Operator On The Wire
Join
← Back to Knowledge Base
BLUE TEAM / MALWARE REVERSE / LINUX

GEF

Install

sudo apt update  
  
sudo apt install -y gdb git python3-pip python3-venv

bash -c "$(curl -fsSL https://gef.blah.cat/sh)"  
  
## Verify GEF loads
gdb -q -ex "quit"

Usage

# EXECUTION CONTROL  
  
c # continue execution  
ni # next instruction (step over)  
si # step into  
finish # run until current function returns  
  
---  
  
# CONTEXT (GEF)  
  
context # registers + stack + code view  
  
---  
  
# REGISTERS  
  
info registers # show all registers  
p $rax # print register  
p/x $rax # print register in hex  
  
---  
  
# STACK  
  
x/20x $rsp # view stack (hex)  
x/20gx $rsp # view stack (64-bit)  
x/s $rsp # view as string  
  
---  
  
# MEMORY  
  
x/10i $rip # instructions at RIP  
x/20x 0x401000 # raw memory  
x/s 0x401000 # memory as string  
  
---  
  
# DISASSEMBLY  
  
disas main # disassemble function  
disas /r main # include opcodes  
  
---  
  
# WATCHING VALUES  
  
watch *0x401000 # watch memory address  
watch $rax # watch register  
  
---  
  
# BACKTRACE  
  
bt # call stack  
  
---