@ -198,6 +198,9 @@ long ptrace(enum __ptrace_request request, pid_t pid, void *addr, void *data);
## gdb-peda
`.gdbinit` 的文件;如果该文件存在,则 gdb 就执行该文件中的所有命令。通常,该文件用于简单的配置命令。但是 `.gdbinit` 的配置十分繁琐,因此对 gdb 的扩展通常用插件的方式来实现,通过 python 的脚本可以很方便的实现需要的功能。
PEDA( ) ,
#### 安装
```shell
@ -212,29 +215,91 @@ $ yaourt -S peda
```
#### peda命令
- `aslr` - 显示/设置 gdb 的 ASLR
- `checksec` - 检查二进制文件的安全选项
- `dumpargs` - 在调用指令停止时显示传递给函数的参数
- `dumprop` - 在特定的内存范围显示 ROP gadgets
- `elfheader` - 获取正在调试的 ELF 文件的头信息
- `elfsymbol` - 从 ELF 文件中获取没有调试信息的符号信息
- `lookup` - 搜索属于内存范围的地址的所有地址/引用
- `patch` - 使用字符串/十六进制字符串/整形数
- `pattern` - 生成,搜索或写入循环 pattern 到内存
- `procinfo ` - 显示调试进程的 /proc/pid/
- `pshow` - 显示各种 PEDA 选项和其他设置
- `pset` - 设置各种PEDA选项和其他设置
- `readelf` - 获取 ELF 的文件头信息
- `ropgadget` - 获取二进制或库的常见 ROP gadgets
- `ropsearch` - 搜索内存中的
- `searchmem|find` - 搜索内存中的 pattern; 支持正则表达式搜索
- `shellco de` - 生成或下载常见的 shellcode
- `skeleton` - 生成 python exploit 代码模板
- `vmmap` - 在调试过程中获取段的虚拟映射地址范围
- `xormem ` - 用一个 key 来对一个内存区域执行 XOR 操作
- ** `aslr` ** - - 显示/设置 gdb 的 ASLR
- `asmsearch` -- Search for ASM instructions in memory
- `assemble` -- On the fly assemble and execute instructions using NASM
- **`checksec` ** -- 检查二进制文件的安全选项
- `cmpmem` -- Compare content of a memory region with a file
- `context` -- Display various information of current execution context
- `context_code` -- Display nearby disassembly at $PC of current execution context
- `context_register` -- Display register information of current execution context
- `context_stack` -- Display stack of current execution context
- `crashdump ` -- Display crashdump info and save to file
- `deactive` -- Bypass a function by ignoring its execution (eg sleep/alarm)
- `distance` -- Calculate distance between two addresses
- **`dumpargs` ** -- 在调用指令停止时显示传递给函数的参数
- `dumpmem` -- Dump content of a memory region to raw binary file
- **`dumprop` ** -- 在特定的内存范围显示 ROP gadgets
- `eflags` -- Display/set/clear/toggle value of eflags register
- **`elfhea der ` ** -- 获取正在调试的 ELF 文件的头信息
- **`elfsymbol` ** -- 从 ELF 文件中获取没有调试信息的符号信息
- `gennop` -- Generate abitrary length NOP sled using given characters
- `getfile ` -- Get exec filename of current debugged process
- `getpid` -- Get PID of current debugged process
- `goto` -- Continue execution at an address
- `help` -- Print the usage manual for PEDA commands
- `hexdump` -- Display hex/ascii dump of data in memory
- `hexprint` -- Display hexified of data in memory
- `jmpcall` -- Search for JMP/CALL instructions in memory
- `loadmem` -- Load contents of a raw binary file to memory
- **`lookup` ** -- 搜索属于内存范围的地址的所有地址/引用
- `nearpc` -- Disassemble instructions nearby current PC or given address
- `nextcall` -- Step until next 'call' instruction in specific memory range
- `nextjmp` -- Step until next 'j*' instruction in specific memory range
- `nxtest` -- Perform real NX test to see if it is enabled/supported by OS
- **`patch` ** -- 使用字符串/十六进制字符串/整形数
- **`pattern` ** -- 生成,搜索或写入循环 pattern 到内存
- `pattern_arg` -- Set argument list with cyclic pattern
- `pattern_create` -- Generate a cyclic pattern
- `pattern_env` -- Set environment variable with a cyclic pattern
- `pattern_offset` -- Search for offset of a value in cyclic pattern
- `pattern_patch` -- Write a cyclic pattern to memory
- `pattern_search` -- Search a cyclic pattern in registers and memory
- `payload` -- Generate various type of ROP payload using ret2plt
- `pdisass` -- Format output of gdb disassemble command with colors
- `pltbreak` -- Set breakpoint at PLT functions match name regex
- **`procinfo` ** -- 显示调试进程的 /proc/pid/
- `profile` -- Simple profiling to count executed instructions in the program
- `pyhelp` -- Wrapper for python built-in help
- **`pshow` ** -- 显示各种 PEDA 选项和其他设置
- **`pset` ** -- 设置各种 PEDA 选项和其他设置
- **`readelf` ** -- 获取 ELF 的文件头信息
- `refsearch` -- Search for all references to a value in memory ranges
- `reload` -- Reload PEDA sources, keep current options untouch
- **`ropgadget` ** -- 获取二进制或库的常见 ROP gadgets
- **`ropsearch` ** -- 搜索内存中的 ROP gadgets
- **`searchmem|find` ** -- 搜索内存中的 pattern; 支持正则表达式搜索
- `searchmem` -- Search for a pattern in memory; support regex search
- `session` -- Save/restore a working gdb session to file as a script
- `set` -- Set various PEDA options and other settings
- `sgrep` -- Search for full strings contain the given pattern
- **`shellcode` ** -- 生成或下载常见的 shellcode
- `show` -- Show various PEDA options and other settings
- **`skeleton` ** -- 生成 python exploit 代码模板
- `skipi` -- Skip execution of next count instructions
- `snapshot` -- Save/restore process's snapshot to/from file
- `start` -- Start debugged program and stop at most convenient entry
- `stepuntil` -- Step until a desired instruction in specific memory range
- `strings` -- Display printable strings in memory
- `substr` -- Search for substrings of a given string/number in memory
- `telescope` -- Display memory content at an address with smart dereferences
- `tracecall` -- Trace function calls made by the program
- `traceinst` -- Trace specific instructions executed by the program
- `unptrace` -- Disable anti-ptrace detection
- `utils` -- Miscelaneous utilities from utils module
- **`vmmap` ** -- 在调试过程中获取段的虚拟映射地址范围
- `waitfor` -- Try to attach to new forked process; mimic "attach -waitfor"
- `xinfo` -- Display detail information of address/registers
- **`xormem` ** -- 用一个 key 来对一个内存区域执行 XOR 操作
- `xprint` -- Extra support to GDB's print command
- `xrefs` -- Search for all call/data access references to a function/variable
- `xuntil` -- Continue execution until an address or function
#### 更多资料
## GEF/pwndbg
peda 外还有一些优秀的 gdb 增强工具,功能大致相同,可以看情况选用。
PEDA 外还有一些优秀的 gdb 增强工具,功能大致相同,可以看情况选用。
- [GEF ](https://github.com/hugsy/gef ) - Multi-Architecture GDB Enhanced Features for Exploiters & Reverse-Engineers
- [pwndbg ](https://github.com/pwndbg/pwndbg ) - Exploit Development and Reverse Engineering with GDB Made Easy
firmianay