used in gdb.attach and maybe target extended-remote used here for instance.

Maybe something like the following could do the trick ?

gef➤  pi
>>> if 'gef' in locals():
...     gdb.execute(f'gef-remote {host} {port}')
... else:
...     gdb.execute(f'target remote {host}:{port}')

This could also be a nice feature to add better support for qemu debugging ? I didn't really tested how it works atm but I guess using the qemu-mode should improve it for gef users.

[peace-maker]

Hm, how would you detect if gef is installed in gdb from the exploit script? Running the detection in python in gdb appears to be the easiest way indeed. I am not sure in which context the commands get executed by gdb.execute - immediately or using some command buffer after the other commands in the gdbscript were ran. Do you want to work on this?

[ValekoZ]

Detecting if gef is installed from the exploit script does not seem like something we can do easily. The only way I can see to detect it is directly from gdb.
Maybe we can do it without python in the gdb script ? Or just let the user specify if he uses gef with an argument but it would not be really clean ..

And about your question, afaik gdb.execute will execute the command immediately but I will check that.
I could try to implement this if you want :)

[peace-maker]

I don't think having some context.have_gef option is a good idea too. Having it just use the correct commands when having gef installed is way nicer.

[Arusekk]

I wonder why GEF does not overwrite the default behaviour if it is unsupported; maybe they could 'fix' it? Pwndbg for example detects what happens on the other end and then adapts (with monitor commands).

Nevertheless, can you try to implement that in the default gdbscript preamble used in pwntools and submit it as a pull request? It should be as easy as py Y() if X else Z(). I think it is safe to assume everybody has Python in their GDB nowadays.

[ValekoZ]

After discussing this with @hugsy, probably the best way to resolve this issue is to resolve it directly in gef.
But the "gef-remote" command actually uses the "target remote" command under the hood, so it might not be trivial to fix it.
I'll check how this is done on pwndbg and check if it seems feasible to port the same logic to gef :)

[peace-maker]

Cool, please keep us updated here!

[peace-maker]

Any news?

[ValekoZ]

Sorry, I did not have much time those days.
The issue seems to correctly work in gef, and I just tested if it worked correctly with pwntools on top of that and it works fine :)

[peace-maker]

Appears to be fixed in gef. Thank you @ValekoZ!

[Grazfather]

It would be nice if there were some option in pwntools that let us override the command issued for a remote session. That way detection would be unnecessary, but we could explicitly overwrite it to e.g. gef-remote in this case.

[peace-maker]

Do you have a use case in mind where you need this? I thought gef works now with target remote?