module GEF
Global Variables
- GEF_DEFAULT_BRANCH
- GEF_EXTRAS_DEFAULT_BRANCH
- GDB_MIN_VERSION
- PYTHON_MIN_VERSION
- PYTHON_VERSION
- GDB_VERSION
- DEFAULT_PAGE_ALIGN_SHIFT
- DEFAULT_PAGE_SIZE
- GEF_MAX_STRING_LENGTH
- LIBC_HEAP_MAIN_ARENA_DEFAULT_NAME
- ANSI_SPLIT_RE
- LEFT_ARROW
- RIGHT_ARROW
- DOWN_ARROW
- HORIZONTAL_LINE
- VERTICAL_LINE
- CROSS
- TICK
- BP_GLYPH
- GEF_PROMPT
- GEF_PROMPT_ON
- GEF_PROMPT_OFF
- gdb_initial_settings
- cmd
- default_dbgsym_path
- param_name
- dbgsym_paths
- gef
- progspace
- disable_tr_overwrite_setting
- warnmsg
- hook
function http_get
http_get(url: str) → bytes | None
Basic HTTP wrapper for GET request. Return the body of the page if HTTP code is OK, otherwise return None.
function update_gef
update_gef(argv: list[str]) → int
Obsolete. Use gef.sh.
function reset_all_caches
reset_all_caches() → None
Free all caches. If an object is cached, it will have a callable attribute cache_clear which will be invoked to purge the function cache.
function reset
reset() → None
function highlight_text
highlight_text(text: str) → str
Highlight text using gef.ui.highlight_table { match -> color } settings.
If RegEx is enabled it will create a match group around all items in the gef.ui.highlight_table and wrap the specified color in the gef.ui.highlight_table around those matches.
If RegEx is disabled, split by ANSI codes and 'colorify' each match found within the specified string.
function gef_print
gef_print(*args: str, end='\n', sep=' ', **kwargs: Any) → None
Wrapper around print(), using string buffering feature.
function bufferize
bufferize(f: Callable) → Callable
Store the content to be printed for a function in memory, and flush it on function exit.
function p8
p8(x: int, s: bool = False, e: 'Endianness | None' = None) → bytes
Pack one byte respecting the current architecture endianness.
function p16
p16(x: int, s: bool = False, e: 'Endianness | None' = None) → bytes
Pack one word respecting the current architecture endianness.
function p32
p32(x: int, s: bool = False, e: 'Endianness | None' = None) → bytes
Pack one dword respecting the current architecture endianness.
function p64
p64(x: int, s: bool = False, e: 'Endianness | None' = None) → bytes
Pack one qword respecting the current architecture endianness.
function u8
u8(x: bytes, s: bool = False, e: 'Endianness | None' = None) → int
Unpack one byte respecting the current architecture endianness.
function u16
u16(x: bytes, s: bool = False, e: 'Endianness | None' = None) → int
Unpack one word respecting the current architecture endianness.
function u32
u32(x: bytes, s: bool = False, e: 'Endianness | None' = None) → int
Unpack one dword respecting the current architecture endianness.
function u64
u64(x: bytes, s: bool = False, e: 'Endianness | None' = None) → int
Unpack one qword respecting the current architecture endianness.
function is_ascii_string
is_ascii_string(address: int) → bool
Helper function to determine if the buffer pointed by address is an ASCII string (in GDB)
function is_alive
is_alive() → bool
Check if GDB is running.
function calling_function
calling_function() → str | None
Return the name of the calling function
function only_if_gdb_running
only_if_gdb_running(f: Callable) → Callable
Decorator wrapper to check if GDB is running.
function only_if_gdb_target_local
only_if_gdb_target_local(f: Callable) → Callable
Decorator wrapper to check if GDB is running locally (target not remote).
function deprecated
deprecated(solution: str = '') → Callable
Decorator to add a warning when a command is obsolete and will be removed.
function experimental_feature
experimental_feature(f: Callable) → Callable
Decorator to add a warning when a feature is experimental.
function only_if_events_supported
only_if_events_supported(event_type: str) → Callable
Checks if GDB supports events without crashing.
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function FakeExit
FakeExit(*args: Any, **kwargs: Any) → NoReturn
function parse_arguments
parse_arguments(
required_arguments: dict[str | tuple[str, str], typing.Any],
optional_arguments: dict[str | tuple[str, str], typing.Any]
) → Callable
Argument parsing decorator.
function search_for_main_arena
search_for_main_arena() → int
search_for_main_arena is DEPRECATED and will be removed in the future.
Use GefHeapManager.find_main_arena_addr()
function get_libc_version
get_libc_version() → tuple[int, ...]
get_libc_version is DEPRECATED and will be removed in the future.
Use GefLibcManager.find_libc_version()
function titlify
titlify(text: str, color: str | None = None, msg_color: str | None = None) → str
Print a centered title.
function dbg
dbg(msg: str) → None
function err
err(msg: str) → None
function warn
warn(msg: str) → None
function ok
ok(msg: str) → None
function info
info(msg: str) → None
function push_context_message
push_context_message(level: str, message: str) → None
Push the message to be displayed the next time the context is invoked.
function show_last_exception
show_last_exception() → None
Display the last Python exception.
function gef_pystring
gef_pystring(x: bytes) → str
Returns a sanitized version as string of the bytes list given in input.
function gef_pybytes
gef_pybytes(x: str) → bytes
Returns an immutable bytes list from the string given as input.
function style_byte
style_byte(b: int, color: bool = True) → str
function hexdump
hexdump(
source: ByteString,
length: int = 16,
separator: str = '.',
show_raw: bool = False,
show_symbol: bool = True,
base: int = 0
) → str
Return the hexdump of src argument. @param source MUST be of type bytes or bytearray @param length is the length of items per line @param separator is the default character to use if one byte is not printable @param show_raw if True, do not add the line nor the text translation @param base is the start address of the block being hexdump @return a string with the hexdump
function is_debug
is_debug() → bool
Check if debug mode is enabled.
function buffer_output
buffer_output() → bool
Check if output should be buffered until command completion.
function hide_context
hide_context() → bool
Helper function to hide the context pane.
function unhide_context
unhide_context() → bool
Helper function to unhide the context pane.
function enable_redirect_output
enable_redirect_output(to_file: str = '/dev/null') → None
Redirect all GDB output to to_file parameter. By default, to_file redirects to /dev/null.
function disable_redirect_output
disable_redirect_output() → None
Disable the output redirection, if any.
function gef_makedirs
gef_makedirs(path: str, mode: int = 493) → Path
Recursive mkdir() creation. If successful, return the absolute path of the directory created.
gef_makedirs is DEPRECATED and will be removed in the future.
use pathlib.Path(...).mkdir()
function gdb_disassemble
gdb_disassemble(
start_pc: int,
**kwargs: int
) → Generator[__main__.Instruction, NoneType, NoneType]
Disassemble instructions from start_pc (Integer). Accepts the following named
parameters:
end_pc(Integer) only instructions whose start address fall in the interval from start_pc to end_pc are returned.count(Integer) list at most this many disassembled instructions Ifend_pcandcountare not provided, the function will behave as ifcount=1. Return an iterator of Instruction objects
function gdb_get_nth_previous_instruction_address
gdb_get_nth_previous_instruction_address(addr: int, n: int) → int | None
Return the address (Integer) of the n-th instruction before addr.
function gdb_get_nth_next_instruction_address
gdb_get_nth_next_instruction_address(addr: int, n: int) → int
Return the address of the n-th instruction after addr.
gdb_get_nth_next_instruction_address is DEPRECATED and will be removed in the future.
Use gef_instruction_n().address
function gef_instruction_n
gef_instruction_n(addr: int, n: int) → Instruction
Return the n-th instruction after addr as an Instruction object. Note that n is treated as an positive index, starting from 0 (current instruction address)
function gef_get_instruction_at
gef_get_instruction_at(addr: int) → Instruction
Return the full Instruction found at the specified address.
function gef_current_instruction
gef_current_instruction(addr: int) → Instruction
Return the current instruction as an Instruction object.
function gef_next_instruction
gef_next_instruction(addr: int) → Instruction
Return the next instruction as an Instruction object.
function gef_disassemble
gef_disassemble(
addr: int,
nb_insn: int,
nb_prev: int = 0
) → Generator[__main__.Instruction, NoneType, NoneType]
Disassemble nb_insn instructions after addr and nb_prev before addr. Return an iterator of Instruction objects.
function gef_execute_external
gef_execute_external(
command: Sequence[str],
as_list: bool = False,
**kwargs: Any
) → str | list[str]
Execute an external command and return the result.
function gef_execute_gdb_script
gef_execute_gdb_script(commands: str) → None
Execute the parameter source as GDB command. This is done by writing commands to a temporary file, which is then executed via GDB source command. The tempfile is then deleted.
function checksec
checksec(filename: str) → dict[str, bool]
checksec is DEPRECATED and will be removed in the future.
Use Elf(fname).checksec()
function get_arch
get_arch() → str
Return the binary's architecture.
get_arch is DEPRECATED and will be removed in the future.
Use gef.arch instead
function get_entry_point
get_entry_point() → int | None
Return the binary entry point.
get_entry_point is DEPRECATED and will be removed in the future.
Use gef.binary.entry_point instead
function is_pie
is_pie(fpath: str) → bool
function is_big_endian
is_big_endian() → bool
is_big_endian is DEPRECATED and will be removed in the future.
Prefer gef.arch.endianness == Endianness.BIG_ENDIAN
function is_little_endian
is_little_endian() → bool
is_little_endian is DEPRECATED and will be removed in the future.
gef.arch.endianness == Endianness.LITTLE_ENDIAN
function flags_to_human
flags_to_human(reg_value: int, value_table: dict[int, str]) → str
Return a human readable string showing the flag states.
function register_architecture
register_architecture(
cls: Type[ForwardRef('Architecture')]
) → Type[ForwardRef('Architecture')]
register_architecture is DEPRECATED and will be removed in the future.
Using the decorator register_architecture is unnecessary
function copy_to_clipboard
copy_to_clipboard(data: bytes) → None
Helper function to submit data to the clipboard
function use_stdtype
use_stdtype() → str
function use_default_type
use_default_type() → str
function use_golang_type
use_golang_type() → str
function use_rust_type
use_rust_type() → str
function to_unsigned_long
to_unsigned_long(v: gdb.Value) → int
Cast a gdb.Value to unsigned long.
function get_path_from_info_proc
get_path_from_info_proc() → str | None
function get_os
get_os() → str
get_os is DEPRECATED and will be removed in the future.
Use gef.session.os
function is_target_coredump
is_target_coredump() → bool
function get_filepath
get_filepath() → str | None
Return the local absolute path of the file currently debugged.
function get_function_length
get_function_length(sym: str) → int
Attempt to get the length of the raw bytes of a function.
function process_lookup_address
process_lookup_address(address: int) → __main__.Section | None
Look up for an address in memory. Return an Address object if found, None otherwise.
function xor
xor(data: ByteString, key: str) → bytearray
Return data xor-ed with key.
function is_hex
is_hex(pattern: str) → bool
Return whether provided string is a hexadecimal value.
function continue_handler
continue_handler(_: 'gdb.ContinueEvent') → None
GDB event handler for new object continue cases.
function hook_stop_handler
hook_stop_handler(_: 'gdb.StopEvent') → None
GDB event handler for stop cases.
function new_objfile_handler
new_objfile_handler(evt: 'gdb.NewObjFileEvent | None') → None
GDB event handler for new object file cases.
function exit_handler
exit_handler(_: 'gdb.ExitedEvent') → None
GDB event handler for exit cases.
function memchanged_handler
memchanged_handler(_: 'gdb.MemoryChangedEvent') → None
GDB event handler for mem changes cases.
function regchanged_handler
regchanged_handler(_: 'gdb.RegisterChangedEvent') → None
GDB event handler for reg changes cases.
function get_terminal_size
get_terminal_size() → tuple[int, int]
Return the current terminal size.
function reset_architecture
reset_architecture(arch: str | None = None) → None
Sets the current architecture. If an architecture is explicitly specified by parameter, try to use that one. If this fails, an OSError exception will occur. If no architecture is specified, then GEF will attempt to determine automatically based on the current ELF target. If this fails, an OSError exception will occur.
function get_memory_alignment
get_memory_alignment(in_bits: bool = False) → int
Try to determine the size of a pointer on this system. First, try to parse it out of the ELF header. Next, use the size of size_t. Finally, try the size of $pc. If in_bits is set to True, the result is returned in bits, otherwise in bytes.
get_memory_alignment is DEPRECATED and will be removed in the future.
Use gef.arch.ptrsize instead
function clear_screen
clear_screen(tty: str = '') → None
Clear the screen.
function format_address
format_address(addr: int) → str
Format the address according to its size.
function format_address_spaces
format_address_spaces(addr: int, left: bool = True) → str
Format the address according to its size, but with spaces instead of zeroes.
function align_address
align_address(address: int) → int
Align the provided address to the process's native length.
function align_address_to_size
align_address_to_size(address: int, align: int) → int
Align the address to the given size.
function align_address_to_page
align_address_to_page(address: int) → int
Align the address to a page.
function parse_address
parse_address(address: str) → int
Parse an address and return it as an Integer.
function is_in_x86_kernel
is_in_x86_kernel(address: int) → bool
function is_remote_debug
is_remote_debug() → bool
"Return True is the current debugging session is running through GDB remote session.
function de_bruijn
de_bruijn(alphabet: bytes, n: int) → Generator[int, NoneType, NoneType]
De Bruijn sequence for alphabet and subsequences of length n (for compat. w/ pwnlib).
function generate_cyclic_pattern
generate_cyclic_pattern(length: int, cycle: int = 4) → bytearray
Create a length byte bytearray of a de Bruijn cyclic pattern.
function safe_parse_and_eval
safe_parse_and_eval(value: str) → gdb.Value | None
GEF wrapper for gdb.parse_and_eval(): this function returns None instead of raising gdb.error if the eval failed.
function gef_convenience
gef_convenience(value: str | bytes) → str
Defines a new convenience value.
function parse_string_range
parse_string_range(s: str) → Iterator[int]
Parses an address range (e.g. 0x400000-0x401000)
function gef_get_pie_breakpoint
gef_get_pie_breakpoint(num: int) → PieVirtualBreakpoint
gef_get_pie_breakpoint is DEPRECATED and will be removed in the future.
Use gef.session.pie_breakpoints[num]
function endian_str
endian_str() → str
endian_str is DEPRECATED and will be removed in the future.
Use str(gef.arch.endianness) instead
function get_gef_setting
get_gef_setting(name: str) → Any
get_gef_setting is DEPRECATED and will be removed in the future.
Use gef.config[key]
function set_gef_setting
set_gef_setting(name: str, value: Any) → None
set_gef_setting is DEPRECATED and will be removed in the future.
Use gef.config[key] = value
function gef_getpagesize
gef_getpagesize() → int
gef_getpagesize is DEPRECATED and will be removed in the future.
Use gef.session.pagesize
function gef_read_canary
gef_read_canary() → tuple[int, int] | None
gef_read_canary is DEPRECATED and will be removed in the future.
Use gef.session.canary
function get_pid
get_pid() → int
get_pid is DEPRECATED and will be removed in the future.
Use gef.session.pid
function get_filename
get_filename() → str
get_filename is DEPRECATED and will be removed in the future.
Use gef.session.file.name
function get_glibc_arena
get_glibc_arena() → __main__.GlibcArena | None
get_glibc_arena is DEPRECATED and will be removed in the future.
Use gef.heap.main_arena
function get_register
get_register(regname) → int | None
get_register is DEPRECATED and will be removed in the future.
Use gef.arch.register(regname)
function get_process_maps
get_process_maps() → list[__main__.Section]
get_process_maps is DEPRECATED and will be removed in the future.
Use gef.memory.maps
function set_arch
set_arch(arch: str | None = None, _: str | None = None) → None
set_arch is DEPRECATED and will be removed in the future.
Use reset_architecture
function register_external_context_pane
register_external_context_pane(
pane_name: str,
display_pane_function: Callable[[], NoneType],
pane_title_function: Callable[[], str | None],
condition: Optional[Callable[[], bool]] = None
) → None
Registering function for new GEF Context View. pane_name: a string that has no spaces (used in settings) display_pane_function: a function that uses gef_print() to print strings pane_title_function: a function that returns a string or None, which will be displayed as the title. If None, no title line is displayed. condition: an optional callback: if not None, the callback will be executed first. If it returns true, then only the pane title and content will displayed. Otherwise, it's simply skipped.
Example usage for a simple text to show when we hit a syscall: def only_syscall(): return gef_current_instruction(gef.arch.pc).is_syscall() def display_pane(): gef_print("Wow, I am a context pane!") def pane_title(): return "example:pane" register_external_context_pane("example_pane", display_pane, pane_title, only_syscall)
function register_external_context_layout_mapping
register_external_context_layout_mapping(
current_pane_name: str,
display_pane_function: Callable[[], NoneType],
pane_title_function: Callable[[], str | None],
condition: Optional[Callable[[], bool]] = None
) → None
function register_external_command
register_external_command(
cls: Type[ForwardRef('GenericCommand')]
) → Type[ForwardRef('GenericCommand')]
Registering function for new GEF (sub-)command to GDB.
register_external_command is DEPRECATED and will be removed in the future.
Use register(), and inherit from GenericCommand instead
function register_command
register_command(
cls: Type[ForwardRef('GenericCommand')]
) → Type[ForwardRef('GenericCommand')]
Decorator for registering new GEF (sub-)command to GDB.
register_command is DEPRECATED and will be removed in the future.
Use register(), and inherit from GenericCommand instead
function register_priority_command
register_priority_command(
cls: Type[ForwardRef('GenericCommand')]
) → Type[ForwardRef('GenericCommand')]
Decorator for registering new command with priority, meaning that it must loaded before the other generic commands.
register_priority_command is DEPRECATED and will be removed in the future.
function register
register(
cls: Union[Type[ForwardRef('ValidCommandType')], Type[ForwardRef('ValidFunctionType')]]
) → Union[Type[ForwardRef('ValidCommandType')], Type[ForwardRef('ValidFunctionType')]]
function register_function
register_function(
cls: Type[ForwardRef('GenericFunction')]
) → Type[ForwardRef('GenericFunction')]
Decorator for registering a new convenience function to GDB.
register_function is DEPRECATED and will be removed in the future.
function target_remote_posthook
target_remote_posthook()
class AARCH64
property AARCH64.cpsr
property AARCH64.endianness
property AARCH64.fp
property AARCH64.instruction_length
property AARCH64.pc
property AARCH64.ptrsize
Determine the size of pointer from the current CPU mode
property AARCH64.registers
property AARCH64.sp
function AARCH64.canary_address
canary_address() → int
function AARCH64.flag_register_to_human
flag_register_to_human(val: int | None = None) → str
function AARCH64.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → tuple[str, int | None]
Retrieves the correct parameter used for the current function call.
function AARCH64.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int | None
function AARCH64.is_aarch32
is_aarch32() → bool
Determine if the CPU is currently in AARCH32 mode from runtime.
function AARCH64.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → tuple[bool, str]
function AARCH64.is_call
is_call(insn: __main__.Instruction) → bool
function AARCH64.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function AARCH64.is_ret
is_ret(insn: __main__.Instruction) → bool
function AARCH64.is_thumb
is_thumb() → bool
Determine if the machine is currently in THUMB mode.
function AARCH64.is_thumb32
is_thumb32() → bool
Determine if the CPU is currently in THUMB32 mode from runtime.
function AARCH64.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function AARCH64.register
register(name: str) → int
function AARCH64.reset_caches
reset_caches() → None
function AARCH64.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → bool | None
If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.
class ARM
property ARM.cpsr
property ARM.endianness
property ARM.fp
property ARM.instruction_length
property ARM.mode
property ARM.pc
property ARM.ptrsize
property ARM.registers
property ARM.sp
function ARM.canary_address
canary_address() → int
function ARM.flag_register_to_human
flag_register_to_human(val: int | None = None) → str
function ARM.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → tuple[str, int | None]
Retrieves the correct parameter used for the current function call.
function ARM.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int | None
function ARM.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → tuple[bool, str]
function ARM.is_call
is_call(insn: __main__.Instruction) → bool
function ARM.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function ARM.is_ret
is_ret(insn: __main__.Instruction) → bool
function ARM.is_thumb
is_thumb() → bool
Determine if the machine is currently in THUMB mode.
function ARM.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function ARM.register
register(name: str) → int
function ARM.reset_caches
reset_caches() → None
function ARM.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → bool | None
If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.
class ASLRCommand
View/modify the ASLR setting of GDB. By default, GDB will disable ASLR when it starts the process. (i.e. not attached). This command allows to change that setting.
function ASLRCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property ASLRCommand.settings
Return the list of settings for this command.
function ASLRCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ASLRCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ASLRCommand.do_invoke
do_invoke(argv: list[str]) → None
function ASLRCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ASLRCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ASLRCommand.invoke
invoke(args: str, from_tty: bool) → None
function ASLRCommand.post_load
post_load() → None
function ASLRCommand.pre_load
pre_load() → None
function ASLRCommand.usage
usage() → None
class Address
GEF representation of memory addresses.
function Address.__init__
__init__(**kwargs: Any) → None
property Address.valid
function Address.dereference
dereference() → int | None
function Address.is_in_heap_segment
is_in_heap_segment() → bool
function Address.is_in_stack_segment
is_in_stack_segment() → bool
function Address.is_in_text_segment
is_in_text_segment() → bool
class AliasesAddCommand
Command to add aliases.
function AliasesAddCommand.__init__
__init__() → None
property AliasesAddCommand.settings
Return the list of settings for this command.
function AliasesAddCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function AliasesAddCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function AliasesAddCommand.do_invoke
do_invoke(argv: list[str]) → None
function AliasesAddCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function AliasesAddCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function AliasesAddCommand.invoke
invoke(args: str, from_tty: bool) → None
function AliasesAddCommand.post_load
post_load() → None
function AliasesAddCommand.pre_load
pre_load() → None
function AliasesAddCommand.usage
usage() → None
class AliasesCommand
Base command to add, remove, or list aliases.
function AliasesCommand.__init__
__init__() → None
property AliasesCommand.settings
Return the list of settings for this command.
function AliasesCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function AliasesCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function AliasesCommand.do_invoke
do_invoke(_: list[str]) → None
function AliasesCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function AliasesCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function AliasesCommand.invoke
invoke(args: str, from_tty: bool) → None
function AliasesCommand.post_load
post_load() → None
function AliasesCommand.pre_load
pre_load() → None
function AliasesCommand.usage
usage() → None
class AliasesListCommand
Command to list aliases.
function AliasesListCommand.__init__
__init__() → None
property AliasesListCommand.settings
Return the list of settings for this command.
function AliasesListCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function AliasesListCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function AliasesListCommand.do_invoke
do_invoke(_: list[str]) → None
function AliasesListCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function AliasesListCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function AliasesListCommand.invoke
invoke(args: str, from_tty: bool) → None
function AliasesListCommand.post_load
post_load() → None
function AliasesListCommand.pre_load
pre_load() → None
function AliasesListCommand.usage
usage() → None
class AliasesRmCommand
Command to remove aliases.
function AliasesRmCommand.__init__
__init__() → None
property AliasesRmCommand.settings
Return the list of settings for this command.
function AliasesRmCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function AliasesRmCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function AliasesRmCommand.do_invoke
do_invoke(argv: list[str]) → None
function AliasesRmCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function AliasesRmCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function AliasesRmCommand.invoke
invoke(args: str, from_tty: bool) → None
function AliasesRmCommand.post_load
post_load() → None
function AliasesRmCommand.pre_load
pre_load() → None
function AliasesRmCommand.usage
usage() → None
class AlreadyRegisteredException
class ArchCommand
Manage the current loaded architecture.
function ArchCommand.__init__
__init__() → None
property ArchCommand.settings
Return the list of settings for this command.
function ArchCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ArchCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ArchCommand.do_invoke
do_invoke(argv: list[str]) → None
function ArchCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ArchCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ArchCommand.invoke
invoke(args: str, from_tty: bool) → None
function ArchCommand.post_load
post_load() → None
function ArchCommand.pre_load
pre_load() → None
function ArchCommand.usage
usage() → None
class ArchGetCommand
Get the current loaded architecture.
function ArchGetCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property ArchGetCommand.settings
Return the list of settings for this command.
function ArchGetCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ArchGetCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ArchGetCommand.do_invoke
do_invoke(args: list[str]) → None
function ArchGetCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ArchGetCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ArchGetCommand.invoke
invoke(args: str, from_tty: bool) → None
function ArchGetCommand.post_load
post_load() → None
function ArchGetCommand.pre_load
pre_load() → None
function ArchGetCommand.usage
usage() → None
class ArchListCommand
List the available architectures.
function ArchListCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property ArchListCommand.settings
Return the list of settings for this command.
function ArchListCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ArchListCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ArchListCommand.do_invoke
do_invoke(args: list[str]) → None
function ArchListCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ArchListCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ArchListCommand.invoke
invoke(args: str, from_tty: bool) → None
function ArchListCommand.post_load
post_load() → None
function ArchListCommand.pre_load
pre_load() → None
function ArchListCommand.usage
usage() → None
class ArchSetCommand
Set the current loaded architecture.
function ArchSetCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property ArchSetCommand.settings
Return the list of settings for this command.
function ArchSetCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ArchSetCommand.complete
complete(text: str, word: str) → list[str]
function ArchSetCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ArchSetCommand.do_invoke
do_invoke(args: list[str]) → None
function ArchSetCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ArchSetCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ArchSetCommand.invoke
invoke(args: str, from_tty: bool) → None
function ArchSetCommand.post_load
post_load() → None
function ArchSetCommand.pre_load
pre_load() → None
function ArchSetCommand.usage
usage() → None
class Architecture
Generic metaclass for the architecture supported by GEF.
property Architecture.endianness
property Architecture.fp
property Architecture.pc
property Architecture.ptrsize
property Architecture.registers
property Architecture.sp
function Architecture.canary_address
canary_address() → int
function Architecture.flag_register_to_human
flag_register_to_human(val: int | None = None) → str
function Architecture.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → tuple[str, int | None]
Retrieves the correct parameter used for the current function call.
function Architecture.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int | None
function Architecture.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → tuple[bool, str]
function Architecture.is_call
is_call(insn: __main__.Instruction) → bool
function Architecture.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function Architecture.is_ret
is_ret(insn: __main__.Instruction) → bool
function Architecture.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function Architecture.register
register(name: str) → int
function Architecture.reset_caches
reset_caches() → None
function Architecture.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → bool | None
If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.
class ArchitectureBase
Class decorator for declaring an architecture to GEF.
class BssBaseFunction
Return the current bss base address plus the given offset.
function BssBaseFunction.__init__
__init__() → None
function BssBaseFunction.arg_to_long
arg_to_long(args: Any, index: int, default: int = 0) → int
function BssBaseFunction.do_invoke
do_invoke(args: list) → int
function BssBaseFunction.invoke
invoke(*args: Any) → int
class CanaryCommand
Shows the canary value of the current process.
function CanaryCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property CanaryCommand.settings
Return the list of settings for this command.
function CanaryCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function CanaryCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function CanaryCommand.do_invoke
do_invoke(argv: list[str]) → None
function CanaryCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function CanaryCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function CanaryCommand.invoke
invoke(args: str, from_tty: bool) → None
function CanaryCommand.post_load
post_load() → None
function CanaryCommand.pre_load
pre_load() → None
function CanaryCommand.usage
usage() → None
class ChangeFdCommand
ChangeFdCommand: redirect file descriptor during runtime.
function ChangeFdCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property ChangeFdCommand.settings
Return the list of settings for this command.
function ChangeFdCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ChangeFdCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ChangeFdCommand.do_invoke
do_invoke(argv: list[str]) → None
function ChangeFdCommand.get_fd_from_result
get_fd_from_result(res: str) → int
function ChangeFdCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ChangeFdCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ChangeFdCommand.invoke
invoke(args: str, from_tty: bool) → None
function ChangeFdCommand.post_load
post_load() → None
function ChangeFdCommand.pre_load
pre_load() → None
function ChangeFdCommand.usage
usage() → None
class ChangePermissionBreakpoint
When hit, this temporary breakpoint will restore the original code, and position $pc correctly.
function ChangePermissionBreakpoint.__init__
__init__(loc: str, code: ByteString, pc: int) → None
function ChangePermissionBreakpoint.stop
stop() → bool
class ChecksecCommand
Checksec the security properties of the current executable or passed as argument. The command checks for the following protections: - PIE - NX - RelRO - Glibc Stack Canaries - Fortify Source
function ChecksecCommand.__init__
__init__() → None
property ChecksecCommand.settings
Return the list of settings for this command.
function ChecksecCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ChecksecCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ChecksecCommand.do_invoke
do_invoke(argv: list[str]) → None
function ChecksecCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ChecksecCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ChecksecCommand.invoke
invoke(args: str, from_tty: bool) → None
function ChecksecCommand.post_load
post_load() → None
function ChecksecCommand.pre_load
pre_load() → None
function ChecksecCommand.print_security_properties
print_security_properties(filename: str) → None
function ChecksecCommand.usage
usage() → None
class Color
Used to colorify terminal output.
function Color.blinkify
blinkify(msg: str) → str
function Color.blueify
blueify(msg: str) → str
function Color.boldify
boldify(msg: str) → str
function Color.colorify
colorify(text: str, attrs: str) → str
Color text according to the given attributes.
function Color.cyanify
cyanify(msg: str) → str
function Color.grayify
grayify(msg: str) → str
function Color.greenify
greenify(msg: str) → str
function Color.highlightify
highlightify(msg: str) → str
function Color.light_grayify
light_grayify(msg: str) → str
function Color.pinkify
pinkify(msg: str) → str
function Color.redify
redify(msg: str) → str
function Color.underlinify
underlinify(msg: str) → str
function Color.yellowify
yellowify(msg: str) → str
class ContextCommand
Displays a comprehensive and modular summary of runtime context. Unless setting enable is set to False, this command will be spawned automatically every time GDB hits a breakpoint, a watchpoint, or any kind of interrupt. By default, it will show panes that contain the register states, the stack, and the disassembly code around $pc.
function ContextCommand.__init__
__init__() → None
property ContextCommand.settings
Return the list of settings for this command.
function ContextCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ContextCommand.addr_has_breakpoint
addr_has_breakpoint(address: int, bp_locations: list[str]) → bool
function ContextCommand.context_additional_information
context_additional_information() → None
function ContextCommand.context_args
context_args() → None
function ContextCommand.context_code
context_code() → None
function ContextCommand.context_memory
context_memory() → None
function ContextCommand.context_regs
context_regs() → None
function ContextCommand.context_source
context_source() → None
function ContextCommand.context_stack
context_stack() → None
function ContextCommand.context_threads
context_threads() → None
function ContextCommand.context_title
context_title(m: str | None) → None
function ContextCommand.context_trace
context_trace() → None
function ContextCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ContextCommand.do_invoke
do_invoke(argv: list[str]) → None
function ContextCommand.empty_extra_messages
empty_extra_messages(_) → None
function ContextCommand.get_pc_context_info
get_pc_context_info(pc: int, line: str) → str
function ContextCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ContextCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ContextCommand.invoke
invoke(args: str, from_tty: bool) → None
function ContextCommand.line_has_breakpoint
line_has_breakpoint(
file_name: str,
line_number: int,
bp_locations: list[str]
) → bool
function ContextCommand.post_load
post_load() → None
function ContextCommand.pre_load
pre_load() → None
function ContextCommand.print_arguments_from_symbol
print_arguments_from_symbol(function_name: str, symbol: 'gdb.Symbol') → None
If symbols were found, parse them and print the argument adequately.
function ContextCommand.print_guessed_arguments
print_guessed_arguments(function_name: str) → None
When no symbol, read the current basic block and look for "interesting" instructions.
function ContextCommand.show_legend
show_legend() → None
function ContextCommand.update_registers
update_registers(_) → None
function ContextCommand.usage
usage() → None
class DereferenceCommand
Dereference recursively from an address and display information. This acts like WinDBG dps command.
function DereferenceCommand.__init__
__init__() → None
property DereferenceCommand.settings
Return the list of settings for this command.
function DereferenceCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function DereferenceCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function DereferenceCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function DereferenceCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function DereferenceCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function DereferenceCommand.invoke
invoke(args: str, from_tty: bool) → None
function DereferenceCommand.post_load
post_load() → None
function DereferenceCommand.pprint_dereferenced
pprint_dereferenced(addr: int, idx: int, base_offset: int = 0) → str
function DereferenceCommand.pre_load
pre_load() → None
function DereferenceCommand.usage
usage() → None
class DetailRegistersCommand
Display full details on one, many or all registers value from current architecture.
function DetailRegistersCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property DetailRegistersCommand.settings
Return the list of settings for this command.
function DetailRegistersCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function DetailRegistersCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function DetailRegistersCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function DetailRegistersCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function DetailRegistersCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function DetailRegistersCommand.invoke
invoke(args: str, from_tty: bool) → None
function DetailRegistersCommand.post_load
post_load() → None
function DetailRegistersCommand.pre_load
pre_load() → None
function DetailRegistersCommand.usage
usage() → None
class DisableContextOutputContext
class Elf
Basic ELF parsing. Ref: - http://www.skyfree.org/linux/references/ELF_Format.pdf - https://refspecs.linuxfoundation.org/elf/elfspec_ppc.pdf - https://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi.html
function Elf.__init__
__init__(path: str | pathlib.Path) → None
Instantiate an ELF object. A valid ELF must be provided, or an exception will be thrown.
property Elf.checksec
Check the security property of the ELF binary. The following properties are: - Canary - NX - PIE - Fortify - Partial/Full RelRO. Return a dict() with the different keys mentioned above, and the boolean associated whether the protection was found.
property Elf.entry_point
function Elf.is_valid
is_valid(path: pathlib.Path) → bool
function Elf.read
read(size: int) → bytes
function Elf.read_and_unpack
read_and_unpack(fmt: str) → tuple[Any, ...]
function Elf.seek
seek(off: int) → None
class ElfInfoCommand
Display a limited subset of ELF header information. If no argument is provided, the command will show information about the current ELF being debugged.
function ElfInfoCommand.__init__
__init__() → None
property ElfInfoCommand.settings
Return the list of settings for this command.
function ElfInfoCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ElfInfoCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ElfInfoCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function ElfInfoCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ElfInfoCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ElfInfoCommand.invoke
invoke(args: str, from_tty: bool) → None
function ElfInfoCommand.post_load
post_load() → None
function ElfInfoCommand.pre_load
pre_load() → None
function ElfInfoCommand.usage
usage() → None
class Endianness
class EntryBreakBreakpoint
Breakpoint used internally to stop execution at the most convenient entry point.
function EntryBreakBreakpoint.__init__
__init__(location: str) → None
function EntryBreakBreakpoint.stop
stop() → bool
class EntryPointBreakCommand
Tries to find best entry point and sets a temporary breakpoint on it. The command will test for well-known symbols for entry points, such as main, _main, __libc_start_main, etc. defined by the setting entrypoint_symbols.
function EntryPointBreakCommand.__init__
__init__() → None
property EntryPointBreakCommand.settings
Return the list of settings for this command.
function EntryPointBreakCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function EntryPointBreakCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function EntryPointBreakCommand.do_invoke
do_invoke(argv: list[str]) → None
function EntryPointBreakCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function EntryPointBreakCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function EntryPointBreakCommand.invoke
invoke(args: str, from_tty: bool) → None
function EntryPointBreakCommand.post_load
post_load() → None
function EntryPointBreakCommand.pre_load
pre_load() → None
function EntryPointBreakCommand.set_init_tbreak
set_init_tbreak(addr: int) → EntryBreakBreakpoint
function EntryPointBreakCommand.set_init_tbreak_pie
set_init_tbreak_pie(addr: int, argv: list[str]) → EntryBreakBreakpoint
function EntryPointBreakCommand.usage
usage() → None
class ExternalStructureManager
function ExternalStructureManager.__init__
__init__() → None
property ExternalStructureManager.modules
property ExternalStructureManager.path
property ExternalStructureManager.structures
handler ExternalStructureManager.find
function ExternalStructureManager.clear_caches
clear_caches() → None
class FileFormat
function FileFormat.__init__
__init__(path: str | pathlib.Path) → None
function FileFormat.is_valid
is_valid(_: pathlib.Path) → bool
class FileFormatSection
class FlagsCommand
Edit flags in a human friendly way.
function FlagsCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property FlagsCommand.settings
Return the list of settings for this command.
function FlagsCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function FlagsCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function FlagsCommand.do_invoke
do_invoke(argv: list[str]) → None
function FlagsCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function FlagsCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function FlagsCommand.invoke
invoke(args: str, from_tty: bool) → None
function FlagsCommand.post_load
post_load() → None
function FlagsCommand.pre_load
pre_load() → None
function FlagsCommand.usage
usage() → None
class FormatStringBreakpoint
Inspect stack for format string.
function FormatStringBreakpoint.__init__
__init__(spec: str, num_args: int) → None
function FormatStringBreakpoint.stop
stop() → bool
class FormatStringSearchCommand
Exploitable format-string helper: this command will set up specific breakpoints at well-known dangerous functions (printf, snprintf, etc.), and check if the pointer holding the format string is writable, and therefore susceptible to format string attacks if an attacker can control its content.
function FormatStringSearchCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property FormatStringSearchCommand.settings
Return the list of settings for this command.
function FormatStringSearchCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function FormatStringSearchCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function FormatStringSearchCommand.do_invoke
do_invoke(_: list[str]) → None
function FormatStringSearchCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function FormatStringSearchCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function FormatStringSearchCommand.invoke
invoke(args: str, from_tty: bool) → None
function FormatStringSearchCommand.post_load
post_load() → None
function FormatStringSearchCommand.pre_load
pre_load() → None
function FormatStringSearchCommand.usage
usage() → None
class GdbRemoveReadlineFinder
function GdbRemoveReadlineFinder.find_module
find_module(fullname, path=None)
function GdbRemoveReadlineFinder.load_module
load_module(fullname)
class Gef
The GEF root class, which serves as a entrypoint for all the debugging session attributes (architecture, memory, settings, etc.).
function Gef.__init__
__init__() → None
function Gef.reinitialize_managers
reinitialize_managers() → None
Reinitialize the managers. Avoid calling this function directly, using pi reset() is preferred
function Gef.reset_caches
reset_caches() → None
Recursively clean the cache of all the managers. Avoid calling this function directly, using reset-cache is preferred
function Gef.setup
setup() → None
Setup initialize the runtime setup, which may require for the gef to be not None.
class GefAlias
Simple aliasing wrapper because GDB doesn't do what it should.
function GefAlias.__init__
__init__(
alias: str,
command: str,
completer_class: int = 0,
command_class: int = -1
) → None
function GefAlias.invoke
invoke(args: Any, from_tty: bool) → None
function GefAlias.lookup_command
lookup_command(cmd: str) → tuple[str, __main__.GenericCommand] | None
class GefCommand
GEF main command: view all new commands by typing gef.
function GefCommand.__init__
__init__() → None
property GefCommand.loaded_command_names
property GefCommand.loaded_commands
loaded_commands is DEPRECATED and will be removed in the future.
property GefCommand.loaded_functions
loaded_functions is DEPRECATED and will be removed in the future.
property GefCommand.missing_commands
missing_commands is DEPRECATED and will be removed in the future.
function GefCommand.add_context_layout_mapping
add_context_layout_mapping(
current_pane_name: str,
display_pane_function: Callable,
pane_title_function: Callable,
condition: Optional[Callable]
) → None
Add a new context layout mapping.
function GefCommand.add_context_pane
add_context_pane(
pane_name: str,
display_pane_function: Callable,
pane_title_function: Callable,
condition: Optional[Callable]
) → None
Add a new context pane to ContextCommand.
function GefCommand.invoke
invoke(args: Any, from_tty: bool) → None
function GefCommand.load
load() → None
Load all the commands and functions defined by GEF into GDB.
function GefCommand.load_extra_plugins
load_extra_plugins(extra_plugins_dir: pathlib.Path | None = None) → int
Load the plugins from the gef-extras setting. Returns the number of new plugins added.
function GefCommand.setup
setup() → None
function GefCommand.show_banner
show_banner() → None
class GefConfigCommand
GEF configuration sub-command This command will help set/view GEF settings for the current debugging session. It is possible to make those changes permanent by running gef save (refer to this command help), and/or restore previously saved settings by running gef restore (refer help).
function GefConfigCommand.__init__
__init__() → None
function GefConfigCommand.complete
complete(text: str, word: str) → list[str]
function GefConfigCommand.invoke
invoke(args: str, from_tty: bool) → None
function GefConfigCommand.print_setting
print_setting(plugin_name: str, verbose: bool = False) → None
function GefConfigCommand.print_settings
print_settings() → None
function GefConfigCommand.set_setting
set_setting(argv: list[str]) → bool
class GefFunctionsCommand
List the convenience functions provided by GEF.
function GefFunctionsCommand.__init__
__init__() → None
property GefFunctionsCommand.settings
Return the list of settings for this command.
function GefFunctionsCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GefFunctionsCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GefFunctionsCommand.do_invoke
do_invoke(argv) → None
function GefFunctionsCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GefFunctionsCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GefFunctionsCommand.invoke
invoke(args: str, from_tty: bool) → None
function GefFunctionsCommand.post_load
post_load() → None
function GefFunctionsCommand.pre_load
pre_load() → None
function GefFunctionsCommand.usage
usage() → None
class GefHeapManager
Class managing session heap.
function GefHeapManager.__init__
__init__() → None
property GefHeapManager.arenas
property GefHeapManager.base_address
property GefHeapManager.chunks
property GefHeapManager.main_arena
property GefHeapManager.malloc_alignment
property GefHeapManager.min_chunk_size
property GefHeapManager.selected_arena
handler GefHeapManager.find_main_arena_addr
function GefHeapManager.csize2tidx
csize2tidx(size: int) → int
function GefHeapManager.malloc_align_address
malloc_align_address(address: int) → int
Align addresses according to glibc's MALLOC_ALIGNMENT. See also Issue #689 on Github
function GefHeapManager.reset_caches
reset_caches() → None
function GefHeapManager.tidx2size
tidx2size(idx: int) → int
class GefHelpCommand
GEF help sub-command.
function GefHelpCommand.__init__
__init__() → None
function GefHelpCommand.invoke
invoke(args: Any, from_tty: bool) → None
class GefInstallExtraScriptCommand
gef install command: installs one or more scripts from the gef-extras script repo. Note that the command doesn't check for external dependencies the script(s) might require.
function GefInstallExtraScriptCommand.__init__
__init__() → None
function GefInstallExtraScriptCommand.invoke
invoke(argv: str, from_tty: bool) → None
class GefLibcManager
Class managing everything libc-related (except heap).
function GefLibcManager.__init__
__init__() → None
property GefLibcManager.version
handler GefLibcManager.find_libc_version
function GefLibcManager.reset_caches
reset_caches() → None
Reset the LRU-cached attributes
class GefManager
function GefManager.reset_caches
reset_caches() → None
Reset the LRU-cached attributes
class GefMemoryManager
Class that manages memory access for gef.
function GefMemoryManager.__init__
__init__() → None
property GefMemoryManager.maps
function GefMemoryManager.append
append(section: __main__.Section)
function GefMemoryManager.parse_gdb_info_proc_maps
parse_gdb_info_proc_maps() → Generator[__main__.Section, NoneType, NoneType]
Get the memory mapping from GDB's command info proc mappings.
function GefMemoryManager.parse_gdb_maintenance_info_sections
parse_gdb_maintenance_info_sections() → Generator[__main__.Section, NoneType, NoneType]
Get the memory mapping from GDB's command maintenance info sections (limited info). In some cases (i.e. coredumps), the memory info collected by info proc sections is insufficient.
function GefMemoryManager.parse_info_mem
parse_info_mem()
Get the memory mapping from GDB's command info mem. This can be provided by certain gdbserver implementations.
function GefMemoryManager.parse_monitor_info_mem
parse_monitor_info_mem() → Generator[__main__.Section, NoneType, NoneType]
Get the memory mapping from GDB's command monitor info mem This can raise an exception, which the memory manager takes to mean that this method does not work to get a map.
function GefMemoryManager.parse_procfs_maps
parse_procfs_maps() → Generator[__main__.Section, NoneType, NoneType]
Get the memory mapping from procfs.
function GefMemoryManager.read
read(addr: int, length: int = 16) → bytes
Return a length long byte array with the copy of the process memory at addr.
function GefMemoryManager.read_ascii_string
read_ascii_string(address: int) → str | None
Read an ASCII string from memory
function GefMemoryManager.read_cstring
read_cstring(
address: int,
max_length: int = 50,
encoding: str | None = None
) → str
Return a C-string read from memory.
function GefMemoryManager.read_integer
read_integer(addr: int) → int
Return an integer read from memory.
function GefMemoryManager.reset_caches
reset_caches() → None
function GefMemoryManager.write
write(address: int, buffer: ByteString, length: int | None = None) → None
Write buffer at address address.
class GefMissingCommand
GEF missing sub-command Display the GEF commands that could not be loaded, along with the reason of why they could not be loaded.
function GefMissingCommand.__init__
__init__() → None
function GefMissingCommand.invoke
invoke(args: Any, from_tty: bool) → None
class GefRemoteSessionManager
Class for managing remote sessions with GEF. It will create a temporary environment designed to clone the remote one.
function GefRemoteSessionManager.__init__
__init__(
host: str,
port: int,
pid: int = -1,
qemu: pathlib.Path | None = None
) → None
property GefRemoteSessionManager.auxiliary_vector
property GefRemoteSessionManager.canary
Return a tuple of the canary address and value, read from the canonical location if supported by the architecture. Otherwise, read from the auxiliary vector.
property GefRemoteSessionManager.cwd
property GefRemoteSessionManager.file
Path to the file being debugged as seen by the remote endpoint.
property GefRemoteSessionManager.lfile
Local path to the file being debugged.
property GefRemoteSessionManager.maps
property GefRemoteSessionManager.mode
property GefRemoteSessionManager.original_canary
Return a tuple of the initial canary address and value, read from the auxiliary vector.
property GefRemoteSessionManager.os
Return the current OS.
property GefRemoteSessionManager.pagesize
Get the system page size
property GefRemoteSessionManager.pid
Return the PID of the target process.
property GefRemoteSessionManager.root
property GefRemoteSessionManager.target
function GefRemoteSessionManager.close
close() → None
function GefRemoteSessionManager.connect
connect(pid: int) → bool
Connect to remote target. If in extended mode, also attach to the given PID.
function GefRemoteSessionManager.remote_objfile_event_handler
remote_objfile_event_handler(evt: 'gdb.NewObjFileEvent') → None
function GefRemoteSessionManager.reset_caches
reset_caches() → None
function GefRemoteSessionManager.setup
setup() → bool
function GefRemoteSessionManager.sync
sync(src: str, dst: str | None = None) → bool
Copy the src into the temporary chroot. If dst is provided, that path will be used instead of src.
class GefRestoreCommand
GEF restore sub-command. Loads settings from file '~/.gef.rc' and apply them to the configuration of GEF.
function GefRestoreCommand.__init__
__init__() → None
function GefRestoreCommand.invoke
invoke(args: str, from_tty: bool) → None
function GefRestoreCommand.reload
reload(quiet: bool)
class GefRunCommand
Override GDB run commands with the context from GEF. Simple wrapper for GDB run command to use arguments set from gef set args.
function GefRunCommand.__init__
__init__() → None
function GefRunCommand.invoke
invoke(args: Any, from_tty: bool) → None
class GefSaveCommand
GEF save sub-command. Saves the current configuration of GEF to disk (by default in file '~/.gef.rc').
function GefSaveCommand.__init__
__init__() → None
function GefSaveCommand.invoke
invoke(args: Any, from_tty: bool) → None
class GefSessionManager
Class managing the runtime properties of GEF.
function GefSessionManager.__init__
__init__() → None
property GefSessionManager.auxiliary_vector
property GefSessionManager.canary
Return a tuple of the canary address and value, read from the canonical location if supported by the architecture. Otherwise, read from the auxiliary vector.
property GefSessionManager.cwd
property GefSessionManager.file
Return a Path object of the target process.
property GefSessionManager.maps
Returns the Path to the procfs entry for the memory mapping.
property GefSessionManager.original_canary
Return a tuple of the initial canary address and value, read from the auxiliary vector.
property GefSessionManager.os
Return the current OS.
property GefSessionManager.pagesize
Get the system page size
property GefSessionManager.pid
Return the PID of the target process.
property GefSessionManager.root
Returns the path to the process's root directory.
function GefSessionManager.reset_caches
reset_caches() → None
class GefSetCommand
Override GDB set commands with the context from GEF.
function GefSetCommand.__init__
__init__() → None
function GefSetCommand.invoke
invoke(args: Any, from_tty: bool) → None
class GefSetting
Basic class for storing gef settings as objects
function GefSetting.__init__
__init__(
value: Any,
cls: type | None = None,
description: str | None = None,
hooks: dict[str, list[typing.Callable]] | None = None
) → None
function GefSetting.add_hook
add_hook(access: str, funcs: list[typing.Callable])
function GefSetting.create_folder_tree
create_folder_tree(value: pathlib.Path)
function GefSetting.must_exist
must_exist(value: pathlib.Path)
function GefSetting.no_spaces
no_spaces(value: pathlib.Path)
class GefSettingsManager
GefSettings acts as a dict where the global settings are stored and can be read, written or deleted as any other dict. For instance, to read a specific command setting: gef.config[mycommand.mysetting]
function GefSettingsManager.raw_entry
raw_entry(name: str) → GefSetting
class GefThemeCommand
Customize GEF appearance.
function GefThemeCommand.__init__
__init__() → None
property GefThemeCommand.settings
Return the list of settings for this command.
function GefThemeCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GefThemeCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GefThemeCommand.do_invoke
do_invoke(args: list[str]) → None
function GefThemeCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GefThemeCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GefThemeCommand.invoke
invoke(args: str, from_tty: bool) → None
function GefThemeCommand.post_load
post_load() → None
function GefThemeCommand.pre_load
pre_load() → None
function GefThemeCommand.usage
usage() → None
class GefTmuxSetup
Setup a comfortable tmux debugging environment.
function GefTmuxSetup.__init__
__init__() → None
function GefTmuxSetup.invoke
invoke(args: Any, from_tty: bool) → None
function GefTmuxSetup.screen_setup
screen_setup() → None
Hackish equivalent of the tmux_setup() function for screen.
function GefTmuxSetup.tmux_setup
tmux_setup() → None
Prepare the tmux environment by vertically splitting the current pane, and forcing the context to be redirected there.
class GefUiManager
Class managing UI settings.
function GefUiManager.__init__
__init__() → None
function GefUiManager.reset_caches
reset_caches() → None
Reset the LRU-cached attributes
class GenericArchitecture
property GenericArchitecture.endianness
property GenericArchitecture.fp
property GenericArchitecture.pc
property GenericArchitecture.ptrsize
property GenericArchitecture.registers
property GenericArchitecture.sp
function GenericArchitecture.canary_address
canary_address() → int
function GenericArchitecture.flag_register_to_human
flag_register_to_human(val: int | None = None) → str
function GenericArchitecture.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → tuple[str, int | None]
Retrieves the correct parameter used for the current function call.
function GenericArchitecture.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int | None
function GenericArchitecture.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → tuple[bool, str]
function GenericArchitecture.is_call
is_call(insn: __main__.Instruction) → bool
function GenericArchitecture.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function GenericArchitecture.is_ret
is_ret(insn: __main__.Instruction) → bool
function GenericArchitecture.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function GenericArchitecture.register
register(name: str) → int
function GenericArchitecture.reset_caches
reset_caches() → None
function GenericArchitecture.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → bool | None
If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.
class GenericCommand
This is an abstract class for invoking commands, should not be instantiated.
function GenericCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property GenericCommand.settings
Return the list of settings for this command.
function GenericCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GenericCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GenericCommand.do_invoke
do_invoke(argv: list[str]) → None
function GenericCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GenericCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GenericCommand.invoke
invoke(args: str, from_tty: bool) → None
function GenericCommand.post_load
post_load() → None
function GenericCommand.pre_load
pre_load() → None
function GenericCommand.usage
usage() → None
class GenericFunction
This is an abstract class for invoking convenience functions, should not be instantiated.
function GenericFunction.__init__
__init__() → None
function GenericFunction.arg_to_long
arg_to_long(args: Any, index: int, default: int = 0) → int
function GenericFunction.do_invoke
do_invoke(args: Any) → int
function GenericFunction.invoke
invoke(*args: Any) → int
class GlibcArena
Glibc arena class
function GlibcArena.__init__
__init__(addr: str) → None
property GlibcArena.addr
property GlibcArena.address
property GlibcArena.attached_threads
property GlibcArena.binmap
property GlibcArena.bins
property GlibcArena.fastbinsY
property GlibcArena.last_remainder
property GlibcArena.max_system_mem
property GlibcArena.next
property GlibcArena.next_free
property GlibcArena.sizeof
property GlibcArena.system_mem
property GlibcArena.top
function GlibcArena.bin
bin(i: int) → tuple[int, int]
function GlibcArena.bin_at
bin_at(i) → int
function GlibcArena.fastbin
fastbin(i: int) → GlibcFastChunk | None
Return head chunk in fastbinsY[i].
function GlibcArena.get_heap_for_ptr
get_heap_for_ptr(ptr: int) → int
Find the corresponding heap for a given pointer (int). See https://github.com/bminor/glibc/blob/glibc-2.34/malloc/arena.c#L129
function GlibcArena.get_heap_info_list
get_heap_info_list() → list[__main__.GlibcHeapInfo] | None
function GlibcArena.heap_addr
heap_addr(allow_unaligned: bool = False) → int | None
function GlibcArena.is_main_arena
is_main_arena() → bool
function GlibcArena.malloc_state_t
malloc_state_t() → Type[_ctypes.Structure]
function GlibcArena.reset
reset()
function GlibcArena.verify
verify(addr: int) → bool
Verify that the address matches a possible valid GlibcArena
class GlibcChunk
Glibc chunk class. The default behavior (from_base=False) is to interpret the data starting at the memory address pointed to as the chunk data. Setting from_base to True instead treats that data as the chunk header. Ref: https://sploitfun.wordpress.com/2015/02/10/understanding-glibc-malloc/.
function GlibcChunk.__init__
__init__(
addr: int,
from_base: bool = False,
allow_unaligned: bool = True
) → None
property GlibcChunk.bk
property GlibcChunk.bk_nextsize
property GlibcChunk.fd
property GlibcChunk.fd_nextsize
property GlibcChunk.flags
property GlibcChunk.prev_size
property GlibcChunk.size
property GlibcChunk.usable_size
function GlibcChunk.get_next_chunk
get_next_chunk(allow_unaligned: bool = False) → GlibcChunk
function GlibcChunk.get_next_chunk_addr
get_next_chunk_addr() → int
function GlibcChunk.get_prev_chunk_size
get_prev_chunk_size() → int
function GlibcChunk.get_usable_size
get_usable_size() → int
function GlibcChunk.has_m_bit
has_m_bit() → bool
function GlibcChunk.has_n_bit
has_n_bit() → bool
function GlibcChunk.has_p_bit
has_p_bit() → bool
function GlibcChunk.is_used
is_used() → bool
Check if the current block is used by: - checking the M bit is true - or checking that next chunk PREV_INUSE flag is true
function GlibcChunk.malloc_chunk_t
malloc_chunk_t() → Type[_ctypes.Structure]
function GlibcChunk.psprint
psprint() → str
function GlibcChunk.reset
reset()
function GlibcChunk.resolve_type
resolve_type() → str
class GlibcFastChunk
function GlibcFastChunk.__init__
__init__(
addr: int,
from_base: bool = False,
allow_unaligned: bool = True
) → None
property GlibcFastChunk.bk
property GlibcFastChunk.bk_nextsize
property GlibcFastChunk.fd
property GlibcFastChunk.fd_nextsize
property GlibcFastChunk.flags
property GlibcFastChunk.prev_size
property GlibcFastChunk.size
property GlibcFastChunk.usable_size
function GlibcFastChunk.get_next_chunk
get_next_chunk(allow_unaligned: bool = False) → GlibcChunk
function GlibcFastChunk.get_next_chunk_addr
get_next_chunk_addr() → int
function GlibcFastChunk.get_prev_chunk_size
get_prev_chunk_size() → int
function GlibcFastChunk.get_usable_size
get_usable_size() → int
function GlibcFastChunk.has_m_bit
has_m_bit() → bool
function GlibcFastChunk.has_n_bit
has_n_bit() → bool
function GlibcFastChunk.has_p_bit
has_p_bit() → bool
function GlibcFastChunk.is_used
is_used() → bool
Check if the current block is used by: - checking the M bit is true - or checking that next chunk PREV_INUSE flag is true
function GlibcFastChunk.malloc_chunk_t
malloc_chunk_t() → Type[_ctypes.Structure]
function GlibcFastChunk.protect_ptr
protect_ptr(pos: int, pointer: int) → int
https://elixir.bootlin.com/glibc/glibc-2.32/source/malloc/malloc.c#L339
function GlibcFastChunk.psprint
psprint() → str
function GlibcFastChunk.reset
reset()
function GlibcFastChunk.resolve_type
resolve_type() → str
function GlibcFastChunk.reveal_ptr
reveal_ptr(pointer: int) → int
https://elixir.bootlin.com/glibc/glibc-2.32/source/malloc/malloc.c#L341
class GlibcHeapArenaCommand
Display information on a heap chunk.
function GlibcHeapArenaCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property GlibcHeapArenaCommand.settings
Return the list of settings for this command.
function GlibcHeapArenaCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapArenaCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapArenaCommand.do_invoke
do_invoke(_: list[str]) → None
function GlibcHeapArenaCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapArenaCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapArenaCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapArenaCommand.post_load
post_load() → None
function GlibcHeapArenaCommand.pre_load
pre_load() → None
function GlibcHeapArenaCommand.usage
usage() → None
class GlibcHeapArenaSummary
function GlibcHeapArenaSummary.__init__
__init__(resolve_type=False) → None
function GlibcHeapArenaSummary.print
print() → None
function GlibcHeapArenaSummary.process_chunk
process_chunk(chunk: __main__.GlibcChunk) → None
class GlibcHeapBinsCommand
Display information on the bins on an arena (default: main_arena). See https://github.com/sploitfun/lsploits/blob/master/glibc/malloc/malloc.c#L1123.
function GlibcHeapBinsCommand.__init__
__init__() → None
property GlibcHeapBinsCommand.settings
Return the list of settings for this command.
function GlibcHeapBinsCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapBinsCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapBinsCommand.do_invoke
do_invoke(argv: list[str]) → None
function GlibcHeapBinsCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapBinsCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapBinsCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapBinsCommand.post_load
post_load() → None
function GlibcHeapBinsCommand.pprint_bin
pprint_bin(arena_addr: str, index: int, _type: str = '') → int
function GlibcHeapBinsCommand.pre_load
pre_load() → None
function GlibcHeapBinsCommand.usage
usage() → None
class GlibcHeapChunkCommand
Display information on a heap chunk. See https://github.com/sploitfun/lsploits/blob/master/glibc/malloc/malloc.c#L1123.
function GlibcHeapChunkCommand.__init__
__init__() → None
property GlibcHeapChunkCommand.settings
Return the list of settings for this command.
function GlibcHeapChunkCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapChunkCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapChunkCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function GlibcHeapChunkCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapChunkCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapChunkCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapChunkCommand.post_load
post_load() → None
function GlibcHeapChunkCommand.pre_load
pre_load() → None
function GlibcHeapChunkCommand.usage
usage() → None
class GlibcHeapChunkSummary
function GlibcHeapChunkSummary.__init__
__init__(desc='')
function GlibcHeapChunkSummary.process_chunk
process_chunk(chunk: __main__.GlibcChunk) → None
class GlibcHeapChunksCommand
Display all heap chunks for the current arena. As an optional argument the base address of a different arena can be passed
function GlibcHeapChunksCommand.__init__
__init__() → None
property GlibcHeapChunksCommand.settings
Return the list of settings for this command.
function GlibcHeapChunksCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapChunksCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapChunksCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function GlibcHeapChunksCommand.dump_chunks_arena
dump_chunks_arena(
arena: __main__.GlibcArena,
ctx: __main__.GlibcHeapWalkContext
) → None
function GlibcHeapChunksCommand.dump_chunks_heap
dump_chunks_heap(
start: int,
end: int,
arena: __main__.GlibcArena,
ctx: __main__.GlibcHeapWalkContext
) → bool
function GlibcHeapChunksCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapChunksCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapChunksCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapChunksCommand.post_load
post_load() → None
function GlibcHeapChunksCommand.pre_load
pre_load() → None
function GlibcHeapChunksCommand.should_process_chunk
should_process_chunk(
chunk: __main__.GlibcChunk,
ctx: __main__.GlibcHeapWalkContext
) → bool
function GlibcHeapChunksCommand.usage
usage() → None
class GlibcHeapCommand
Base command to get information about the Glibc heap structure.
function GlibcHeapCommand.__init__
__init__() → None
property GlibcHeapCommand.settings
Return the list of settings for this command.
function GlibcHeapCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapCommand.do_invoke
do_invoke(_: list[str]) → None
function GlibcHeapCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapCommand.post_load
post_load() → None
function GlibcHeapCommand.pre_load
pre_load() → None
function GlibcHeapCommand.usage
usage() → None
class GlibcHeapFastbinsYCommand
Display information on the fastbinsY on an arena (default: main_arena). See https://github.com/sploitfun/lsploits/blob/master/glibc/malloc/malloc.c#L1123.
function GlibcHeapFastbinsYCommand.__init__
__init__() → None
property GlibcHeapFastbinsYCommand.settings
Return the list of settings for this command.
function GlibcHeapFastbinsYCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapFastbinsYCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapFastbinsYCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function GlibcHeapFastbinsYCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapFastbinsYCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapFastbinsYCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapFastbinsYCommand.post_load
post_load() → None
function GlibcHeapFastbinsYCommand.pre_load
pre_load() → None
function GlibcHeapFastbinsYCommand.usage
usage() → None
class GlibcHeapInfo
Glibc heap_info struct
function GlibcHeapInfo.__init__
__init__(addr: str | int) → None
property GlibcHeapInfo.addr
property GlibcHeapInfo.address
property GlibcHeapInfo.heap_end
property GlibcHeapInfo.heap_start
property GlibcHeapInfo.sizeof
function GlibcHeapInfo.heap_info_t
heap_info_t() → Type[_ctypes.Structure]
function GlibcHeapInfo.reset
reset()
class GlibcHeapLargeBinsCommand
Convenience command for viewing large bins.
function GlibcHeapLargeBinsCommand.__init__
__init__() → None
property GlibcHeapLargeBinsCommand.settings
Return the list of settings for this command.
function GlibcHeapLargeBinsCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapLargeBinsCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapLargeBinsCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function GlibcHeapLargeBinsCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapLargeBinsCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapLargeBinsCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapLargeBinsCommand.post_load
post_load() → None
function GlibcHeapLargeBinsCommand.pre_load
pre_load() → None
function GlibcHeapLargeBinsCommand.usage
usage() → None
class GlibcHeapSetArenaCommand
Set the address of the main_arena or the currently selected arena.
function GlibcHeapSetArenaCommand.__init__
__init__() → None
property GlibcHeapSetArenaCommand.settings
Return the list of settings for this command.
function GlibcHeapSetArenaCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapSetArenaCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapSetArenaCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function GlibcHeapSetArenaCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapSetArenaCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapSetArenaCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapSetArenaCommand.post_load
post_load() → None
function GlibcHeapSetArenaCommand.pre_load
pre_load() → None
function GlibcHeapSetArenaCommand.usage
usage() → None
class GlibcHeapSmallBinsCommand
Convenience command for viewing small bins.
function GlibcHeapSmallBinsCommand.__init__
__init__() → None
property GlibcHeapSmallBinsCommand.settings
Return the list of settings for this command.
function GlibcHeapSmallBinsCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapSmallBinsCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapSmallBinsCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function GlibcHeapSmallBinsCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapSmallBinsCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapSmallBinsCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapSmallBinsCommand.post_load
post_load() → None
function GlibcHeapSmallBinsCommand.pre_load
pre_load() → None
function GlibcHeapSmallBinsCommand.usage
usage() → None
class GlibcHeapTcachebinsCommand
Display information on the Tcachebins on an arena (default: main_arena). See https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=d5c3fafc4307c9b7a4c7d5cb381fcdbfad340bcc.
function GlibcHeapTcachebinsCommand.__init__
__init__() → None
property GlibcHeapTcachebinsCommand.settings
Return the list of settings for this command.
function GlibcHeapTcachebinsCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapTcachebinsCommand.check_thread_ids
check_thread_ids(tids: list[int]) → list[int]
Return the subset of tids that are currently valid.
function GlibcHeapTcachebinsCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapTcachebinsCommand.do_invoke
do_invoke(argv: list[str]) → None
function GlibcHeapTcachebinsCommand.find_tcache
find_tcache() → int
Return the location of the current thread's tcache.
function GlibcHeapTcachebinsCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapTcachebinsCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapTcachebinsCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapTcachebinsCommand.post_load
post_load() → None
function GlibcHeapTcachebinsCommand.pre_load
pre_load() → None
function GlibcHeapTcachebinsCommand.tcachebin
tcachebin(
tcache_base: int,
i: int
) → tuple[__main__.GlibcTcacheChunk | None, int]
Return the head chunk in tcache[i] and the number of chunks in the bin.
function GlibcHeapTcachebinsCommand.usage
usage() → None
class GlibcHeapUnsortedBinsCommand
Display information on the Unsorted Bins of an arena (default: main_arena). See: https://github.com/sploitfun/lsploits/blob/master/glibc/malloc/malloc.c#L1689.
function GlibcHeapUnsortedBinsCommand.__init__
__init__() → None
property GlibcHeapUnsortedBinsCommand.settings
Return the list of settings for this command.
function GlibcHeapUnsortedBinsCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapUnsortedBinsCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapUnsortedBinsCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function GlibcHeapUnsortedBinsCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapUnsortedBinsCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapUnsortedBinsCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapUnsortedBinsCommand.post_load
post_load() → None
function GlibcHeapUnsortedBinsCommand.pre_load
pre_load() → None
function GlibcHeapUnsortedBinsCommand.usage
usage() → None
class GlibcHeapWalkContext
function GlibcHeapWalkContext.__init__
__init__(
print_arena: bool = False,
allow_unaligned: bool = False,
min_size: int = 0,
max_size: int = 0,
count: int = -1,
resolve_type: bool = False,
summary: bool = False
) → None
class GlibcTcacheChunk
function GlibcTcacheChunk.__init__
__init__(
addr: int,
from_base: bool = False,
allow_unaligned: bool = True
) → None
property GlibcTcacheChunk.bk
property GlibcTcacheChunk.bk_nextsize
property GlibcTcacheChunk.fd
property GlibcTcacheChunk.fd_nextsize
property GlibcTcacheChunk.flags
property GlibcTcacheChunk.prev_size
property GlibcTcacheChunk.size
property GlibcTcacheChunk.usable_size
function GlibcTcacheChunk.get_next_chunk
get_next_chunk(allow_unaligned: bool = False) → GlibcChunk
function GlibcTcacheChunk.get_next_chunk_addr
get_next_chunk_addr() → int
function GlibcTcacheChunk.get_prev_chunk_size
get_prev_chunk_size() → int
function GlibcTcacheChunk.get_usable_size
get_usable_size() → int
function GlibcTcacheChunk.has_m_bit
has_m_bit() → bool
function GlibcTcacheChunk.has_n_bit
has_n_bit() → bool
function GlibcTcacheChunk.has_p_bit
has_p_bit() → bool
function GlibcTcacheChunk.is_used
is_used() → bool
Check if the current block is used by: - checking the M bit is true - or checking that next chunk PREV_INUSE flag is true
function GlibcTcacheChunk.malloc_chunk_t
malloc_chunk_t() → Type[_ctypes.Structure]
function GlibcTcacheChunk.protect_ptr
protect_ptr(pos: int, pointer: int) → int
https://elixir.bootlin.com/glibc/glibc-2.32/source/malloc/malloc.c#L339
function GlibcTcacheChunk.psprint
psprint() → str
function GlibcTcacheChunk.reset
reset()
function GlibcTcacheChunk.resolve_type
resolve_type() → str
function GlibcTcacheChunk.reveal_ptr
reveal_ptr(pointer: int) → int
https://elixir.bootlin.com/glibc/glibc-2.32/source/malloc/malloc.c#L341
class GotBaseFunction
Return the current GOT base address plus the given offset.
function GotBaseFunction.__init__
__init__() → None
function GotBaseFunction.arg_to_long
arg_to_long(args: Any, index: int, default: int = 0) → int
function GotBaseFunction.do_invoke
do_invoke(args: list) → int
function GotBaseFunction.invoke
invoke(*args: Any) → int
class GotCommand
Display current status of the got inside the process.
function GotCommand.__init__
__init__()
property GotCommand.settings
Return the list of settings for this command.
function GotCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GotCommand.build_line
build_line(
name: str,
_path: str,
color: str,
address_val: int,
got_address: int
) → str
function GotCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GotCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function GotCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GotCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GotCommand.invoke
invoke(args: str, from_tty: bool) → None
function GotCommand.post_load
post_load() → None
function GotCommand.pre_load
pre_load() → None
function GotCommand.print_got_for
print_got_for(file: str, realpath: str, argv: list[str]) → None
function GotCommand.usage
usage() → None
class HeapAnalysisCommand
Heap vulnerability analysis helper: this command aims to track dynamic heap allocation done through malloc()/free() to provide some insights on possible heap vulnerabilities. The following vulnerabilities are checked: - NULL free - Use-after-Free - Double Free - Heap overlap
function HeapAnalysisCommand.__init__
__init__() → None
property HeapAnalysisCommand.settings
Return the list of settings for this command.
function HeapAnalysisCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HeapAnalysisCommand.clean
clean(_: 'gdb.ExitedEvent') → None
function HeapAnalysisCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HeapAnalysisCommand.do_invoke
do_invoke(argv: list[str]) → None
function HeapAnalysisCommand.dump_tracked_allocations
dump_tracked_allocations() → None
function HeapAnalysisCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HeapAnalysisCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HeapAnalysisCommand.invoke
invoke(args: str, from_tty: bool) → None
function HeapAnalysisCommand.post_load
post_load() → None
function HeapAnalysisCommand.pre_load
pre_load() → None
function HeapAnalysisCommand.setup
setup() → None
function HeapAnalysisCommand.usage
usage() → None
class HeapBaseFunction
Return the current heap base address plus an optional offset.
function HeapBaseFunction.__init__
__init__() → None
function HeapBaseFunction.arg_to_long
arg_to_long(args: Any, index: int, default: int = 0) → int
function HeapBaseFunction.do_invoke
do_invoke(args: list[str]) → int
function HeapBaseFunction.invoke
invoke(*args: Any) → int
class HexdumpByteCommand
Display SIZE lines of hexdump as BYTE from the memory location pointed by ADDRESS.
function HexdumpByteCommand.__init__
__init__() → None
property HexdumpByteCommand.settings
Return the list of settings for this command.
function HexdumpByteCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HexdumpByteCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HexdumpByteCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function HexdumpByteCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HexdumpByteCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HexdumpByteCommand.invoke
invoke(args: str, from_tty: bool) → None
function HexdumpByteCommand.post_load
post_load() → None
function HexdumpByteCommand.pre_load
pre_load() → None
function HexdumpByteCommand.usage
usage() → None
class HexdumpCommand
Display SIZE lines of hexdump from the memory location pointed by LOCATION.
function HexdumpCommand.__init__
__init__() → None
property HexdumpCommand.settings
Return the list of settings for this command.
function HexdumpCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HexdumpCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HexdumpCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function HexdumpCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HexdumpCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HexdumpCommand.invoke
invoke(args: str, from_tty: bool) → None
function HexdumpCommand.post_load
post_load() → None
function HexdumpCommand.pre_load
pre_load() → None
function HexdumpCommand.usage
usage() → None
class HexdumpDwordCommand
Display SIZE lines of hexdump as DWORD from the memory location pointed by ADDRESS.
function HexdumpDwordCommand.__init__
__init__() → None
property HexdumpDwordCommand.settings
Return the list of settings for this command.
function HexdumpDwordCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HexdumpDwordCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HexdumpDwordCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function HexdumpDwordCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HexdumpDwordCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HexdumpDwordCommand.invoke
invoke(args: str, from_tty: bool) → None
function HexdumpDwordCommand.post_load
post_load() → None
function HexdumpDwordCommand.pre_load
pre_load() → None
function HexdumpDwordCommand.usage
usage() → None
class HexdumpQwordCommand
Display SIZE lines of hexdump as QWORD from the memory location pointed by ADDRESS.
function HexdumpQwordCommand.__init__
__init__() → None
property HexdumpQwordCommand.settings
Return the list of settings for this command.
function HexdumpQwordCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HexdumpQwordCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HexdumpQwordCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function HexdumpQwordCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HexdumpQwordCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HexdumpQwordCommand.invoke
invoke(args: str, from_tty: bool) → None
function HexdumpQwordCommand.post_load
post_load() → None
function HexdumpQwordCommand.pre_load
pre_load() → None
function HexdumpQwordCommand.usage
usage() → None
class HexdumpWordCommand
Display SIZE lines of hexdump as WORD from the memory location pointed by ADDRESS.
function HexdumpWordCommand.__init__
__init__() → None
property HexdumpWordCommand.settings
Return the list of settings for this command.
function HexdumpWordCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HexdumpWordCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HexdumpWordCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function HexdumpWordCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HexdumpWordCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HexdumpWordCommand.invoke
invoke(args: str, from_tty: bool) → None
function HexdumpWordCommand.post_load
post_load() → None
function HexdumpWordCommand.pre_load
pre_load() → None
function HexdumpWordCommand.usage
usage() → None
class HighlightAddCommand
Add a match to the highlight table.
function HighlightAddCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property HighlightAddCommand.settings
Return the list of settings for this command.
function HighlightAddCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HighlightAddCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HighlightAddCommand.do_invoke
do_invoke(argv: list[str]) → None
function HighlightAddCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HighlightAddCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HighlightAddCommand.invoke
invoke(args: str, from_tty: bool) → None
function HighlightAddCommand.post_load
post_load() → None
function HighlightAddCommand.pre_load
pre_load() → None
function HighlightAddCommand.usage
usage() → None
class HighlightClearCommand
Clear the highlight table, remove all matches.
function HighlightClearCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property HighlightClearCommand.settings
Return the list of settings for this command.
function HighlightClearCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HighlightClearCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HighlightClearCommand.do_invoke
do_invoke(_: list[str]) → None
function HighlightClearCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HighlightClearCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HighlightClearCommand.invoke
invoke(args: str, from_tty: bool) → None
function HighlightClearCommand.post_load
post_load() → None
function HighlightClearCommand.pre_load
pre_load() → None
function HighlightClearCommand.usage
usage() → None
class HighlightCommand
Highlight user-defined text matches in GEF output universally.
function HighlightCommand.__init__
__init__() → None
property HighlightCommand.settings
Return the list of settings for this command.
function HighlightCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HighlightCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HighlightCommand.do_invoke
do_invoke(_: list[str]) → None
function HighlightCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HighlightCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HighlightCommand.invoke
invoke(args: str, from_tty: bool) → None
function HighlightCommand.post_load
post_load() → None
function HighlightCommand.pre_load
pre_load() → None
function HighlightCommand.usage
usage() → None
class HighlightListCommand
Show the current highlight table with matches to colors.
function HighlightListCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property HighlightListCommand.settings
Return the list of settings for this command.
function HighlightListCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HighlightListCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HighlightListCommand.do_invoke
do_invoke(_: list[str]) → None
function HighlightListCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HighlightListCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HighlightListCommand.invoke
invoke(args: str, from_tty: bool) → None
function HighlightListCommand.post_load
post_load() → None
function HighlightListCommand.pre_load
pre_load() → None
function HighlightListCommand.print_highlight_table
print_highlight_table() → None
function HighlightListCommand.usage
usage() → None
class HighlightRemoveCommand
Remove a match in the highlight table.
function HighlightRemoveCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property HighlightRemoveCommand.settings
Return the list of settings for this command.
function HighlightRemoveCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HighlightRemoveCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HighlightRemoveCommand.do_invoke
do_invoke(argv: list[str]) → None
function HighlightRemoveCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HighlightRemoveCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HighlightRemoveCommand.invoke
invoke(args: str, from_tty: bool) → None
function HighlightRemoveCommand.post_load
post_load() → None
function HighlightRemoveCommand.pre_load
pre_load() → None
function HighlightRemoveCommand.usage
usage() → None
class Instruction
GEF representation of a CPU instruction.
function Instruction.__init__
__init__(
address: int,
location: str,
mnemo: str,
operands: list[str],
opcodes: bytes
) → None
function Instruction.is_valid
is_valid() → bool
function Instruction.next
next() → Instruction
function Instruction.size
size() → int
class JustSilentStopBreakpoint
When hit, this temporary breakpoint stop the execution.
function JustSilentStopBreakpoint.__init__
__init__(loc: str) → None
class MIPS
property MIPS.endianness
property MIPS.fp
property MIPS.pc
property MIPS.ptrsize
property MIPS.registers
property MIPS.sp
function MIPS.canary_address
canary_address() → int
function MIPS.flag_register_to_human
flag_register_to_human(val: int | None = None) → str
function MIPS.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → tuple[str, int | None]
Retrieves the correct parameter used for the current function call.
function MIPS.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int | None
function MIPS.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → tuple[bool, str]
function MIPS.is_call
is_call(insn: __main__.Instruction) → bool
function MIPS.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function MIPS.is_ret
is_ret(insn: __main__.Instruction) → bool
function MIPS.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function MIPS.register
register(name: str) → int
function MIPS.reset_caches
reset_caches() → None
function MIPS.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → bool | None
If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.
class MIPS64
property MIPS64.endianness
property MIPS64.fp
property MIPS64.pc
property MIPS64.ptrsize
property MIPS64.registers
property MIPS64.sp
function MIPS64.canary_address
canary_address() → int
function MIPS64.flag_register_to_human
flag_register_to_human(val: int | None = None) → str
function MIPS64.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → tuple[str, int | None]
Retrieves the correct parameter used for the current function call.
function MIPS64.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int | None
function MIPS64.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → tuple[bool, str]
function MIPS64.is_call
is_call(insn: __main__.Instruction) → bool
function MIPS64.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function MIPS64.is_ret
is_ret(insn: __main__.Instruction) → bool
function MIPS64.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function MIPS64.register
register(name: str) → int
function MIPS64.reset_caches
reset_caches() → None
function MIPS64.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → bool | None
class MemoryCommand
Add or remove address ranges to the memory view.
function MemoryCommand.__init__
__init__() → None
property MemoryCommand.settings
Return the list of settings for this command.
function MemoryCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function MemoryCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function MemoryCommand.do_invoke
do_invoke(argv: list[str]) → None
function MemoryCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function MemoryCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function MemoryCommand.invoke
invoke(args: str, from_tty: bool) → None
function MemoryCommand.post_load
post_load() → None
function MemoryCommand.pre_load
pre_load() → None
function MemoryCommand.usage
usage() → None
class MemoryUnwatchCommand
Removes address ranges to the memory view.
function MemoryUnwatchCommand.__init__
__init__() → None
property MemoryUnwatchCommand.settings
Return the list of settings for this command.
function MemoryUnwatchCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function MemoryUnwatchCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function MemoryUnwatchCommand.do_invoke
do_invoke(argv: list[str]) → None
function MemoryUnwatchCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function MemoryUnwatchCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function MemoryUnwatchCommand.invoke
invoke(args: str, from_tty: bool) → None
function MemoryUnwatchCommand.post_load
post_load() → None
function MemoryUnwatchCommand.pre_load
pre_load() → None
function MemoryUnwatchCommand.usage
usage() → None
class MemoryWatchCommand
Adds address ranges to the memory view.
function MemoryWatchCommand.__init__
__init__() → None
property MemoryWatchCommand.settings
Return the list of settings for this command.
function MemoryWatchCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function MemoryWatchCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function MemoryWatchCommand.do_invoke
do_invoke(argv: list[str]) → None
function MemoryWatchCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function MemoryWatchCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function MemoryWatchCommand.invoke
invoke(args: str, from_tty: bool) → None
function MemoryWatchCommand.post_load
post_load() → None
function MemoryWatchCommand.pre_load
pre_load() → None
function MemoryWatchCommand.usage
usage() → None
class MemoryWatchListCommand
Lists all watchpoints to display in context layout.
function MemoryWatchListCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property MemoryWatchListCommand.settings
Return the list of settings for this command.
function MemoryWatchListCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function MemoryWatchListCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function MemoryWatchListCommand.do_invoke
do_invoke(_: list[str]) → None
function MemoryWatchListCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function MemoryWatchListCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function MemoryWatchListCommand.invoke
invoke(args: str, from_tty: bool) → None
function MemoryWatchListCommand.post_load
post_load() → None
function MemoryWatchListCommand.pre_load
pre_load() → None
function MemoryWatchListCommand.usage
usage() → None
class MemoryWatchResetCommand
Removes all watchpoints.
function MemoryWatchResetCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property MemoryWatchResetCommand.settings
Return the list of settings for this command.
function MemoryWatchResetCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function MemoryWatchResetCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function MemoryWatchResetCommand.do_invoke
do_invoke(_: list[str]) → None
function MemoryWatchResetCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function MemoryWatchResetCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function MemoryWatchResetCommand.invoke
invoke(args: str, from_tty: bool) → None
function MemoryWatchResetCommand.post_load
post_load() → None
function MemoryWatchResetCommand.pre_load
pre_load() → None
function MemoryWatchResetCommand.usage
usage() → None
class NamedBreakpoint
Breakpoint which shows a specified name, when hit.
function NamedBreakpoint.__init__
__init__(location: str, name: str) → None
function NamedBreakpoint.stop
stop() → bool
class NamedBreakpointCommand
Sets a breakpoint and assigns a name to it, which will be shown, when it's hit.
function NamedBreakpointCommand.__init__
__init__() → None
property NamedBreakpointCommand.settings
Return the list of settings for this command.
function NamedBreakpointCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function NamedBreakpointCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function NamedBreakpointCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function NamedBreakpointCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function NamedBreakpointCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function NamedBreakpointCommand.invoke
invoke(args: str, from_tty: bool) → None
function NamedBreakpointCommand.post_load
post_load() → None
function NamedBreakpointCommand.pre_load
pre_load() → None
function NamedBreakpointCommand.usage
usage() → None
class NopCommand
Patch the instruction(s) pointed by parameters with NOP. Note: this command is architecture aware.
function NopCommand.__init__
__init__() → None
property NopCommand.settings
Return the list of settings for this command.
function NopCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function NopCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function NopCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function NopCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function NopCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function NopCommand.invoke
invoke(args: str, from_tty: bool) → None
function NopCommand.post_load
post_load() → None
function NopCommand.pre_load
pre_load() → None
function NopCommand.usage
usage() → None
class ObsoleteException
class PCustomCommand
Dump user defined structure. This command attempts to reproduce WinDBG awesome dt command for GDB and allows to apply structures (from symbols or custom) directly to an address. Custom structures can be defined in pure Python using ctypes, and should be stored in a specific directory, whose path must be stored in the pcustom.struct_path configuration setting.
function PCustomCommand.__init__
__init__() → None
property PCustomCommand.settings
Return the list of settings for this command.
function PCustomCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PCustomCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PCustomCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function PCustomCommand.explode_type
explode_type(arg: str) → tuple[str, str]
function PCustomCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PCustomCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PCustomCommand.invoke
invoke(args: str, from_tty: bool) → None
function PCustomCommand.post_load
post_load() → None
function PCustomCommand.pre_load
pre_load() → None
function PCustomCommand.usage
usage() → None
class PCustomEditCommand
PCustom: edit the content of a given structure
function PCustomEditCommand.__init__
__init__() → None
property PCustomEditCommand.settings
Return the list of settings for this command.
function PCustomEditCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PCustomEditCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PCustomEditCommand.do_invoke
do_invoke(argv: list[str]) → None
function PCustomEditCommand.explode_type
explode_type(arg: str) → tuple[str, str]
function PCustomEditCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PCustomEditCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PCustomEditCommand.invoke
invoke(args: str, from_tty: bool) → None
function PCustomEditCommand.post_load
post_load() → None
function PCustomEditCommand.pre_load
pre_load() → None
function PCustomEditCommand.usage
usage() → None
class PCustomListCommand
PCustom: list available structures
function PCustomListCommand.__init__
__init__() → None
property PCustomListCommand.settings
Return the list of settings for this command.
function PCustomListCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PCustomListCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PCustomListCommand.do_invoke
do_invoke(_: list[str]) → None
Dump the list of all the structures and their respective.
function PCustomListCommand.explode_type
explode_type(arg: str) → tuple[str, str]
function PCustomListCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PCustomListCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PCustomListCommand.invoke
invoke(args: str, from_tty: bool) → None
function PCustomListCommand.post_load
post_load() → None
function PCustomListCommand.pre_load
pre_load() → None
function PCustomListCommand.usage
usage() → None
class PCustomShowCommand
PCustom: show the content of a given structure
function PCustomShowCommand.__init__
__init__() → None
property PCustomShowCommand.settings
Return the list of settings for this command.
function PCustomShowCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PCustomShowCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PCustomShowCommand.do_invoke
do_invoke(argv: list[str]) → None
function PCustomShowCommand.explode_type
explode_type(arg: str) → tuple[str, str]
function PCustomShowCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PCustomShowCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PCustomShowCommand.invoke
invoke(args: str, from_tty: bool) → None
function PCustomShowCommand.post_load
post_load() → None
function PCustomShowCommand.pre_load
pre_load() → None
function PCustomShowCommand.usage
usage() → None
class PatchByteCommand
Write specified BYTE to the specified address.
function PatchByteCommand.__init__
__init__() → None
property PatchByteCommand.settings
Return the list of settings for this command.
function PatchByteCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PatchByteCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PatchByteCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function PatchByteCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PatchByteCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PatchByteCommand.invoke
invoke(args: str, from_tty: bool) → None
function PatchByteCommand.post_load
post_load() → None
function PatchByteCommand.pre_load
pre_load() → None
function PatchByteCommand.usage
usage() → None
class PatchCommand
Write specified values to the specified address.
function PatchCommand.__init__
__init__() → None
property PatchCommand.settings
Return the list of settings for this command.
function PatchCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PatchCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PatchCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function PatchCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PatchCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PatchCommand.invoke
invoke(args: str, from_tty: bool) → None
function PatchCommand.post_load
post_load() → None
function PatchCommand.pre_load
pre_load() → None
function PatchCommand.usage
usage() → None
class PatchDwordCommand
Write specified DWORD to the specified address.
function PatchDwordCommand.__init__
__init__() → None
property PatchDwordCommand.settings
Return the list of settings for this command.
function PatchDwordCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PatchDwordCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PatchDwordCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function PatchDwordCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PatchDwordCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PatchDwordCommand.invoke
invoke(args: str, from_tty: bool) → None
function PatchDwordCommand.post_load
post_load() → None
function PatchDwordCommand.pre_load
pre_load() → None
function PatchDwordCommand.usage
usage() → None
class PatchQwordCommand
Write specified QWORD to the specified address.
function PatchQwordCommand.__init__
__init__() → None
property PatchQwordCommand.settings
Return the list of settings for this command.
function PatchQwordCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PatchQwordCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PatchQwordCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function PatchQwordCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PatchQwordCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PatchQwordCommand.invoke
invoke(args: str, from_tty: bool) → None
function PatchQwordCommand.post_load
post_load() → None
function PatchQwordCommand.pre_load
pre_load() → None
function PatchQwordCommand.usage
usage() → None
class PatchStringCommand
Write specified string to the specified memory location pointed by ADDRESS.
function PatchStringCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property PatchStringCommand.settings
Return the list of settings for this command.
function PatchStringCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PatchStringCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PatchStringCommand.do_invoke
do_invoke(argv: list[str]) → None
function PatchStringCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PatchStringCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PatchStringCommand.invoke
invoke(args: str, from_tty: bool) → None
function PatchStringCommand.post_load
post_load() → None
function PatchStringCommand.pre_load
pre_load() → None
function PatchStringCommand.usage
usage() → None
class PatchWordCommand
Write specified WORD to the specified address.
function PatchWordCommand.__init__
__init__() → None
property PatchWordCommand.settings
Return the list of settings for this command.
function PatchWordCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PatchWordCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PatchWordCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function PatchWordCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PatchWordCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PatchWordCommand.invoke
invoke(args: str, from_tty: bool) → None
function PatchWordCommand.post_load
post_load() → None
function PatchWordCommand.pre_load
pre_load() → None
function PatchWordCommand.usage
usage() → None
class PatternCommand
Generate or Search a De Bruijn Sequence of unique substrings of length N and a total length of LENGTH. The default value of N is set to match the currently loaded architecture.
function PatternCommand.__init__
__init__() → None
property PatternCommand.settings
Return the list of settings for this command.
function PatternCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PatternCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PatternCommand.do_invoke
do_invoke(_: list[str]) → None
function PatternCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PatternCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PatternCommand.invoke
invoke(args: str, from_tty: bool) → None
function PatternCommand.post_load
post_load() → None
function PatternCommand.pre_load
pre_load() → None
function PatternCommand.usage
usage() → None
class PatternCreateCommand
Generate a De Bruijn Sequence of unique substrings of length N and a total length of LENGTH. The default value of N is set to match the currently loaded architecture.
function PatternCreateCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property PatternCreateCommand.settings
Return the list of settings for this command.
function PatternCreateCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PatternCreateCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PatternCreateCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function PatternCreateCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PatternCreateCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PatternCreateCommand.invoke
invoke(args: str, from_tty: bool) → None
function PatternCreateCommand.post_load
post_load() → None
function PatternCreateCommand.pre_load
pre_load() → None
function PatternCreateCommand.usage
usage() → None
class PatternSearchCommand
Search a De Bruijn Sequence of unique substrings of length N and a maximum total length of MAX_LENGTH. The default value of N is set to match the currently loaded architecture. The PATTERN argument can be a GDB symbol (such as a register name), a string or a hexadecimal value
function PatternSearchCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property PatternSearchCommand.settings
Return the list of settings for this command.
function PatternSearchCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PatternSearchCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PatternSearchCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function PatternSearchCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PatternSearchCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PatternSearchCommand.invoke
invoke(args: str, from_tty: bool) → None
function PatternSearchCommand.post_load
post_load() → None
function PatternSearchCommand.pre_load
pre_load() → None
function PatternSearchCommand.search
search(pattern: str, size: int, period: int) → None
function PatternSearchCommand.usage
usage() → None
class Permission
GEF representation of Linux permission.
class Phdr
function Phdr.__init__
__init__(elf: __main__.Elf, off: int) → None
class PieAttachCommand
Do attach with PIE breakpoint support.
function PieAttachCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property PieAttachCommand.settings
Return the list of settings for this command.
function PieAttachCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PieAttachCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PieAttachCommand.do_invoke
do_invoke(argv: list[str]) → None
function PieAttachCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PieAttachCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PieAttachCommand.invoke
invoke(args: str, from_tty: bool) → None
function PieAttachCommand.post_load
post_load() → None
function PieAttachCommand.pre_load
pre_load() → None
function PieAttachCommand.usage
usage() → None
class PieBreakpointCommand
Set a PIE breakpoint at an offset from the target binaries base address.
function PieBreakpointCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property PieBreakpointCommand.settings
Return the list of settings for this command.
function PieBreakpointCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PieBreakpointCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PieBreakpointCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function PieBreakpointCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PieBreakpointCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PieBreakpointCommand.invoke
invoke(args: str, from_tty: bool) → None
function PieBreakpointCommand.post_load
post_load() → None
function PieBreakpointCommand.pre_load
pre_load() → None
function PieBreakpointCommand.set_pie_breakpoint
set_pie_breakpoint(set_func: Callable[[int], str], addr: int) → None
function PieBreakpointCommand.usage
usage() → None
class PieCommand
PIE breakpoint support.
function PieCommand.__init__
__init__() → None
property PieCommand.settings
Return the list of settings for this command.
function PieCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PieCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PieCommand.do_invoke
do_invoke(argv: list[str]) → None
function PieCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PieCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PieCommand.invoke
invoke(args: str, from_tty: bool) → None
function PieCommand.post_load
post_load() → None
function PieCommand.pre_load
pre_load() → None
function PieCommand.usage
usage() → None
class PieDeleteCommand
Delete a PIE breakpoint.
function PieDeleteCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property PieDeleteCommand.settings
Return the list of settings for this command.
function PieDeleteCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PieDeleteCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PieDeleteCommand.delete_bp
delete_bp(breakpoints: list[__main__.PieVirtualBreakpoint]) → None
function PieDeleteCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function PieDeleteCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PieDeleteCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PieDeleteCommand.invoke
invoke(args: str, from_tty: bool) → None
function PieDeleteCommand.post_load
post_load() → None
function PieDeleteCommand.pre_load
pre_load() → None
function PieDeleteCommand.usage
usage() → None
class PieInfoCommand
Display breakpoint info.
function PieInfoCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property PieInfoCommand.settings
Return the list of settings for this command.
function PieInfoCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PieInfoCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PieInfoCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function PieInfoCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PieInfoCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PieInfoCommand.invoke
invoke(args: str, from_tty: bool) → None
function PieInfoCommand.post_load
post_load() → None
function PieInfoCommand.pre_load
pre_load() → None
function PieInfoCommand.usage
usage() → None
class PieRemoteCommand
Attach to a remote connection with PIE breakpoint support.
function PieRemoteCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property PieRemoteCommand.settings
Return the list of settings for this command.
function PieRemoteCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PieRemoteCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PieRemoteCommand.do_invoke
do_invoke(argv: list[str]) → None
function PieRemoteCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PieRemoteCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PieRemoteCommand.invoke
invoke(args: str, from_tty: bool) → None
function PieRemoteCommand.post_load
post_load() → None
function PieRemoteCommand.pre_load
pre_load() → None
function PieRemoteCommand.usage
usage() → None
class PieRunCommand
Run process with PIE breakpoint support.
function PieRunCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property PieRunCommand.settings
Return the list of settings for this command.
function PieRunCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PieRunCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PieRunCommand.do_invoke
do_invoke(argv: list[str]) → None
function PieRunCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PieRunCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PieRunCommand.invoke
invoke(args: str, from_tty: bool) → None
function PieRunCommand.post_load
post_load() → None
function PieRunCommand.pre_load
pre_load() → None
function PieRunCommand.usage
usage() → None
class PieVirtualBreakpoint
PIE virtual breakpoint (not real breakpoint).
function PieVirtualBreakpoint.__init__
__init__(set_func: Callable[[int], str], vbp_num: int, addr: int) → None
function PieVirtualBreakpoint.destroy
destroy() → None
function PieVirtualBreakpoint.instantiate
instantiate(base: int) → None
class PowerPC
property PowerPC.endianness
property PowerPC.fp
property PowerPC.pc
property PowerPC.ptrsize
property PowerPC.registers
property PowerPC.sp
function PowerPC.canary_address
canary_address() → int
function PowerPC.flag_register_to_human
flag_register_to_human(val: int | None = None) → str
function PowerPC.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → tuple[str, int | None]
Retrieves the correct parameter used for the current function call.
function PowerPC.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int | None
function PowerPC.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → tuple[bool, str]
function PowerPC.is_call
is_call(insn: __main__.Instruction) → bool
function PowerPC.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function PowerPC.is_ret
is_ret(insn: __main__.Instruction) → bool
function PowerPC.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function PowerPC.register
register(name: str) → int
function PowerPC.reset_caches
reset_caches() → None
function PowerPC.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → bool | None
If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.
class PowerPC64
property PowerPC64.endianness
property PowerPC64.fp
property PowerPC64.pc
property PowerPC64.ptrsize
property PowerPC64.registers
property PowerPC64.sp
function PowerPC64.canary_address
canary_address() → int
function PowerPC64.flag_register_to_human
flag_register_to_human(val: int | None = None) → str
function PowerPC64.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → tuple[str, int | None]
Retrieves the correct parameter used for the current function call.
function PowerPC64.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int | None
function PowerPC64.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → tuple[bool, str]
function PowerPC64.is_call
is_call(insn: __main__.Instruction) → bool
function PowerPC64.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function PowerPC64.is_ret
is_ret(insn: __main__.Instruction) → bool
function PowerPC64.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function PowerPC64.register
register(name: str) → int
function PowerPC64.reset_caches
reset_caches() → None
function PowerPC64.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → bool | None
If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.
class PrintFormatCommand
Print bytes format in commonly used formats, such as literals in high level languages.
function PrintFormatCommand.__init__
__init__() → None
property PrintFormatCommand.format_matrix
property PrintFormatCommand.settings
Return the list of settings for this command.
function PrintFormatCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function PrintFormatCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function PrintFormatCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function PrintFormatCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function PrintFormatCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function PrintFormatCommand.invoke
invoke(args: str, from_tty: bool) → None
function PrintFormatCommand.post_load
post_load() → None
function PrintFormatCommand.pre_load
pre_load() → None
function PrintFormatCommand.usage
usage() → None
class ProcessListingCommand
List and filter process. If a PATTERN is given as argument, results shown will be grepped by this pattern.
function ProcessListingCommand.__init__
__init__() → None
property ProcessListingCommand.settings
Return the list of settings for this command.
function ProcessListingCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ProcessListingCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ProcessListingCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function ProcessListingCommand.get_processes
get_processes() → Generator[dict[str, str], NoneType, NoneType]
function ProcessListingCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ProcessListingCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ProcessListingCommand.invoke
invoke(args: str, from_tty: bool) → None
function ProcessListingCommand.post_load
post_load() → None
function ProcessListingCommand.pre_load
pre_load() → None
function ProcessListingCommand.usage
usage() → None
class ProcessStatusCommand
Extends the info given by GDB info proc, by giving an exhaustive description of the process status (file descriptors, ancestor, descendants, etc.).
function ProcessStatusCommand.__init__
__init__() → None
property ProcessStatusCommand.settings
Return the list of settings for this command.
function ProcessStatusCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ProcessStatusCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ProcessStatusCommand.do_invoke
do_invoke(argv: list[str]) → None
function ProcessStatusCommand.get_children_pids
get_children_pids(pid: int) → list[int]
function ProcessStatusCommand.get_cmdline_of
get_cmdline_of(pid: int) → str
function ProcessStatusCommand.get_process_path_of
get_process_path_of(pid: int) → str
function ProcessStatusCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ProcessStatusCommand.get_state_of
get_state_of(pid: int) → dict[str, str]
function ProcessStatusCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ProcessStatusCommand.invoke
invoke(args: str, from_tty: bool) → None
function ProcessStatusCommand.list_sockets
list_sockets(pid: int) → list[int]
function ProcessStatusCommand.parse_ip_port
parse_ip_port(addr: str) → tuple[str, int]
function ProcessStatusCommand.post_load
post_load() → None
function ProcessStatusCommand.pre_load
pre_load() → None
function ProcessStatusCommand.show_ancestor
show_ancestor() → None
function ProcessStatusCommand.show_connections
show_connections() → None
function ProcessStatusCommand.show_descendants
show_descendants() → None
function ProcessStatusCommand.show_fds
show_fds() → None
function ProcessStatusCommand.show_info_proc
show_info_proc() → None
function ProcessStatusCommand.usage
usage() → None
class RISCV
property RISCV.endianness
property RISCV.fp
property RISCV.instruction_length
property RISCV.pc
property RISCV.ptrsize
property RISCV.registers
property RISCV.sp
function RISCV.canary_address
canary_address() → int
function RISCV.flag_register_to_human
flag_register_to_human(val: int | None = None) → str
function RISCV.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → tuple[str, int | None]
Retrieves the correct parameter used for the current function call.
function RISCV.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int | None
function RISCV.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → tuple[bool, str]
function RISCV.is_call
is_call(insn: __main__.Instruction) → bool
function RISCV.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function RISCV.is_ret
is_ret(insn: __main__.Instruction) → bool
function RISCV.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function RISCV.register
register(name: str) → int
function RISCV.reset_caches
reset_caches() → None
function RISCV.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → bool | None
If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.
class RedirectOutputContext
function RedirectOutputContext.__init__
__init__(to_file: str = '/dev/null') → None
class RemoteCommand
GDB target remote command on steroids. This command will use the remote procfs to create a local copy of the execution environment, including the target binary and its libraries in the local temporary directory (the value by default is in gef.config.tempdir). Additionally, it will fetch all the /proc/PID/maps and loads all its information. If procfs is not available remotely, the command will likely fail. You can however still use the limited command provided by GDB target remote.
function RemoteCommand.__init__
__init__() → None
property RemoteCommand.settings
Return the list of settings for this command.
function RemoteCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function RemoteCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function RemoteCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function RemoteCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function RemoteCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function RemoteCommand.invoke
invoke(args: str, from_tty: bool) → None
function RemoteCommand.post_load
post_load() → None
function RemoteCommand.pre_load
pre_load() → None
function RemoteCommand.usage
usage() → None
class ResetCacheCommand
Reset cache of all stored data. This command is here for debugging and test purposes, GEF handles properly the cache reset under "normal" scenario.
function ResetCacheCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property ResetCacheCommand.settings
Return the list of settings for this command.
function ResetCacheCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ResetCacheCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ResetCacheCommand.do_invoke
do_invoke(_: list[str]) → None
function ResetCacheCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ResetCacheCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ResetCacheCommand.invoke
invoke(args: str, from_tty: bool) → None
function ResetCacheCommand.post_load
post_load() → None
function ResetCacheCommand.pre_load
pre_load() → None
function ResetCacheCommand.usage
usage() → None
class SPARC
Refs: - https://www.cse.scu.edu/~atkinson/teaching/sp05/259/sparc.pdf
property SPARC.endianness
property SPARC.fp
property SPARC.pc
property SPARC.ptrsize
property SPARC.registers
property SPARC.sp
function SPARC.canary_address
canary_address() → int
function SPARC.flag_register_to_human
flag_register_to_human(val: int | None = None) → str
function SPARC.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → tuple[str, int | None]
Retrieves the correct parameter used for the current function call.
function SPARC.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int | None
function SPARC.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → tuple[bool, str]
function SPARC.is_call
is_call(insn: __main__.Instruction) → bool
function SPARC.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function SPARC.is_ret
is_ret(insn: __main__.Instruction) → bool
function SPARC.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function SPARC.register
register(name: str) → int
function SPARC.reset_caches
reset_caches() → None
function SPARC.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → bool | None
If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.
class SPARC64
Refs: - http://math-atlas.sourceforge.net/devel/assembly/abi_sysV_sparc.pdf - https://cr.yp.to/2005-590/sparcv9.pdf
property SPARC64.endianness
property SPARC64.fp
property SPARC64.pc
property SPARC64.ptrsize
property SPARC64.registers
property SPARC64.sp
function SPARC64.canary_address
canary_address() → int
function SPARC64.flag_register_to_human
flag_register_to_human(val: int | None = None) → str
function SPARC64.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → tuple[str, int | None]
Retrieves the correct parameter used for the current function call.
function SPARC64.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int | None
function SPARC64.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → tuple[bool, str]
function SPARC64.is_call
is_call(insn: __main__.Instruction) → bool
function SPARC64.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function SPARC64.is_ret
is_ret(insn: __main__.Instruction) → bool
function SPARC64.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function SPARC64.register
register(name: str) → int
function SPARC64.reset_caches
reset_caches() → None
function SPARC64.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → bool | None
If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.
class ScanSectionCommand
Search for addresses that are located in a memory mapping (haystack) that belonging to another (needle).
function ScanSectionCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property ScanSectionCommand.settings
Return the list of settings for this command.
function ScanSectionCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ScanSectionCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ScanSectionCommand.do_invoke
do_invoke(argv: list[str]) → None
function ScanSectionCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ScanSectionCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ScanSectionCommand.invoke
invoke(args: str, from_tty: bool) → None
function ScanSectionCommand.post_load
post_load() → None
function ScanSectionCommand.pre_load
pre_load() → None
function ScanSectionCommand.usage
usage() → None
class SearchPatternCommand
SearchPatternCommand: search a pattern in memory. If given an hex value (starting with 0x) the command will also try to look for upwards cross-references to this address.
function SearchPatternCommand.__init__
__init__() → None
property SearchPatternCommand.settings
Return the list of settings for this command.
function SearchPatternCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function SearchPatternCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function SearchPatternCommand.do_invoke
do_invoke(argv: list[str]) → None
function SearchPatternCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function SearchPatternCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function SearchPatternCommand.invoke
invoke(args: str, from_tty: bool) → None
function SearchPatternCommand.post_load
post_load() → None
function SearchPatternCommand.pre_load
pre_load() → None
function SearchPatternCommand.print_loc
print_loc(loc: tuple[int, int, str]) → None
function SearchPatternCommand.print_section
print_section(section: __main__.Section) → None
function SearchPatternCommand.search_binpattern_by_address
search_binpattern_by_address(
binpattern: bytes,
start_address: int,
end_address: int
) → list[tuple[int, int, str]]
Search a binary pattern within a range defined by arguments.
function SearchPatternCommand.search_pattern
search_pattern(pattern: str, section_name: str) → None
Search a pattern within the whole userland memory.
function SearchPatternCommand.search_pattern_by_address
search_pattern_by_address(
pattern: str,
start_address: int,
end_address: int
) → list[tuple[int, int, str]]
Search a pattern within a range defined by arguments.
function SearchPatternCommand.usage
usage() → None
class Section
GEF representation of process memory sections.
function Section.__init__
__init__(**kwargs: Any) → None
property Section.realpath
property Section.size
function Section.contains
contains(addr: int) → bool
function Section.is_executable
is_executable() → bool
function Section.is_readable
is_readable() → bool
function Section.is_writable
is_writable() → bool
function Section.overlaps
overlaps(other: 'Section') → bool
class SectionBaseFunction
Return the matching file's base address plus an optional offset. Defaults to current file. Note that quotes need to be escaped
function SectionBaseFunction.__init__
__init__() → None
function SectionBaseFunction.arg_to_long
arg_to_long(args: Any, index: int, default: int = 0) → int
function SectionBaseFunction.do_invoke
do_invoke(args: list) → int
function SectionBaseFunction.invoke
invoke(*args: Any) → int
class Shdr
function Shdr.__init__
__init__(elf: __main__.Elf | None, off: int) → None
class ShellcodeCommand
ShellcodeCommand uses @JonathanSalwan simple-yet-awesome shellcode API to download shellcodes.
function ShellcodeCommand.__init__
__init__() → None
property ShellcodeCommand.settings
Return the list of settings for this command.
function ShellcodeCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ShellcodeCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ShellcodeCommand.do_invoke
do_invoke(_: list[str]) → None
function ShellcodeCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ShellcodeCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ShellcodeCommand.invoke
invoke(args: str, from_tty: bool) → None
function ShellcodeCommand.post_load
post_load() → None
function ShellcodeCommand.pre_load
pre_load() → None
function ShellcodeCommand.usage
usage() → None
class ShellcodeGetCommand
Download shellcode from shell-storm's shellcode database.
function ShellcodeGetCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property ShellcodeGetCommand.settings
Return the list of settings for this command.
function ShellcodeGetCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ShellcodeGetCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ShellcodeGetCommand.do_invoke
do_invoke(argv: list[str]) → None
function ShellcodeGetCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ShellcodeGetCommand.get_shellcode
get_shellcode(sid: int) → None
function ShellcodeGetCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ShellcodeGetCommand.invoke
invoke(args: str, from_tty: bool) → None
function ShellcodeGetCommand.post_load
post_load() → None
function ShellcodeGetCommand.pre_load
pre_load() → None
function ShellcodeGetCommand.usage
usage() → None
class ShellcodeSearchCommand
Search pattern in shell-storm's shellcode database.
function ShellcodeSearchCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property ShellcodeSearchCommand.settings
Return the list of settings for this command.
function ShellcodeSearchCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ShellcodeSearchCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ShellcodeSearchCommand.do_invoke
do_invoke(argv: list[str]) → None
function ShellcodeSearchCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ShellcodeSearchCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ShellcodeSearchCommand.invoke
invoke(args: str, from_tty: bool) → None
function ShellcodeSearchCommand.post_load
post_load() → None
function ShellcodeSearchCommand.pre_load
pre_load() → None
function ShellcodeSearchCommand.usage
usage() → None
class SkipiCommand
Skip N instruction(s) execution
function SkipiCommand.__init__
__init__() → None
property SkipiCommand.settings
Return the list of settings for this command.
function SkipiCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function SkipiCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function SkipiCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function SkipiCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function SkipiCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function SkipiCommand.invoke
invoke(args: str, from_tty: bool) → None
function SkipiCommand.post_load
post_load() → None
function SkipiCommand.pre_load
pre_load() → None
function SkipiCommand.usage
usage() → None
class SmartEvalCommand
SmartEval: Smart eval (vague approach to mimic WinDBG ?).
function SmartEvalCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property SmartEvalCommand.settings
Return the list of settings for this command.
function SmartEvalCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function SmartEvalCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function SmartEvalCommand.distance
distance(args: list[str]) → None
function SmartEvalCommand.do_invoke
do_invoke(argv: list[str]) → None
function SmartEvalCommand.evaluate
evaluate(expr: list[str]) → None
function SmartEvalCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function SmartEvalCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function SmartEvalCommand.invoke
invoke(args: str, from_tty: bool) → None
function SmartEvalCommand.post_load
post_load() → None
function SmartEvalCommand.pre_load
pre_load() → None
function SmartEvalCommand.usage
usage() → None
class StackOffsetFunction
Return the current stack base address plus an optional offset.
function StackOffsetFunction.__init__
__init__() → None
function StackOffsetFunction.arg_to_long
arg_to_long(args: Any, index: int, default: int = 0) → int
function StackOffsetFunction.do_invoke
do_invoke(args: list) → int
function StackOffsetFunction.invoke
invoke(*args: Any) → int
class StepoverCommand
Breaks on the instruction immediately following this one. Ex: Step over call instruction
function StepoverCommand.__init__
__init__() → None
property StepoverCommand.settings
Return the list of settings for this command.
function StepoverCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function StepoverCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function StepoverCommand.do_invoke
do_invoke(_: list[str]) → None
function StepoverCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function StepoverCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function StepoverCommand.invoke
invoke(args: str, from_tty: bool) → None
function StepoverCommand.post_load
post_load() → None
function StepoverCommand.pre_load
pre_load() → None
function StepoverCommand.usage
usage() → None
class StubBreakpoint
Create a breakpoint to permanently disable a call (fork/alarm/signal/etc.).
function StubBreakpoint.__init__
__init__(func: str, retval: int | None) → None
function StubBreakpoint.stop
stop() → bool
class StubCommand
Stub out the specified function. This function is useful when needing to skip one function to be called and disrupt your runtime flow (ex. fork).
function StubCommand.__init__
__init__() → None
property StubCommand.settings
Return the list of settings for this command.
function StubCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function StubCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function StubCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function StubCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function StubCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function StubCommand.invoke
invoke(args: str, from_tty: bool) → None
function StubCommand.post_load
post_load() → None
function StubCommand.pre_load
pre_load() → None
function StubCommand.usage
usage() → None
class TraceFreeBreakpoint
Track calls to free() and attempts to detect inconsistencies.
function TraceFreeBreakpoint.__init__
__init__() → None
function TraceFreeBreakpoint.stop
stop() → bool
class TraceFreeRetBreakpoint
Internal temporary breakpoint to track free()d values.
function TraceFreeRetBreakpoint.__init__
__init__(addr: int) → None
function TraceFreeRetBreakpoint.stop
stop() → bool
class TraceMallocBreakpoint
Track allocations done with malloc() or calloc().
function TraceMallocBreakpoint.__init__
__init__(name: str) → None
function TraceMallocBreakpoint.stop
stop() → bool
class TraceMallocRetBreakpoint
Internal temporary breakpoint to retrieve the return value of malloc().
function TraceMallocRetBreakpoint.__init__
__init__(size: int, name: str) → None
function TraceMallocRetBreakpoint.stop
stop() → bool
class TraceReallocBreakpoint
Track re-allocations done with realloc().
function TraceReallocBreakpoint.__init__
__init__() → None
function TraceReallocBreakpoint.stop
stop() → bool
class TraceReallocRetBreakpoint
Internal temporary breakpoint to retrieve the return value of realloc().
function TraceReallocRetBreakpoint.__init__
__init__(ptr: int, size: int) → None
function TraceReallocRetBreakpoint.stop
stop() → bool
class TraceRunCommand
Create a runtime trace of all instructions executed from $pc to LOCATION specified. The trace is stored in a text file that can be next imported in IDA Pro to visualize the runtime path.
function TraceRunCommand.__init__
__init__() → None
property TraceRunCommand.settings
Return the list of settings for this command.
function TraceRunCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function TraceRunCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function TraceRunCommand.do_invoke
do_invoke(argv: list[str]) → None
function TraceRunCommand.get_frames_size
get_frames_size() → int
function TraceRunCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function TraceRunCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function TraceRunCommand.invoke
invoke(args: str, from_tty: bool) → None
function TraceRunCommand.post_load
post_load() → None
function TraceRunCommand.pre_load
pre_load() → None
function TraceRunCommand.start_tracing
start_tracing(loc_start: int, loc_end: int, depth: int) → None
function TraceRunCommand.trace
trace(loc_start: int, loc_end: int, depth: int) → None
function TraceRunCommand.usage
usage() → None
class UafWatchpoint
Custom watchpoints set TraceFreeBreakpoint() to monitor free()d pointers being used.
function UafWatchpoint.__init__
__init__(addr: int) → None
function UafWatchpoint.stop
stop() → bool
If this method is triggered, we likely have a UaF. Break the execution and report it.
class VMMapCommand
Display a comprehensive layout of the virtual memory mapping. If a filter argument, GEF will filter out the mapping whose pathname do not match that filter.
function VMMapCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property VMMapCommand.settings
Return the list of settings for this command.
function VMMapCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function VMMapCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function VMMapCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function VMMapCommand.format_addr_filter
format_addr_filter(arg: str, addr: int)
function VMMapCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function VMMapCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function VMMapCommand.invoke
invoke(args: str, from_tty: bool) → None
function VMMapCommand.is_integer
is_integer(n: str) → bool
function VMMapCommand.post_load
post_load() → None
function VMMapCommand.pre_load
pre_load() → None
function VMMapCommand.print_entry
print_entry(entry: __main__.Section) → None
function VMMapCommand.show_legend
show_legend() → None
function VMMapCommand.usage
usage() → None
class ValidationError
class VersionCommand
Display GEF version info.
function VersionCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property VersionCommand.settings
Return the list of settings for this command.
function VersionCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function VersionCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function VersionCommand.do_invoke
do_invoke(argv: list[str]) → None
function VersionCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function VersionCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function VersionCommand.invoke
invoke(args: str, from_tty: bool) → None
function VersionCommand.post_load
post_load() → None
function VersionCommand.pre_load
pre_load() → None
function VersionCommand.usage
usage() → None
class X86
property X86.endianness
property X86.fp
property X86.pc
property X86.ptrsize
property X86.registers
property X86.sp
function X86.canary_address
canary_address() → int
function X86.flag_register_to_human
flag_register_to_human(val: int | None = None) → str
function X86.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → tuple[str, int | None]
function X86.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int | None
function X86.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → tuple[bool, str]
function X86.is_call
is_call(insn: __main__.Instruction) → bool
function X86.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function X86.is_ret
is_ret(insn: __main__.Instruction) → bool
function X86.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function X86.register
register(name: str) → int
function X86.reset_caches
reset_caches() → None
function X86.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → bool | None
If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.
class X86_64
property X86_64.endianness
property X86_64.fp
property X86_64.pc
property X86_64.ptrsize
property X86_64.registers
property X86_64.sp
function X86_64.canary_address
canary_address() → int
function X86_64.flag_register_to_human
flag_register_to_human(val: int | None = None) → str
function X86_64.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → tuple[str, int | None]
Retrieves the correct parameter used for the current function call.
function X86_64.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int | None
function X86_64.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → tuple[bool, str]
function X86_64.is_call
is_call(insn: __main__.Instruction) → bool
function X86_64.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function X86_64.is_ret
is_ret(insn: __main__.Instruction) → bool
function X86_64.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function X86_64.register
register(name: str) → int
function X86_64.reset_caches
reset_caches() → None
function X86_64.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → bool | None
If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.
class XAddressInfoCommand
Retrieve and display runtime information for the location(s) given as parameter.
function XAddressInfoCommand.__init__
__init__() → None
property XAddressInfoCommand.settings
Return the list of settings for this command.
function XAddressInfoCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function XAddressInfoCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function XAddressInfoCommand.do_invoke
do_invoke(argv: list[str]) → None
function XAddressInfoCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function XAddressInfoCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function XAddressInfoCommand.infos
infos(address: int) → None
function XAddressInfoCommand.invoke
invoke(args: str, from_tty: bool) → None
function XAddressInfoCommand.post_load
post_load() → None
function XAddressInfoCommand.pre_load
pre_load() → None
function XAddressInfoCommand.usage
usage() → None
class XFilesCommand
Shows all libraries (and sections) loaded by binary. This command extends the GDB command info files, by retrieving more information from extra sources, and providing a better display. If an argument FILE is given, the output will grep information related to only that file. If an argument name is also given, the output will grep to the name within FILE.
function XFilesCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property XFilesCommand.settings
Return the list of settings for this command.
function XFilesCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function XFilesCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function XFilesCommand.do_invoke
do_invoke(argv: list[str]) → None
function XFilesCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function XFilesCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function XFilesCommand.invoke
invoke(args: str, from_tty: bool) → None
function XFilesCommand.post_load
post_load() → None
function XFilesCommand.pre_load
pre_load() → None
function XFilesCommand.usage
usage() → None
class XorMemoryCommand
XOR a block of memory. The command allows to simply display the result, or patch it runtime at runtime.
function XorMemoryCommand.__init__
__init__() → None
property XorMemoryCommand.settings
Return the list of settings for this command.
function XorMemoryCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function XorMemoryCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function XorMemoryCommand.do_invoke
do_invoke(_: list[str]) → None
function XorMemoryCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function XorMemoryCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function XorMemoryCommand.invoke
invoke(args: str, from_tty: bool) → None
function XorMemoryCommand.post_load
post_load() → None
function XorMemoryCommand.pre_load
pre_load() → None
function XorMemoryCommand.usage
usage() → None
class XorMemoryDisplayCommand
Display a block of memory pointed by ADDRESS by xor-ing each byte with KEY. The key must be provided in hexadecimal format.
function XorMemoryDisplayCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property XorMemoryDisplayCommand.settings
Return the list of settings for this command.
function XorMemoryDisplayCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function XorMemoryDisplayCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function XorMemoryDisplayCommand.do_invoke
do_invoke(argv: list[str]) → None
function XorMemoryDisplayCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function XorMemoryDisplayCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function XorMemoryDisplayCommand.invoke
invoke(args: str, from_tty: bool) → None
function XorMemoryDisplayCommand.post_load
post_load() → None
function XorMemoryDisplayCommand.pre_load
pre_load() → None
function XorMemoryDisplayCommand.usage
usage() → None
class XorMemoryPatchCommand
Patch a block of memory pointed by ADDRESS by xor-ing each byte with KEY. The key must be provided in hexadecimal format.
function XorMemoryPatchCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property XorMemoryPatchCommand.settings
Return the list of settings for this command.
function XorMemoryPatchCommand.add_setting
add_setting(
name: str,
value: tuple[typing.Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function XorMemoryPatchCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function XorMemoryPatchCommand.do_invoke
do_invoke(argv: list[str]) → None
function XorMemoryPatchCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function XorMemoryPatchCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function XorMemoryPatchCommand.invoke
invoke(args: str, from_tty: bool) → None
function XorMemoryPatchCommand.post_load
post_load() → None
function XorMemoryPatchCommand.pre_load
pre_load() → None
function XorMemoryPatchCommand.usage
usage() → None
class Zone
Zone(name, zone_start, zone_end, filename)
class classproperty
Make the attribute a classproperty.
This file was automatically generated via lazydocs.