Command pattern

This command will create or search a De Bruijn cyclic pattern to facilitate determining finding offsets in memory.

It should be noted that for better compatibility, the algorithm implemented in GEF is the same as the one in pwntools, and can therefore be used in conjunction.

create

The sub-command create allows to create a new pattern:

gef➤  pattern create 128
[+] Generating a pattern of 128 bytes
aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaab
[+] Saved as '$_gef0'

Ths pattern can be used as as input later on. To generate this input, GEF takes into account the size of architecture (16, 32 or 64 bits), to generate it.

The equivalent command with pwntools is

from pwn import *
p = cyclic(128, n=8)

where n is the number of bytes of the architecture (8 for 64 bits, 4 for 32).

The search sub-command seeks the value given as argument, trying to find it in the De Bruijn sequence

gef➤  pattern search 0x6161616161616167
[+] Searching '0x6161616161616167'
[+] Found at offset 48 (little-endian search) likely
[+] Found at offset 41 (big-endian search)

Note that registers can also be passed as values:

gef➤  pattern search $rbp
[+] Searching '$rbp'
[+] Found at offset 32 (little-endian search) likely
[+] Found at offset 25 (big-endian search)