telescope for debugger

[therealdreg]

telescope aims to simplify the dereferencing of an address to determine the content it actually points to. At a glance, you can see the entire chain + final data (ascii string / hex). Very handy for reversing & exploiting.

  telescope addr               shows how pointers lead to other pointers and finally to data. 
                               It goes step by step through each pointer, showing you where they all end up. 
                               To activate this functionality, the telescopeset command must be executed beforehand. 
                               For example: telescope esp
                               it presents a sequential view where each row represents the data at the next address 
                               starting from the original location. This means that the command not only shows the 
                               chain of pointers and the end data but also arranges the output so that each row 
                               progresses to the next memory address from the starting point
        
  telescopeset max_rows max_depth data_depth data_hex
                               The number of rows ('max_rows') to display, how deeply to follow pointer dereferencing 
                               ('max_depth'), the depth of final displayed data ('data_depth'), and the option to 
                               show the final data in hexadecimal(1)/ascii(0) format flag ('data_hex'). 
                               This command also activates the telescope feature for viewing registers and the stack. 
                               For example: telescopeset 6 5 15 0
                               display up to 6 addresses, dereference pointers 5 levels deep, show 15 units of data in ASCII
                               (0 means not use hexadecimal)
                               Disable telescope: telescopeset 0 0 0 0

Example: telescopeset 6 5 15 0

Once activated with the telescopeset command, it can be viewed with the regs, print-stack, and used individually with the telescope command:

• It also detects infinite loops (iloop)
• The final data can be displayed in hexadecimal or ascii-string (filtered)
• telescope command
• disable telescope: telescopeset 0 0 0 0

A wild PE32 appeared!

---

I would like the first version of this feature to be simple and straightforward, without adding many options for tuning.

Since the current code is tightly coupled with the UI, I've made the minimum necessary changes to make it functional and "non-noisy"

Do you like it? What changes would you like me to make?

I haven't fixed the coding style yet, and it's not completely finished, but I wanted to discuss the idea before continuing!

@stlintel @vruppert :D

---

Inspired by GDB-GEF, PEDA, PWNDBG...

GDB-GEF:

PWNDBG:

---

[therealdreg]

I think the workflow fails because I'm modifying the parser & lexer :? If I do it in the correct order on my machine, everything compiles fine...

[stlintel]

You clearly have to write better doc about what is telescope and how it is configured

telescopeset max_rows max_depth data_depth data_hex

There max_rows max_depth data_depth are just magic numbers from first sight

also I wonder where the name comes from

[therealdreg]

You clearly have to write better doc about what is telescope and how it is configured

telescopeset max_rows max_depth data_depth data_hex

There max_rows max_depth data_depth are just magic numbers from first sight

also I wonder where the name comes from

Yes, its not the final version, but I want more feedback.

About name 'telescope':

https://browserpwndbg.readthedocs.io/en/docs/commands/procinfo/telescope/
https://github.com/ebtaleb/peda_cheatsheet/blob/master/peda.md#stack--memory
https://gef-legacy.readthedocs.io/en/latest/commands/dereference/

[therealdreg]

@stlintel Besides improving the documentation, fixing the coding style, enhancing the code... is there anything else that comes to mind?

[therealdreg]

fixed coding style & doc

@stlintel opinion?

(my english s*cks) (github actions fails because parser & lexer changes?)

[stlintel]

please make the param 'quiet' as default false and void changing every call to bx_dbg_read_linear

[stlintel]

might be also telescope reset shortcut instead of 'telescope 0 0 0 0' ?
also lexer is not forgiving for these 4 params
if you forget one or miss order of these params -> result is not nice and hard to understand what went wrong
I prefer smth like telescope rows=R depth=D data_depth=DD hex=H
but I didn't conclude it yet ... anyway -> at least when telescope is called -> print what is actually did.
like setting 'rows = R and etc
Are where default params here ?
Like hex=TRUE is omitted ?
Or data_depth = max_depth if omitted ?

[stlintel]

use = false default parameter

[stlintel]

awful code duplication.
should be array of const char* containing "rax", "rbx", ... , "r15" like this one from disasm.cc:

static const char *general_64bit_regname[17] = {
"rax", "rcx", "rdx", "rbx", "rsp", "rbp", "rsi", "rdi",
"r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15", "rip"
};

and for walking over all registers

[stlintel]

Avoid duplicating bx_dbg_telescope(addr) call ?
just do dbg_printf with if's and call bx_dbg_telescope(addr) after them

[stlintel]

is possible to have default parameters ?

[stlintel]

I would probably prefer default parameter also here for bx_dbg_deref

[stlintel]

Please also include generated lex and yacc files in the PR