Artificial truth

The more you see, the less you believe.

[archives] [latest] | [homepage] | [atom/rss/twitter]

Pimp my gdb with peda
Sat 29 September 2012 — download

GDB sucks

Let's be honest, GDB is not really reverse-engineering/exploit oriented (at all). But, since GDB 7.0 (October 06, 2009), it has a nice python API, so maybe it can be improved...


PEDA stands for Python Exploit Development Assistance for GDB. Presented at the BlackHat2012 by Long Le from, it consists in a gdb init script (~/.gdbinit), which provides a shitload of useful functionalities. When installed, you can simply type "peda" under gdb to have an overview of what it is capable.

What can it do ?

  • Pattern generation/storage/search
  • Display an amazing context !
  • Show virtual memory mapping
  • Display arbitrary parts of stack/memory
  • Looks for jumpcall (jumps/calls to registers)
  • Generate nopsleds/shellcodes
  • Assemble
  • Generate exploits wrappers
  • Search for everything (string/opcodes/patterns/addresses/...)in memory (references/addresses/pointers, ...)
  • Search for ROP oriented gadgets
  • Expose elf headers/symbols
  • Dump/load/copy/xor/patch memory
  • Strings, hexdump, hexprint
  • Show a nice disassembly/bp list in colours
  • Bypass functions by ignoring their execution
  • Bypass the to-well-known ptrace trick
  • Step until a desired instruction
  • Save trace informations
  • Show function's arguments
  • Wait for processes to pop-out (eg. forks)
  • Procinfo
  • Set/unset ASLR from inside GDB, check for various security options of the binary
  • A dead-simple configuration file
  • Completely extensible !

Where can I get this wonder ?

You can check the github repo and read PEDA's presentation from the BH2012, or simply browse this folder. Read the README for the setup.

Have fun :)