GDB-PEDA学习笔记

4

PEDA – Python Exploit Development Assistance for GDB

Installation

git clone https://github.com/longld/peda.git ~/peda
echo "source ~/peda/peda.py" >> ~/.gdbinit

Key Features:

PEDA – Python Exploit Development Assistance for GDB For latest update, check peda project page: https://github.com/longld/peda/ List of "peda" subcommands, type the subcommand to invoke it:

  • aslr — Show/set ASLR setting of GDB
  • asmsearch — Search for ASM instructions in memory
  • assemble — On the fly assemble and execute instructions using NASM

    • assemble [mode][address]
    • mode: -b16 / -b32 / -b64
  • checksec — Check for various security options of binary

  • cmpmem — Compare content of a memory region with a file

    • cmpmem start end file
  • context — Display various information of current execution context

  • context_code — Display nearby disassembly at $PC of current execution context
  • context_register — Display register information of current execution context
  • context_stack — Display stack of current execution context
  • crashdump — Display crashdump info and save to file
  • deactive — Bypass a function by ignoring its execution (eg sleep/alarm)

    • deactive function
    • deactive function del (re-active)
  • distance — Calculate distance between two addresses

    • distance address (calculate from current $SP to address)
    • distance address1 address2
  • dumpargs — Display arguments passed to a function when stopped at a call instruction

  • dumpmem — Dump content of a memory region to raw binary file
  • dumprop — Dump all ROP gadgets in specific memory range
  • eflags — Display/set/clear/toggle value of eflags register
  • elfheader — Get headers information from debugged ELF file
  • elfsymbol — Get non-debugging symbol information from an ELF file
  • gennop — Generate abitrary length NOP sled using given characters
  • getfile — Get exec filename of current debugged process
  • getpid — Get PID of current debugged process
  • goto — Continue execution at an address
  • help — Print the usage manual for PEDA commands
  • hexdump — Display hex/ascii dump of data in memory

    • hexdump address (dump 16 bytes from address)
    • hexdump address count
    • hexdump address /count (dump "count" lines, 16-bytes each)
  • hexprint — Display hexified of data in memory

  • jmpcall — Search for JMP/CALL instructions in memory
  • loadmem — Load contents of a raw binary file to memory
  • lookup — Search for all addresses/references to addresses which belong to a memory range
  • nearpc — Disassemble instructions nearby current PC or given address
  • nextcall — Step until next 'call' instruction in specific memory range
  • nextjmp — Step until next 'j*' instruction in specific memory range
  • nxtest — Perform real NX test to see if it is enabled/supported by OS
  • patch — Patch memory start at an address with string/hexstring/int
  • pattern — Generate, search, or write a cyclic pattern to memory

    • pattern create size [file]
    • pattern offset value
    • pattern search
    • pattern patch address size
    • pattern arg size1 [size2,offset2]
    • pattern env size[,offset]
  • pattern_arg — Set argument list with cyclic pattern

  • pattern_create — Generate a cyclic pattern
  • pattern_env — Set environment variable with a cyclic pattern
  • pattern_offset — Search for offset of a value in cyclic pattern
  • pattern_patch — Write a cyclic pattern to memory
  • pattern_search — Search a cyclic pattern in registers and memory
  • payload — Generate various type of ROP payload using ret2plt

    • payload copybytes (generate function template for ret2strcpy style payload)
    • payload copybytes dest1 data1 dest2 data2 ...
  • pdisass — Format output of gdb disassemble command with colors

  • pltbreak — Set breakpoint at PLT functions match name regex
  • procinfo — Display various info from /proc/pid/
  • profile — Simple profiling to count executed instructions in the program
  • pyhelp — Wrapper for python built-in help
  • readelf — Get headers information from an ELF file
  • refsearch — Search for all references to a value in memory ranges
  • reload — Reload PEDA sources, keep current options untouch
  • ropgadget — Get common ROP gadgets of binary or library
  • ropsearch — Search for ROP gadgets in memory
  • searchmem — Search for a pattern in memory; support regex search
  • session — Save/restore a working gdb session to file as a script
  • set — Set various PEDA options and other settings
  • sgrep — Search for full strings contain the given pattern
  • shellcode — Generate or download common shellcodes.

    • shellcode generate [arch/]platform type [port][host]

    • shellcode search keyword (use % for any character wildcard)

    • shellcode display shellcodeId (shellcodeId as appears in search results)

    • shellcode zsc [generate customize shellcode]

    • For generate option:

      • default port for bindport shellcode: 16706 (0x4142)
      • default host/port for connect back shellcode: 127.127.127.127/16706
      • supported arch: x86
  • show — Show various PEDA options and other settings

  • skeleton — Generate python exploit code template
  • skipi — Skip execution of next count instructions
  • snapshot — Save/restore process's snapshot to/from file
  • start — Start debugged program and stop at most convenient entry
  • stepuntil — Step until a desired instruction in specific memory range
  • strings — Display printable strings in memory
  • substr — Search for substrings of a given string/number in memory
  • telescope — Display memory content at an address with smart dereferences
  • tracecall — Trace function calls made by the program
  • traceinst — Trace specific instructions executed by the program
  • unptrace — Disable anti-ptrace detection

4 Comments

Leave A Reply

苏ICP备16066660号-1

苏公网安备 32011502010432号