mirror of https://github.com/pwndbg/pwndbg.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1.6 KiB
1.6 KiB
probeleak
usage: probeleak [-h] [--max-distance MAX_DISTANCE] [--point-to POINT_TO]
[--max-ptrs MAX_PTRS] [--flags FLAGS]
[address] [count]
Pointer scan for possible offset leaks.
Positional arguments
| Positional Argument | Help |
|---|---|
| address | Leak memory address (default: $sp) |
| count | Leak size in bytes (default: 64) |
Optional arguments
| Short | Long | Help |
|---|---|---|
| -h | --help | show this help message and exit |
| --max-distance | Max acceptable distance between memory page boundary and leaked pointer (default: 0) | |
| --point-to | Mapping name of the page that you want the pointers point to | |
| --max-ptrs | Stop search after find n pointers, default 0 (default: 0) | |
| --flags | flags of the page that you want the pointers point to. [e.g. rwx] |
Examples
> probeleak $rsp 0x64
Leaks 0x64 bytes starting at stack pointer and search for valid pointers.
> probeleak $rsp 0x64 --max-dist 0x10
As above, but pointers may point 0x10 bytes outside of memory page.
> probeleak $rsp 0x64 --point-to libc --max-ptrs 1 --flags rwx
Leaks 0x64 bytes starting at stack pointer and search for one valid pointer
which points to a libc rwx page.