hexdump errors out when called as hexdump <address> <count> because ints don't have a startswith attribute. Fix by modeling after hexprint function.

I followed some tutorials that just type "plt" and then return a list of addresses of plt functions. But I only got "Usage..." message. I also tried "pltbreak system@plt" or "pltbreak system" but neither works. The command only returns
"Set breakpoint at PLT functions match name regex
Usage:
pltbreak [name]
"

Hi,

First, thanks for the effort in making peda, it's wonderful.

While playing with it on OSX recently I found that it wasn't correctly identifying flags for the binary with regards to the checksec feature. For example:

$ gcc -o derp derp.c -m32 -Wl,-allow_stack_execute
$ otool -hv derp
Mach header
      magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
   MH_MAGIC    I386        ALL  0x00     EXECUTE    15       1044   NOUNDEFS DYLDLINK TWOLEVEL ALLOW_STACK_EXECUTION PIE MH_NO_HEAP_EXECUTION
$ gdb ./derp
.
.
gdb-peda$ checksec
CANARY    : disabled
FORTIFY   : disabled
NX        : ENABLED
PIE       : disabled
RELRO     : disabled

I haven't tested RELRO but from what I can tell, all of the other flags in this list appear to be incorrect, regardless of the compilation flags.

Thanks.

I want to ask something about how to debug with peda.py.
I ran into following
python peda.py
Traceback (most recent call last): File "peda.py", line 5968, in <module> class pedaGDBCommand(gdb.Command): NameError: name 'gdb' is not defined
but if I type gdb,everything works fine.

When debugging c++, sometimes the context do not show up. (when using asm-demangle option)
I found "examine_data" use this line:

v = out.split(":")[1].strip()

in my case, out can take different values:

0x804fd00 std::cin@@GLIBCXX_3.4+128: 0xf7faae20
0xffffd134: 0xf7e4e840
0xf7e4e840 <main_arena>: 0x00000000
0xffffd138: 0x08050090

the first one will fail.
currently i use:

v = out.split(":")[-1].strip()

Same problem in "context_code"
input can be:

0x804a0c0 <dispatch_command(std::string&, std::vector<std::string, std::allocatorstd::string >&)+1205>: sub esp,0xc

so i change

opcode = inst.split(":")[1].split()[0]

with

opcode = inst.split(":")[-1].split()[0]

There is also some error on examine_mem_value (it split on ":" but it's not the good thing to do when receiving stuff like 0x804fd80 std::cout@@GLIBCXX_3.4: 0xf7fa344c)

if "<" in out and out.index("<") <= out.index(":"):
result = (to_hex(value), "data", "<" + out.split("<", 1)[1].strip())
else:
result = (to_hex(value), "data", out.split(":", 1)[1].strip())

I don't know if this the the way to do, i let you handle that ;)

I am trying to redo the exploit shown in "PEDA demo ret2stack (https://www.youtube.com/watch?v=knC3B3RKARo)"

But when I run the following command the value of arg is set as a string:

gdb-peda$ pset arg 'cyclic_pattern(200)'
gdb-peda$ pshow arg
arg[1]: cyclic_pattern(200)
gdb-peda$ pset arg '"A"*76 + BBBB + "\x90"*500 + shellcode'
gdb-peda$ pshow arg
arg[1]: "A"*76 + BBBB + ""*500 + shellcode

Input is treated as string and not executed as expected.

I am running following os configuration:
Ubuntu 14.04.3 32-Bit
GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1
Latest PEDA from git

like
pwndbg https://github.com/pwndbg/pwndbg
pwngdb https://github.com/scwuaptx/Pwngdb

i think this feature is very useful

As a recreational CTF player, I love and use peda for tons of things. In a few anti debugger binaries, I've seen (unconditional) jmp instructions being predicted as "Not taken".

If I weren't a dumb high schooler I'd try to actually contribute :/

hello there,
i have found a bug in the peda i'd like to report for fixing.
with the intel x86 instruction inconditional jump JMP if you jump to a register ex: jmp eax the peda show that the jmp is not taken but instead it is taken in gdb. i was doing some debbuging fo biniray obfiscation and that bug just give me a hard day intil i noticed that some jumps are taken but peda shows that they are not ... thanks for this really nice software and please fix the bugs as soon as possible.

best regards.

gdb-peda$ pattern_create 179
'AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AALAAhAA7AAMAAiAA8AANAAjAA9AAOAAkAAPAAlAAQAAmAARAAnAASAAoAATAApAAUAAqAAVAArAAWAAsA'

'AAsA' can found twice (offset 5 and at the end)
The problem may be in de_bruijn() implementation

Hi, I've noticed something weird when I pop a shell using peda.

Starting program: /home/me/class/stack/ip "$(./newexp.py)"
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������H�H1��T$(H�/bin//shH�T$ H�|$ H�|$H�L$H�LH�t$H�TH�Ȱ;��
process 25780 is executing new program: /bin/dash
$ ls
[New process 25788]
process 25788 is executing new program: /bin/ls
Makefile    ip    myexp.py   payload.asm  peda-session-cat.txt  peda-session-ls.txt
exploit.py  ip.c  newexp.py  payload.bin  peda-session-ip.txt   peda-session-whoami.txt
[Inferior 2 (process 25788) exited normally]
$ Warning: not running or target is remote

[1]+  Stopped                 ~/gdb-7.7/gdb/gdb -data-directory ~/gdb-7.7/gdb/data-directory ip
me@server:~$

The shell is launched and when I execute command from it, after the command finishes, peda itself gets stopped. Regular gdb doesn't behave this way, it gives me a functional shell. Can I get some help with this? How can I make my shell functional (aside from porting my exploit to non peda env)?

hello,
could you please work with release-tag-function in github? this would help me to make my maintainer job. IIf you would do that I could offer a peda-git package and a peda-stable package. thx!

greetings

Chris

I just installed peda using pip. I sourced the peda.py file in .gdbinit

        source /usr/lib/python2.7/site-packages/peda/peda.py

I ran into following

gdb
GNU gdb (GDB; %maintenance_distribution) 7.9.1
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-suse-linux".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://bugs.opensuse.org/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word".
Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/peda/peda.py", line 29, in <module>
    from shellcode import *
  File "/usr/lib/python2.7/site-packages/peda/lib/shellcode.py", line 13, in <module>
    from utils import msg, error_msg
ImportError: cannot import name msg
(gdb) quit

Am I missing a dependency? These are not the instructions on the site but since it is available via python-pip, I thought it should just work.

File 'peda.py', lines 759 and 777:

def disassemble(self, *arg):
        [...]
        self.execute("set disassembly-flavor intel") 

I, as many other users, prefer the GAS syntax. Other users may prefer the Intel syntax, and that's why there is a set disassembly-flavor XXX setting.
I can't see a reason as to why pdisas, a supposedly improved disas, should blatantly ignore such a setting and impose either flavor.

I get the message "not running or target is remote" on a running process (stopped on a breakpoint) and local elf debugging (nothing of remote debugging), is due to a peda.getpid() failure

When displaying a value with context stack or context reg, if the value is a long chain of pointers, all of these pointers get printed regardless of the length of the chain. Thus, printing one of these values can take a long time (for example, after a large number of recursive calls ebp is a long chain of pointers). There should be an option to stop following these pointers after a certain depth.

gdb version 7.6.2, peda latest version.

I used peda to debug https://30c3ctf.aachen.ccc.de/static/bigdata.tar.gz

I just typed

start
procinfo

and gdb crashed with coredump backtrace below

gdb-peda$ bt
#0  0x00007fbe73077319 in raise () from /usr/lib/libc.so.6
#1  0x00007fbe73078718 in abort () from /usr/lib/libc.so.6
#2  0x0000000000624f96 in ?? ()
#3  0x0000000000627265 in ?? ()
#4  0x00000000006272b9 in internal_verror ()
#5  0x0000000000627352 in internal_error ()
#6  0x000000000056dcec in ?? ()
#7  0x00000000005580ff in ?? ()
#8  0x000000000062394a in execute_command ()
#9  0x00000000004cf7e3 in ?? ()
#10 0x00007fbe73916849 in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#11 0x00007fbe739172a0 in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#12 0x00007fbe73916499 in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#13 0x00007fbe73916562 in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#14 0x00007fbe739172a0 in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#15 0x00007fbe738a6c0d in function_call () from /usr/lib/libpython2.7.so.1.0
#16 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#17 0x00007fbe73912d70 in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#18 0x00007fbe739172a0 in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#19 0x00007fbe738a6b30 in function_call () from /usr/lib/libpython2.7.so.1.0
#20 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#21 0x00007fbe7389144d in instancemethod_call () from /usr/lib/libpython2.7.so.1.0
#22 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#23 0x00007fbe738d71f7 in slot_tp_call () from /usr/lib/libpython2.7.so.1.0
#24 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#25 0x00007fbe739129f1 in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#26 0x00007fbe739172a0 in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#27 0x00007fbe738a6b30 in function_call () from /usr/lib/libpython2.7.so.1.0
#28 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#29 0x00007fbe73912d70 in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#30 0x00007fbe739172a0 in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#31 0x00007fbe738a6b30 in function_call () from /usr/lib/libpython2.7.so.1.0
#32 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#33 0x00007fbe7389144d in instancemethod_call () from /usr/lib/libpython2.7.so.1.0
#34 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#35 0x00007fbe73883383 in PyObject_CallMethodObjArgs () from /usr/lib/libpython2.7.so.1.0
#36 0x00000000004d33ab in ?? ()
#37 0x000000000062394a in execute_command ()
#38 0x00000000004cf7e3 in ?? ()
#39 0x00007fbe73916849 in PyEval_EvalFrameEx () from /usr/lib/libpython2.7.so.1.0
#40 0x00007fbe739172a0 in PyEval_EvalCodeEx () from /usr/lib/libpython2.7.so.1.0
#41 0x00007fbe738a6b30 in function_call () from /usr/lib/libpython2.7.so.1.0
#42 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#43 0x00007fbe7389144d in instancemethod_call () from /usr/lib/libpython2.7.so.1.0
#44 0x00007fbe73882c43 in PyObject_Call () from /usr/lib/libpython2.7.so.1.0
#45 0x00007fbe73883383 in PyObject_CallMethodObjArgs () from /usr/lib/libpython2.7.so.1.0
#46 0x00000000004d33ab in ?? ()
#47 0x000000000062394a in execute_command ()
#48 0x0000000000579451 in ?? ()
#49 0x00000000005798cc in ?? ()
#50 0x00007fbe747c447e in rl_callback_read_char () from /usr/lib/libreadline.so.6
#51 0x00000000005794b9 in ?? ()
#52 0x0000000000578223 in ?? ()
#53 0x0000000000578537 in gdb_do_one_event ()
#54 0x0000000000578757 in start_event_loop ()
#55 0x0000000000572313 in ?? ()
#56 0x0000000000570c5a in catch_errors ()
#57 0x0000000000573086 in ?? ()
#58 0x0000000000570c5a in catch_errors ()
#59 0x00000000005734a4 in gdb_main ()
#60 0x000000000045194e in main ()
#61 0x00007fbe73063b05 in __libc_start_main () from /usr/lib/libc.so.6
#62 0x000000000045197c in _start ()

Any idea what caused the problem and how to fix it? Thanks.

When the process is set to "set follow-fork-mode child" and traceinstr is run on a parent process, it will not follow the child process when the parent forks. Would there possibly be a fix for this?

It is kind of frustrating to break after a fork then start tracing instructions.

When trying to figure out when control returns to a particular page, it might be useful to set the page to non-exec, then continue execution and wait for an access violation when it tries to execute code from that page.
In order to be able to do that, we would need to be able to set page permissions(+x and -x) easily. Such a command might help.

Just a usability suggestion: ropsearch is currently failing pretty quietly. I have two suggestions:

• If no asm was generated, just let the user know. Currently, it looks like no gadget was found, which is something different imho
• If 'nasm' is not installed, all asm compilations fail (of course), but there is no error message. The instructions also don't explicitly mention nasm as pre-requisite. Would it make sense to either raise an error/warning, or list this as pre-requisite?

Hi,

While doing some modifications for my next pull-request I ran into some problems that seem to be due to the fact PEDA.getpid() uses memoization.

The problem is that it always takes the same arguments for the same PEDA instance (self). If I understand correctly, this causes getpid() to return None when it is first called if at that point the inferior (the program we are debugging) is not started, which causes it to also return None for all the future calls.

This is particularly problematic when you consider the fact that PEADCmd _is_running uses PEDA.getpid() to figure out if the program is running or not.

First I'dd like the opinion of someone who is more experienced with this project (I am quite new to it) to now If this is indeed an issue.

If it is, I volunteer to try and find a way to fix it, but I would much appreciate any comments or ideas you might have.

At this point what I would recommend is to not use the memoization decorator, but instead implement a custom memoization that would only save the result if it is not None, and that would only use the saved result after having checked the program is still running. But that still leaves some holes, for example if getpid() is never called between the moment a programed is killed and the moment it is restarted. So we probably need something smarter.

Regards,

Hello,
The peda function "pattern offset" calculates the offset wrong

Here some output peda vs metasploit (pattern_create.rb) tested on level05 io.smashthestack.org :

(gdb) run "AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AALAAhAA7AAMAAiAA8AANAAjAA9AAOAAkAAPAAlAAQAAmAARAAnAASAAoAATAApAAUAAqAAVA"
Starting program: /levels/level05 "AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AALAAhAA7AAMAAiAA8AANAAjAA9AAOAAkAAPAAlAAQAAmAARAAnAASAAoAATAApAAUAAqAAVA"
AAA%AAsAABAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AALAAhAA7AAMAAiAA8AANAAjAA9AAOAAkAAPAAlAAQAAmAARAAnAASAAoAATAApAAUAAqAAVA

Program received signal SIGSEGV, Segmentation fault.
0x41415341 in ?? ()

gdb-peda$ pattern create 500
'AAA%AAsAABAA$AAnAACAA-AA(AADAA;AA)AAEAAaAA0AAFAAbAA1AAGAAcAA2AAHAAdAA3AAIAAeAA4AAJAAfAA5AAKAAgAA6AALAAhAA7AAMAAiAA8AANAAjAA9AAOAAkAAPAAlAAQAAmAARAAnAASAAoAATAApAAUAAqAAVAArAAWAAsAAXAAtAAYAAuAAZAAvAAwAAxAAyAAzA%%A%sA%BA%$A%nA%CA%-A%(A%DA%;A%)A%EA%aA%0A%FA%bA%1A%GA%cA%2A%HA%dA%3A%IA%eA%4A%JA%fA%5A%KA%gA%6A%LA%hA%7A%MA%iA%8A%NA%jA%9A%OA%kA%PA%lA%QA%mA%RA%nA%SA%oA%TA%pA%UA%qA%VA%rA%WA%sA%XA%tA%YA%uA%ZA%vA%wA%xA%yA%zAs%AssAsBAs$AsnAsCAs-As(AsDAs;As)AsEAsaAs0AsFAsbAs1AsGAscAs2AsHAsdAs3AsIAseAs4AsJAsfA'

gdb-peda$ pattern offset 0x41415341
1094800193 found at offset: 149

now with metasploit:

(gdb) run "Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af"
The program being debugged has been started already.
Start it from the beginning? (y or n) y

Starting program: /levels/level05 "Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af"
Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af

Program received signal SIGSEGV, Segmentation fault.
0x37654136 in ?? ()

user@trudy /usr/share/metasploit/tools % ruby-1.9 pattern_create.rb 170
Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af

user@trudy /usr/share/metasploit/tools % ruby-1.9 pattern_offset.rb 37654136  
[*] Exact match at offset 140

PS: I Think special characters in the offset is a bad idea.. is there a way to change this in peda?

EDIT: The special characters are to blame .. special characters on default is a bad idea. You should maybe change the default option for pattern create to 'basic'. thx

One of the nicest things in Olly is the 'double click to toggle status flag'

This would be very handy when you are at a conditional jump.

It would also be very nice if, when at a conditional jump, the flags that are in consideration were highlighted.

Trying to figure out how to see my version of peda easily. Nothing like an 'about' appears in 'peda help', and there doesn't seem to be a peda --version, nor does gdb --version get augmented to include peda.

I suggest adding 'peda about' or something.

I want to ask if GDB Peda is Mac supported?
http://s31.postimg.org/fbfsp592z/Screen_Shot_2016_04_22_at_10_35_12_AM.png
Something is wrong here.

Hello
How can i change address text colors? some peoples can't read the address by that color.

I think there is some problems with ubuntu 13.10, maybe comming from the python version.

"GNU gdb (GDB) 7.6.1-ubuntu
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/.
File "~/peda/peda.py", line 67
except Exception, e:
^
SyntaxError: invalid syntax
"

Is there some soltion ?

Hello! There is some wrong when I using the gdb_peda to debug every executable files in my computor.

My OS is Ubuntu 14.04 x86, gdb version is "GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1", python version is 2.7.

And below is the error info:
─── Output/messages ────────────────────────
[----------------------------------registers-----------------------------------]
EAX: 0x1
EBX: 0xb7fc0000 --> 0x1a9da8
ECX: 0x2dd643aa
EDX: 0xbffff734 --> 0xb7fc0000 --> 0x1a9da8
ESI: 0x0
EDI: 0x0
EBP: 0xbffff708 --> 0x0
ESP: 0xbffff708 --> 0x0
EIP: 0x8048450 (<main+3>: and esp,0xfffffff0)
EFLAGS: 0x246 (carry PARITY adjust ZERO sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
0x8048448 <frame_dummy+40>: jmp 0x80483c0 <register_tm_clones>
0x804844d

**Breakpoint 1, 0x08048450 in main ()

Traceback (most recent call last):
File "/home/chouchou/peda/lib/utils.py", line 47, in call
return self.cache[(self.func, self.instance, args) + tuple(kwargs.items())]
KeyError: (<function format_address at 0xb6fd1d1c>, None, (134513741,))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "", line 196, in
File "", line 215, in on_stop
File "", line 252, in build
File "", line 735, in lines
File "/home/chouchou/peda/lib/utils.py", line 50, in call
value = self.func(_args, *_kwargs)
TypeError: format_address() missing 1 required positional argument: 'type'

I do not known why. Please help me, thanks! D:)

root@debianvm:/root# gdb ./binaryfile
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/...
/root/.gdbinit:1: Error in sourced command file:
/root/peda/peda.py:10: Error in sourced command file:
Undefined command: "import". Try "help".
Reading symbols from ./binaryfile...done.
(gdb) quit

Error on python "import" showes up only at gdb.
It's a know bug? Nothing found on internet search...
Anyone have a clue whats happening?
Ty.

If i want to disable the pager and set pagesize to 0 functions such as hexdump don't work. They print one line and the function usage.
I fixed the problem locally by doing

diff --git a/lib/utils.py b/lib/utils.py
--- a/lib/utils.py
+++ b/lib/utils.py
@@ -201,7 +201,7 @@ def pager(text, pagesize=None):
         pagesize = config.Option.get("pagesize")
     for line in text:
         msg(line)
-        if i % pagesize == 0:
+        if pagesize != 0 and i % pagesize == 0:
             ans = raw_input("--More--(%d/%d)" % (i, l))
             if ans.lower().strip() == "q":
                 break

context call in hook-stop without any parameter. line count was not defined in config.

diff --git a/lib/config.py b/lib/config.py
index 5704fc7..422a410 100644
--- a/lib/config.py
+++ b/lib/config.py
@@ -35,6 +35,7 @@ OPTIONS = {
     "autosave"  : ("on", "auto saving peda session, e.g: on|off"),
     "payload"   : ("peda-payload-#FILENAME#.txt", "target file to save output of payload command"),
     "context"   : ("register,code,stack", "context display setting, e.g: register, code, stack, all"),
+    "context_lines" : ("8", "amount of lines for each context region"),
     "verbose"   : ("off", "show detail execution of commands, e.g: on|off"),
     "debug"     : ("off", "show detail error of peda commands, e.g: on|off"),
     "_teefd"    : ("", "internal use only for tracelog/crashlog writing")
diff --git a/peda.py b/peda.py
index 9f1d10b..98b8ad0 100644
--- a/peda.py
+++ b/peda.py
@@ -4374,7 +4374,7 @@ class PEDACmd(object):
         (opt, count) = normalize_argv(arg, 2)

         if to_int(count) is None:
-            count = 8
+            count = config.Option.get("context_lines")
         if opt is None:
             opt = config.Option.get("context")
         if opt == "all":

Hi,
When i use gdb with option "-tui" or cgdb, the color of peda is not working.
Just like this:
^A^[[;31m^Bgdb-peda$ ^A^[[0m^B (gdb with -tui)
[;31mgdb-peda$ [0m (cgdb)

Is there any solution to deal with this case?

I tried writing the following function as a wrapper around searchmem

def sropsearch(self, s, e):
if s == None or e == None: self._missing_argument()
return self.searchmem(start=s, end=e, search="b877000000cd80".decode('hex'))

Is there something wrong with the above code snippet?

Thanks.

Hello, I got this problem when install peda.

Traceback (most recent call last):
File "~/peda/peda.py", line 40, in
File "/root/peda/lib/shellcode.py", line 35
return {k: six.b(v) for k, v in dict_.items()}
^
SyntaxError: invalid syntax

I'm on centos 6 and my python version is 2.7.12

GNU gdb (Ubuntu/Linaro 7.4-2012.02-0ubuntu2) 7.4-2012.02
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
http://bugs.launchpad.net/gdb-linaro/...
/home/pinko/.gdbinit:1: Error in sourced command file:
Undefined command: "peda". Try "help".
Reading symbols from /home/pinko/Desktop/guestbook...(no debugging symbols found)...done.

python version is 2.7
i don't know why : -(

thx

peda isn't compatible with python3, and my gdb works with python3, whence this great softwre is not working in some versions of gdb :/

for example
print()
except Exception as e
and so on .. you know

For a binary I'm debugging, the stack depth is very deep, so context stack is very slow. However, context stack is run whenever I step with ni. Is there a way to customize the step output?

Hello,
I have a string in the EAX-Register:

gdb-peda$ x/x $eax
0xbffff230: 0x34333231
gdb-peda$ x/s $eax
0xbffff230: "12345"

When I only want the first char gdb can do this:

gdb$ x/c $eax
0xbffff230: 31 '1'

But PEDA does this:

gdb-peda$ x/c $eax
0xbffff230: 0x31

Is there a way to fix this issue?

Any plan to implement this? It would obviously not be forced -- Many like to scroll back, but in many cases I would have an easier time tracking if the whole disass, etc scrolled on every step.

stdout/err, stack, dissass, memdump, regs would be obvious panes to support (I hate when a line of stdout pushes the whole ui down a line and makes it even harder to track).

I started to use gdb-peda but there is a default configuration which is very annoying to me and I can't live without it. I am sure it can be reconfigured easily but I have googled and tried to look in different places but I couldn't find anything about it

Basically, when you do something like x/wx $esp gdb-peda will print one word starting from the address stored in $esp... when I press enter the default behaviour of gdb it will do the following x/wx $esp+0x4 and it keep viewing more data every time I press enter. I can't get the same behaviour in gdb-peda .. when I press enter it repeats the last command which is x/wx $esp

any ideas?

The get_vmmap() function in peda.py is used to get virtual memory address ranges of the debugged process. The problem is this is not process specific, it is actualy thread specific.

A simple example under linux is when the main thread of thread group exits /proc/pid/maps will be empty, instead it should parse /proc/pid/tasks/tid/maps.

Another problem might be that this function is memoized which might not be a good idea, you don't know if the address is invalid now just because it was invalid before.

I might fix this when I have some time in a couple weeks but can't right now.

Hey guys, I have a commit over on my fork of this that does the following

if running : pdisass with no args disassembles until a ret instruction (or until 0x100 lines, could be changed)

if not running : nothing as of yet, but I was considering pdisass disassembling the entrypoint until ret.

Any comments or suggestions would help me greatly. I've used the feature plenty during ctfs, especially when working with any sort of stripped binary

Keep in mind, this is only my implementation of a feature I like. I would like the opinions of everyone on whether this should be it's own command or be implemented differently.

The documentation says that the value of "output-radix" must be a decimal value of either 8,10 or 16. In peda.py, the value is 0x10... Even if 0x10 set the output-radix to 16, it should be written 16 in peda.py.

Another problem: If output-radix is set to 16 instead of 10, the command "x /1cb " will not show the character anymore...Don't know if it's a bug or a desired effect but unless this configuration (output-radix 16) is really important for peda, I would suggest to switch back output-radix to default value (10).

When I invoke this command:

gdb-peda$ shellcode generate x86/linux exec
Generate or download common shellcodes.
Usage:
    shellcode generate [arch/]platform type [port] [host]
    shellcode search keyword (use % for any character wildcard)
    shellcode display shellcodeId (shellcodeId as appears in search results)

    For generate option:
        default port for bindport shellcode: 16706 (0x4142)
        default host/port for connect back shellcode: 127.127.127.127/16706
        supported arch: x86

It always returns this message, I don't what to do so ....
By the way, could you add more options for the shellcode such as avoiding some special bytes?

Here's a minimal working example:

The following file is compiled using gcc -fno-stack-protector -o a.out:

#include <string.h>

int main(int argc, char **argv) {
    char buf[8];
    strcpy(buf, argv[1]);
    return 0;
}

This is run using

ulimit -c unlimited
./a.out 123456789012345678901234567890

Launching peda with gdb a.out core and then running a searchmem '12345678' causes it to abort and dump core.

Peda currently use "skip" as a command to skip instructions

This is a question and discussion, not a bug or anything urgent.

I'dd like to start a debate about the future of Peda. It is a great project and has helped me, and I assume others, a lot. The community seems to like it and there are pull-request pretty often.

@longld mentions peda2 from time to time when talking about certain feature requests or code changes and this is perfectly normal otherwise the project would only become more complex and unmaintainable. However I think the need for Python3 by default on modern Linux distributions such as Ubuntu offers a good excuse to start working on this. Since the beginning of this project the folks over at gdb have also done some nice work on the Python API from which we could profit.

Before starting to work on this and think about how we could do it, I'dd like to hear from @longld what he thinks about the project, which parts would require the most work and what he would have done differently if given the opportunity.

Some things I can think of:

• python 3
• use of events
• reorganize/regroup commands (ropsearch, ropgadget, dumprop for example)

In short, what's the plan? What can we do to help?

is it a good time now to ditch Nasm dependency, and switch to Keystone?

i got this from a conversation with some Peda users at RECON :-)

Hi,

Is there some option I'd have to enable in order to get disassembly of the previous, current and next instructions?

Thanks