gef subcommand documentation

hugsy · Jun 15, 2021 · d0a01da · d0a01da
1 parent 9e27f9e
commit d0a01da
Show file tree

Hide file tree

Showing 3 changed files with 85 additions and 4 deletions.
diff --git a/docs/commands.md b/docs/commands.md
@@ -22,7 +22,7 @@ improve it.
 |entry-break | Tries to find best entry point and sets a temporary breakpoint on it. (alias: start-break)|
 |format-string-helper | Exploitable format-string helper: this command will set up specific breakpoints at well-known dangerous functions (printf, snprintf, etc.), and check if the pointer holding the format string is writable, and susceptible to format string attacks if an attacker can control its content. (alias: fmtstr-helper)|
 |functions | List the convenience functions provided by GEF.|
-|gef | Lists GEF commands and their descriptions.|
+|gef | Shows information about GEF commands and allows the user to configure settings.|
 |gef-remote | gef wrapper for the `target remote` command. This command will automatically download the target binary in the local temporary directory (defaut /tmp) and then source it. Additionally, it will fetch all the /proc/PID/maps and loads all its information.|
 |heap | Base command to get information about the Glibc heap structure.|
 |heap-analysis-helper | Tracks dynamic heap allocation through malloc/free to try to detect heap vulnerabilities.|

diff --git a/docs/commands/gef.md b/docs/commands/gef.md
@@ -1,4 +1,6 @@
-## Command gef ##
+## Command GEF ##
+
+### GEF Base Command
 
 Displays a list of GEF commands and their descriptions.
 
@@ -11,5 +13,84 @@ aslr -- View/modify the ASLR setting of GDB. By default, GD
 assemble -- Inline code assemble. Architecture can be set in GEF runtime config (default x86-32). (alias: asm)
 bincompare -- BincompareCommand: compare an binary file with the memory position looking for badchars.
 bytearray -- BytearrayCommand: Generate a bytearray to be compared with possible badchars.
-[snip]
+
+[...snip...]
+
+```
+
+### GEF Missing Command
+
+Displays the GEF commands which couldn't be loaded, along with the reason for the issue.
+
+```
+gef➤ gef missing
+[*] Command `set-permission` is missing, reason → Missing `keystone-engine` package, install with: `pip install keystone-engine`.
+[*] Command `assemble` is missing, reason → Missing `keystone-engine` package for Python, install with: `pip install keystone-engine`.
+
+[...snip...]
+
+```
+
+As it says in the above output, the issues should be resolved by installing the missing package(s) using pip.
+
+### GEF Config Command
+
+Allows the user to set/view settings for the current debugging session. For making the changes persistent see the `gef save` entry.
+
+Using `gef config` by itself just shows all of the available settings and their values.
+
+```
+gef➤ gef config
+──────────────────────────────────── GEF configuration settings ────────────────────────────────────
+context.clear_screen (bool) = False
+context.enable (bool) = True
+context.grow_stack_down (bool) = False
+context.ignore_registers (str) = ""
+context.layout (str) = "-code -stack"
+context.libc_args (bool) = False
+
+[...snip...]
+
+```
+
+You can use `gef config [setting] [value]` to set a setting for the current setting (see example below).
+
+```
+gef➤ gef config theme.address_stack "blue"
 ```
+
+### GEF Save Command
+
+The `gef save` command saves the current settings (set with `gef config`) to the user's `~/.gef.rc` file (making the changes persistent). 
+
+```
+gef➤ gef save
+[+] Configuration saved to '/home/michael/.gef.rc'
+```
+
+### GEF Restore Command
+
+Using `gef restore` loads and applies settings from the `~/.gef.rc` file to the current session. This is useful if you are modifying your GEF configuration file and want to see the changes without completely reloading GEF. 
+
+```
+gef➤ gef restore
+[+] Configuration from '/home/michael/.gef.rc' restored
+```
+
+### GEF Set Command
+
+The GEF set command allows the user to use GEF context within GDB set commands. This is useful when you want to make a convenient variable which can be set and referenced later.
+
+```
+gef➤ gef set $a=1
+```
+
+### GEF Run Command
+
+The GEF run command is a wrapper around GDB's run command, allowing the user to use GEF context within the command.
+
+```
+gef➤ gef run ./binary
+```
+
+
diff --git a/gef.py b/gef.py
@@ -10165,7 +10165,7 @@ def refresh(self):
 
 class GefConfigCommand(gdb.Command):
  """GEF configuration sub-command
- This command will help set/view GEF settingsfor the current debugging session.
+ This command will help set/view GEF settings for the current debugging session.
  It is possible to make those changes permanent by running `gef save` (refer
  to this command help), and/or restore previously saved settings by running
  `gef restore` (refer help).