module GEF
Global Variables
- GEF_DEFAULT_BRANCH
- GEF_EXTRAS_DEFAULT_BRANCH
- GDB_MIN_VERSION
- GDB_VERSION
- PYTHON_MIN_VERSION
- PYTHON_VERSION
- DEFAULT_PAGE_ALIGN_SHIFT
- DEFAULT_PAGE_SIZE
- GEF_TEMP_DIR
- GEF_MAX_STRING_LENGTH
- LIBC_HEAP_MAIN_ARENA_DEFAULT_NAME
- ANSI_SPLIT_RE
- LEFT_ARROW
- RIGHT_ARROW
- DOWN_ARROW
- HORIZONTAL_LINE
- VERTICAL_LINE
- CROSS
- TICK
- BP_GLYPH
- GEF_PROMPT
- GEF_PROMPT_ON
- GEF_PROMPT_OFF
- PREFIX
- gdb_initial_settings
- cmd
- gef
- errmsg
function http_get
http_get(url: str) → Optional[bytes]
Basic HTTP wrapper for GET request. Return the body of the page if HTTP code is OK, otherwise return None.
function update_gef
update_gef(argv: List[str]) → int
Try to update gef to the latest version pushed on GitHub main branch. Return 0 on success, 1 on failure.
function reset_all_caches
reset_all_caches() → None
Free all caches. If an object is cached, it will have a callable attribute cache_clear which will be invoked to purge the function cache.
function reset
reset() → None
function highlight_text
highlight_text(text: str) → str
Highlight text using gef.ui.highlight_table { match -> color } settings.
If RegEx is enabled it will create a match group around all items in the gef.ui.highlight_table and wrap the specified color in the gef.ui.highlight_table around those matches.
If RegEx is disabled, split by ANSI codes and 'colorify' each match found within the specified string.
function gef_print
gef_print(*args: str, end='\n', sep=' ', **kwargs: Any) → None
Wrapper around print(), using string buffering feature.
function bufferize
bufferize(f: Callable) → Callable
Store the content to be printed for a function in memory, and flush it on function exit.
function p8
p8(
x: int,
s: bool = False,
e: Optional[ForwardRef('Endianness')] = None
) → bytes
Pack one byte respecting the current architecture endianness.
function p16
p16(
x: int,
s: bool = False,
e: Optional[ForwardRef('Endianness')] = None
) → bytes
Pack one word respecting the current architecture endianness.
function p32
p32(
x: int,
s: bool = False,
e: Optional[ForwardRef('Endianness')] = None
) → bytes
Pack one dword respecting the current architecture endianness.
function p64
p64(
x: int,
s: bool = False,
e: Optional[ForwardRef('Endianness')] = None
) → bytes
Pack one qword respecting the current architecture endianness.
function u8
u8(
x: bytes,
s: bool = False,
e: Optional[ForwardRef('Endianness')] = None
) → int
Unpack one byte respecting the current architecture endianness.
function u16
u16(
x: bytes,
s: bool = False,
e: Optional[ForwardRef('Endianness')] = None
) → int
Unpack one word respecting the current architecture endianness.
function u32
u32(
x: bytes,
s: bool = False,
e: Optional[ForwardRef('Endianness')] = None
) → int
Unpack one dword respecting the current architecture endianness.
function u64
u64(
x: bytes,
s: bool = False,
e: Optional[ForwardRef('Endianness')] = None
) → int
Unpack one qword respecting the current architecture endianness.
function is_ascii_string
is_ascii_string(address: int) → bool
Helper function to determine if the buffer pointed by address is an ASCII string (in GDB)
function is_alive
is_alive() → bool
Check if GDB is running.
function calling_function
calling_function() → Optional[str]
Return the name of the calling function
function only_if_gdb_running
only_if_gdb_running(f: Callable) → Callable
Decorator wrapper to check if GDB is running.
function only_if_gdb_target_local
only_if_gdb_target_local(f: Callable) → Callable
Decorator wrapper to check if GDB is running locally (target not remote).
function deprecated
deprecated(solution: str = '') → Callable
Decorator to add a warning when a command is obsolete and will be removed.
function experimental_feature
experimental_feature(f: Callable) → Callable
Decorator to add a warning when a feature is experimental.
function only_if_events_supported
only_if_events_supported(event_type: str) → Callable
Checks if GDB supports events without crashing.
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function wrapped_f
wrapped_f(*args: Any, **kwargs: Any) → Any
function FakeExit
FakeExit(*args: Any, **kwargs: Any) → NoReturn
function parse_arguments
parse_arguments(
required_arguments: Dict[Union[str, Tuple[str, str]], Any],
optional_arguments: Dict[Union[str, Tuple[str, str]], Any]
) → Callable
Argument parsing decorator.
function search_for_main_arena
search_for_main_arena() → int
search_for_main_arena is DEPRECATED and will be removed in the future.
Use GefHeapManager.find_main_arena_addr()
function get_libc_version
get_libc_version() → Tuple[int, ...]
get_libc_version is DEPRECATED and will be removed in the future.
Use GefLibcManager.find_libc_version()
function titlify
titlify(
text: str,
color: Optional[str] = None,
msg_color: Optional[str] = None
) → str
Print a centered title.
function dbg
dbg(msg: str) → None
function err
err(msg: str) → None
function warn
warn(msg: str) → None
function ok
ok(msg: str) → None
function info
info(msg: str) → None
function push_context_message
push_context_message(level: str, message: str) → None
Push the message to be displayed the next time the context is invoked.
function show_last_exception
show_last_exception() → None
Display the last Python exception.
function gef_pystring
gef_pystring(x: bytes) → str
Returns a sanitized version as string of the bytes list given in input.
function gef_pybytes
gef_pybytes(x: str) → bytes
Returns an immutable bytes list from the string given as input.
function style_byte
style_byte(b: int, color: bool = True) → str
function hexdump
hexdump(
source: ByteString,
length: int = 16,
separator: str = '.',
show_raw: bool = False,
show_symbol: bool = True,
base: int = 0
) → str
Return the hexdump of src argument. @param source MUST be of type bytes or bytearray @param length is the length of items per line @param separator is the default character to use if one byte is not printable @param show_raw if True, do not add the line nor the text translation @param base is the start address of the block being hexdump @return a string with the hexdump
function is_debug
is_debug() → bool
Check if debug mode is enabled.
function buffer_output
buffer_output() → bool
Check if output should be buffered until command completion.
function hide_context
hide_context() → bool
Helper function to hide the context pane.
function unhide_context
unhide_context() → bool
Helper function to unhide the context pane.
function enable_redirect_output
enable_redirect_output(to_file: str = '/dev/null') → None
Redirect all GDB output to to_file parameter. By default, to_file redirects to /dev/null.
function disable_redirect_output
disable_redirect_output() → None
Disable the output redirection, if any.
function gef_makedirs
gef_makedirs(path: str, mode: int = 493) → Path
Recursive mkdir() creation. If successful, return the absolute path of the directory created.
function gdb_disassemble
gdb_disassemble(
start_pc: int,
**kwargs: int
) → Generator[__main__.Instruction, NoneType, NoneType]
Disassemble instructions from start_pc (Integer). Accepts the following named
parameters:
end_pc(Integer) only instructions whose start address fall in the interval from start_pc to end_pc are returned.count(Integer) list at most this many disassembled instructions Ifend_pcandcountare not provided, the function will behave as ifcount=1. Return an iterator of Instruction objects
function gdb_get_nth_previous_instruction_address
gdb_get_nth_previous_instruction_address(addr: int, n: int) → Optional[int]
Return the address (Integer) of the n-th instruction before addr.
function gdb_get_nth_next_instruction_address
gdb_get_nth_next_instruction_address(addr: int, n: int) → int
Return the address (Integer) of the n-th instruction after addr.
function gef_instruction_n
gef_instruction_n(addr: int, n: int) → Instruction
Return the n-th instruction after addr as an Instruction object.
function gef_get_instruction_at
gef_get_instruction_at(addr: int) → Instruction
Return the full Instruction found at the specified address.
function gef_current_instruction
gef_current_instruction(addr: int) → Instruction
Return the current instruction as an Instruction object.
function gef_next_instruction
gef_next_instruction(addr: int) → Instruction
Return the next instruction as an Instruction object.
function gef_disassemble
gef_disassemble(
addr: int,
nb_insn: int,
nb_prev: int = 0
) → Generator[__main__.Instruction, NoneType, NoneType]
Disassemble nb_insn instructions after addr and nb_prev before addr. Return an iterator of Instruction objects.
function gef_execute_external
gef_execute_external(
command: Sequence[str],
as_list: bool = False,
**kwargs: Any
) → Union[str, List[str]]
Execute an external command and return the result.
function gef_execute_gdb_script
gef_execute_gdb_script(commands: str) → None
Execute the parameter source as GDB command. This is done by writing commands to a temporary file, which is then executed via GDB source command. The tempfile is then deleted.
function checksec
checksec(filename: str) → Dict[str, bool]
checksec is DEPRECATED and will be removed in the future.
Use Elf(fname).checksec()
function get_entry_point
get_entry_point() → Optional[int]
Return the binary entry point.
get_entry_point is DEPRECATED and will be removed in the future.
Use gef.binary.entry_point instead
function is_pie
is_pie(fpath: str) → bool
function is_big_endian
is_big_endian() → bool
is_big_endian is DEPRECATED and will be removed in the future.
Prefer gef.arch.endianness == Endianness.BIG_ENDIAN
function is_little_endian
is_little_endian() → bool
is_little_endian is DEPRECATED and will be removed in the future.
gef.arch.endianness == Endianness.LITTLE_ENDIAN
function flags_to_human
flags_to_human(reg_value: int, value_table: Dict[int, str]) → str
Return a human readable string showing the flag states.
function register_architecture
register_architecture(
cls: Type[ForwardRef('Architecture')]
) → Type[ForwardRef('Architecture')]
register_architecture is DEPRECATED and will be removed in the future.
Using the decorator register_architecture is unecessary
function copy_to_clipboard
copy_to_clipboard(data: bytes) → None
Helper function to submit data to the clipboard
function use_stdtype
use_stdtype() → str
function use_default_type
use_default_type() → str
function use_golang_type
use_golang_type() → str
function use_rust_type
use_rust_type() → str
function to_unsigned_long
to_unsigned_long(v: gdb.Value) → int
Cast a gdb.Value to unsigned long.
function get_path_from_info_proc
get_path_from_info_proc() → Optional[str]
function get_os
get_os() → str
get_os is DEPRECATED and will be removed in the future.
Use gef.session.os
function get_filepath
get_filepath() → Optional[str]
Return the local absolute path of the file currently debugged.
function get_function_length
get_function_length(sym: str) → int
Attempt to get the length of the raw bytes of a function.
function process_lookup_address
process_lookup_address(address: int) → Optional[__main__.Section]
Look up for an address in memory. Return an Address object if found, None otherwise.
function xor
xor(data: ByteString, key: str) → bytearray
Return data xor-ed with key.
function is_hex
is_hex(pattern: str) → bool
Return whether provided string is a hexadecimal value.
function continue_handler
continue_handler(_: 'gdb.Event') → None
GDB event handler for new object continue cases.
function hook_stop_handler
hook_stop_handler(_: 'gdb.StopEvent') → None
GDB event handler for stop cases.
function new_objfile_handler
new_objfile_handler(evt: Optional[ForwardRef('gdb.NewObjFileEvent')]) → None
GDB event handler for new object file cases.
function exit_handler
exit_handler(_: 'gdb.ExitedEvent') → None
GDB event handler for exit cases.
function memchanged_handler
memchanged_handler(_: 'gdb.MemoryChangedEvent') → None
GDB event handler for mem changes cases.
function regchanged_handler
regchanged_handler(_: 'gdb.RegisterChangedEvent') → None
GDB event handler for reg changes cases.
function get_terminal_size
get_terminal_size() → Tuple[int, int]
Return the current terminal size.
function reset_architecture
reset_architecture(arch: Optional[str] = None) → None
Sets the current architecture. If an architecture is explicitly specified by parameter, try to use that one. If this fails, an OSError exception will occur. If no architecture is specified, then GEF will attempt to determine automatically based on the current ELF target. If this fails, an OSError exception will occur.
function get_memory_alignment
get_memory_alignment(in_bits: bool = False) → int
Try to determine the size of a pointer on this system. First, try to parse it out of the ELF header. Next, use the size of size_t. Finally, try the size of $pc. If in_bits is set to True, the result is returned in bits, otherwise in bytes.
get_memory_alignment is DEPRECATED and will be removed in the future.
Use gef.arch.ptrsize instead
function clear_screen
clear_screen(tty: str = '') → None
Clear the screen.
function format_address
format_address(addr: int) → str
Format the address according to its size.
function format_address_spaces
format_address_spaces(addr: int, left: bool = True) → str
Format the address according to its size, but with spaces instead of zeroes.
function align_address
align_address(address: int) → int
Align the provided address to the process's native length.
function align_address_to_size
align_address_to_size(address: int, align: int) → int
Align the address to the given size.
function align_address_to_page
align_address_to_page(address: int) → int
Align the address to a page.
function parse_address
parse_address(address: str) → int
Parse an address and return it as an Integer.
function is_in_x86_kernel
is_in_x86_kernel(address: int) → bool
function is_remote_debug
is_remote_debug() → bool
"Return True is the current debugging session is running through GDB remote session.
function de_bruijn
de_bruijn(alphabet: bytes, n: int) → Generator[str, NoneType, NoneType]
De Bruijn sequence for alphabet and subsequences of length n (for compat. w/ pwnlib).
function generate_cyclic_pattern
generate_cyclic_pattern(length: int, cycle: int = 4) → bytearray
Create a length byte bytearray of a de Bruijn cyclic pattern.
function safe_parse_and_eval
safe_parse_and_eval(value: str) → Optional[ForwardRef('gdb.Value')]
GEF wrapper for gdb.parse_and_eval(): this function returns None instead of raising gdb.error if the eval failed.
function gef_convenience
gef_convenience(value: Union[str, bytes]) → str
Defines a new convenience value.
function parse_string_range
parse_string_range(s: str) → Iterator[int]
Parses an address range (e.g. 0x400000-0x401000)
function gef_get_pie_breakpoint
gef_get_pie_breakpoint(num: int) → PieVirtualBreakpoint
gef_get_pie_breakpoint is DEPRECATED and will be removed in the future.
Use gef.session.pie_breakpoints[num]
function endian_str
endian_str() → str
endian_str is DEPRECATED and will be removed in the future.
Use str(gef.arch.endianness) instead
function get_gef_setting
get_gef_setting(name: str) → Any
get_gef_setting is DEPRECATED and will be removed in the future.
Use gef.config[key]
function set_gef_setting
set_gef_setting(name: str, value: Any) → None
set_gef_setting is DEPRECATED and will be removed in the future.
Use gef.config[key] = value
function gef_getpagesize
gef_getpagesize() → int
gef_getpagesize is DEPRECATED and will be removed in the future.
Use gef.session.pagesize
function gef_read_canary
gef_read_canary() → Optional[Tuple[int, int]]
gef_read_canary is DEPRECATED and will be removed in the future.
Use gef.session.canary
function get_pid
get_pid() → int
get_pid is DEPRECATED and will be removed in the future.
Use gef.session.pid
function get_filename
get_filename() → str
get_filename is DEPRECATED and will be removed in the future.
Use gef.session.file.name
function get_glibc_arena
get_glibc_arena() → Optional[__main__.GlibcArena]
get_glibc_arena is DEPRECATED and will be removed in the future.
Use gef.heap.main_arena
function get_register
get_register(regname) → Optional[int]
get_register is DEPRECATED and will be removed in the future.
Use gef.arch.register(regname)
function get_process_maps
get_process_maps() → List[__main__.Section]
get_process_maps is DEPRECATED and will be removed in the future.
Use gef.memory.maps
function set_arch
set_arch(arch: Optional[str] = None, _: Optional[str] = None) → None
set_arch is DEPRECATED and will be removed in the future.
Use reset_architecture
function register_external_context_pane
register_external_context_pane(
pane_name: str,
display_pane_function: Callable[[], NoneType],
pane_title_function: Callable[[], Optional[str]],
condition: Optional[Callable[[], bool]] = None
) → None
Registering function for new GEF Context View. pane_name: a string that has no spaces (used in settings) display_pane_function: a function that uses gef_print() to print strings pane_title_function: a function that returns a string or None, which will be displayed as the title. If None, no title line is displayed. condition: an optional callback: if not None, the callback will be executed first. If it returns true, then only the pane title and content will displayed. Otherwise, it's simply skipped.
Example usage for a simple text to show when we hit a syscall: def only_syscall(): return gef_current_instruction(gef.arch.pc).is_syscall() def display_pane(): gef_print("Wow, I am a context pane!") def pane_title(): return "example:pane" register_external_context_pane("example_pane", display_pane, pane_title, only_syscall)
function register_external_command
register_external_command(
cls: Type[ForwardRef('GenericCommand')]
) → Type[ForwardRef('GenericCommand')]
Registering function for new GEF (sub-)command to GDB.
register_external_command is DEPRECATED and will be removed in the future.
Use register(), and inherit from GenericCommand instead
function register_command
register_command(
cls: Type[ForwardRef('GenericCommand')]
) → Type[ForwardRef('GenericCommand')]
Decorator for registering new GEF (sub-)command to GDB.
register_command is DEPRECATED and will be removed in the future.
Use register(), and inherit from GenericCommand instead
function register_priority_command
register_priority_command(
cls: Type[ForwardRef('GenericCommand')]
) → Type[ForwardRef('GenericCommand')]
Decorator for registering new command with priority, meaning that it must loaded before the other generic commands.
register_priority_command is DEPRECATED and will be removed in the future.
function register
register(
cls: Union[Type[ForwardRef('GenericCommand')], Type[ForwardRef('GenericFunction')]]
) → Union[Type[ForwardRef('GenericCommand')], Type[ForwardRef('GenericFunction')]]
function register_function
register_function(
cls: Type[ForwardRef('GenericFunction')]
) → Type[ForwardRef('GenericFunction')]
Decorator for registering a new convenience function to GDB.
register_function is DEPRECATED and will be removed in the future.
class AARCH64
property AARCH64.cpsr
property AARCH64.endianness
property AARCH64.fp
property AARCH64.instruction_length
property AARCH64.pc
property AARCH64.ptrsize
Determine the size of pointer from the current CPU mode
property AARCH64.registers
property AARCH64.sp
function AARCH64.canary_address
canary_address() → int
function AARCH64.flag_register_to_human
flag_register_to_human(val: Optional[int] = None) → str
function AARCH64.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → Tuple[str, Optional[int]]
Retrieves the correct parameter used for the current function call.
function AARCH64.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int
function AARCH64.is_aarch32
is_aarch32() → bool
Determine if the CPU is currently in AARCH32 mode from runtime.
function AARCH64.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → Tuple[bool, str]
function AARCH64.is_call
is_call(insn: __main__.Instruction) → bool
function AARCH64.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function AARCH64.is_ret
is_ret(insn: __main__.Instruction) → bool
function AARCH64.is_thumb
is_thumb() → bool
Determine if the machine is currently in THUMB mode.
function AARCH64.is_thumb32
is_thumb32() → bool
Determine if the CPU is currently in THUMB32 mode from runtime.
function AARCH64.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function AARCH64.register
register(name: str) → int
function AARCH64.reset_caches
reset_caches() → None
function AARCH64.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → Optional[bool]
If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.
class ARM
property ARM.cpsr
property ARM.endianness
property ARM.fp
property ARM.instruction_length
property ARM.mode
property ARM.pc
property ARM.ptrsize
property ARM.registers
property ARM.sp
function ARM.canary_address
canary_address() → int
function ARM.flag_register_to_human
flag_register_to_human(val: Optional[int] = None) → str
function ARM.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → Tuple[str, Optional[int]]
Retrieves the correct parameter used for the current function call.
function ARM.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → int
function ARM.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → Tuple[bool, str]
function ARM.is_call
is_call(insn: __main__.Instruction) → bool
function ARM.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function ARM.is_ret
is_ret(insn: __main__.Instruction) → bool
function ARM.is_thumb
is_thumb() → bool
Determine if the machine is currently in THUMB mode.
function ARM.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function ARM.register
register(name: str) → int
function ARM.reset_caches
reset_caches() → None
function ARM.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → Optional[bool]
If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.
class ASLRCommand
View/modify the ASLR setting of GDB. By default, GDB will disable ASLR when it starts the process. (i.e. not attached). This command allows to change that setting.
function ASLRCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property ASLRCommand.settings
Return the list of settings for this command.
function ASLRCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ASLRCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ASLRCommand.do_invoke
do_invoke(argv: List[str]) → None
function ASLRCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ASLRCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ASLRCommand.invoke
invoke(args: str, from_tty: bool) → None
function ASLRCommand.post_load
post_load() → None
function ASLRCommand.pre_load
pre_load() → None
function ASLRCommand.usage
usage() → None
class Address
GEF representation of memory addresses.
function Address.__init__
__init__(**kwargs: Any) → None
property Address.valid
function Address.dereference
dereference() → Optional[int]
function Address.is_in_heap_segment
is_in_heap_segment() → bool
function Address.is_in_stack_segment
is_in_stack_segment() → bool
function Address.is_in_text_segment
is_in_text_segment() → bool
class AliasesAddCommand
Command to add aliases.
function AliasesAddCommand.__init__
__init__() → None
property AliasesAddCommand.settings
Return the list of settings for this command.
function AliasesAddCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function AliasesAddCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function AliasesAddCommand.do_invoke
do_invoke(argv: List[str]) → None
function AliasesAddCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function AliasesAddCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function AliasesAddCommand.invoke
invoke(args: str, from_tty: bool) → None
function AliasesAddCommand.post_load
post_load() → None
function AliasesAddCommand.pre_load
pre_load() → None
function AliasesAddCommand.usage
usage() → None
class AliasesCommand
Base command to add, remove, or list aliases.
function AliasesCommand.__init__
__init__() → None
property AliasesCommand.settings
Return the list of settings for this command.
function AliasesCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function AliasesCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function AliasesCommand.do_invoke
do_invoke(_: List[str]) → None
function AliasesCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function AliasesCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function AliasesCommand.invoke
invoke(args: str, from_tty: bool) → None
function AliasesCommand.post_load
post_load() → None
function AliasesCommand.pre_load
pre_load() → None
function AliasesCommand.usage
usage() → None
class AliasesListCommand
Command to list aliases.
function AliasesListCommand.__init__
__init__() → None
property AliasesListCommand.settings
Return the list of settings for this command.
function AliasesListCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function AliasesListCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function AliasesListCommand.do_invoke
do_invoke(_: List[str]) → None
function AliasesListCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function AliasesListCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function AliasesListCommand.invoke
invoke(args: str, from_tty: bool) → None
function AliasesListCommand.post_load
post_load() → None
function AliasesListCommand.pre_load
pre_load() → None
function AliasesListCommand.usage
usage() → None
class AliasesRmCommand
Command to remove aliases.
function AliasesRmCommand.__init__
__init__() → None
property AliasesRmCommand.settings
Return the list of settings for this command.
function AliasesRmCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function AliasesRmCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function AliasesRmCommand.do_invoke
do_invoke(argv: List[str]) → None
function AliasesRmCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function AliasesRmCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function AliasesRmCommand.invoke
invoke(args: str, from_tty: bool) → None
function AliasesRmCommand.post_load
post_load() → None
function AliasesRmCommand.pre_load
pre_load() → None
function AliasesRmCommand.usage
usage() → None
class Architecture
Generic metaclass for the architecture supported by GEF.
property Architecture.endianness
property Architecture.fp
property Architecture.pc
property Architecture.ptrsize
property Architecture.registers
property Architecture.sp
function Architecture.canary_address
canary_address() → int
function Architecture.flag_register_to_human
flag_register_to_human(val: Optional[int] = None) → str
function Architecture.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → Tuple[str, Optional[int]]
Retrieves the correct parameter used for the current function call.
function Architecture.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → Optional[int]
function Architecture.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → Tuple[bool, str]
function Architecture.is_call
is_call(insn: __main__.Instruction) → bool
function Architecture.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function Architecture.is_ret
is_ret(insn: __main__.Instruction) → bool
function Architecture.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function Architecture.register
register(name: str) → int
function Architecture.reset_caches
reset_caches() → None
function Architecture.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → Optional[bool]
If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.
class ArchitectureBase
Class decorator for declaring an architecture to GEF.
class BssBaseFunction
Return the current bss base address plus the given offset.
function BssBaseFunction.__init__
__init__() → None
function BssBaseFunction.arg_to_long
arg_to_long(args: List, index: int, default: int = 0) → int
function BssBaseFunction.do_invoke
do_invoke(args: List) → int
function BssBaseFunction.invoke
invoke(*args: Any) → int
class CanaryCommand
Shows the canary value of the current process.
function CanaryCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property CanaryCommand.settings
Return the list of settings for this command.
function CanaryCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function CanaryCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function CanaryCommand.do_invoke
do_invoke(argv: List[str]) → None
function CanaryCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function CanaryCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function CanaryCommand.invoke
invoke(args: str, from_tty: bool) → None
function CanaryCommand.post_load
post_load() → None
function CanaryCommand.pre_load
pre_load() → None
function CanaryCommand.usage
usage() → None
class ChangeFdCommand
ChangeFdCommand: redirect file descriptor during runtime.
function ChangeFdCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property ChangeFdCommand.settings
Return the list of settings for this command.
function ChangeFdCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ChangeFdCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ChangeFdCommand.do_invoke
do_invoke(argv: List[str]) → None
function ChangeFdCommand.get_fd_from_result
get_fd_from_result(res: str) → int
function ChangeFdCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ChangeFdCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ChangeFdCommand.invoke
invoke(args: str, from_tty: bool) → None
function ChangeFdCommand.post_load
post_load() → None
function ChangeFdCommand.pre_load
pre_load() → None
function ChangeFdCommand.usage
usage() → None
class ChangePermissionBreakpoint
When hit, this temporary breakpoint will restore the original code, and position $pc correctly.
function ChangePermissionBreakpoint.__init__
__init__(loc: str, code: ByteString, pc: int) → None
function ChangePermissionBreakpoint.stop
stop() → bool
class ChecksecCommand
Checksec the security properties of the current executable or passed as argument. The command checks for the following protections: - PIE - NX - RelRO - Glibc Stack Canaries - Fortify Source
function ChecksecCommand.__init__
__init__() → None
property ChecksecCommand.settings
Return the list of settings for this command.
function ChecksecCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ChecksecCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ChecksecCommand.do_invoke
do_invoke(argv: List[str]) → None
function ChecksecCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ChecksecCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ChecksecCommand.invoke
invoke(args: str, from_tty: bool) → None
function ChecksecCommand.post_load
post_load() → None
function ChecksecCommand.pre_load
pre_load() → None
function ChecksecCommand.print_security_properties
print_security_properties(filename: str) → None
function ChecksecCommand.usage
usage() → None
class Color
Used to colorify terminal output.
function Color.blinkify
blinkify(msg: str) → str
function Color.blueify
blueify(msg: str) → str
function Color.boldify
boldify(msg: str) → str
function Color.colorify
colorify(text: str, attrs: str) → str
Color text according to the given attributes.
function Color.cyanify
cyanify(msg: str) → str
function Color.grayify
grayify(msg: str) → str
function Color.greenify
greenify(msg: str) → str
function Color.highlightify
highlightify(msg: str) → str
function Color.light_grayify
light_grayify(msg: str) → str
function Color.pinkify
pinkify(msg: str) → str
function Color.redify
redify(msg: str) → str
function Color.underlinify
underlinify(msg: str) → str
function Color.yellowify
yellowify(msg: str) → str
class ContextCommand
Displays a comprehensive and modular summary of runtime context. Unless setting enable is set to False, this command will be spawned automatically every time GDB hits a breakpoint, a watchpoint, or any kind of interrupt. By default, it will show panes that contain the register states, the stack, and the disassembly code around $pc.
function ContextCommand.__init__
__init__() → None
property ContextCommand.settings
Return the list of settings for this command.
function ContextCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ContextCommand.addr_has_breakpoint
addr_has_breakpoint(address: int, bp_locations: List[str]) → bool
function ContextCommand.context_additional_information
context_additional_information() → None
function ContextCommand.context_args
context_args() → None
function ContextCommand.context_code
context_code() → None
function ContextCommand.context_memory
context_memory() → None
function ContextCommand.context_regs
context_regs() → None
function ContextCommand.context_source
context_source() → None
function ContextCommand.context_stack
context_stack() → None
function ContextCommand.context_threads
context_threads() → None
function ContextCommand.context_title
context_title(m: Optional[str]) → None
function ContextCommand.context_trace
context_trace() → None
function ContextCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ContextCommand.do_invoke
do_invoke(argv: List[str]) → None
function ContextCommand.empty_extra_messages
empty_extra_messages(_) → None
function ContextCommand.get_pc_context_info
get_pc_context_info(pc: int, line: str) → str
function ContextCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ContextCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ContextCommand.invoke
invoke(args: str, from_tty: bool) → None
function ContextCommand.line_has_breakpoint
line_has_breakpoint(
file_name: str,
line_number: int,
bp_locations: List[str]
) → bool
function ContextCommand.post_load
post_load() → None
function ContextCommand.pre_load
pre_load() → None
function ContextCommand.print_arguments_from_symbol
print_arguments_from_symbol(function_name: str, symbol: 'gdb.Symbol') → None
If symbols were found, parse them and print the argument adequately.
function ContextCommand.print_guessed_arguments
print_guessed_arguments(function_name: str) → None
When no symbol, read the current basic block and look for "interesting" instructions.
function ContextCommand.show_legend
show_legend() → None
function ContextCommand.update_registers
update_registers(_) → None
function ContextCommand.usage
usage() → None
class DereferenceCommand
Dereference recursively from an address and display information. This acts like WinDBG dps command.
function DereferenceCommand.__init__
__init__() → None
property DereferenceCommand.settings
Return the list of settings for this command.
function DereferenceCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function DereferenceCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function DereferenceCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function DereferenceCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function DereferenceCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function DereferenceCommand.invoke
invoke(args: str, from_tty: bool) → None
function DereferenceCommand.post_load
post_load() → None
function DereferenceCommand.pprint_dereferenced
pprint_dereferenced(addr: int, idx: int, base_offset: int = 0) → str
function DereferenceCommand.pre_load
pre_load() → None
function DereferenceCommand.usage
usage() → None
class DetailRegistersCommand
Display full details on one, many or all registers value from current architecture.
function DetailRegistersCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property DetailRegistersCommand.settings
Return the list of settings for this command.
function DetailRegistersCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function DetailRegistersCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function DetailRegistersCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function DetailRegistersCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function DetailRegistersCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function DetailRegistersCommand.invoke
invoke(args: str, from_tty: bool) → None
function DetailRegistersCommand.post_load
post_load() → None
function DetailRegistersCommand.pre_load
pre_load() → None
function DetailRegistersCommand.usage
usage() → None
class DisableContextOutputContext
class Elf
Basic ELF parsing. Ref: - http://www.skyfree.org/linux/references/ELF_Format.pdf - https://refspecs.linuxfoundation.org/elf/elfspec_ppc.pdf - https://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi.html
function Elf.__init__
__init__(path: Union[str, pathlib.Path]) → None
Instantiate an ELF object. A valid ELF must be provided, or an exception will be thrown.
property Elf.checksec
Check the security property of the ELF binary. The following properties are: - Canary - NX - PIE - Fortify - Partial/Full RelRO. Return a dict() with the different keys mentioned above, and the boolean associated whether the protection was found.
property Elf.entry_point
function Elf.is_valid
is_valid(path: pathlib.Path) → bool
function Elf.read
read(size: int) → bytes
function Elf.read_and_unpack
read_and_unpack(fmt: str) → Tuple[Any, ...]
function Elf.seek
seek(off: int) → None
class ElfInfoCommand
Display a limited subset of ELF header information. If no argument is provided, the command will show information about the current ELF being debugged.
function ElfInfoCommand.__init__
__init__() → None
property ElfInfoCommand.settings
Return the list of settings for this command.
function ElfInfoCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function ElfInfoCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function ElfInfoCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function ElfInfoCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function ElfInfoCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function ElfInfoCommand.invoke
invoke(args: str, from_tty: bool) → None
function ElfInfoCommand.post_load
post_load() → None
function ElfInfoCommand.pre_load
pre_load() → None
function ElfInfoCommand.usage
usage() → None
class Endianness
An enumeration.
class EntryBreakBreakpoint
Breakpoint used internally to stop execution at the most convenient entry point.
function EntryBreakBreakpoint.__init__
__init__(location: str) → None
function EntryBreakBreakpoint.stop
stop() → bool
class EntryPointBreakCommand
Tries to find best entry point and sets a temporary breakpoint on it. The command will test for well-known symbols for entry points, such as main, _main, __libc_start_main, etc. defined by the setting entrypoint_symbols.
function EntryPointBreakCommand.__init__
__init__() → None
property EntryPointBreakCommand.settings
Return the list of settings for this command.
function EntryPointBreakCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function EntryPointBreakCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function EntryPointBreakCommand.do_invoke
do_invoke(argv: List[str]) → None
function EntryPointBreakCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function EntryPointBreakCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function EntryPointBreakCommand.invoke
invoke(args: str, from_tty: bool) → None
function EntryPointBreakCommand.post_load
post_load() → None
function EntryPointBreakCommand.pre_load
pre_load() → None
function EntryPointBreakCommand.set_init_tbreak
set_init_tbreak(addr: int) → EntryBreakBreakpoint
function EntryPointBreakCommand.set_init_tbreak_pie
set_init_tbreak_pie(addr: int, argv: List[str]) → EntryBreakBreakpoint
function EntryPointBreakCommand.usage
usage() → None
class ExternalStructureManager
function ExternalStructureManager.__init__
__init__() → None
property ExternalStructureManager.modules
property ExternalStructureManager.path
property ExternalStructureManager.structures
handler ExternalStructureManager.find
function ExternalStructureManager.clear_caches
clear_caches() → None
class FileFormat
function FileFormat.__init__
__init__(path: Union[str, pathlib.Path]) → None
function FileFormat.is_valid
is_valid(path: pathlib.Path) → bool
class FileFormatSection
class FlagsCommand
Edit flags in a human friendly way.
function FlagsCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property FlagsCommand.settings
Return the list of settings for this command.
function FlagsCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function FlagsCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function FlagsCommand.do_invoke
do_invoke(argv: List[str]) → None
function FlagsCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function FlagsCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function FlagsCommand.invoke
invoke(args: str, from_tty: bool) → None
function FlagsCommand.post_load
post_load() → None
function FlagsCommand.pre_load
pre_load() → None
function FlagsCommand.usage
usage() → None
class FormatStringBreakpoint
Inspect stack for format string.
function FormatStringBreakpoint.__init__
__init__(spec: str, num_args: int) → None
function FormatStringBreakpoint.stop
stop() → bool
class FormatStringSearchCommand
Exploitable format-string helper: this command will set up specific breakpoints at well-known dangerous functions (printf, snprintf, etc.), and check if the pointer holding the format string is writable, and therefore susceptible to format string attacks if an attacker can control its content.
function FormatStringSearchCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property FormatStringSearchCommand.settings
Return the list of settings for this command.
function FormatStringSearchCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function FormatStringSearchCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function FormatStringSearchCommand.do_invoke
do_invoke(_: List[str]) → None
function FormatStringSearchCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function FormatStringSearchCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function FormatStringSearchCommand.invoke
invoke(args: str, from_tty: bool) → None
function FormatStringSearchCommand.post_load
post_load() → None
function FormatStringSearchCommand.pre_load
pre_load() → None
function FormatStringSearchCommand.usage
usage() → None
class GdbRemoveReadlineFinder
function GdbRemoveReadlineFinder.find_module
find_module(fullname, path=None)
function GdbRemoveReadlineFinder.load_module
load_module(fullname)
class Gef
The GEF root class, which serves as a entrypoint for all the debugging session attributes (architecture, memory, settings, etc.).
function Gef.__init__
__init__() → None
function Gef.reinitialize_managers
reinitialize_managers() → None
Reinitialize the managers. Avoid calling this function directly, using pi reset() is preferred
function Gef.reset_caches
reset_caches() → None
Recursively clean the cache of all the managers. Avoid calling this function directly, using reset-cache is preferred
function Gef.setup
setup() → None
Setup initialize the runtime setup, which may require for the gef to be not None.
class GefAlias
Simple aliasing wrapper because GDB doesn't do what it should.
function GefAlias.__init__
__init__(
alias: str,
command: str,
completer_class: int = 0,
command_class: int = -1
) → None
function GefAlias.invoke
invoke(args: Any, from_tty: bool) → None
function GefAlias.lookup_command
lookup_command(cmd: str) → Optional[Tuple[str, __main__.GenericCommand]]
class GefCommand
GEF main command: view all new commands by typing gef.
function GefCommand.__init__
__init__() → None
property GefCommand.loaded_command_names
property GefCommand.loaded_commands
property GefCommand.loaded_functions
property GefCommand.missing_commands
function GefCommand.add_context_pane
add_context_pane(
pane_name: str,
display_pane_function: Callable,
pane_title_function: Callable,
condition: Optional[Callable]
) → None
Add a new context pane to ContextCommand.
function GefCommand.invoke
invoke(args: Any, from_tty: bool) → None
function GefCommand.load
load() → None
Load all the commands and functions defined by GEF into GDB.
function GefCommand.load_extra_plugins
load_extra_plugins() → int
function GefCommand.setup
setup() → None
function GefCommand.show_banner
show_banner() → None
class GefConfigCommand
GEF configuration sub-command This command will help set/view GEF settings for the current debugging session. It is possible to make those changes permanent by running gef save (refer to this command help), and/or restore previously saved settings by running gef restore (refer help).
function GefConfigCommand.__init__
__init__() → None
function GefConfigCommand.complete
complete(text: str, word: str) → List[str]
function GefConfigCommand.invoke
invoke(args: str, from_tty: bool) → None
function GefConfigCommand.print_setting
print_setting(plugin_name: str, verbose: bool = False) → None
function GefConfigCommand.print_settings
print_settings() → None
function GefConfigCommand.set_setting
set_setting(argv: Tuple[str, Any]) → None
class GefFunctionsCommand
List the convenience functions provided by GEF.
function GefFunctionsCommand.__init__
__init__() → None
property GefFunctionsCommand.settings
Return the list of settings for this command.
function GefFunctionsCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GefFunctionsCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GefFunctionsCommand.do_invoke
do_invoke(argv) → None
function GefFunctionsCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GefFunctionsCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GefFunctionsCommand.invoke
invoke(args: str, from_tty: bool) → None
function GefFunctionsCommand.post_load
post_load() → None
function GefFunctionsCommand.pre_load
pre_load() → None
function GefFunctionsCommand.usage
usage() → None
class GefHeapManager
Class managing session heap.
function GefHeapManager.__init__
__init__() → None
property GefHeapManager.arenas
property GefHeapManager.base_address
property GefHeapManager.chunks
property GefHeapManager.main_arena
property GefHeapManager.malloc_alignment
property GefHeapManager.min_chunk_size
property GefHeapManager.selected_arena
handler GefHeapManager.find_main_arena_addr
function GefHeapManager.csize2tidx
csize2tidx(size: int) → int
function GefHeapManager.malloc_align_address
malloc_align_address(address: int) → int
Align addresses according to glibc's MALLOC_ALIGNMENT. See also Issue #689 on Github
function GefHeapManager.reset_caches
reset_caches() → None
function GefHeapManager.tidx2size
tidx2size(idx: int) → int
class GefHelpCommand
GEF help sub-command.
function GefHelpCommand.__init__
__init__() → None
function GefHelpCommand.invoke
invoke(args: Any, from_tty: bool) → None
class GefInstallExtraScriptCommand
gef install command: installs one or more scripts from the gef-extras script repo. Note that the command doesn't check for external dependencies the script(s) might require.
function GefInstallExtraScriptCommand.__init__
__init__() → None
function GefInstallExtraScriptCommand.invoke
invoke(argv: str, from_tty: bool) → None
class GefLibcManager
Class managing everything libc-related (except heap).
function GefLibcManager.__init__
__init__() → None
property GefLibcManager.version
handler GefLibcManager.find_libc_version
function GefLibcManager.reset_caches
reset_caches() → None
Reset the LRU-cached attributes
class GefManager
function GefManager.reset_caches
reset_caches() → None
Reset the LRU-cached attributes
class GefMemoryManager
Class that manages memory access for gef.
function GefMemoryManager.__init__
__init__() → None
property GefMemoryManager.maps
function GefMemoryManager.read
read(addr: int, length: int = 16) → bytes
Return a length long byte array with the copy of the process memory at addr.
function GefMemoryManager.read_ascii_string
read_ascii_string(address: int) → Optional[str]
Read an ASCII string from memory
function GefMemoryManager.read_cstring
read_cstring(
address: int,
max_length: int = 50,
encoding: Optional[str] = None
) → str
Return a C-string read from memory.
function GefMemoryManager.read_integer
read_integer(addr: int) → int
Return an integer read from memory.
function GefMemoryManager.reset_caches
reset_caches() → None
function GefMemoryManager.write
write(address: int, buffer: ByteString, length: int = 16) → None
Write buffer at address address.
class GefMissingCommand
GEF missing sub-command Display the GEF commands that could not be loaded, along with the reason of why they could not be loaded.
function GefMissingCommand.__init__
__init__() → None
function GefMissingCommand.invoke
invoke(args: Any, from_tty: bool) → None
class GefRemoteSessionManager
Class for managing remote sessions with GEF. It will create a temporary environment designed to clone the remote one.
function GefRemoteSessionManager.__init__
__init__(
host: str,
port: int,
pid: int = -1,
qemu: Optional[pathlib.Path] = None
) → None
property GefRemoteSessionManager.auxiliary_vector
property GefRemoteSessionManager.canary
Return a tuple of the canary address and value, read from the canonical location if supported by the architecture. Otherwise, read from the auxiliary vector.
property GefRemoteSessionManager.cwd
property GefRemoteSessionManager.file
Path to the file being debugged as seen by the remote endpoint.
property GefRemoteSessionManager.lfile
Local path to the file being debugged.
property GefRemoteSessionManager.maps
property GefRemoteSessionManager.original_canary
Return a tuple of the initial canary address and value, read from the auxiliary vector.
property GefRemoteSessionManager.os
Return the current OS.
property GefRemoteSessionManager.pagesize
Get the system page size
property GefRemoteSessionManager.pid
Return the PID of the target process.
property GefRemoteSessionManager.root
property GefRemoteSessionManager.target
function GefRemoteSessionManager.close
close() → None
function GefRemoteSessionManager.connect
connect(pid: int) → bool
Connect to remote target. If in extended mode, also attach to the given PID.
function GefRemoteSessionManager.in_qemu_user
in_qemu_user() → bool
function GefRemoteSessionManager.remote_objfile_event_handler
remote_objfile_event_handler(evt: 'gdb.NewObjFileEvent') → None
function GefRemoteSessionManager.reset_caches
reset_caches() → None
function GefRemoteSessionManager.setup
setup() → bool
function GefRemoteSessionManager.sync
sync(src: str, dst: Optional[str] = None) → bool
Copy the src into the temporary chroot. If dst is provided, that path will be used instead of src.
class GefRestoreCommand
GEF restore sub-command. Loads settings from file '~/.gef.rc' and apply them to the configuration of GEF.
function GefRestoreCommand.__init__
__init__() → None
function GefRestoreCommand.invoke
invoke(args: str, from_tty: bool) → None
function GefRestoreCommand.reload
reload(quiet: bool)
class GefRunCommand
Override GDB run commands with the context from GEF. Simple wrapper for GDB run command to use arguments set from gef set args.
function GefRunCommand.__init__
__init__() → None
function GefRunCommand.invoke
invoke(args: Any, from_tty: bool) → None
class GefSaveCommand
GEF save sub-command. Saves the current configuration of GEF to disk (by default in file '~/.gef.rc').
function GefSaveCommand.__init__
__init__() → None
function GefSaveCommand.invoke
invoke(args: Any, from_tty: bool) → None
class GefSessionManager
Class managing the runtime properties of GEF.
function GefSessionManager.__init__
__init__() → None
property GefSessionManager.auxiliary_vector
property GefSessionManager.canary
Return a tuple of the canary address and value, read from the canonical location if supported by the architecture. Otherwise, read from the auxiliary vector.
property GefSessionManager.cwd
property GefSessionManager.file
Return a Path object of the target process.
property GefSessionManager.maps
Returns the Path to the procfs entry for the memory mapping.
property GefSessionManager.original_canary
Return a tuple of the initial canary address and value, read from the auxiliary vector.
property GefSessionManager.os
Return the current OS.
property GefSessionManager.pagesize
Get the system page size
property GefSessionManager.pid
Return the PID of the target process.
property GefSessionManager.root
Returns the path to the process's root directory.
function GefSessionManager.reset_caches
reset_caches() → None
class GefSetCommand
Override GDB set commands with the context from GEF.
function GefSetCommand.__init__
__init__() → None
function GefSetCommand.invoke
invoke(args: Any, from_tty: bool) → None
class GefSetting
Basic class for storing gef settings as objects
function GefSetting.__init__
__init__(
value: Any,
cls: Optional[type] = None,
description: Optional[str] = None,
hooks: Optional[Dict[str, Callable]] = None
) → None
class GefSettingsManager
GefSettings acts as a dict where the global settings are stored and can be read, written or deleted as any other dict. For instance, to read a specific command setting: gef.config[mycommand.mysetting]
function GefSettingsManager.raw_entry
raw_entry(name: str) → GefSetting
class GefThemeCommand
Customize GEF appearance.
function GefThemeCommand.__init__
__init__() → None
property GefThemeCommand.settings
Return the list of settings for this command.
function GefThemeCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GefThemeCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GefThemeCommand.do_invoke
do_invoke(args: List[str]) → None
function GefThemeCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GefThemeCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GefThemeCommand.invoke
invoke(args: str, from_tty: bool) → None
function GefThemeCommand.post_load
post_load() → None
function GefThemeCommand.pre_load
pre_load() → None
function GefThemeCommand.usage
usage() → None
class GefTmuxSetup
Setup a confortable tmux debugging environment.
function GefTmuxSetup.__init__
__init__() → None
function GefTmuxSetup.invoke
invoke(args: Any, from_tty: bool) → None
function GefTmuxSetup.screen_setup
screen_setup() → None
Hackish equivalent of the tmux_setup() function for screen.
function GefTmuxSetup.tmux_setup
tmux_setup() → None
Prepare the tmux environment by vertically splitting the current pane, and forcing the context to be redirected there.
class GefUiManager
Class managing UI settings.
function GefUiManager.__init__
__init__() → None
function GefUiManager.reset_caches
reset_caches() → None
Reset the LRU-cached attributes
class GenericArchitecture
property GenericArchitecture.endianness
property GenericArchitecture.fp
property GenericArchitecture.pc
property GenericArchitecture.ptrsize
property GenericArchitecture.registers
property GenericArchitecture.sp
function GenericArchitecture.canary_address
canary_address() → int
function GenericArchitecture.flag_register_to_human
flag_register_to_human(val: Optional[int] = None) → str
function GenericArchitecture.get_ith_parameter
get_ith_parameter(i: int, in_func: bool = True) → Tuple[str, Optional[int]]
Retrieves the correct parameter used for the current function call.
function GenericArchitecture.get_ra
get_ra(insn: __main__.Instruction, frame: 'gdb.Frame') → Optional[int]
function GenericArchitecture.is_branch_taken
is_branch_taken(insn: __main__.Instruction) → Tuple[bool, str]
function GenericArchitecture.is_call
is_call(insn: __main__.Instruction) → bool
function GenericArchitecture.is_conditional_branch
is_conditional_branch(insn: __main__.Instruction) → bool
function GenericArchitecture.is_ret
is_ret(insn: __main__.Instruction) → bool
function GenericArchitecture.mprotect_asm
mprotect_asm(addr: int, size: int, perm: __main__.Permission) → str
function GenericArchitecture.register
register(name: str) → int
function GenericArchitecture.reset_caches
reset_caches() → None
function GenericArchitecture.supports_gdb_arch
supports_gdb_arch(gdb_arch: str) → Optional[bool]
If implemented by a child Architecture, this function dictates if the current class supports the loaded ELF file (which can be accessed via gef.binary). This callback function will override any assumption made by GEF to determine the architecture.
class GenericCommand
This is an abstract class for invoking commands, should not be instantiated.
function GenericCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property GenericCommand.settings
Return the list of settings for this command.
function GenericCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GenericCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GenericCommand.do_invoke
do_invoke(argv: List[str]) → None
function GenericCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GenericCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GenericCommand.invoke
invoke(args: str, from_tty: bool) → None
function GenericCommand.post_load
post_load() → None
function GenericCommand.pre_load
pre_load() → None
function GenericCommand.usage
usage() → None
class GenericFunction
This is an abstract class for invoking convenience functions, should not be instantiated.
function GenericFunction.__init__
__init__() → None
function GenericFunction.arg_to_long
arg_to_long(args: List, index: int, default: int = 0) → int
function GenericFunction.do_invoke
do_invoke(args: Any) → int
function GenericFunction.invoke
invoke(*args: Any) → int
class GlibcArena
Glibc arena class
function GlibcArena.__init__
__init__(addr: str) → None
property GlibcArena.addr
property GlibcArena.address
property GlibcArena.attached_threads
property GlibcArena.binmap
property GlibcArena.bins
property GlibcArena.fastbinsY
property GlibcArena.last_remainder
property GlibcArena.max_system_mem
property GlibcArena.next
property GlibcArena.next_free
property GlibcArena.sizeof
property GlibcArena.system_mem
property GlibcArena.top
function GlibcArena.bin
bin(i: int) → Tuple[int, int]
function GlibcArena.bin_at
bin_at(i) → int
function GlibcArena.fastbin
fastbin(i: int) → Optional[ForwardRef('GlibcFastChunk')]
Return head chunk in fastbinsY[i].
function GlibcArena.get_heap_for_ptr
get_heap_for_ptr(ptr: int) → int
Find the corresponding heap for a given pointer (int). See https://github.com/bminor/glibc/blob/glibc-2.34/malloc/arena.c#L129
function GlibcArena.get_heap_info_list
get_heap_info_list() → Optional[List[__main__.GlibcHeapInfo]]
function GlibcArena.heap_addr
heap_addr(allow_unaligned: bool = False) → Optional[int]
function GlibcArena.is_main_arena
is_main_arena() → bool
function GlibcArena.malloc_state_t
malloc_state_t() → Type[_ctypes.Structure]
function GlibcArena.reset
reset()
function GlibcArena.verify
verify(addr: int) → bool
Verify that the address matches a possible valid GlibcArena
class GlibcChunk
Glibc chunk class. The default behavior (from_base=False) is to interpret the data starting at the memory address pointed to as the chunk data. Setting from_base to True instead treats that data as the chunk header. Ref: https://sploitfun.wordpress.com/2015/02/10/understanding-glibc-malloc/.
function GlibcChunk.__init__
__init__(
addr: int,
from_base: bool = False,
allow_unaligned: bool = True
) → None
property GlibcChunk.bk
property GlibcChunk.bk_nextsize
property GlibcChunk.fd
property GlibcChunk.fd_nextsize
property GlibcChunk.flags
property GlibcChunk.prev_size
property GlibcChunk.size
property GlibcChunk.usable_size
function GlibcChunk.get_next_chunk
get_next_chunk(allow_unaligned: bool = False) → GlibcChunk
function GlibcChunk.get_next_chunk_addr
get_next_chunk_addr() → int
function GlibcChunk.get_prev_chunk_size
get_prev_chunk_size() → int
function GlibcChunk.get_usable_size
get_usable_size() → int
function GlibcChunk.has_m_bit
has_m_bit() → bool
function GlibcChunk.has_n_bit
has_n_bit() → bool
function GlibcChunk.has_p_bit
has_p_bit() → bool
function GlibcChunk.is_used
is_used() → bool
Check if the current block is used by: - checking the M bit is true - or checking that next chunk PREV_INUSE flag is true
function GlibcChunk.malloc_chunk_t
malloc_chunk_t() → Type[_ctypes.Structure]
function GlibcChunk.psprint
psprint() → str
function GlibcChunk.reset
reset()
class GlibcFastChunk
function GlibcFastChunk.__init__
__init__(
addr: int,
from_base: bool = False,
allow_unaligned: bool = True
) → None
property GlibcFastChunk.bk
property GlibcFastChunk.bk_nextsize
property GlibcFastChunk.fd
property GlibcFastChunk.fd_nextsize
property GlibcFastChunk.flags
property GlibcFastChunk.prev_size
property GlibcFastChunk.size
property GlibcFastChunk.usable_size
function GlibcFastChunk.get_next_chunk
get_next_chunk(allow_unaligned: bool = False) → GlibcChunk
function GlibcFastChunk.get_next_chunk_addr
get_next_chunk_addr() → int
function GlibcFastChunk.get_prev_chunk_size
get_prev_chunk_size() → int
function GlibcFastChunk.get_usable_size
get_usable_size() → int
function GlibcFastChunk.has_m_bit
has_m_bit() → bool
function GlibcFastChunk.has_n_bit
has_n_bit() → bool
function GlibcFastChunk.has_p_bit
has_p_bit() → bool
function GlibcFastChunk.is_used
is_used() → bool
Check if the current block is used by: - checking the M bit is true - or checking that next chunk PREV_INUSE flag is true
function GlibcFastChunk.malloc_chunk_t
malloc_chunk_t() → Type[_ctypes.Structure]
function GlibcFastChunk.protect_ptr
protect_ptr(pos: int, pointer: int) → int
https://elixir.bootlin.com/glibc/glibc-2.32/source/malloc/malloc.c#L339
function GlibcFastChunk.psprint
psprint() → str
function GlibcFastChunk.reset
reset()
function GlibcFastChunk.reveal_ptr
reveal_ptr(pointer: int) → int
https://elixir.bootlin.com/glibc/glibc-2.32/source/malloc/malloc.c#L341
class GlibcHeapArenaCommand
Display information on a heap chunk.
function GlibcHeapArenaCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property GlibcHeapArenaCommand.settings
Return the list of settings for this command.
function GlibcHeapArenaCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapArenaCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapArenaCommand.do_invoke
do_invoke(_: List[str]) → None
function GlibcHeapArenaCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapArenaCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapArenaCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapArenaCommand.post_load
post_load() → None
function GlibcHeapArenaCommand.pre_load
pre_load() → None
function GlibcHeapArenaCommand.usage
usage() → None
class GlibcHeapBinsCommand
Display information on the bins on an arena (default: main_arena). See https://github.com/sploitfun/lsploits/blob/master/glibc/malloc/malloc.c#L1123.
function GlibcHeapBinsCommand.__init__
__init__() → None
property GlibcHeapBinsCommand.settings
Return the list of settings for this command.
function GlibcHeapBinsCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapBinsCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapBinsCommand.do_invoke
do_invoke(argv: List[str]) → None
function GlibcHeapBinsCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapBinsCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapBinsCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapBinsCommand.post_load
post_load() → None
function GlibcHeapBinsCommand.pprint_bin
pprint_bin(arena_addr: str, index: int, _type: str = '') → int
function GlibcHeapBinsCommand.pre_load
pre_load() → None
function GlibcHeapBinsCommand.usage
usage() → None
class GlibcHeapChunkCommand
Display information on a heap chunk. See https://github.com/sploitfun/lsploits/blob/master/glibc/malloc/malloc.c#L1123.
function GlibcHeapChunkCommand.__init__
__init__() → None
property GlibcHeapChunkCommand.settings
Return the list of settings for this command.
function GlibcHeapChunkCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapChunkCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapChunkCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function GlibcHeapChunkCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapChunkCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapChunkCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapChunkCommand.post_load
post_load() → None
function GlibcHeapChunkCommand.pre_load
pre_load() → None
function GlibcHeapChunkCommand.usage
usage() → None
class GlibcHeapChunksCommand
Display all heap chunks for the current arena. As an optional argument the base address of a different arena can be passed
function GlibcHeapChunksCommand.__init__
__init__() → None
property GlibcHeapChunksCommand.settings
Return the list of settings for this command.
function GlibcHeapChunksCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapChunksCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapChunksCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function GlibcHeapChunksCommand.dump_chunks_arena
dump_chunks_arena(
arena: __main__.GlibcArena,
print_arena: bool = False,
allow_unaligned: bool = False
) → None
function GlibcHeapChunksCommand.dump_chunks_heap
dump_chunks_heap(
start: int,
end: int,
arena: __main__.GlibcArena,
allow_unaligned: bool = False
) → bool
function GlibcHeapChunksCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapChunksCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapChunksCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapChunksCommand.post_load
post_load() → None
function GlibcHeapChunksCommand.pre_load
pre_load() → None
function GlibcHeapChunksCommand.usage
usage() → None
class GlibcHeapCommand
Base command to get information about the Glibc heap structure.
function GlibcHeapCommand.__init__
__init__() → None
property GlibcHeapCommand.settings
Return the list of settings for this command.
function GlibcHeapCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapCommand.do_invoke
do_invoke(_: List[str]) → None
function GlibcHeapCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapCommand.post_load
post_load() → None
function GlibcHeapCommand.pre_load
pre_load() → None
function GlibcHeapCommand.usage
usage() → None
class GlibcHeapFastbinsYCommand
Display information on the fastbinsY on an arena (default: main_arena). See https://github.com/sploitfun/lsploits/blob/master/glibc/malloc/malloc.c#L1123.
function GlibcHeapFastbinsYCommand.__init__
__init__() → None
property GlibcHeapFastbinsYCommand.settings
Return the list of settings for this command.
function GlibcHeapFastbinsYCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapFastbinsYCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapFastbinsYCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function GlibcHeapFastbinsYCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapFastbinsYCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapFastbinsYCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapFastbinsYCommand.post_load
post_load() → None
function GlibcHeapFastbinsYCommand.pre_load
pre_load() → None
function GlibcHeapFastbinsYCommand.usage
usage() → None
class GlibcHeapInfo
Glibc heap_info struct
function GlibcHeapInfo.__init__
__init__(addr: Union[str, int]) → None
property GlibcHeapInfo.addr
property GlibcHeapInfo.address
property GlibcHeapInfo.heap_end
property GlibcHeapInfo.heap_start
property GlibcHeapInfo.sizeof
function GlibcHeapInfo.heap_info_t
heap_info_t() → Type[_ctypes.Structure]
function GlibcHeapInfo.reset
reset()
class GlibcHeapLargeBinsCommand
Convenience command for viewing large bins.
function GlibcHeapLargeBinsCommand.__init__
__init__() → None
property GlibcHeapLargeBinsCommand.settings
Return the list of settings for this command.
function GlibcHeapLargeBinsCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapLargeBinsCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapLargeBinsCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function GlibcHeapLargeBinsCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapLargeBinsCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapLargeBinsCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapLargeBinsCommand.post_load
post_load() → None
function GlibcHeapLargeBinsCommand.pre_load
pre_load() → None
function GlibcHeapLargeBinsCommand.usage
usage() → None
class GlibcHeapSetArenaCommand
Set the address of the main_arena or the currently selected arena.
function GlibcHeapSetArenaCommand.__init__
__init__() → None
property GlibcHeapSetArenaCommand.settings
Return the list of settings for this command.
function GlibcHeapSetArenaCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapSetArenaCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapSetArenaCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function GlibcHeapSetArenaCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapSetArenaCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapSetArenaCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapSetArenaCommand.post_load
post_load() → None
function GlibcHeapSetArenaCommand.pre_load
pre_load() → None
function GlibcHeapSetArenaCommand.usage
usage() → None
class GlibcHeapSmallBinsCommand
Convenience command for viewing small bins.
function GlibcHeapSmallBinsCommand.__init__
__init__() → None
property GlibcHeapSmallBinsCommand.settings
Return the list of settings for this command.
function GlibcHeapSmallBinsCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapSmallBinsCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapSmallBinsCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function GlibcHeapSmallBinsCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapSmallBinsCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapSmallBinsCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapSmallBinsCommand.post_load
post_load() → None
function GlibcHeapSmallBinsCommand.pre_load
pre_load() → None
function GlibcHeapSmallBinsCommand.usage
usage() → None
class GlibcHeapTcachebinsCommand
Display information on the Tcachebins on an arena (default: main_arena). See https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=d5c3fafc4307c9b7a4c7d5cb381fcdbfad340bcc.
function GlibcHeapTcachebinsCommand.__init__
__init__() → None
property GlibcHeapTcachebinsCommand.settings
Return the list of settings for this command.
function GlibcHeapTcachebinsCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapTcachebinsCommand.check_thread_ids
check_thread_ids(tids: List[int]) → List[int]
Check the validity, dedup, and return all valid tids.
function GlibcHeapTcachebinsCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapTcachebinsCommand.do_invoke
do_invoke(argv: List[str]) → None
function GlibcHeapTcachebinsCommand.find_tcache
find_tcache() → int
Return the location of the current thread's tcache.
function GlibcHeapTcachebinsCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapTcachebinsCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapTcachebinsCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapTcachebinsCommand.post_load
post_load() → None
function GlibcHeapTcachebinsCommand.pre_load
pre_load() → None
function GlibcHeapTcachebinsCommand.tcachebin
tcachebin(
tcache_base: int,
i: int
) → Tuple[Optional[__main__.GlibcTcacheChunk], int]
Return the head chunk in tcache[i] and the number of chunks in the bin.
function GlibcHeapTcachebinsCommand.usage
usage() → None
class GlibcHeapUnsortedBinsCommand
Display information on the Unsorted Bins of an arena (default: main_arena). See: https://github.com/sploitfun/lsploits/blob/master/glibc/malloc/malloc.c#L1689.
function GlibcHeapUnsortedBinsCommand.__init__
__init__() → None
property GlibcHeapUnsortedBinsCommand.settings
Return the list of settings for this command.
function GlibcHeapUnsortedBinsCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GlibcHeapUnsortedBinsCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GlibcHeapUnsortedBinsCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function GlibcHeapUnsortedBinsCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GlibcHeapUnsortedBinsCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GlibcHeapUnsortedBinsCommand.invoke
invoke(args: str, from_tty: bool) → None
function GlibcHeapUnsortedBinsCommand.post_load
post_load() → None
function GlibcHeapUnsortedBinsCommand.pre_load
pre_load() → None
function GlibcHeapUnsortedBinsCommand.usage
usage() → None
class GlibcTcacheChunk
function GlibcTcacheChunk.__init__
__init__(
addr: int,
from_base: bool = False,
allow_unaligned: bool = True
) → None
property GlibcTcacheChunk.bk
property GlibcTcacheChunk.bk_nextsize
property GlibcTcacheChunk.fd
property GlibcTcacheChunk.fd_nextsize
property GlibcTcacheChunk.flags
property GlibcTcacheChunk.prev_size
property GlibcTcacheChunk.size
property GlibcTcacheChunk.usable_size
function GlibcTcacheChunk.get_next_chunk
get_next_chunk(allow_unaligned: bool = False) → GlibcChunk
function GlibcTcacheChunk.get_next_chunk_addr
get_next_chunk_addr() → int
function GlibcTcacheChunk.get_prev_chunk_size
get_prev_chunk_size() → int
function GlibcTcacheChunk.get_usable_size
get_usable_size() → int
function GlibcTcacheChunk.has_m_bit
has_m_bit() → bool
function GlibcTcacheChunk.has_n_bit
has_n_bit() → bool
function GlibcTcacheChunk.has_p_bit
has_p_bit() → bool
function GlibcTcacheChunk.is_used
is_used() → bool
Check if the current block is used by: - checking the M bit is true - or checking that next chunk PREV_INUSE flag is true
function GlibcTcacheChunk.malloc_chunk_t
malloc_chunk_t() → Type[_ctypes.Structure]
function GlibcTcacheChunk.protect_ptr
protect_ptr(pos: int, pointer: int) → int
https://elixir.bootlin.com/glibc/glibc-2.32/source/malloc/malloc.c#L339
function GlibcTcacheChunk.psprint
psprint() → str
function GlibcTcacheChunk.reset
reset()
function GlibcTcacheChunk.reveal_ptr
reveal_ptr(pointer: int) → int
https://elixir.bootlin.com/glibc/glibc-2.32/source/malloc/malloc.c#L341
class GotBaseFunction
Return the current GOT base address plus the given offset.
function GotBaseFunction.__init__
__init__() → None
function GotBaseFunction.arg_to_long
arg_to_long(args: List, index: int, default: int = 0) → int
function GotBaseFunction.do_invoke
do_invoke(args: List) → int
function GotBaseFunction.invoke
invoke(*args: Any) → int
class GotCommand
Display current status of the got inside the process.
function GotCommand.__init__
__init__()
property GotCommand.settings
Return the list of settings for this command.
function GotCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function GotCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function GotCommand.do_invoke
do_invoke(argv: List[str]) → None
function GotCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function GotCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function GotCommand.invoke
invoke(args: str, from_tty: bool) → None
function GotCommand.post_load
post_load() → None
function GotCommand.pre_load
pre_load() → None
function GotCommand.usage
usage() → None
class HeapAnalysisCommand
Heap vulnerability analysis helper: this command aims to track dynamic heap allocation done through malloc()/free() to provide some insights on possible heap vulnerabilities. The following vulnerabilities are checked: - NULL free - Use-after-Free - Double Free - Heap overlap
function HeapAnalysisCommand.__init__
__init__() → None
property HeapAnalysisCommand.settings
Return the list of settings for this command.
function HeapAnalysisCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HeapAnalysisCommand.clean
clean(_: 'gdb.Event') → None
function HeapAnalysisCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HeapAnalysisCommand.do_invoke
do_invoke(argv: List[str]) → None
function HeapAnalysisCommand.dump_tracked_allocations
dump_tracked_allocations() → None
function HeapAnalysisCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HeapAnalysisCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HeapAnalysisCommand.invoke
invoke(args: str, from_tty: bool) → None
function HeapAnalysisCommand.post_load
post_load() → None
function HeapAnalysisCommand.pre_load
pre_load() → None
function HeapAnalysisCommand.setup
setup() → None
function HeapAnalysisCommand.usage
usage() → None
class HeapBaseFunction
Return the current heap base address plus an optional offset.
function HeapBaseFunction.__init__
__init__() → None
function HeapBaseFunction.arg_to_long
arg_to_long(args: List, index: int, default: int = 0) → int
function HeapBaseFunction.do_invoke
do_invoke(args: List) → int
function HeapBaseFunction.invoke
invoke(*args: Any) → int
class HexdumpByteCommand
Display SIZE lines of hexdump as BYTE from the memory location pointed by ADDRESS.
function HexdumpByteCommand.__init__
__init__() → None
property HexdumpByteCommand.settings
Return the list of settings for this command.
function HexdumpByteCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HexdumpByteCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HexdumpByteCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function HexdumpByteCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HexdumpByteCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HexdumpByteCommand.invoke
invoke(args: str, from_tty: bool) → None
function HexdumpByteCommand.post_load
post_load() → None
function HexdumpByteCommand.pre_load
pre_load() → None
function HexdumpByteCommand.usage
usage() → None
class HexdumpCommand
Display SIZE lines of hexdump from the memory location pointed by LOCATION.
function HexdumpCommand.__init__
__init__() → None
property HexdumpCommand.settings
Return the list of settings for this command.
function HexdumpCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HexdumpCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HexdumpCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function HexdumpCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HexdumpCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HexdumpCommand.invoke
invoke(args: str, from_tty: bool) → None
function HexdumpCommand.post_load
post_load() → None
function HexdumpCommand.pre_load
pre_load() → None
function HexdumpCommand.usage
usage() → None
class HexdumpDwordCommand
Display SIZE lines of hexdump as DWORD from the memory location pointed by ADDRESS.
function HexdumpDwordCommand.__init__
__init__() → None
property HexdumpDwordCommand.settings
Return the list of settings for this command.
function HexdumpDwordCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HexdumpDwordCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HexdumpDwordCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function HexdumpDwordCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HexdumpDwordCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HexdumpDwordCommand.invoke
invoke(args: str, from_tty: bool) → None
function HexdumpDwordCommand.post_load
post_load() → None
function HexdumpDwordCommand.pre_load
pre_load() → None
function HexdumpDwordCommand.usage
usage() → None
class HexdumpQwordCommand
Display SIZE lines of hexdump as QWORD from the memory location pointed by ADDRESS.
function HexdumpQwordCommand.__init__
__init__() → None
property HexdumpQwordCommand.settings
Return the list of settings for this command.
function HexdumpQwordCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HexdumpQwordCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HexdumpQwordCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function HexdumpQwordCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HexdumpQwordCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HexdumpQwordCommand.invoke
invoke(args: str, from_tty: bool) → None
function HexdumpQwordCommand.post_load
post_load() → None
function HexdumpQwordCommand.pre_load
pre_load() → None
function HexdumpQwordCommand.usage
usage() → None
class HexdumpWordCommand
Display SIZE lines of hexdump as WORD from the memory location pointed by ADDRESS.
function HexdumpWordCommand.__init__
__init__() → None
property HexdumpWordCommand.settings
Return the list of settings for this command.
function HexdumpWordCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HexdumpWordCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HexdumpWordCommand.wrapper
wrapper(*args: Any, **kwargs: Any) → Callable
function HexdumpWordCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HexdumpWordCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HexdumpWordCommand.invoke
invoke(args: str, from_tty: bool) → None
function HexdumpWordCommand.post_load
post_load() → None
function HexdumpWordCommand.pre_load
pre_load() → None
function HexdumpWordCommand.usage
usage() → None
class HighlightAddCommand
Add a match to the highlight table.
function HighlightAddCommand.__init__
__init__(*args: Any, **kwargs: Any) → None
property HighlightAddCommand.settings
Return the list of settings for this command.
function HighlightAddCommand.add_setting
add_setting(
name: str,
value: Tuple[Any, type, str],
description: str = ''
) → None
add_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] = value instead
function HighlightAddCommand.del_setting
del_setting(name: str) → None
del_setting is DEPRECATED and will be removed in the future.
Use del self[setting_name] instead
function HighlightAddCommand.do_invoke
do_invoke(argv: List[str]) → None
function HighlightAddCommand.get_setting
get_setting(name: str) → Any
get_setting is DEPRECATED and will be removed in the future.
Use self[setting_name] instead
function HighlightAddCommand.has_setting
has_setting(name: str) → bool
has_setting is DEPRECATED and will be removed in the future.
Use setting_name in self instead
function HighlightAddCommand.invoke
invoke(args: str, from_tty: bool) → None
function HighlightAddCommand.post_load
post_load() → None
function HighlightAddCommand.pre_load
pre_load() → None
function HighlightAddCommand.usage
usage() → None
class HighlightClearCommand
Clear the highlight table, remove all matches.
function HighlightClearCommand.__init__
__init__(*args: Any, **kwargs: Any) → Non