Scribd
Upload
700 views3 pages

Installation Security Information: GDB-PEDA Cheatsheet - Page 1

This document provides a summary of commands for the GDB-PEDA debugger. It is organized into sections for installation, running GDB, security checks, getting information, searching memory, sources, debugging, and patching. The commands allow inspecting and modifying a program's memory and execution at a low level.

Uploaded by

Ashley Lexington
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
700 views3 pages

Installation Security Information: GDB-PEDA Cheatsheet - Page 1

This document provides a summary of commands for the GDB-PEDA debugger. It is organized into sections for installation, running GDB, security checks, getting information, searching memory, sources, debugging, and patching. The commands allow inspecting and modifying a program's memory and execution at a low level.

Uploaded by

Ashley Lexington
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

GDB-PEDA Cheatsheet – Page 1

Installation Security Information

# git clone checksec [file] elfheader [header_name]


https://github.com/longld/peda ~/peda Check security options of debugged Get headers information from
# echo "source ~/peda/peda.py" >> binary (or target file). debugged program.
~/.gdbinit
aslr [on|off] readelf <mapname|filename>
Running Check GDB ASLR setting (or turn it [header_name]
on/off). Get headers information from target
# gdb <program> [core dump] file.
Start GDB (with optional core dump). nxtest [address]
elfsymbol [symbol_name]
Perform No-Execute (NX) check test.
# gdb –args <program> <args…> Get symbol information from
Start GDB and pass arguments. debugged program.
unptrace [del]
# gdb --pid <pid> Disable/enable anti-ptrace detection. procinfo [pid]
Start GDB and attach to process. Fetch information from /proc/pid for
Miscellaneous debugged program (or optional pid).
# gdb <program> -ex <’command’>
Start GDB and execute command. utils <command> <arg> vmmap [address|mapname]
pset|pshow arg <args…> Perform miscellaneous utilities. Get virtual mapping address ranges
Set/show arguments to pass to for debugged process (with optional
program to be debugged. loadmem <file> <address> [size] address/mapname)
Load content of raw binary file to
pset|pshow option <name> <value> context [reg|code|stack|all]
memory (with optional size).
Set/show various PEDA options. [code/stack length]
session save|restore [filename] Get current execution context (with
pset|pshow env <name> <value> optional code/stack length).
Save/restore GDB session to/from file.
Set/show environment variables.
snapshot save|restore [filename] crashdump [reason]
run Get crashdump info (with optional
Save/restore process’s snapshot to/from
Run the program to be debugged. file. reason text).
start
peda [help command] dumpargs [count]
Start debugged program and stop at
most convenient entry. List all PEDA commands and help. Get arguments passed to function
kill when stopped at call instruction (with
@charleycelice optional display count).
Kill the running program.
GDB-PEDA Cheatsheet – Page 2
Information, cont. xinfo <address|register> [reg1 reg2] jmpcall [“reg”] [[start]
[end]|[mapname]]
Get information of address/registers.
dumpmem <file> [<start> Search for JMP/CALL instructions in
<end>|<mapname>] xprint <expression> memory (with optional range).
Dump content of memory region to Extra support to GDB’s print command.
file. profile [count] [keyword]
Count executed instructions in the
eflags [set|clear|toggle] <flagname> Search program (with optional count or
Show/set/clear/toggle value of eflags keyword).
register. lookup address|pointer <address>
<reg|code|stack|all> refsearch <value> [mapname]
getfile|getpid
Search for addresses/references to Search all references to a value in
Get filename/pid of debugged process. addresses within memory range. memory (with optional range).
hexdump|hexprint <address> searchmem|find <pattern> [[start]
[count|/count] [end]|[mapname]] sgrep <pattern> [[start]
[end]|[mapname]]
Get hex/ascii or hexified dump of data Search for patterns in memory
in memory (with optional count). (supports regex). Search for string patterns (with
optional memory range).
strings [[start] [end]]|[mapname] asmsearch <”expression”> [[start] Sources
[minlength] [end]|[mapname]]
substr <”string”> [[start]
Dump strings in memory (with optional Search for ASM expression (with [end]|[mapname]]
start/end addresses, mapname, and optional memory range).
minimum length). Search for substrings in memory
cmpmem <start> <end> <file> (with optional range).
tracecall [“func1,func2”]|[“- Compare content of memory region
func1,func2”] [mapname1,mapname2] with file. telescope [address] [linecount]
Trace function calls made by the Get memory content at an address
program (with optional specific distance <address>|<address1> with smart dereferences.
functions or inverse, and mapname). <address2>
Calculate distance between address xrefs [pattern] [[file]|[mapname]]
traceinst [count] [“inst1,inst2”] and current stack pointer (or two
[mapname1,mapname2] Search for call/data access
specified addresses).
references to a function/variable.
Trace instructions executed by the
program (with optional specific
instructions, mapname, and count).
@charleycelice
GDB-PEDA Cheatsheet – Page 3
Debugging/Patching waitfor <cmd> [-c] skeleton <argv|env|stdin|remote>
[file]
Wait for and attach to specified process
patch <address>|<from_addr> <to_addr> (with optional auto continue). Generate python exploit code
[“string”] template.
Patch memory start at an address with xuntil <address>|<function>
string/hexstring/int. payload copybytes [dest1 data1 dest2
Continue execution until address or
data2…]
function.
xormem <start> <end> <key> Generate ROP payload using ret2plt.
XOR memory region with key.
Dis/Assemble gennop <size> [chars]
deactive <function> [del] Generate given length NOP sled
Deactivate/reactivate function pdisass [address] [“gdb disassemble (with optional characters set).
execution in debugged program. args”]
GDB disassemble command with pattern
goto <address> colours (and optional address). <create|offset|search|patch|arg|env>
Continue execution at an address.
Generate/search/write cyclic pattern
assemble [-b16|-b32|-b64] [address]
nextcall|nextjmp [keyword] to memory.
On-the-fly assemble/execute
[mapname1,mapname2] instructions using NASM (with optional Sources
Step until next call/jump instruction mode and address). dumprop [start end|mapname]
(with optional keyword and memory [keyword] [depth]
range). nearpc [address] [count] Dump all ROP gadgets in memory
Disassemble instructions near current range.
pltbreak [name] PC or given address (with optional
Set breakpoints at PLT functions (with count). ropgadget [mapname]
optional match regex name).
Get common ROP gadgets of binary
Exploit Dev.
skipi [count] or library (with optional range).
Skip next count of instructions. shellcode <generate|search|display|zsc>
Cheatsheet – Page 3 Generate/search keywords/display by ropsearch <”gadget”> [start
stepuntil <inst1,inst2> id/create custom shellcode. end|pagename]
[mapname1,mapname2] Search for ROP gadgets (with
Step until desired instruction (with optional memory range).
optional memory range).

@charleycelice

You might also like