Fixing GDB: `gef missing` error(s)

Image 1: three common missing commands on GEF

GEF (pronounced as “Jeff”) is a kick-ass set of commands for X86, ARM, MIPS, PowerPC, and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploit developers and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development [1].

Setting up GEF is straightforward, there is a nifty script that does the auto-config for GDB [2]. However, there are three notorious commands that are usually missing in a default setup, if the necessary dependencies are not set (as shown in Image 1).

You’ll need keystone-engine and ropper packages installed. This post is just about that! The steps herein have been tested on my Kali Linux setup :

$ uname -a
Linux zday 5.6.0-kali2-amd64 #1 SMP Debian 5.6.14–1kali1 (2020–05–25) x86_64 GNU/Linux
$ sudo apt update && sudo apt install -y build-essential python3 python3-dev python3-pip gdb libcapstone3 libcapstone-dev cmake$ sudo -H pip3 install unicorn capstone filebytes

2. Build Keystone from source

$ cd /tmp
$ wget https://github.com/keystone-engine/keystone/archive/0.9.1.tar.gz
$ tar xzvf 0.9.1.tar.gz
$ cd keystone-0.9.1/
$ mkdir build
$ cd build
$ ../make-share.sh
$ sudo make install
$ sudo ldconfig
$ kstool

3. Install Python bindings. Note that this step is different for Python 2 and 3.

# For Python 2
$ cd /tmp/keystone-0.9.1/bindings/python/
$ sudo make install
# For Python 3
$ cd /tmp/keystone-0.9.1/bindings/python/
$ sudo make install3

4. Install ropper

$ sudo -H pip3 install ropper

5. Confirm if GEF is working well on GDB

$ gdb...
gef missing

If everything is kosher, the three previous “missing command” errors should have disappeared (as shown in Image 2).

Image 2: Missing commands error is fixed.

There you go. Here is a Bash script with all the steps explained above: https://gist.github.com/JohnTroony/c16c0711b60916544a3c2a27c52dfce7#file-fix_gef_on_gdb-sh

Cheers!

— — — — — — — — — — — — — — — — —

Ref:

If I was a writer I’d have nice words to put here :) Purple Teamer.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store