PEDA - Python Exploit Development Assistance for GDB, - Enhance the display of gdb: colorize and display disassembly codes, registers, memory information during debugging. Adds commands to support debugging and exploit development
pattern
uses DeBruijn patterns to create a string to fill memory space and detect offsets. A DeBruijn pattern is a string consisting of only unique substrings.
AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHA
pattern_search
When we create a DeBruijn pattern with substrings of 4 bytes and overflow a piece of memory we can detect the substring present in a specific buffer and find that substring in our original pattern string, resulting in the offset:
gdb-peda$ pattern_search
Registers contain pattern buffer:
EBP+0 found at offset: 1036
EIP+0 found at offset: 1040
Registers point to pattern buffer:
[ESP] --> offset 1044 - size ~156
Pattern buffer found at:
0xf7fd8000 : offset 1006 - size 18 (mapped)
0xf7fd8015 : offset 3 - size 1003 (mapped)
0xffffcbcc : offset 0 - size 1024 ($sp + -0x414 [-261 dwords])
0xffffcfd0 : offset 1028 - size 172 ($sp + -0x10 [-4 dwords])
References to pattern buffer found at:
prints a register
print $ESP