Giters

xtiankisutsa / llef

LLEF is a plugin for LLDB to make it more useful for RE and VR

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

llef logo

LLEF

LLEF (pronounced Ι¬Ι›f - "hlyeff") is an LLDB plugin to make it more usable for low-level RE and VR. Similar to GEF, but for LLDB.

It uses LLDB's Python API to add extra status output and a few new commands, so that security researchers can more easily use LLDB to analyse software as it's running.

llef demo

πŸ’» Supported Architectures

  • x86_64
  • aarch64

πŸ““ Requirements

βš™ Installation

The instructions below will install LLEF so that it is used by LLDB by default.

  1. Clone the repository.
  2. cd <repo>
  3. Run ./install.sh

β–Ά Usage

Launch LLDB

lldb-15 <optional binary to debug>

Use commands:

Pattern Create

(lldb) pattern create 10
[+] Generating a pattern of 10 bytes (n=4)
aaaabaaaca
[+] Pattern saved in variable: $8
(lldb) pattern create 100 -n 2
[+] Generating a pattern of 100 bytes (n=2)
aabacadaea
[+] Pattern saved in variable: $9

Pattern Search

(lldb) pattern search $rdx
[+] Found in $10 at index 45 (big endian)
(lldb) pattern search $8
[+] Found in $10 at index 0 (little endian)
(lldb) pattern search aaaabaaac
[+] Found in $8 at index 0 (little endian)
(lldb) pattern search 0x61616161626161616361
[+] Found in $8 at index 0 (little endian)

Breakpoint hook

This is automatic and prints all the currently implemented information at a break point.

πŸ‘·β€β™‚οΈ Troubleshooting LLDB Python support

LLDB comes bundled with python modules that are required for LLEF to run. If on launching LLDB with LLEF you encounter ModuleNotFoundError messages it is likely you will need to manually add the LLDB python modules on your python path.

To do this run the following to establish your site-packages location:

python3 -m site --user-site

Then locate the LLDB python modules location. This is typically at a location such as /usr/lib/llvm-15/lib/python3.10/dist-packages but depends on your python version.

Finally, modify and excute the following to add the above LLDB module path into a new file lldb.pth in the site-packages location discovered above.

echo "/usr/lib/llvm-15/lib/python3.10/dist-packages" > ~/.local/lib/python3.10/site-packages/lldb.pth

πŸ‘ Thanks

We’re obviously standing on the shoulders of giants here - we’d like to credit hugsy for GEF in particular, from which this tool draws heavy inspiration! Please consider this imitation as flattery πŸ™‚

If you'd like to read a bit more about LLEF you could visit our launch blog post.

About

LLEF is a plugin for LLDB to make it more useful for RE and VR

License:MIT License

Languages

Language:Python 97.8%Language:Shell 2.2%