The documentation in pwndbg is currently lacking and there are multiple facets that could be improved. The README itself could be made shorter with sections being factored out to their own documents/pages accessable via the https://pwndbg.re/ website. Both the https://pwndbg.re/ landing page and https://pwndbg.re/pwndbg/ are generated from the README, using different workflows - they should be merged into one. There are also some bugs like markdown not being rendered properly in certain sections.
The commands page (generated from here) should be combed through so that any missing commands are added or outdated commands updated. Ideally the page should be reworked to show the same help that is shown in the debugger (defined in the command source code and thus always up-to-date) and additionally have longer explanations, common use-cases and examples (sometimes with pictures). Simple examples could also be included in the debugger help texts. The commands should also link back to their definitions in the source code.
The source page needs to be reworked as well. It currently doesn't contain links to sources, is hard to navigate, and doesn't look very appealing.
There should be a dedicated page generated for both general settings (the config command) and theme settings (the theme command).
There should also be a dedicated page for pwndbg defined debugger functions which are listed with pwndbg> help function.
It would also be nice to have a tutorial, explaining the pwndbg context and showing examples of various workflows (messing with heap, kernel, etc).
The FEATURES.md document should be updated. There are currently screenshots showing output which has since changed (e.g. a big part of the heap section). It should give an overview of the most interesting parts of pwndbg, without describing any particular feature too verbosly.
Documentation should be added for how pwndbg can be used as an API with user scripts, and how to implement a new command using that infrastructure.
The https://pwndbg.readthedocs.io/ site will be removed.
The gef documentation could be a useful reference for some of the aforementioned goals.
- Length: 90h - 175h depending on the agreed upon scope
- Difficulty: Medium
- Mentors: @disconnect3d, ???
A significantly improved user experience when learning about pwndbg and its various components.
pwndbg currently has support for inspecting the state of glibc malloc and jemalloc. This project encompasses adding support for another allocator. There are many to choose from though popular implementations should be preferred. Some that come to mind are musl's mallocng, microsoft's mimalloc and mimalloc-secure, llvm's scudo, google's tcmalloc, chromium's PartitionAlloc, uclibc-ng's malloc (there seem to be three of them?).
For some of these allocators debugger helper scripts have already been written, and bata24's fork of gef could be especially useful.
This project involves reading the chosen allocator's source and understanding its algorithm, and then finding a clear way to represent its state through new pwndbg commands.
- Length: 175h
- Difficulty: Medium
- Mentors: @disconnect3d, @CptGibbon
The chosen allocator state can be properly visualized, with colorized output and its internal structures showcased clearly, similarly to the existing heap and bins glibc malloc commands. There should also be a command that allows finding all relevant data structures for a given heap address.