Peter's Mind Vault

PEDA - Python Exploit Development Assistance for GDB, - Enhance the display of gdb: colorize and display disassembly codes, registers, memory information during debugging. Adds commands to support debugging and exploit development

pattern

uses DeBruijn patterns to create a string to fill memory space and detect offsets. A DeBruijn pattern is a string consisting of only unique substrings.

AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHA

pattern_search

When we create a DeBruijn pattern with substrings of 4 bytes and overflow a piece of memory we can detect the substring present in a specific buffer and find that substring in our original pattern string, resulting in the offset:

gdb-peda$ pattern_search
Registers contain pattern buffer:
EBP+0 found at offset: 1036
EIP+0 found at offset: 1040
Registers point to pattern buffer:
[ESP] --> offset 1044 - size ~156
Pattern buffer found at:
0xf7fd8000 : offset 1006 - size   18 (mapped)
0xf7fd8015 : offset    3 - size 1003 (mapped)
0xffffcbcc : offset    0 - size 1024 ($sp + -0x414 [-261 dwords])
0xffffcfd0 : offset 1028 - size  172 ($sp + -0x10 [-4 dwords])
References to pattern buffer found at:

print

prints a register

print $ESP

Peter's Mind Vault

Table of Contents

Explore

gdb-peda

pattern

pattern_search

print

Graph View

Backlinks

Recent notes

AI in E-Commerce

Artificial Intelligence

AxoSyslog

Changelog

Digital Gardening

Explore