gdbデバッグの一般的なコマンドを記録します
2558 ワード
gdb
メモリデータの表示
データの検索
Pwngdbプラグイン
pwndbg
s step,si
n ni
b ,
b * adrress
b function_name
info b
delete
c
r
disas addr addr
disas functions fucntion
メモリデータの表示
p
p system/main
p $esp
p/x p/a p/b p/s。。。
p 0xff - 0xea
print &VarName
p * 0xffffebac
x
:x/
n ,
f (b ,s ,i ,x ,d )
u 4byte,u ,b ,h ,w ,g
x/xw addr 16 ,
x/x $esp esp
x/s addr addr
x/b addr addr
x/i addr addr
info
info register $ebp ebp ( i r ebp)
i r eflags
i r ss
i b
i functions
disas addr addr
stack 20 20
show args
vmmap peda
readelf elf peda
parseheap peda
データの検索
find peda
searchmem peda
ropsearch "xor eax,eax;ret" 0x08048080 0x08050000 rop peda
ropgadget pop|ret peda
Pwngdbプラグイン
libc : Print the base address of libc
ld : Print the base address of ld
codebase : Print the base of code segment
heap : Print the base of heap
got : Print the Global Offset Table infomation
dyn : Print the Dynamic section infomation
findcall : Find some function call
bcall : Set the breakpoint at some function call
tls : Print the thread local storage address
at : Attach by process name
findsyscall : Find the syscall
fmtarg : Calculate the index of format string
You need to stop on printf which has vulnerability.
force : Calculate the nb in the house of force.
heapinfo : heap
default is the arena of current thread
If tcache is enable, it would show infomation of tcache entry
heapinfoall : Print some infomation of heap (all threads)
arenainfo : Print some infomation of all arena
chunkptr : chunk chunk
printfastbin : fastbin
tracemalloc on : chunk malloc free
parseheap :
magic : glibc
fp : show FILE structure
fp (Address of FILE)
fpchain: show linked list of FILE
orange : Test house of orange condition in the _IO_flush_lockp
orange (Address of FILE)
glibc version <= 2.23
pwndbg
top_chunk: top chunk
malloc_chunk address: chunk
fastbins: fastbins
unsorted: unsortedbin
smallbins: smallbins
largebins: largebins
bins: bins
mp:
arena: