|cmd|Command to be used with the expression. - eval: the expression is parsed and evaluated as in the debugged language. - execute: the expression is executed as a GDB command. (default: 'eval')|
|expression|The expression to be evaluated and shown in context|
Attempt to find a leak chain given a starting address.
Scans memory near the given address, looks for pointers, and continues that process to attempt to find leaks.
Example: leakfind $rsp --page_name=filename --max_offset=0x48 --max_depth=6. This would look for any chains of leaks that point to a section in filename which begin near $rsp, are never 0x48 bytes further from a known pointer, and are a maximum length of 6.
Attempt to find a leak chain given a starting address.
Scans memory near the given address, looks for pointers, and continues that process to attempt to find leaks.
Example: leakfind $rsp --page_name=filename --max_offset=0x48 --max_depth=6. This would look for any chains of leaks that point to a section in filename which begin near $rsp, are never 0x48 bytes further from a known pointer, and are a maximum length of 6.
### Positional arguments
|Positional Argument|Help|
| :--- | :--- |
|address|Starting address to find a leak chain from (default: $sp)|
probeleak $rsp 0x64 - leaks 0x64 bytes starting at stack pointer and search for valid pointers
probeleak $rsp 0x64 --max-dist 0x10 - as above, but pointers may point 0x10 bytes outside of memory page
probeleak $rsp 0x64 --point-to libc --max-ptrs 1 --flags rwx - leaks 0x64 bytes starting at stack pointer and search for one valid pointer which points to a libc rwx page
Search memory for byte sequences, strings, pointers, and integer values.
By default search results are cached. If you want to cache all results, but only print a subset, use --trunc-out. If you want to cache only a subset of results, and print the results immediately, use --limit. The latter is specially useful if you're searching a huge section of memory.
Search memory for byte sequences, strings, pointers, and integer values.
By default search results are cached. If you want to cache all results, but only print a subset, use --trunc-out. If you want to cache only a subset of results, and print the results immediately, use --limit. The latter is specially useful if you're searching a huge section of memory.
k4lizen
7 months ago
committed by
GitHub