Artificial truth

The more you see, the less you believe.

[archives] [latest] | [homepage] | [atom/rss]

Pimp my gdb with peda
Sat 29 September 2012 — download

GDB sucks

Let's be honest, GDB is not really reverse-engineering/exploit oriented (at all). But, since GDB 7.0 (October 06, 2009), it has a nice python API, so maybe it can be improved...

PEDA

PEDA stands for Python Exploit Development Assistance for GDB. Presented at the BlackHat2012 by Long Le from vnsecurity.net, it consists in a gdb init script (~/.gdbinit), which provides a shitload of useful functionalities. When installed, you can simply type "peda" under gdb to have an overview of what it is capable.

What can it do ?

  • Pattern generation/storage/search
  • Display an amazing context !
  • Show virtual memory mapping
  • Display arbitrary parts of stack/memory
  • Looks for jumpcall (jumps/calls to registers)
  • Generate nopsleds/shellcodes
  • Assemble
  • Generate exploits wrappers
  • Search for everything (string/opcodes/patterns/addresses/...)in memory (references/addresses/pointers, ...)
  • Search for ROP oriented gadgets
  • Expose elf headers/symbols
  • Dump/load/copy/xor/patch memory
  • Strings, hexdump, hexprint
  • Show a nice disassembly/bp list in colours
  • Bypass functions by ignoring their execution
  • Bypass the to-well-known ptrace trick
  • Step until a desired instruction
  • Save trace informations
  • Show function's arguments
  • Wait for processes to pop-out (eg. forks)
  • Procinfo
  • Set/unset ASLR from inside GDB, check for various security options of the binary
  • A dead-simple configuration file
  • Completely extensible !

Where can I get this wonder ?

You can check the github repo and read PEDA's presentation from the BH2012, or simply browse this folder. Read the README for the setup.

Have fun :)