This command will create or search a De Bruijn cyclic pattern to facilitate determining offsets in memory.
It should be noted that for better compatibility, the algorithm implemented in
GEF is the same as the one in
pwntools, and can therefore be used in
create allows to create a new pattern:
gef➤ pattern create 128 [+] Generating a pattern of 128 bytes aaaabaaacaaadaaaeaaafaaagaaahaaaiaaajaaakaaalaaamaaanaaaoaaapaaaqaaaraaasaaataaauaaavaaawaaaxaaayaaazaabbaabcaabdaabeaabfaabgaab [+] Saved as '$_gef0'
Ths pattern can be used as as input later on. To generate this input,
takes into account the size of architecture (16, 32 or 64 bits), to generate
The equivalent command with
from pwn import * p = cyclic(128, n=8)
n is the number of bytes of the architecture (8 for 64 bits, 4 for 32).
search sub-command seeks the value given as argument, trying to find it in
the De Bruijn sequence
gef➤ pattern search 0x6161616161616167 [+] Searching '0x6161616161616167' [+] Found at offset 48 (little-endian search) likely [+] Found at offset 41 (big-endian search)
Note that registers can also be passed as values:
gef➤ pattern search $rbp [+] Searching '$rbp' [+] Found at offset 32 (little-endian search) likely [+] Found at offset 25 (big-endian search)