peda

gdb에서 가상메모리 자체를 조금 더 효율적으로 보여주는 방법 중 하나이다. PEDA - Python Exploit Development Assistance for GDB

Key Features:

• Enhance the display of gdb: colorize and display disassembly codes, registers, memory information during debugging.
• Add commands to support debugging and exploit development (for a full list of commands use peda help):
  • aslr – Show/set ASLR setting of GDB
  • checksec – Check for various security options of binary
  • dumpargs – Display arguments passed to a function when stopped at a call instruction
  • dumprop – Dump all ROP gadgets in specific memory range
  • elfheader – Get headers information from debugged ELF file
  • elfsymbol – Get non-debugging symbol information from an ELF file
  • lookup – Search for all addresses/references to addresses which belong to a memory range
  • patch – Patch memory start at an address with string/hexstring/int
  • pattern – Generate, search, or write a cyclic pattern to memory
  • procinfo – Display various info from /proc/pid/
  • pshow – Show various PEDA options and other settings
  • pset – Set various PEDA options and other settings
  • readelf – Get headers information from an ELF file
  • ropgadget – Get common ROP gadgets of binary or library
  • ropsearch – Search for ROP gadgets in memory
  • searchmem|find – Search for a pattern in memory; support regex search
  • shellcode – Generate or download common shellcodes.
  • skeleton – Generate python exploit code template
  • vmmap – Get virtual mapping address ranges of section(s) in debugged process
  • xormem – XOR a memory region with a key

Installation

git clone https://github.com/longld/peda.git ~/peda
echo "source ~/peda/peda.py" >> ~/.gdbinit
echo "DONE! debug your program with gdb and enjoy"

gdb 명령어 (지금까지 사용해본 것)

• 기본

  $ gdb a.out[실행파일]

• b main main 까지 break를 건다.
• r breakpoint까지 실행시킨다.
• s 한 step씩 디버깅과 함께 진행한다.
• q 종료한다.
• info variables 각 section별 주소값들의 크기를 출력해준다.
• info files (추가 필요)

readelf

실행파일의 헤더 부분들을 출력해준다.

$ readelf -S -W a.out