Skip to content

module GEF

Global Variables

  • GEF_DEFAULT_BRANCH
  • GEF_EXTRAS_DEFAULT_BRANCH
  • GDB_MIN_VERSION
  • GDB_VERSION
  • PYTHON_MIN_VERSION
  • PYTHON_VERSION
  • DEFAULT_PAGE_ALIGN_SHIFT
  • DEFAULT_PAGE_SIZE
  • GEF_TEMP_DIR
  • GEF_MAX_STRING_LENGTH
  • LIBC_HEAP_MAIN_ARENA_DEFAULT_NAME
  • ANSI_SPLIT_RE
  • LEFT_ARROW
  • RIGHT_ARROW
  • DOWN_ARROW
  • HORIZONTAL_LINE
  • VERTICAL_LINE
  • CROSS
  • TICK
  • BP_GLYPH
  • GEF_PROMPT
  • GEF_PROMPT_ON
  • GEF_PROMPT_OFF
  • PREFIX
  • gdb_initial_settings
  • cmd
  • gef
  • progspace
  • errmsg
  • hook

function http_get

http_get(url: str) → Optional[bytes]

Basic HTTP wrapper for GET request. Return the body of the page if HTTP code is OK, otherwise return None.

function update_gef

update_gef(argv: List[str]) → int

Try to update gef to the latest version pushed on GitHub main branch. Return 0 on success, 1 on failure.

function reset_all_caches

reset_all_caches() → None

Free all caches. If an object is cached, it will have a callable attribute cache_clear which will be invoked to purge the function cache.

function reset

reset() → None

function highlight_text

highlight_text(text: str) → str

Highlight text using gef.ui.highlight_table { match -> color } settings.

If RegEx is enabled it will create a match group around all items in the gef.ui.highlight_table and wrap the specified color in the gef.ui.highlight_table around those matches.

If RegEx is disabled, split by ANSI codes and 'colorify' each match found within the specified string.

function gef_print

gef_print(*args: str, end='\n', sep=' ', **kwargs: Any) → None

Wrapper around print(), using string buffering feature.

function bufferize

bufferize(f: Callable) → Callable

Store the content to be printed for a function in memory, and flush it on function exit.

function p8

p8(
    x: int,
    s: bool = False,
    e: Optional[ForwardRef('Endianness')] = None
) → bytes

Pack one byte respecting the current architecture endianness.

function p16

p16(
    x: int,
    s: bool = False,
    e: Optional[ForwardRef('Endianness')] = None
) → bytes

Pack one word respecting the current architecture endianness.

function p32

p32(
    x: int,
    s: bool = False,
    e: Optional[ForwardRef('Endianness')] = None
) → bytes

Pack one dword respecting the current architecture endianness.

function p64

p64(
    x: int,
    s: bool = False,
    e: Optional[ForwardRef('Endianness')] = None
) → bytes

Pack one qword respecting the current architecture endianness.

function u8

u8(
    x: bytes,
    s: bool = False,
    e: Optional[ForwardRef('Endianness')] = None
) → int

Unpack one byte respecting the current architecture endianness.

function u16

u16(
    x: bytes,
    s: bool = False,
    e: Optional[ForwardRef('Endianness')] = None
) → int

Unpack one word respecting the current architecture endianness.

function u32

u32(
    x: bytes,
    s: bool = False,
    e: Optional[ForwardRef('Endianness')] = None
) → int

Unpack one dword respecting the current architecture endianness.

function u64

u64(
    x: bytes,
    s: bool = False,
    e: Optional[ForwardRef('Endianness')] = None
) → int

Unpack one qword respecting the current architecture endianness.

function is_ascii_string

is_ascii_string(address: int) → bool

Helper function to determine if the buffer pointed by address is an ASCII string (in GDB)

function is_alive

is_alive() → bool

Check if GDB is running.

function calling_function

calling_function() → Optional[str]

Return the name of the calling function

function only_if_gdb_running

only_if_gdb_running(f: Callable) → Callable

Decorator wrapper to check if GDB is running.

function only_if_gdb_target_local

only_if_gdb_target_local(f: Callable) → Callable

Decorator wrapper to check if GDB is running locally (target not remote).

function deprecated

deprecated(solution: str = '') → Callable

Decorator to add a warning when a command is obsolete and will be removed.

function experimental_feature

experimental_feature(f: Callable) → Callable

Decorator to add a warning when a feature is experimental.

function only_if_events_supported

only_if_events_supported(event_type: str) → Callable

Checks if GDB supports events without crashing.

function wrapped_f

wrapped_f(*args: Any, **kwargs: Any) → Any

function wrapped_f

wrapped_f(*args: Any, **kwargs: Any) → Any

function wrapped_f

wrapped_f(*args: Any, **kwargs: Any) → Any

function wrapped_f

wrapped_f(*args: Any, **kwargs: Any) → Any

function wrapped_f

wrapped_f(*args: Any, **kwargs: Any) → Any

function wrapped_f

wrapped_f(*args: Any, **kwargs: Any) → Any

function wrapped_f

wrapped_f(*args: Any, **kwargs: Any) → Any

function wrapped_f

wrapped_f(*args: Any, **kwargs: Any) → Any

function wrapped_f

wrapped_f(*args: Any, **kwargs: Any) → Any

function wrapped_f

wrapped_f(*args: Any, **kwargs: Any) → Any

function wrapped_f

wrapped_f(*args: Any, **kwargs: Any) → Any

function wrapped_f

wrapped_f(*args: Any, **kwargs: Any) → Any

function wrapped_f

wrapped_f(*args: Any, **kwargs: Any) → Any

function wrapped_f

wrapped_f(*args: Any, **kwargs: Any) → Any

function FakeExit

FakeExit(*args: Any, **kwargs: Any) → NoReturn

function parse_arguments

parse_arguments(
    required_arguments: Dict[Union[str, Tuple[str, str]], Any],
    optional_arguments: Dict[Union[str, Tuple[str, str]], Any]
) → Callable

Argument parsing decorator.

function search_for_main_arena

search_for_main_arena() → int

search_for_main_arena is DEPRECATED and will be removed in the future. Use GefHeapManager.find_main_arena_addr()

function get_libc_version

get_libc_version() → Tuple[int, ...]

get_libc_version is DEPRECATED and will be removed in the future. Use GefLibcManager.find_libc_version()

function titlify

titlify(
    text: str,
    color: Optional[str] = None,
    msg_color: Optional[str] = None
) → str

Print a centered title.

function dbg

dbg(msg: str) → None

function err

err(msg: str) → None

function warn

warn(msg: str) → None

function ok

ok(msg: str) → None

function info

info(msg: str) → None

function push_context_message

push_context_message(level: str, message: str) → None

Push the message to be displayed the next time the context is invoked.

function show_last_exception

show_last_exception() → None

Display the last Python exception.

function gef_pystring

gef_pystring(x: bytes) → str

Returns a sanitized version as string of the bytes list given in input.

function gef_pybytes

gef_pybytes(x: str) → bytes

Returns an immutable bytes list from the string given as input.

function style_byte

style_byte(b: int, color: bool = True) → str

function hexdump

hexdump(
    source: ByteString,
    length: int = 16,
    separator: str = '.',
    show_raw: bool = False,
    show_symbol: bool = True,
    base: int = 0
) → str

Return the hexdump of src argument. @param source MUST be of type bytes or bytearray @param length is the length of items per line @param separator is the default character to use if one byte is not printable @param show_raw if True, do not add the line nor the text translation @param base is the start address of the block being hexdump @return a string with the hexdump

function is_debug

is_debug() → bool

Check if debug mode is enabled.

function buffer_output

buffer_output() → bool

Check if output should be buffered until command completion.

function hide_context

hide_context() → bool

Helper function to hide the context pane.

function unhide_context

unhide_context() → bool

Helper function to unhide the context pane.

function enable_redirect_output

enable_redirect_output(to_file: str = '/dev/null') → None

Redirect all GDB output to to_file parameter. By default, to_file redirects to /dev/null.

function disable_redirect_output

disable_redirect_output() → None

Disable the output redirection, if any.

function gef_makedirs

gef_makedirs(path: str, mode: int = 493) → Path

Recursive mkdir() creation. If successful, return the absolute path of the directory created.

function gdb_disassemble

gdb_disassemble(
    start_pc: int,
    **kwargs: int
) → Generator[__main__.Instruction, NoneType, NoneType]

Disassemble instructions from start_pc (Integer). Accepts the following named

parameters:

  • end_pc (Integer) only instructions whose start address fall in the interval from start_pc to end_pc are returned.
  • count (Integer) list at most this many disassembled instructions If end_pc and count are not provided, the function will behave as if count=1. Return an iterator of Instruction objects

function gdb_get_nth_previous_instruction_address

gdb_get_nth_previous_instruction_address(addr: int, n: int) → Optional[int]

Return the address (Integer) of the n-th instruction before addr.

function gdb_get_nth_next_instruction_address

gdb_get_nth_next_instruction_address(addr: int, n: int) → int

Return the address of the n-th instruction after addr. gdb_get_nth_next_instruction_address is DEPRECATED and will be removed in the future. Use gef_instruction_n().address

function gef_instruction_n

gef_instruction_n(addr: int, n: int) → Instruction

Return the n-th instruction after addr as an Instruction object. Note that n is treated as an positive index, starting from 0 (current instruction address)

function gef_get_instruction_at

gef_get_instruction_at(addr: int) → Instruction

Return the full Instruction found at the specified address.

function gef_current_instruction

gef_current_instruction(addr: int) → Instruction

Return the current instruction as an Instruction object.

function gef_next_instruction

gef_next_instruction(addr: int) → Instruction

Return the next instruction as an Instruction object.

function gef_disassemble

gef_disassemble(
    addr: int,
    nb_insn: int,
    nb_prev: int = 0
) → Generator[__main__.Instruction, NoneType, NoneType]

Disassemble nb_insn instructions after addr and nb_prev before addr. Return an iterator of Instruction objects.

function gef_execute_external

gef_execute_external(
    command: Sequence[str],
    as_list: bool = False,
    **kwargs: Any
) → Union[str, List[str]]

Execute an external command and return the result.

function gef_execute_gdb_script

gef_execute_gdb_script(commands: str) → None

Execute the parameter source as GDB command. This is done by writing commands to a temporary file, which is then executed via GDB source command. The tempfile is then deleted.

function checksec

checksec(filename: str) → Dict[str, bool]

checksec is DEPRECATED and will be removed in the future. Use Elf(fname).checksec()

function get_arch

get_arch() → str

Return the binary's architecture. get_arch is DEPRECATED and will be removed in the future. Use gef.arch instead

function get_entry_point

get_entry_point() → Optional[int]

Return the binary entry point. get_entry_point is DEPRECATED and will be removed in the future. Use gef.binary.entry_point instead

function is_pie

is_pie(fpath: str) → bool

function is_big_endian

is_big_endian() → bool

is_big_endian is DEPRECATED and will be removed in the future. Prefer gef.arch.endianness == Endianness.BIG_ENDIAN

function is_little_endian

is_little_endian() → bool

is_little_endian is DEPRECATED and will be removed in the future. gef.arch.endianness == Endianness.LITTLE_ENDIAN

function flags_to_human

flags_to_human(reg_value: int, value_table: Dict[int, str]) → str

Return a human readable string showing the flag states.

function register_architecture

register_architecture(
    cls: Type[ForwardRef('Architecture')]
) → Type[ForwardRef('Architecture')]

register_architecture is DEPRECATED and will be removed in the future. Using the decorator register_architecture is unecessary

function copy_to_clipboard

copy_to_clipboard(data: bytes) → None

Helper function to submit data to the clipboard

function use_stdtype

use_stdtype() → str

function use_default_type

use_default_type() → str

function use_golang_type

use_golang_type() → str

function use_rust_type

use_rust_type() → str

function to_unsigned_long

to_unsigned_long(v: gdb.Value) → int

Cast a gdb.Value to unsigned long.

function get_path_from_info_proc

get_path_from_info_proc() → Optional[str]

function get_os

get_os() → str

get_os is DEPRECATED and will be removed in the future. Use gef.session.os

function get_filepath

get_filepath() → Optional[str]

Return the local absolute path of the file currently debugged.

function get_function_length

get_function_length(sym: str) → int

Attempt to get the length of the raw bytes of a function.

function process_lookup_address

process_lookup_address(address: int) → Optional[__main__.Section]

Look up for an address in memory. Return an Address object if found, None otherwise.

function xor

xor(data: ByteString, key: str) → bytearray

Return data xor-ed with key.

function is_hex

is_hex(pattern: str) → bool

Return whether provided string is a hexadecimal value.

function continue_handler

continue_handler(_: 'gdb.ContinueEvent') → None

GDB event handler for new object continue cases.

function hook_stop_handler

hook_stop_handler(_: 'gdb.StopEvent') → None

GDB event handler for stop cases.

function new_objfile_handler

new_objfile_handler(evt: Optional[ForwardRef('gdb.NewObjFileEvent')]) → None

GDB event handler for new object file cases.

function exit_handler

exit_handler(_: 'gdb.ExitedEvent') → None

GDB event handler for exit cases.

function memchanged_handler

memchanged_handler(_: 'gdb.MemoryChangedEvent') → None

GDB event handler for mem changes cases.

function regchanged_handler

regchanged_handler(_: 'gdb.RegisterChangedEvent') → None

GDB event handler for reg changes cases.

function get_terminal_size

get_terminal_size() → Tuple[int, int]

Return the current terminal size.

function reset_architecture

reset_architecture(arch: Optional[str] = None) → None

Sets the current architecture. If an architecture is explicitly specified by parameter, try to use that one. If this fails, an OSError exception will occur. If no architecture is specified, then GEF will attempt to determine automatically based on the current ELF target. If this fails, an OSError exception will occur.

function get_memory_alignment

get_memory_alignment(in_bits: bool = False) → int

Try to determine the size of a pointer on this system. First, try to parse it out of the ELF header. Next, use the size of size_t. Finally, try the size of $pc. If in_bits is set to True, the result is returned in bits, otherwise in bytes. get_memory_alignment is DEPRECATED and will be removed in the future. Use gef.arch.ptrsize instead

function clear_screen

clear_screen(tty: str = '') → None

Clear the screen.

function format_address

format_address(addr: int) → str

Format the address according to its size.

function format_address_spaces

format_address_spaces(addr: int, left: bool = True) → str

Format the address according to its size, but with spaces instead of zeroes.

function align_address

align_address(address: int) → int

Align the provided address to the process's native length.

function align_address_to_size

align_address_to_size(address: int, align: int) → int

Align the address to the given size.

function align_address_to_page

align_address_to_page(address: int) → int

Align the address to a page.

function parse_address

parse_address(address: str) → int

Parse an address and return it as an Integer.

function is_in_x86_kernel

is_in_x86_kernel(address: int) → bool

function is_remote_debug

is_remote_debug() → bool

"Return True is the current debugging session is running through GDB remote session.

function de_bruijn

de_bruijn(alphabet: bytes, n: int) → Generator[str, NoneType, NoneType]

De Bruijn sequence for alphabet and subsequences of length n (for compat. w/ pwnlib).

function generate_cyclic_pattern

generate_cyclic_pattern(length: int, cycle: int = 4) → bytearray

Create a length byte bytearray of a de Bruijn cyclic pattern.

function safe_parse_and_eval

safe_parse_and_eval(value: str) → Optional[ForwardRef('gdb.Value')]

GEF wrapper for gdb.parse_and_eval(): this function returns None instead of raising gdb.error if the eval failed.

function gef_convenience

gef_convenience(value: Union[str, bytes]) → str

Defines a new convenience value.

function parse_string_range

parse_string_range(s: str) → Iterator[int]

Parses an address range (e.g. 0x400000-0x401000)

function gef_get_pie_breakpoint

gef_get_pie_breakpoint(num: int) → PieVirtualBreakpoint

gef_get_pie_breakpoint is DEPRECATED and will be removed in the future. Use gef.session.pie_breakpoints[num]

function endian_str

endian_str() → str

endian_str is DEPRECATED and will be removed in the future. Use str(gef.arch.endianness) instead

function get_gef_setting

get_gef_setting(name: str) → Any

get_gef_setting is DEPRECATED and will be removed in the future. Use gef.config[key]

function set_gef_setting

set_gef_setting(name: str, value: Any) → None

set_gef_setting is DEPRECATED and will be removed in the future. Use gef.config[key] = value

function gef_getpagesize

gef_getpagesize() → int

gef_getpagesize is DEPRECATED and will be removed in the future. Use gef.session.pagesize

function gef_read_canary

gef_read_canary() → Optional[Tuple[int, int]]

gef_read_canary is DEPRECATED and will be removed in the future. Use gef.session.canary

function get_pid

get_pid() → int

get_pid is DEPRECATED and will be removed in the future. Use gef.session.pid

function get_filename

get_filename() → str

get_filename is DEPRECATED and will be removed in the future. Use gef.session.file.name

function get_glibc_arena

get_glibc_arena() → Optional[__main__.GlibcArena]

get_glibc_arena is DEPRECATED and will be removed in the future. Use gef.heap.main_arena

function get_register

get_register(regname) → Optional[int]

get_register is DEPRECATED and will be removed in the future. Use gef.arch.register(regname)

function get_process_maps

get_process_maps() → List[__main__.Section]

get_process_maps is DEPRECATED and will be removed in the future. Use gef.memory.maps

function set_arch

set_arch(arch: Optional[str] = None, _: Optional[str] = None) → None

set_arch is DEPRECATED and will be removed in the future. Use reset_architecture

function register_external_context_pane

register_external_context_pane(
    pane_name: str,
    display_pane_function: Callable[[], NoneType],
    pane_title_function: Callable[[], Optional[str]],
    condition: Optional[Callable[[], bool]] = None
) → None

Registering function for new GEF Context View. pane_name: a string that has no spaces (used in settings) display_pane_function: a function that uses gef_print() to print strings pane_title_function: a function that returns a string or None, which will be displayed as the title. If None, no title line is displayed. condition: an optional callback: if not None, the callback will be executed first. If it returns true, then only the pane title and content will displayed. Otherwise, it's simply skipped.

Example usage for a simple text to show when we hit a syscall: def only_syscall(): return gef_current_instruction(gef.arch.pc).is_syscall() def display_pane(): gef_print("Wow, I am a context pane!") def pane_title(): return "example:pane" register_external_context_pane("example_pane", display_pane, pane_title, only_syscall)

function register_external_command

register_external_command(
    cls: Type[ForwardRef('GenericCommand')]
) → Type[ForwardRef('GenericCommand')]

Registering function for new GEF (sub-)command to GDB. register_external_command is DEPRECATED and will be removed in the future. Use register(), and inherit from GenericCommand instead

function register_command

register_command(
    cls: Type[ForwardRef('GenericCommand')]
) → Type[ForwardRef('GenericCommand')]

Decorator for registering new GEF (sub-)command to GDB. register_command is DEPRECATED and will be removed in the future. Use register(), and inherit from GenericCommand instead

function register_priority_command

register_priority_command(
    cls: Type[ForwardRef('GenericCommand')]
) → Type[ForwardRef('GenericCommand')]

Decorator for registering new command with priority, meaning that it must loaded before the other generic commands. register_priority_command is DEPRECATED and will be removed in the future.

function register

register(
    cls: Union[Type[ForwardRef('GenericCommand')], Type[ForwardRef('GenericFunction')]]
) → Union[Type[ForwardRef('GenericCommand')], Type[ForwardRef('GenericFunction')]]

function register_function

register_function(
    cls: Type[ForwardRef('GenericFunction')]
) → Type[ForwardRef('GenericFunction')]

Decorator for registering a new convenience function to GDB. register_function is DEPRECATED and will be removed in the future.

class AARCH64

property AARCH64.cpsr

property AARCH64.endianness

property AARCH64.fp

property AARCH64.instruction_length

property AARCH64.pc

property AARCH64.ptrsize

Determine the size of pointer from the current CPU mode

property AARCH64.registers

property AARCH64.sp

function AARCH64.canary_address

canary_address() → int

function AARCH64.flag_register_to_human

flag_register_to_human(val: Optional[int] = None) → str

function AARCH64.get_ith_parameter

get_ith_parameter(i: int, in_func: bool = True) → Tuple[str, Optional[int]]

Retrieves the correct parameter used for the current function call.

function AARCH64.get_ra

get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int

function AARCH64.is_aarch32

is_aarch32() → bool

Determine if the CPU is currently in AARCH32 mode from runtime.

function AARCH64.is_branch_taken

is_branch_taken(insn: __main__.Instruction) → Tuple[bool, str]

function AARCH64.is_call

is_call(insn: __main__.Instruction) → bool

function AARCH64.is_conditional_branch

is_conditional_branch(insn: __main__.Instruction) → bool

function AARCH64.is_ret

is_ret(insn: __main__.Instruction) → bool

function AARCH64.is_thumb

is_thumb() → bool

Determine if the machine is currently in THUMB mode.

function AARCH64.is_thumb32

is_thumb32() → bool

Determine if the CPU is currently in THUMB32 mode from runtime.

function AARCH64.mprotect_asm

mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str

function AARCH64.register

register(name: str) → int

function AARCH64.reset_caches

reset_caches() → None

function AARCH64.supports_gdb_arch

supports_gdb_arch(gdb_arch: str) → Optional[bool]

If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.

class ARM

property ARM.cpsr

property ARM.endianness

property ARM.fp

property ARM.instruction_length

property ARM.mode

property ARM.pc

property ARM.ptrsize

property ARM.registers

property ARM.sp

function ARM.canary_address

canary_address() → int

function ARM.flag_register_to_human

flag_register_to_human(val: Optional[int] = None) → str

function ARM.get_ith_parameter

get_ith_parameter(i: int, in_func: bool = True) → Tuple[str, Optional[int]]

Retrieves the correct parameter used for the current function call.

function ARM.get_ra

get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int

function ARM.is_branch_taken

is_branch_taken(insn: __main__.Instruction) → Tuple[bool, str]

function ARM.is_call

is_call(insn: __main__.Instruction) → bool

function ARM.is_conditional_branch

is_conditional_branch(insn: __main__.Instruction) → bool

function ARM.is_ret

is_ret(insn: __main__.Instruction) → bool

function ARM.is_thumb

is_thumb() → bool

Determine if the machine is currently in THUMB mode.

function ARM.mprotect_asm

mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str

function ARM.register

register(name: str) → int

function ARM.reset_caches

reset_caches() → None

function ARM.supports_gdb_arch

supports_gdb_arch(gdb_arch: str) → Optional[bool]

If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.

class ASLRCommand

View/modify the ASLR setting of GDB. By default, GDB will disable ASLR when it starts the process. (i.e. not attached). This command allows to change that setting.

function ASLRCommand.__init__

__init__(*args: Any, **kwargs: Any) → None

property ASLRCommand.settings

Return the list of settings for this command.

function ASLRCommand.add_setting

add_setting(
    name: str,
    value: Tuple[Any, type, str],
    description: str = ''
) → None

add_setting is DEPRECATED and will be removed in the future. Use self[setting_name] = value instead

function ASLRCommand.del_setting

del_setting(name: str) → None

del_setting is DEPRECATED and will be removed in the future. Use del self[setting_name] instead

function ASLRCommand.do_invoke

do_invoke(argv: List[str]) → None

function ASLRCommand.get_setting

get_setting(name: str) → Any

get_setting is DEPRECATED and will be removed in the future. Use self[setting_name] instead

function ASLRCommand.has_setting

has_setting(name: str) → bool

has_setting is DEPRECATED and will be removed in the future. Use setting_name in self instead

function ASLRCommand.invoke

invoke(args: str, from_tty: bool) → None

function ASLRCommand.post_load

post_load() → None

function ASLRCommand.pre_load

pre_load() → None

function ASLRCommand.usage

usage() → None

class Address

GEF representation of memory addresses.

function Address.__init__

__init__(**kwargs: Any) → None

property Address.valid

function Address.dereference

dereference() → Optional[int]

function Address.is_in_heap_segment

is_in_heap_segment() → bool

function Address.is_in_stack_segment

is_in_stack_segment() → bool

function Address.is_in_text_segment

is_in_text_segment() → bool

class AliasesAddCommand

Command to add aliases.

function AliasesAddCommand.__init__

__init__() → None

property AliasesAddCommand.settings

Return the list of settings for this command.

function AliasesAddCommand.add_setting

add_setting(
    name: str,
    value: Tuple[Any, type, str],
    description: str = ''
) → None

add_setting is DEPRECATED and will be removed in the future. Use self[setting_name] = value instead

function AliasesAddCommand.del_setting

del_setting(name: str) → None

del_setting is DEPRECATED and will be removed in the future. Use del self[setting_name] instead

function AliasesAddCommand.do_invoke

do_invoke(argv: List[str]) → None

function AliasesAddCommand.get_setting

get_setting(name: str) → Any

get_setting is DEPRECATED and will be removed in the future. Use self[setting_name] instead

function AliasesAddCommand.has_setting

has_setting(name: str) → bool

has_setting is DEPRECATED and will be removed in the future. Use setting_name in self instead

function AliasesAddCommand.invoke

invoke(args: str, from_tty: bool) → None

function AliasesAddCommand.post_load

post_load() → None

function AliasesAddCommand.pre_load

pre_load() → None

function AliasesAddCommand.usage

usage() → None

class AliasesCommand

Base command to add, remove, or list aliases.

function AliasesCommand.__init__

__init__() → None

property AliasesCommand.settings

Return the list of settings for this command.

function AliasesCommand.add_setting

add_setting(
    name: str,
    value: Tuple[Any, type, str],
    description: str = ''
) → None

add_setting is DEPRECATED and will be removed in the future. Use self[setting_name] = value instead

function AliasesCommand.del_setting

del_setting(name: str) → None

del_setting is DEPRECATED and will be removed in the future. Use del self[setting_name] instead

function AliasesCommand.do_invoke

do_invoke(_: List[str]) → None

function AliasesCommand.get_setting

get_setting(name: str) → Any

get_setting is DEPRECATED and will be removed in the future. Use self[setting_name] instead

function AliasesCommand.has_setting

has_setting(name: str) → bool

has_setting is DEPRECATED and will be removed in the future. Use setting_name in self instead

function AliasesCommand.invoke

invoke(args: str, from_tty: bool) → None

function AliasesCommand.post_load

post_load() → None

function AliasesCommand.pre_load

pre_load() → None

function AliasesCommand.usage

usage() → None

class AliasesListCommand

Command to list aliases.

function AliasesListCommand.__init__

__init__() → None

property AliasesListCommand.settings

Return the list of settings for this command.

function AliasesListCommand.add_setting

add_setting(
    name: str,
    value: Tuple[Any, type, str],
    description: str = ''
) → None

add_setting is DEPRECATED and will be removed in the future. Use self[setting_name] = value instead

function AliasesListCommand.del_setting

del_setting(name: str) → None

del_setting is DEPRECATED and will be removed in the future. Use del self[setting_name] instead

function AliasesListCommand.do_invoke

do_invoke(_: List[str]) → None

function AliasesListCommand.get_setting

get_setting(name: str) → Any

get_setting is DEPRECATED and will be removed in the future. Use self[setting_name] instead

function AliasesListCommand.has_setting

has_setting(name: str) → bool

has_setting is DEPRECATED and will be removed in the future. Use setting_name in self instead

function AliasesListCommand.invoke

invoke(args: str, from_tty: bool) → None

function AliasesListCommand.post_load

post_load() → None

function AliasesListCommand.pre_load

pre_load() → None

function AliasesListCommand.usage

usage() → None

class AliasesRmCommand

Command to remove aliases.

function AliasesRmCommand.__init__

__init__() → None

property AliasesRmCommand.settings

Return the list of settings for this command.

function AliasesRmCommand.add_setting

add_setting(
    name: str,
    value: Tuple[Any, type, str],
    description: str = ''
) → None

add_setting is DEPRECATED and will be removed in the future. Use self[setting_name] = value instead

function AliasesRmCommand.del_setting

del_setting(name: str) → None

del_setting is DEPRECATED and will be removed in the future. Use del self[setting_name] instead

function AliasesRmCommand.do_invoke

do_invoke(argv: List[str]) → None

function AliasesRmCommand.get_setting

get_setting(name: str) → Any

get_setting is DEPRECATED and will be removed in the future. Use self[setting_name] instead

function AliasesRmCommand.has_setting

has_setting(name: str) → bool

has_setting is DEPRECATED and will be removed in the future. Use setting_name in self instead

function AliasesRmCommand.invoke

invoke(args: str, from_tty: bool) → None

function AliasesRmCommand.post_load

post_load() → None

function AliasesRmCommand.pre_load

pre_load() → None

function AliasesRmCommand.usage

usage() → None

class Architecture

Generic metaclass for the architecture supported by GEF.

property Architecture.endianness

property Architecture.fp

property Architecture.pc

property Architecture.ptrsize

property Architecture.registers

property Architecture.sp

function Architecture.canary_address

canary_address() → int

function Architecture.flag_register_to_human

flag_register_to_human(val: Optional[int] = None) → str

function Architecture.get_ith_parameter

get_ith_parameter(i: int, in_func: bool = True) → Tuple[str, Optional[int]]

Retrieves the correct parameter used for the current function call.

function Architecture.get_ra

get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → Optional[int]

function Architecture.is_branch_taken

is_branch_taken(insn: __main__.Instruction) → Tuple[bool, str]

function Architecture.is_call

is_call(insn: __main__.Instruction) → bool

function Architecture.is_conditional_branch

is_conditional_branch(insn: __main__.Instruction) → bool

function Architecture.is_ret

is_ret(insn: __main__.Instruction) → bool

function Architecture.mprotect_asm

mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str

function Architecture.register

register(name: str) → int

function Architecture.reset_caches

reset_caches() → None

function Architecture.supports_gdb_arch

supports_gdb_arch(gdb_arch: str) → Optional[bool]

If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.

class ArchitectureBase

Class decorator for declaring an architecture to GEF.

class BssBaseFunction

Return the current bss base address plus the given offset.

function BssBaseFunction.__init__

__init__() → None

function BssBaseFunction.arg_to_long

arg_to_long(args: List, index: int, default: int = 0) → int

function BssBaseFunction.do_invoke

do_invoke(args: List) → int

function BssBaseFunction.invoke

invoke(*args: Any) → int

class CanaryCommand

Shows the canary value of the current process.

function CanaryCommand.__init__

__init__(*args: Any, **kwargs: Any) → None

property CanaryCommand.settings

Return the list of settings for this command.

function CanaryCommand.add_setting

add_setting(
    name: str,
    value: Tuple[Any, type, str],
    description: str = ''
) → None

add_setting is DEPRECATED and will be removed in the future. Use self[setting_name] = value instead

function CanaryCommand.del_setting

del_setting(name: str) → None

del_setting is DEPRECATED and will be removed in the future. Use del self[setting_name] instead

function CanaryCommand.do_invoke

do_invoke(argv: List[str]) → None

function CanaryCommand.get_setting

get_setting(name: str) → Any

get_setting is DEPRECATED and will be removed in the future. Use self[setting_name] instead

function CanaryCommand.has_setting

has_setting(name: str) → bool

has_setting is DEPRECATED and will be removed in the future. Use setting_name in self instead

function CanaryCommand.invoke

invoke(args: str, from_tty: bool) → None

function CanaryCommand.post_load

post_load() → None

function CanaryCommand.pre_load

pre_load() → None

function CanaryCommand.usage

usage() → None

class ChangeFdCommand

ChangeFdCommand: redirect file descriptor during runtime.

function ChangeFdCommand.__init__

__init__(*args: Any, **kwargs: Any) → None

property ChangeFdCommand.settings

Return the list of settings for this command.

function ChangeFdCommand.add_setting

add_setting(
    name: str,
    value: Tuple[Any, type, str],
    description: str = ''
) → None

add_setting is DEPRECATED and will be removed in the future. Use self[setting_name] = value instead

function ChangeFdCommand.del_setting

del_setting(name: str) → None

del_setting is DEPRECATED and will be removed in the future. Use del self[setting_name] instead

function ChangeFdCommand.do_invoke

do_invoke(argv: List[str]) → None

function ChangeFdCommand.get_fd_from_result

get_fd_from_result(res: str) → int

function ChangeFdCommand.get_setting

get_setting(name: str) → Any

get_setting is DEPRECATED and will be removed in the future. Use self[setting_name] instead

function ChangeFdCommand.has_setting

has_setting(name: str) → bool

has_setting is DEPRECATED and will be removed in the future. Use setting_name in self instead

function ChangeFdCommand.invoke

invoke(args: str, from_tty: bool) → None

function ChangeFdCommand.post_load

post_load() → None

function ChangeFdCommand.pre_load

pre_load() → None

function ChangeFdCommand.usage

usage() → None

class ChangePermissionBreakpoint

When hit, this temporary breakpoint will restore the original code, and position $pc correctly.

function ChangePermissionBreakpoint.__init__

__init__(loc: str, code: ByteString, pc: int) → None

function ChangePermissionBreakpoint.stop

stop() → bool

class ChecksecCommand

Checksec the security properties of the current executable or passed as argument. The command checks for the following protections: - PIE - NX - RelRO - Glibc Stack Canaries - Fortify Source

function ChecksecCommand.__init__

__init__() → None

property ChecksecCommand.settings

Return the list of settings for this command.

function ChecksecCommand.add_setting

add_setting(
    name: str,
    value: Tuple[Any, type, str],
    description: str = ''
) → None

add_setting is DEPRECATED and will be removed in the future. Use self[setting_name] = value instead

function ChecksecCommand.del_setting

del_setting(name: str) → None

del_setting is DEPRECATED and will be removed in the future. Use del self[setting_name] instead

function ChecksecCommand.do_invoke

do_invoke(argv: List[str]) → None

function ChecksecCommand.get_setting

get_setting(name: str) → Any

get_setting is DEPRECATED and will be removed in the future. Use self[setting_name] instead

function ChecksecCommand.has_setting

has_setting(name: str) → bool

has_setting is DEPRECATED and will be removed in the future. Use setting_name in self instead

function ChecksecCommand.invoke

invoke(args: str, from_tty: bool) → None

function ChecksecCommand.post_load

post_load() → None

function ChecksecCommand.pre_load

pre_load() → None

function ChecksecCommand.print_security_properties

print_security_properties(filename: str) → None

function ChecksecCommand.usage

usage() → None

class Color

Used to colorify terminal output.

function Color.blinkify

blinkify(msg: str) → str

function Color.blueify

blueify(msg: str) → str

function Color.boldify

boldify(msg: str) → str

function Color.colorify

colorify(text: str, attrs: str) → str

Color text according to the given attributes.

function Color.cyanify

cyanify(msg: str) → str

function Color.grayify

grayify(msg: str) → str

function Color.greenify

greenify(msg: str) → str

function Color.highlightify

highlightify(msg: str) → str

function Color.light_grayify

light_grayify(msg: str) → str

function Color.pinkify

pinkify(msg: str) → str

function Color.redify

redify(msg: str) → str

function Color.underlinify

underlinify(msg: str) → str

function Color.yellowify

yellowify(msg: str) → str

class ContextCommand

Displays a comprehensive and modular summary of runtime context. Unless setting enable is set to False, this command will be spawned automatically every time GDB hits a breakpoint, a watchpoint, or any kind of interrupt. By default, it will show panes that contain the register states, the stack, and the disassembly code around $pc.

function ContextCommand.__init__

__init__() → None

property ContextCommand.settings

Return the list of settings for this command.

function ContextCommand.add_setting

add_setting(
    name: str,
    value: Tuple[Any, type, str],
    description: str = ''
) → None

add_setting is DEPRECATED and will be removed in the future. Use self[setting_name] = value instead

function ContextCommand.addr_has_breakpoint

addr_has_breakpoint(address: int, bp_locations: List[str]) → bool

function ContextCommand.context_additional_information

context_additional_information() → None

function ContextCommand.context_args

context_args() → None

function ContextCommand.context_code

context_code() → None

function ContextCommand.context_memory

context_memory() → None

function ContextCommand.context_regs

context_regs() → None

function ContextCommand.context_source

context_source() → None

function ContextCommand.context_stack

context_stack() → None

function ContextCommand.context_threads

context_threads() → None

function ContextCommand.context_title

context_title(m: Optional[str]) → None

function ContextCommand.context_trace

context_trace() → None

function ContextCommand.del_setting

del_setting(name: str) → None

del_setting is DEPRECATED and will be removed in the future. Use del self[setting_name] instead

function ContextCommand.do_invoke

do_invoke(argv: List[str]) → None

function ContextCommand.empty_extra_messages

empty_extra_messages(_) → None

function ContextCommand.get_pc_context_info

get_pc_context_info(pc: int, line: str) → str

function ContextCommand.get_setting

get_setting(name: str) → Any

get_setting is DEPRECATED and will be removed in the future. Use self[setting_name] instead

function ContextCommand.has_setting

has_setting(name: str) → bool

has_setting is DEPRECATED and will be removed in the future. Use setting_name in self instead

function ContextCommand.invoke

invoke(args: str, from_tty: bool) → None

function ContextCommand.line_has_breakpoint

line_has_breakpoint(
    file_name: str,
    line_number: int,
    bp_locations: List[str]
) → bool

function ContextCommand.post_load

post_load() → None

function ContextCommand.pre_load

pre_load() → None

function ContextCommand.print_arguments_from_symbol

print_arguments_from_symbol(function_name: str, symbol: 'gdb.Symbol') → None

If symbols were found, parse them and print the argument adequately.

function ContextCommand.print_guessed_arguments

print_guessed_arguments(function_name: str) → None

When no symbol, read the current basic block and look for "interesting" instructions.

function ContextCommand.show_legend

show_legend() → None

function ContextCommand.update_registers

update_registers(_) → None

function ContextCommand.usage

usage() → None

class DereferenceCommand

Dereference recursively from an address and display information. This acts like WinDBG dps command.

function DereferenceCommand.__init__

__init__() → None

property DereferenceCommand.settings

Return the list of settings for this command.

function DereferenceCommand.add_setting

add_setting(
    name: str,
    value: Tuple[Any, type, str],
    description: str = ''
) → None

add_setting is DEPRECATED and will be removed in the future. Use self[setting_name] = value instead

function DereferenceCommand.del_setting

del_setting(name: str) → None

del_setting is DEPRECATED and will be removed in the future. Use del self[setting_name] instead

function DereferenceCommand.wrapper

wrapper(*args: Any, **kwargs: Any) → Callable

function DereferenceCommand.get_setting

get_setting(name: str) → Any

get_setting is DEPRECATED and will be removed in the future. Use self[setting_name] instead

function DereferenceCommand.has_setting

has_setting(name: str) → bool

has_setting is DEPRECATED and will be removed in the future. Use setting_name in self instead

function DereferenceCommand.invoke

invoke(args: str, from_tty: bool) → None

function DereferenceCommand.post_load

post_load() → None

function DereferenceCommand.pprint_dereferenced

pprint_dereferenced(addr: int, idx: int, base_offset: int = 0) → str

function DereferenceCommand.pre_load

pre_load() → None

function DereferenceCommand.usage

usage() → None

class DetailRegistersCommand

Display full details on one, many or all registers value from current architecture.

function DetailRegistersCommand.__init__

__init__(*args: Any, **kwargs: Any) → None

property DetailRegistersCommand.settings

Return the list of settings for this command.

function DetailRegistersCommand.add_setting

add_setting(
    name: str,
    value: Tuple[Any, type, str],
    description: str = ''
) → None

add_setting is DEPRECATED and will be removed in the future. Use self[setting_name] = value instead

function DetailRegistersCommand.del_setting

del_setting(name: str) → None

del_setting is DEPRECATED and will be removed in the future. Use del self[setting_name] instead

function DetailRegistersCommand.wrapper

wrapper(*args: Any, **kwargs: Any) → Callable

function DetailRegistersCommand.get_setting

get_setting(name: str) → Any

get_setting is DEPRECATED and will be removed in the future. Use self[setting_name] instead

function DetailRegistersCommand.has_setting

has_setting(name: str) → bool

has_setting is DEPRECATED and will be removed in the future. Use setting_name in self instead

function DetailRegistersCommand.invoke

invoke(args: str, from_tty: bool) → None

function DetailRegistersCommand.post_load

post_load() → None

function DetailRegistersCommand.pre_load

pre_load() → None

function DetailRegistersCommand.usage

usage() → None

class DisableContextOutputContext

class Elf

Basic ELF parsing. Ref: - http://www.skyfree.org/linux/references/ELF_Format.pdf - https://refspecs.linuxfoundation.org/elf/elfspec_ppc.pdf - https://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi.html

function Elf.__init__

__init__(path: Union[str, pathlib.Path]) → None

Instantiate an ELF object. A valid ELF must be provided, or an exception will be thrown.

property Elf.checksec

Check the security property of the ELF binary. The following properties are: - Canary - NX - PIE - Fortify - Partial/Full RelRO. Return a dict() with the different keys mentioned above, and the boolean associated whether the protection was found.

property Elf.entry_point

function Elf.is_valid

is_valid(path: pathlib.Path) → bool

function Elf.read

read(size: int) → bytes

function Elf.read_and_unpack

read_and_unpack(fmt: str) → Tuple[Any, ...]

function Elf.seek

seek(off: int) → None

class ElfInfoCommand

Display a limited subset of ELF header information. If no argument is provided, the command will show information about the current ELF being debugged.

function ElfInfoCommand.__init__

__init__() → None

property ElfInfoCommand.settings

Return the list of settings for this command.

function ElfInfoCommand.add_setting

add_setting(
    name: str,
    value: Tuple[Any, type, str],
    description: str = ''
) → None

add_setting is DEPRECATED and will be removed in the future. Use self[setting_name] = value instead

function ElfInfoCommand.del_setting

del_setting(name: str) → None

del_setting is DEPRECATED and will be removed in the future. Use del self[setting_name] instead

function ElfInfoCommand.wrapper

wrapper(*args: Any, **kwargs: Any) → Callable

function ElfInfoCommand.get_setting

get_setting(name: str) → Any

get_setting is DEPRECATED and will be removed in the future. Use self[setting_name] instead

function ElfInfoCommand.has_setting

has_setting(name: str) → bool

has_setting is DEPRECATED and will be removed in the future. Use setting_name in self instead

function ElfInfoCommand.invoke

invoke(args: str, from_tty: bool) → None

function ElfInfoCommand.post_load

post_load() → None

function ElfInfoCommand.pre_load

pre_load() → None

function ElfInfoCommand.usage

usage() → None

class Endianness

An enumeration.

class EntryBreakBreakpoint

Breakpoint used internally to stop execution at the most convenient entry point.

function EntryBreakBreakpoint.__init__

__init__(location: str) → None

function EntryBreakBreakpoint.stop

stop() → bool

class EntryPointBreakCommand

Tries to find best entry point and sets a temporary breakpoint on it. The command will test for well-known symbols for entry points, such as main, _main, __libc_start_main, etc. defined by the setting entrypoint_symbols.

function EntryPointBreakCommand.__init__

__init__() → None

property EntryPointBreakCommand.settings

Return the list of settings for this command.

function EntryPointBreakCommand.add_setting

add_setting(
    name: str,
    value: Tuple[Any, type, str],
    description: str = ''
) → None

add_setting is DEPRECATED and will be removed in the future. Use self[setting_name] = value instead

function EntryPointBreakCommand.del_setting

del_setting(name: str) → None

del_setting is DEPRECATED and will be removed in the future. Use del self[setting_name] instead

function EntryPointBreakCommand.do_invoke

do_invoke(argv: List[str]) → None

function EntryPointBreakCommand.get_setting

get_setting(name: str) → Any

get_setting is DEPRECATED and will be removed in the future. Use self[setting_name] instead

function EntryPointBreakCommand.has_setting

has_setting(name: str) → bool

has_setting is DEPRECATED and will be removed in the future. Use setting_name in self instead

function EntryPointBreakCommand.invoke

invoke(args: str, from_tty: bool) → None

function EntryPointBreakCommand.post_load

post_load() → None

function EntryPointBreakCommand.pre_load

pre_load() → None

function EntryPointBreakCommand.set_init_tbreak

set_init_tbreak(addr: int) → EntryBreakBreakpoint

function EntryPointBreakCommand.set_init_tbreak_pie

set_init_tbreak_pie(addr: int, argv: List[str]) → EntryBreakBreakpoint

function EntryPointBreakCommand.usage

usage() → None

class ExternalStructureManager

function ExternalStructureManager.__init__

__init__() → None

property ExternalStructureManager.modules

property ExternalStructureManager.path

property ExternalStructureManager.structures

handler ExternalStructureManager.find

function ExternalStructureManager.clear_caches

clear_caches() → None

class FileFormat

function FileFormat.__init__

__init__(path: Union[str, pathlib.Path]) → None

function FileFormat.is_valid

is_valid(path: pathlib.Path) → bool

class FileFormatSection

class FlagsCommand

Edit flags in a human friendly way.

function FlagsCommand.__init__

__init__(*args: Any, **kwargs: Any) → None

property FlagsCommand.settings

Return the list of settings for this command.

function FlagsCommand.add_setting

add_setting(
    name: str,
    value: Tuple[Any, type, str],
    description: str = ''
) → None

add_setting is DEPRECATED and will be removed in the future. Use self[setting_name] = value instead

function FlagsCommand.del_setting

del_setting(name: str) → None

del_setting is DEPRECATED and will be removed in the future. Use del self[setting_name] instead

function FlagsCommand.do_invoke

do_invoke(argv: List[str]) → None

function FlagsCommand.get_setting

get_setting(name: str) → Any

get_setting is DEPRECATED and will be removed in the future. Use self[setting_name] instead

function FlagsCommand.has_setting

has_setting(name: str) → bool

has_setting is DEPRECATED and will be removed in the future. Use setting_name in self instead

function FlagsCommand.invoke

invoke(args: str, from_tty: bool) → None

function FlagsCommand.post_load

post_load() → None

function FlagsCommand.pre_load

pre_load() → None

function FlagsCommand.usage

usage() → None

class FormatStringBreakpoint

Inspect stack for format string.

function FormatStringBreakpoint.__init__

__init__(spec: str, num_args: int) → None

function FormatStringBreakpoint.stop

stop() → bool

class FormatStringSearchCommand

Exploitable format-string helper: this command will set up specific breakpoints at well-known dangerous functions (printf, snprintf, etc.), and check if the pointer holding the format string is writable, and therefore susceptible to format string attacks if an attacker can control its content.

function FormatStringSearchCommand.__init__

__init__(*args: Any, **kwargs: Any) → None

property FormatStringSearchCommand.settings

Return the list of settings for this command.

function FormatStringSearchCommand.add_setting

add_setting(
    name: str,
    value: Tuple[Any, type, str],
    description: str = ''
) → None

add_setting is DEPRECATED and will be removed in the future. Use self[setting_name] = value instead

function FormatStringSearchCommand.del_setting

del_setting(name: str) → None

del_setting is DEPRECATED and will be removed in the future. Use del self[setting_name] instead

function FormatStringSearchCommand.do_invoke

do_invoke(_: List[str]) → None

function FormatStringSearchCommand.get_setting

get_setting(name: str) → Any

get_setting is DEPRECATED and will be removed in the future. Use self[setting_name] instead

function FormatStringSearchCommand.has_setting

has_setting(name: str) → bool

has_setting is DEPRECATED and will be removed in the future. Use setting_name in self instead

function FormatStringSearchCommand.invoke

invoke(args: str, from_tty: bool) → None

function FormatStringSearchCommand.post_load

post_load() → None

function FormatStringSearchCommand.pre_load

pre_load() → None

function FormatStringSearchCommand.usage

usage() → None

class GdbRemoveReadlineFinder

function GdbRemoveReadlineFinder.find_module

find_module(fullname, path=None)

function GdbRemoveReadlineFinder.load_module

load_module(fullname)

class Gef

The GEF root class, which serves as a entrypoint for all the debugging session attributes (architecture, memory, settings, etc.).

function Gef.__init__

__init__() → None

function Gef.reinitialize_managers

reinitialize_managers() → None

Reinitialize the managers. Avoid calling this function directly, using pi reset() is preferred

function Gef.reset_caches

reset_caches() → None

Recursively clean the cache of all the managers. Avoid calling this function directly, using reset-cache is preferred

function Gef.setup

setup() → None

Setup initialize the runtime setup, which may require for the gef to be not None.

class GefAlias

Simple aliasing wrapper because GDB doesn't do what it should.

function GefAlias.__init__

__init__(
    alias: str,
    command: str,
    completer_class: int = 0,
    command_class: int = -1
) → None

function GefAlias.invoke

invoke(args: Any, from_tty: bool) → None

function GefAlias.lookup_command

lookup_command(cmd: str) → Optional[Tuple[str, __main__.GenericCommand]]

class GefCommand

GEF main command: view all new commands by typing gef.

function GefCommand.__init__

__init__() → None

property GefCommand.loaded_command_names

property GefCommand.loaded_commands

property GefCommand.loaded_functions

property GefCommand.missing_commands

function GefCommand.add_context_pane

add_context_pane(
    pane_name: str,
    display_pane_function: Callable,
    pane_title_function: Callable,
    condition: Optional[Callable]
) → None

Add a new context pane to ContextCommand.