GEF (pronounced ʤɛf - "Jeff") is a set of commands for x86/64, ARM, MIPS, PowerPC and SPARC to assist exploit developers and reverse-engineers when using old school GDB. It provides additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development. Application developers will also benefit from it, as GEF lifts a great part of regular GDB obscurity, avoiding repeating traditional commands, or bringing out the relevant information from the debugging runtime.
Instant Setup
Simply make sure you have GDB 7.7 or higher compiled with Python3 bindings, then:
# via the install script
## using curl
$ bash -c "$(curl -fsSL http://gef.blah.cat/sh)"
## using wget
$ bash -c "$(wget http://gef.blah.cat/sh -O -)"
# or manually
$ wget -O ~/.gdbinit-gef.py -q http://gef.blah.cat/py
$ echo source ~/.gdbinit-gef.py >> ~/.gdbinit
# or alternatively from inside gdb directly
$ gdb -q
(gdb) pi import urllib.request as u, tempfile as t; g=t.NamedTemporaryFile(suffix='-gef.py'); open(g.name, 'wb+').write(u.urlopen('https://tinyurl.com/gef-master').read()); gdb.execute('source %s' % g.name)Note: to fetch the latest of GEF (i.e. from the dev branch), simply replace in the URL to http://gef.blah.cat/dev.
You can immediately see that GEF is correctly installed by launching GDB:
$ gdb -q /path/to/my/bin
GEF for linux ready, type `gef' to start, `gef config' to configure
80 commands loaded for GDB 9.1 using Python engine 3.8
gef➤ gef helpNote: As of January 2020, GEF doesn't officially support Python 2 any longer, due to Python 2 becoming officially deprecated.
If you really need GDB+Python2, use the (not actively maintained) gef-legacy instead.
Community
Note: For maintenance simplicity, the unified communities on IRC/Gitter/Slack/Discord based MatterBridge are now discontinued. The GEF Discord is now the only way for talking with us!
Highlights
A few of GEF features include:
- One single GDB script
- Entirely OS Agnostic, NO dependencies:
GEFis battery-included and is installable instantly - Fast limiting the number of dependencies and optimizing code to make the commands as fast as possible
- Provides a great variety of commands to drastically change your experience in GDB.
- Easily extensible to create other commands by providing more comprehensible layout to GDB Python API.
- Full Python3 support (Python2 support was dropped - see
gef-legacy). - Built around an architecture abstraction layer, so all commands work in any GDB-supported architecture such as x86-32/64, ARMv5/6/7, AARCH64, SPARC, MIPS, PowerPC, etc.
- Suited for real-life apps debugging, exploit development, just as much as CTF
Check out the Screenshot page for more.
Or try it online (user:gef/password:gef-demo)
Documentation
Unlike other GDB plugins, GEF has an extensive and up-to-date documentation. Users are recommended to refer to it as it may help them in their attempts to use GEF. In particular, new users should navigate through it (see the FAQ for common installation problems), and the problem persists, try to reach out for help on the Discord channel or submit an issue.
Current status
| Documentation | License | Compatibility |
|---|---|---|
 |
 |
Contribute
To get involved, refer to the Contribution documentation and the guidelines to start.
Another way to contribute to keeping the project alive is by sponsoring it! Check out the sponsoring documentation for details so you can be part of the list of those awesome sponsors.