git clone https://github.com/longld/peda To set it up add the following to your **~/.gdbinit** file and then run **gdb** as usual: # Source all settings from the peda dir source ~/peda/peda.py # These are other settings I have found useful # Intel syntax is more readable set disassembly-flavor intel # When inspecting large portions of code the scrollbar works better than 'less' set pagination off # Keep a history of all the commands typed. Search is possible using ctrl-r set history save on set history filename ~/.gdb_history set history size 32768 set history expansion on Making the following modification to ~/peda/lib/config.py is also recommended: - "debug" : ("off", "show detail error of peda commands, e.g: on|off"), + "debug" : ("on", "show detail error of peda commands, e.g: on|off"), == General usage and features== * The list of commands can be read by typing **peda** * Peda has wrappers over many gdb commands * Here is **disas** versus **pdisas**: {{ :kb:toolset:disas_vs_pdisas.png?direct&700 |}} * There are three commands to show context: * **context reg** for the registers and flags * **context code** for disassembling around the current instruction pointer * **context stack** for examining the stack * There is also a command for all at once: **context all** that is run by default whenever a breakpoint is hit: {{ :kb:toolset:context_all.png?direct&700 |}} * As you can see, there is a lot of information available. Note that the addresses are color coded according to their origin: code/data/rodata * Peda also features smart dereferencing (telescoping) * Getting information about an address or register can be done with **xinfo**. The origin of the mapping is searched from another command: **vmmaps** {{ :kb:toolset:xinfo_vmmap.png?direct&700 |}} * Displaying all strings in the address space is done using **strings** * Searching for specific strings can be done with **find** {{ :kb:toolset:searching.png?direct&700 |}} * Sometimes you need to find a pointer to a specific string. You can use **refsearch** {{ :kb:toolset:refsearch.png?direct&700 |}} * Searching for specific instructions or chains of instructions is done using **asmsearch** (although it's not always accurate) {{ :kb:toolset:asmsearch.png?direct&700 |}} == Exploit/ Reverse Engineering specifics == * Process info and security {{ :kb:toolset:process_info.png?direct&700 |}} * ROP gadgets {{ :kb:toolset:dumprop.png?direct&700 |}} * Tracing calls {{ :kb:toolset:tracecall.png?direct&700 |}} * Tracing individual instructions: Peda can also infer the arguments to functions or the operands for comparisons and display them {{ :kb:toolset:traceinst.png?direct&700 |}} * Creating exploit patterns and searching for them in memory and registers {{ :kb:toolset:pattern.png?direct&700 |}} == More info == * There are many more features in peda apart from the ones described above (shellcode downloading, exploit generation, python script generation from the payload). For everything else check out the source code. * You can also view the following resources from its authors: * [[http://ropshell.com/peda/Linux_Interactive_Exploit_Development_with_GDB_and_PEDA_Slides.pdf | Slides from the BlackHat'12 presentation ]] * [[http://www.youtube.com/watch?v=knC3B3RKARo | Full exploit demo video]]